From 24c8bf38e6943c615848adf8d234ce9855e4bfb6 Mon Sep 17 00:00:00 2001 From: slonka Date: Tue, 13 Sep 2022 10:11:02 +0200 Subject: [PATCH 01/27] feat(kumacp): bootstrap new policy Signed-off-by: slonka --- .../api/v1alpha1/meshaccesslog.pb.go | 222 ++++++++++++++++++ .../api/v1alpha1/meshaccesslog.proto | 32 +++ .../meshaccesslog/api/v1alpha1/rest.yaml | 129 ++++++++++ .../meshaccesslog/api/v1alpha1/schema.yaml | 37 +++ .../meshaccesslog/api/v1alpha1/validator.go | 21 ++ .../api/v1alpha1/zz_generated.deepcopy.pb.go | 28 +++ .../api/v1alpha1/zz_generated.resource.go | 119 ++++++++++ .../k8s/crd/kuma.io_meshaccesslogs.yaml | 72 ++++++ .../k8s/v1alpha1/groupversion_info.go | 19 ++ .../k8s/v1alpha1/zz_generated.deepcopy.go | 87 +++++++ .../k8s/v1alpha1/zz_generated.types.go | 105 +++++++++ .../meshaccesslog/plugin/v1alpha1/plugin.go | 27 +++ .../meshaccesslog/zz_generated.plugin.go | 16 ++ 13 files changed, 914 insertions(+) create mode 100644 pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go create mode 100644 pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto create mode 100644 pkg/plugins/policies/meshaccesslog/api/v1alpha1/rest.yaml create mode 100644 pkg/plugins/policies/meshaccesslog/api/v1alpha1/schema.yaml create mode 100644 pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go create mode 100644 pkg/plugins/policies/meshaccesslog/api/v1alpha1/zz_generated.deepcopy.pb.go create mode 100644 pkg/plugins/policies/meshaccesslog/api/v1alpha1/zz_generated.resource.go create mode 100644 pkg/plugins/policies/meshaccesslog/k8s/crd/kuma.io_meshaccesslogs.yaml create mode 100644 pkg/plugins/policies/meshaccesslog/k8s/v1alpha1/groupversion_info.go create mode 100644 pkg/plugins/policies/meshaccesslog/k8s/v1alpha1/zz_generated.deepcopy.go create mode 100644 pkg/plugins/policies/meshaccesslog/k8s/v1alpha1/zz_generated.types.go create mode 100644 pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/plugin.go create mode 100644 pkg/plugins/policies/meshaccesslog/zz_generated.plugin.go diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go new file mode 100644 index 000000000000..53cbcd05fb5d --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go @@ -0,0 +1,222 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.20.0 +// source: pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto + +package v1alpha1 + +import ( + v1alpha1 "github.com/kumahq/kuma/api/common/v1alpha1" + _ "github.com/kumahq/kuma/api/mesh" + _ "github.com/kumahq/protoc-gen-kumadoc/proto" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// MeshAccessLog +type MeshAccessLog struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // TargetRef is a reference to the resource the policy takes an effect on. + // The resource could be either a real store object or virtual resource + // defined inplace. + TargetRef *v1alpha1.TargetRef `protobuf:"bytes,1,opt,name=targetRef,proto3" json:"targetRef,omitempty"` +} + +func (x *MeshAccessLog) Reset() { + *x = MeshAccessLog{} + if protoimpl.UnsafeEnabled { + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MeshAccessLog) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MeshAccessLog) ProtoMessage() {} + +func (x *MeshAccessLog) ProtoReflect() protoreflect.Message { + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MeshAccessLog.ProtoReflect.Descriptor instead. +func (*MeshAccessLog) Descriptor() ([]byte, []int) { + return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0} +} + +func (x *MeshAccessLog) GetTargetRef() *v1alpha1.TargetRef { + if x != nil { + return x.TargetRef + } + return nil +} + +type MeshAccessLog_Conf struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *MeshAccessLog_Conf) Reset() { + *x = MeshAccessLog_Conf{} + if protoimpl.UnsafeEnabled { + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MeshAccessLog_Conf) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MeshAccessLog_Conf) ProtoMessage() {} + +func (x *MeshAccessLog_Conf) ProtoReflect() protoreflect.Message { + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MeshAccessLog_Conf.ProtoReflect.Descriptor instead. +func (*MeshAccessLog_Conf) Descriptor() ([]byte, []int) { + return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 0} +} + +var File_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto protoreflect.FileDescriptor + +var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDesc = []byte{ + 0x0a, 0x43, 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2f, 0x70, 0x6f, + 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2f, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, + 0x73, 0x6c, 0x6f, 0x67, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x31, 0x2f, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x2c, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, + 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, + 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0x1a, 0x12, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, + 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x72, + 0x65, 0x66, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x15, 0x6b, 0x75, 0x6d, 0x61, 0x2d, 0x64, + 0x6f, 0x63, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, + 0x5e, 0x0a, 0x0d, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, + 0x12, 0x3d, 0x0a, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, + 0x6e, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x61, 0x72, 0x67, 0x65, + 0x74, 0x52, 0x65, 0x66, 0x52, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x1a, + 0x06, 0x0a, 0x04, 0x43, 0x6f, 0x6e, 0x66, 0x3a, 0x06, 0xb2, 0x8c, 0x89, 0xa6, 0x01, 0x00, 0x42, + 0x6e, 0x5a, 0x46, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6b, 0x75, + 0x6d, 0x61, 0x68, 0x71, 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x6c, + 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2f, 0x6d, + 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2f, 0x61, 0x70, 0x69, + 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x8a, 0xb5, 0x18, 0x22, 0x50, 0x01, 0xa2, + 0x01, 0x0d, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0xf2, + 0x01, 0x0d, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x62, + 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescOnce sync.Once + file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescData = file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDesc +) + +func file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP() []byte { + file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescOnce.Do(func() { + file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescData = protoimpl.X.CompressGZIP(file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescData) + }) + return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescData +} + +var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_goTypes = []interface{}{ + (*MeshAccessLog)(nil), // 0: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog + (*MeshAccessLog_Conf)(nil), // 1: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Conf + (*v1alpha1.TargetRef)(nil), // 2: kuma.common.v1alpha1.TargetRef +} +var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_depIdxs = []int32{ + 2, // 0: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.targetRef:type_name -> kuma.common.v1alpha1.TargetRef + 1, // [1:1] is the sub-list for method output_type + 1, // [1:1] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_init() } +func file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_init() { + if File_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MeshAccessLog); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MeshAccessLog_Conf); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_goTypes, + DependencyIndexes: file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_depIdxs, + MessageInfos: file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes, + }.Build() + File_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto = out.File + file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDesc = nil + file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_goTypes = nil + file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_depIdxs = nil +} diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto new file mode 100644 index 000000000000..7c532839450f --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto @@ -0,0 +1,32 @@ +syntax = "proto3"; + +package kuma.plugins.policies.meshaccesslog.v1alpha1; + +import "mesh/options.proto"; +option go_package = "github.com/kumahq/kuma/pkg/plugins/policies/meshaccesslog/api/v1alpha1"; + +import "common/v1alpha1/targetref.proto"; +import "kuma-doc/config.proto"; + +option (doc.config) = { + type : Policy, + name : "MeshAccessLog", + file_name : "meshaccesslog" +}; + +// MeshAccessLog +message MeshAccessLog { + option (kuma.mesh.policy) = { + // Toggle this to have the policy registered or not in Kuma + skip_registration : false, + }; + + // TargetRef is a reference to the resource the policy takes an effect on. + // The resource could be either a real store object or virtual resource + // defined inplace. + kuma.common.v1alpha1.TargetRef targetRef = 1; + + message Conf { + // TODO add configuration fields + } +} diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/rest.yaml b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/rest.yaml new file mode 100644 index 000000000000..c198455f2a6b --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/rest.yaml @@ -0,0 +1,129 @@ +openapi: 3.0.1 +info: + version: v1alpha1 + title: Kuma API + description: Kuma API + +paths: + /meshes/{mesh}/meshaccesslogs/{name}: + get: + summary: Returns MeshAccessLog entity + tags: [ "MeshAccessLog" ] + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshAccessLog + responses: + '200': + description: Successful response + content: + application/json: + schema: + $ref: 'schema.yaml' + + put: + summary: Creates or Updates MeshAccessLog entity + tags: [ "MeshAccessLog" ] + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshAccessLog + requestBody: + description: MeshAccessLog entity + required: true + content: + application/json: + schema: + $ref: 'schema.yaml' + responses: + '200': + description: Updated + '201': + description: Created + + delete: + summary: Deletes MeshAccessLog entity + tags: [ "MeshAccessLog" ] + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshAccessLog + responses: + '200': + description: Successful response + + + /meshes/{mesh}/meshaccesslogs: + get: + summary: Returns a list of MeshAccessLog in the mesh. + tags: [ "MeshAccessLog" ] + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + description: Successful response + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: 'schema.yaml' + next: + type: string + description: URL to the next page + + + /meshaccesslogs: + get: + summary: Returns a list of MeshAccessLog from all meshes + tags: [ "MeshAccessLog" ] + responses: + '200': + description: Successful response + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: 'schema.yaml' + next: + type: string + description: URL to the next page diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/schema.yaml b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/schema.yaml new file mode 100644 index 000000000000..542c1fe83c14 --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/schema.yaml @@ -0,0 +1,37 @@ +properties: + type: + description: '' + type: string + enum: + - MeshAccessLog + mesh: + description: 'Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources.' + type: string + name: + description: 'Name of the Kuma resource' + type: string + targetRef: + description: TargetRef is a reference to the resource the policy takes an effect on. The resource could be either a real store object or virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset to identify the service from another mesh. Could be useful when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset to define a subset of proxies + type: object + type: object diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go new file mode 100644 index 000000000000..257538771ad7 --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go @@ -0,0 +1,21 @@ +package v1alpha1 + +import ( + common_proto "github.com/kumahq/kuma/api/common/v1alpha1" + matcher_validators "github.com/kumahq/kuma/pkg/plugins/policies/matchers/validators" + "github.com/kumahq/kuma/pkg/core/validators" +) + +func (r *MeshAccessLogResource) validate() error { + var verr validators.ValidationError + path := validators.RootedAt("spec") + + targetRefErr := matcher_validators.ValidateTargetRef(path.Field("targetRef"), r.Spec.GetTargetRef(), &matcher_validators.ValidateTargetRefOpts{ + SupportedKinds: []common_proto.TargetRef_Kind{ + // TODO add supported TargetRef kinds for this policy + }, + }) + verr.AddError("", targetRefErr) + + return verr.OrNil() +} diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/zz_generated.deepcopy.pb.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/zz_generated.deepcopy.pb.go new file mode 100644 index 000000000000..17006c856d59 --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/zz_generated.deepcopy.pb.go @@ -0,0 +1,28 @@ +// Code generated by protoc-gen-deepcopy. DO NOT EDIT. + +package v1alpha1 + +import ( + proto "google.golang.org/protobuf/proto" +) + +// DeepCopyInto supports using MeshAccessLog within kubernetes types, where deepcopy-gen is used. +func (in *MeshAccessLog) DeepCopyInto(out *MeshAccessLog) { + p := proto.Clone(in).(*MeshAccessLog) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshAccessLog. Required by controller-gen. +func (in *MeshAccessLog) DeepCopy() *MeshAccessLog { + if in == nil { + return nil + } + out := new(MeshAccessLog) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new MeshAccessLog. Required by controller-gen. +func (in *MeshAccessLog) DeepCopyInterface() interface{} { + return in.DeepCopy() +} diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/zz_generated.resource.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/zz_generated.resource.go new file mode 100644 index 000000000000..7db36c596681 --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/zz_generated.resource.go @@ -0,0 +1,119 @@ +// Generated by tools/resource-gen. +// Run "make generate" to update this file. + +// nolint:whitespace +package v1alpha1 + +import ( + "fmt" + + "github.com/kumahq/kuma/pkg/core/resources/model" +) + +const ( + MeshAccessLogType model.ResourceType = "MeshAccessLog" +) + +var _ model.Resource = &MeshAccessLogResource{} + +type MeshAccessLogResource struct { + Meta model.ResourceMeta + Spec *MeshAccessLog +} + +func NewMeshAccessLogResource() *MeshAccessLogResource { + return &MeshAccessLogResource{ + Spec: &MeshAccessLog{}, + } +} + +func (t *MeshAccessLogResource) GetMeta() model.ResourceMeta { + return t.Meta +} + +func (t *MeshAccessLogResource) SetMeta(m model.ResourceMeta) { + t.Meta = m +} + +func (t *MeshAccessLogResource) GetSpec() model.ResourceSpec { + return t.Spec +} + +func (t *MeshAccessLogResource) SetSpec(spec model.ResourceSpec) error { + protoType, ok := spec.(*MeshAccessLog) + if !ok { + return fmt.Errorf("invalid type %T for Spec", spec) + } else { + if protoType == nil { + t.Spec = &MeshAccessLog{} + } else { + t.Spec = protoType + } + return nil + } +} + +func (t *MeshAccessLogResource) Descriptor() model.ResourceTypeDescriptor { + return MeshAccessLogResourceTypeDescriptor +} + +func (t *MeshAccessLogResource) Validate() error { + if v, ok := interface{}(t).(interface{ validate() error }); !ok { + return nil + } else { + return v.validate() + } +} + +var _ model.ResourceList = &MeshAccessLogResourceList{} + +type MeshAccessLogResourceList struct { + Items []*MeshAccessLogResource + Pagination model.Pagination +} + +func (l *MeshAccessLogResourceList) GetItems() []model.Resource { + res := make([]model.Resource, len(l.Items)) + for i, elem := range l.Items { + res[i] = elem + } + return res +} + +func (l *MeshAccessLogResourceList) GetItemType() model.ResourceType { + return MeshAccessLogType +} + +func (l *MeshAccessLogResourceList) NewItem() model.Resource { + return NewMeshAccessLogResource() +} + +func (l *MeshAccessLogResourceList) AddItem(r model.Resource) error { + if trr, ok := r.(*MeshAccessLogResource); ok { + l.Items = append(l.Items, trr) + return nil + } else { + return model.ErrorInvalidItemType((*MeshAccessLogResource)(nil), r) + } +} + +func (l *MeshAccessLogResourceList) GetPagination() *model.Pagination { + return &l.Pagination +} + +var MeshAccessLogResourceTypeDescriptor = model.ResourceTypeDescriptor{ + Name: MeshAccessLogType, + Resource: NewMeshAccessLogResource(), + ResourceList: &MeshAccessLogResourceList{}, + Scope: model.ScopeMesh, + KDSFlags: model.FromGlobalToZone, + WsPath: "meshaccesslogs", + KumactlArg: "meshaccesslog", + KumactlListArg: "meshaccesslogs", + AllowToInspect: true, + IsPolicy: true, + IsExperimental: false, + SingularDisplayName: "Mesh Access Log", + PluralDisplayName: "Mesh Access Logs", + IsPluginOriginated: true, +} diff --git a/pkg/plugins/policies/meshaccesslog/k8s/crd/kuma.io_meshaccesslogs.yaml b/pkg/plugins/policies/meshaccesslog/k8s/crd/kuma.io_meshaccesslogs.yaml new file mode 100644 index 000000000000..529d85fb49be --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/k8s/crd/kuma.io_meshaccesslogs.yaml @@ -0,0 +1,72 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: object + served: true + storage: true diff --git a/pkg/plugins/policies/meshaccesslog/k8s/v1alpha1/groupversion_info.go b/pkg/plugins/policies/meshaccesslog/k8s/v1alpha1/groupversion_info.go new file mode 100644 index 000000000000..f87708f0cd5b --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/k8s/v1alpha1/groupversion_info.go @@ -0,0 +1,19 @@ +// Package v1alpha1 contains API Schema definitions for the mesh v1alpha1 API group +// +groupName=kuma.io +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +var ( + // GroupVersion is group version used to register these objects + GroupVersion = schema.GroupVersion{Group: "kuma.io", Version: "v1alpha1"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/pkg/plugins/policies/meshaccesslog/k8s/v1alpha1/zz_generated.deepcopy.go b/pkg/plugins/policies/meshaccesslog/k8s/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 000000000000..415b7ed5d013 --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/k8s/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,87 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright 2022 Kuma authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by controller-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MeshAccessLog) DeepCopyInto(out *MeshAccessLog) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.Spec != nil { + in, out := &in.Spec, &out.Spec + *out = (*in).DeepCopy() + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshAccessLog. +func (in *MeshAccessLog) DeepCopy() *MeshAccessLog { + if in == nil { + return nil + } + out := new(MeshAccessLog) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *MeshAccessLog) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MeshAccessLogList) DeepCopyInto(out *MeshAccessLogList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]MeshAccessLog, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshAccessLogList. +func (in *MeshAccessLogList) DeepCopy() *MeshAccessLogList { + if in == nil { + return nil + } + out := new(MeshAccessLogList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *MeshAccessLogList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} diff --git a/pkg/plugins/policies/meshaccesslog/k8s/v1alpha1/zz_generated.types.go b/pkg/plugins/policies/meshaccesslog/k8s/v1alpha1/zz_generated.types.go new file mode 100644 index 000000000000..61bf5780454e --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/k8s/v1alpha1/zz_generated.types.go @@ -0,0 +1,105 @@ +// Generated by tools/resource-gen +// Run "make generate" to update this file. + +// nolint:whitespace +package v1alpha1 + +import ( + "fmt" + + "google.golang.org/protobuf/proto" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + core_model "github.com/kumahq/kuma/pkg/core/resources/model" + policy "github.com/kumahq/kuma/pkg/plugins/policies/meshaccesslog/api/v1alpha1" + "github.com/kumahq/kuma/pkg/plugins/resources/k8s/native/pkg/model" + "github.com/kumahq/kuma/pkg/plugins/resources/k8s/native/pkg/registry" + "github.com/kumahq/kuma/pkg/plugins/runtime/k8s/metadata" +) + +// +kubebuilder:object:root=true +// +kubebuilder:resource:categories=kuma,scope=Namespaced +type MeshAccessLog struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Spec is the specification of the Kuma MeshAccessLog resource. + // +kubebuilder:validation:Optional + Spec *policy.MeshAccessLog `json:"spec,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:resource:scope=Namespaced +type MeshAccessLogList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []MeshAccessLog `json:"items"` +} + +func (cb *MeshAccessLog) GetObjectMeta() *metav1.ObjectMeta { + return &cb.ObjectMeta +} + +func (cb *MeshAccessLog) SetObjectMeta(m *metav1.ObjectMeta) { + cb.ObjectMeta = *m +} + +func (cb *MeshAccessLog) GetMesh() string { + if mesh, ok := cb.ObjectMeta.Labels[metadata.KumaMeshLabel]; ok { + return mesh + } else { + return core_model.DefaultMesh + } +} + +func (cb *MeshAccessLog) SetMesh(mesh string) { + if cb.ObjectMeta.Labels == nil { + cb.ObjectMeta.Labels = map[string]string{} + } + cb.ObjectMeta.Labels[metadata.KumaMeshLabel] = mesh +} + +func (cb *MeshAccessLog) GetSpec() (proto.Message, error) { + return cb.Spec, nil +} + +func (cb *MeshAccessLog) SetSpec(spec proto.Message) { + if spec == nil { + cb.Spec = nil + return + } + + if _, ok := spec.(*policy.MeshAccessLog); !ok { + panic(fmt.Sprintf("unexpected protobuf message type %T", spec)) + } + + cb.Spec = spec.(*policy.MeshAccessLog) +} + +func (cb *MeshAccessLog) Scope() model.Scope { + return model.ScopeNamespace +} + +func (l *MeshAccessLogList) GetItems() []model.KubernetesObject { + result := make([]model.KubernetesObject, len(l.Items)) + for i := range l.Items { + result[i] = &l.Items[i] + } + return result +} + +func init() { + SchemeBuilder.Register(&MeshAccessLog{}, &MeshAccessLogList{}) + registry.RegisterObjectType(&policy.MeshAccessLog{}, &MeshAccessLog{ + TypeMeta: metav1.TypeMeta{ + APIVersion: GroupVersion.String(), + Kind: "MeshAccessLog", + }, + }) + registry.RegisterListType(&policy.MeshAccessLog{}, &MeshAccessLogList{ + TypeMeta: metav1.TypeMeta{ + APIVersion: GroupVersion.String(), + Kind: "MeshAccessLogList", + }, + }) +} diff --git a/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/plugin.go b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/plugin.go new file mode 100644 index 000000000000..1beaea667acb --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/plugin.go @@ -0,0 +1,27 @@ +package v1alpha1 + +import ( + core_plugins "github.com/kumahq/kuma/pkg/core/plugins" + core_mesh "github.com/kumahq/kuma/pkg/core/resources/apis/mesh" + core_xds "github.com/kumahq/kuma/pkg/core/xds" + "github.com/kumahq/kuma/pkg/plugins/policies/matchers" + api "github.com/kumahq/kuma/pkg/plugins/policies/meshaccesslog/api/v1alpha1" + xds_context "github.com/kumahq/kuma/pkg/xds/context" +) + +var _ core_plugins.PolicyPlugin = &plugin{} + +type plugin struct { +} + +func NewPlugin() core_plugins.Plugin { + return &plugin{} +} + +func (p plugin) MatchedPolicies(dataplane *core_mesh.DataplaneResource, resources xds_context.Resources) (core_xds.TypedMatchingPolicies, error) { + return matchers.MatchedPolicies(api.MeshAccessLogType, dataplane, resources) +} + +func (p plugin) Apply(rs *core_xds.ResourceSet, ctx xds_context.Context, proxy *core_xds.Proxy) error { + panic("implement me") +} diff --git a/pkg/plugins/policies/meshaccesslog/zz_generated.plugin.go b/pkg/plugins/policies/meshaccesslog/zz_generated.plugin.go new file mode 100644 index 000000000000..ccf2cbd1b5ea --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/zz_generated.plugin.go @@ -0,0 +1,16 @@ +package meshaccesslog + +import ( + "github.com/kumahq/kuma/pkg/plugins/policies/core" + api_v1alpha1 "github.com/kumahq/kuma/pkg/plugins/policies/meshaccesslog/api/v1alpha1" + k8s_v1alpha1 "github.com/kumahq/kuma/pkg/plugins/policies/meshaccesslog/k8s/v1alpha1" + plugin_v1alpha1 "github.com/kumahq/kuma/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1" +) + +func init() { + core.Register( + api_v1alpha1.MeshAccessLogResourceTypeDescriptor, + k8s_v1alpha1.AddToScheme, + plugin_v1alpha1.NewPlugin(), + ) +} From aae1085a89ad020b4d31abc3c53b8a6df7e2e3a2 Mon Sep 17 00:00:00 2001 From: slonka Date: Tue, 13 Sep 2022 10:14:46 +0200 Subject: [PATCH 02/27] feat(kumacp): modify policy Signed-off-by: slonka --- .../kuma/crds/kuma.io_meshaccesslogs.yaml | 286 ++++++ deployments/charts/kuma/values.yaml | 1 + pkg/plugins/policies/imports.go | 1 + .../api/v1alpha1/meshaccesslog.pb.go | 821 +++++++++++++++++- .../api/v1alpha1/meshaccesslog.proto | 66 +- .../meshaccesslog/api/v1alpha1/schema.yaml | 193 ++++ .../meshaccesslog/api/v1alpha1/validator.go | 110 ++- .../api/v1alpha1/validator_test.go | 89 ++ .../k8s/crd/kuma.io_meshaccesslogs.yaml | 214 +++++ 9 files changed, 1747 insertions(+), 34 deletions(-) create mode 100644 deployments/charts/kuma/crds/kuma.io_meshaccesslogs.yaml create mode 100644 pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go diff --git a/deployments/charts/kuma/crds/kuma.io_meshaccesslogs.yaml b/deployments/charts/kuma/crds/kuma.io_meshaccesslogs.yaml new file mode 100644 index 000000000000..f9a6ee042f10 --- /dev/null +++ b/deployments/charts/kuma/crds/kuma.io_meshaccesslogs.yaml @@ -0,0 +1,286 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true diff --git a/deployments/charts/kuma/values.yaml b/deployments/charts/kuma/values.yaml index 5d66c197c5e3..2ee8052c9d2b 100644 --- a/deployments/charts/kuma/values.yaml +++ b/deployments/charts/kuma/values.yaml @@ -691,3 +691,4 @@ experimental: plugins: policies: - meshtrafficpermissions + - meshaccesslogs diff --git a/pkg/plugins/policies/imports.go b/pkg/plugins/policies/imports.go index 23b97ebd7b66..ebab3881a582 100644 --- a/pkg/plugins/policies/imports.go +++ b/pkg/plugins/policies/imports.go @@ -1,5 +1,6 @@ package policies import ( + _ "github.com/kumahq/kuma/pkg/plugins/policies/meshaccesslog" _ "github.com/kumahq/kuma/pkg/plugins/policies/meshtrafficpermission" ) diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go index 53cbcd05fb5d..58de79bc0bb4 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go @@ -33,6 +33,9 @@ type MeshAccessLog struct { // The resource could be either a real store object or virtual resource // defined inplace. TargetRef *v1alpha1.TargetRef `protobuf:"bytes,1,opt,name=targetRef,proto3" json:"targetRef,omitempty"` + // From is a list of pairs – a group of clients and action applied for it + From []*MeshAccessLog_From `protobuf:"bytes,3,rep,name=from,proto3" json:"from,omitempty"` + To []*MeshAccessLog_To `protobuf:"bytes,4,rep,name=to,proto3" json:"to,omitempty"` } func (x *MeshAccessLog) Reset() { @@ -74,16 +77,321 @@ func (x *MeshAccessLog) GetTargetRef() *v1alpha1.TargetRef { return nil } +func (x *MeshAccessLog) GetFrom() []*MeshAccessLog_From { + if x != nil { + return x.From + } + return nil +} + +func (x *MeshAccessLog) GetTo() []*MeshAccessLog_To { + if x != nil { + return x.To + } + return nil +} + +type MeshAccessLog_Format struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Plain string `protobuf:"bytes,1,opt,name=plain,proto3" json:"plain,omitempty"` + Json *MeshAccessLog_Format_JsonValueArray `protobuf:"bytes,2,opt,name=json,proto3" json:"json,omitempty"` +} + +func (x *MeshAccessLog_Format) Reset() { + *x = MeshAccessLog_Format{} + if protoimpl.UnsafeEnabled { + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MeshAccessLog_Format) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MeshAccessLog_Format) ProtoMessage() {} + +func (x *MeshAccessLog_Format) ProtoReflect() protoreflect.Message { + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MeshAccessLog_Format.ProtoReflect.Descriptor instead. +func (*MeshAccessLog_Format) Descriptor() ([]byte, []int) { + return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 0} +} + +func (x *MeshAccessLog_Format) GetPlain() string { + if x != nil { + return x.Plain + } + return "" +} + +func (x *MeshAccessLog_Format) GetJson() *MeshAccessLog_Format_JsonValueArray { + if x != nil { + return x.Json + } + return nil +} + +// Backend defines logging backend. +type MeshAccessLog_TCPAccessLogBackend struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + Format *MeshAccessLog_Format `protobuf:"bytes,1,opt,name=format,proto3" json:"format,omitempty"` + // Type of the backend (Kuma ships with 'tcp' and 'file') + Address string `protobuf:"bytes,2,opt,name=address,proto3" json:"address,omitempty"` +} + +func (x *MeshAccessLog_TCPAccessLogBackend) Reset() { + *x = MeshAccessLog_TCPAccessLogBackend{} + if protoimpl.UnsafeEnabled { + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MeshAccessLog_TCPAccessLogBackend) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MeshAccessLog_TCPAccessLogBackend) ProtoMessage() {} + +func (x *MeshAccessLog_TCPAccessLogBackend) ProtoReflect() protoreflect.Message { + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MeshAccessLog_TCPAccessLogBackend.ProtoReflect.Descriptor instead. +func (*MeshAccessLog_TCPAccessLogBackend) Descriptor() ([]byte, []int) { + return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 1} +} + +func (x *MeshAccessLog_TCPAccessLogBackend) GetFormat() *MeshAccessLog_Format { + if x != nil { + return x.Format + } + return nil +} + +func (x *MeshAccessLog_TCPAccessLogBackend) GetAddress() string { + if x != nil { + return x.Address + } + return "" +} + +// FileBackend defines configuration for file based access logs +type MeshAccessLog_FileAccessLogBackend struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + Format *MeshAccessLog_Format `protobuf:"bytes,1,opt,name=format,proto3" json:"format,omitempty"` + // Path to a file that logs will be written to + Path string `protobuf:"bytes,2,opt,name=path,proto3" json:"path,omitempty"` +} + +func (x *MeshAccessLog_FileAccessLogBackend) Reset() { + *x = MeshAccessLog_FileAccessLogBackend{} + if protoimpl.UnsafeEnabled { + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MeshAccessLog_FileAccessLogBackend) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MeshAccessLog_FileAccessLogBackend) ProtoMessage() {} + +func (x *MeshAccessLog_FileAccessLogBackend) ProtoReflect() protoreflect.Message { + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MeshAccessLog_FileAccessLogBackend.ProtoReflect.Descriptor instead. +func (*MeshAccessLog_FileAccessLogBackend) Descriptor() ([]byte, []int) { + return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 2} +} + +func (x *MeshAccessLog_FileAccessLogBackend) GetFormat() *MeshAccessLog_Format { + if x != nil { + return x.Format + } + return nil +} + +func (x *MeshAccessLog_FileAccessLogBackend) GetPath() string { + if x != nil { + return x.Path + } + return "" +} + +type MeshAccessLog_ReferenceAccessLogBackend struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Kind string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"` + Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` +} + +func (x *MeshAccessLog_ReferenceAccessLogBackend) Reset() { + *x = MeshAccessLog_ReferenceAccessLogBackend{} + if protoimpl.UnsafeEnabled { + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MeshAccessLog_ReferenceAccessLogBackend) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MeshAccessLog_ReferenceAccessLogBackend) ProtoMessage() {} + +func (x *MeshAccessLog_ReferenceAccessLogBackend) ProtoReflect() protoreflect.Message { + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MeshAccessLog_ReferenceAccessLogBackend.ProtoReflect.Descriptor instead. +func (*MeshAccessLog_ReferenceAccessLogBackend) Descriptor() ([]byte, []int) { + return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 3} +} + +func (x *MeshAccessLog_ReferenceAccessLogBackend) GetKind() string { + if x != nil { + return x.Kind + } + return "" +} + +func (x *MeshAccessLog_ReferenceAccessLogBackend) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +type MeshAccessLog_Backend struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Tcp *MeshAccessLog_TCPAccessLogBackend `protobuf:"bytes,1,opt,name=tcp,proto3" json:"tcp,omitempty"` + File *MeshAccessLog_FileAccessLogBackend `protobuf:"bytes,2,opt,name=file,proto3" json:"file,omitempty"` + Reference *MeshAccessLog_ReferenceAccessLogBackend `protobuf:"bytes,3,opt,name=reference,proto3" json:"reference,omitempty"` +} + +func (x *MeshAccessLog_Backend) Reset() { + *x = MeshAccessLog_Backend{} + if protoimpl.UnsafeEnabled { + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MeshAccessLog_Backend) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MeshAccessLog_Backend) ProtoMessage() {} + +func (x *MeshAccessLog_Backend) ProtoReflect() protoreflect.Message { + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MeshAccessLog_Backend.ProtoReflect.Descriptor instead. +func (*MeshAccessLog_Backend) Descriptor() ([]byte, []int) { + return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 4} +} + +func (x *MeshAccessLog_Backend) GetTcp() *MeshAccessLog_TCPAccessLogBackend { + if x != nil { + return x.Tcp + } + return nil +} + +func (x *MeshAccessLog_Backend) GetFile() *MeshAccessLog_FileAccessLogBackend { + if x != nil { + return x.File + } + return nil +} + +func (x *MeshAccessLog_Backend) GetReference() *MeshAccessLog_ReferenceAccessLogBackend { + if x != nil { + return x.Reference + } + return nil +} + type MeshAccessLog_Conf struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields + + Backends []*MeshAccessLog_Backend `protobuf:"bytes,1,rep,name=backends,proto3" json:"backends,omitempty"` } func (x *MeshAccessLog_Conf) Reset() { *x = MeshAccessLog_Conf{} if protoimpl.UnsafeEnabled { - mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[1] + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -96,7 +404,7 @@ func (x *MeshAccessLog_Conf) String() string { func (*MeshAccessLog_Conf) ProtoMessage() {} func (x *MeshAccessLog_Conf) ProtoReflect() protoreflect.Message { - mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[1] + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[6] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -109,7 +417,230 @@ func (x *MeshAccessLog_Conf) ProtoReflect() protoreflect.Message { // Deprecated: Use MeshAccessLog_Conf.ProtoReflect.Descriptor instead. func (*MeshAccessLog_Conf) Descriptor() ([]byte, []int) { - return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 0} + return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 5} +} + +func (x *MeshAccessLog_Conf) GetBackends() []*MeshAccessLog_Backend { + if x != nil { + return x.Backends + } + return nil +} + +type MeshAccessLog_From struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // TargetRef is a reference to the resource that represents a group of clients. + TargetRef *v1alpha1.TargetRef `protobuf:"bytes,1,opt,name=targetRef,proto3" json:"targetRef,omitempty"` + // Default is a configuration specific to the group of clients referenced in 'targetRef' + Default *MeshAccessLog_Conf `protobuf:"bytes,2,opt,name=default,proto3" json:"default,omitempty"` +} + +func (x *MeshAccessLog_From) Reset() { + *x = MeshAccessLog_From{} + if protoimpl.UnsafeEnabled { + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MeshAccessLog_From) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MeshAccessLog_From) ProtoMessage() {} + +func (x *MeshAccessLog_From) ProtoReflect() protoreflect.Message { + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[7] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MeshAccessLog_From.ProtoReflect.Descriptor instead. +func (*MeshAccessLog_From) Descriptor() ([]byte, []int) { + return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 6} +} + +func (x *MeshAccessLog_From) GetTargetRef() *v1alpha1.TargetRef { + if x != nil { + return x.TargetRef + } + return nil +} + +func (x *MeshAccessLog_From) GetDefault() *MeshAccessLog_Conf { + if x != nil { + return x.Default + } + return nil +} + +type MeshAccessLog_To struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // TargetRef is a reference to the resource that represents a group of clients. + TargetRef *v1alpha1.TargetRef `protobuf:"bytes,1,opt,name=targetRef,proto3" json:"targetRef,omitempty"` + // Default is a configuration specific to the group of clients referenced in 'targetRef' + Default *MeshAccessLog_Conf `protobuf:"bytes,2,opt,name=default,proto3" json:"default,omitempty"` +} + +func (x *MeshAccessLog_To) Reset() { + *x = MeshAccessLog_To{} + if protoimpl.UnsafeEnabled { + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MeshAccessLog_To) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MeshAccessLog_To) ProtoMessage() {} + +func (x *MeshAccessLog_To) ProtoReflect() protoreflect.Message { + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[8] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MeshAccessLog_To.ProtoReflect.Descriptor instead. +func (*MeshAccessLog_To) Descriptor() ([]byte, []int) { + return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 7} +} + +func (x *MeshAccessLog_To) GetTargetRef() *v1alpha1.TargetRef { + if x != nil { + return x.TargetRef + } + return nil +} + +func (x *MeshAccessLog_To) GetDefault() *MeshAccessLog_Conf { + if x != nil { + return x.Default + } + return nil +} + +type MeshAccessLog_Format_JsonValue struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` + Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"` +} + +func (x *MeshAccessLog_Format_JsonValue) Reset() { + *x = MeshAccessLog_Format_JsonValue{} + if protoimpl.UnsafeEnabled { + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MeshAccessLog_Format_JsonValue) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MeshAccessLog_Format_JsonValue) ProtoMessage() {} + +func (x *MeshAccessLog_Format_JsonValue) ProtoReflect() protoreflect.Message { + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[9] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MeshAccessLog_Format_JsonValue.ProtoReflect.Descriptor instead. +func (*MeshAccessLog_Format_JsonValue) Descriptor() ([]byte, []int) { + return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 0, 0} +} + +func (x *MeshAccessLog_Format_JsonValue) GetKey() string { + if x != nil { + return x.Key + } + return "" +} + +func (x *MeshAccessLog_Format_JsonValue) GetValue() string { + if x != nil { + return x.Value + } + return "" +} + +type MeshAccessLog_Format_JsonValueArray struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Json []*MeshAccessLog_Format_JsonValue `protobuf:"bytes,1,rep,name=json,proto3" json:"json,omitempty"` +} + +func (x *MeshAccessLog_Format_JsonValueArray) Reset() { + *x = MeshAccessLog_Format_JsonValueArray{} + if protoimpl.UnsafeEnabled { + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MeshAccessLog_Format_JsonValueArray) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MeshAccessLog_Format_JsonValueArray) ProtoMessage() {} + +func (x *MeshAccessLog_Format_JsonValueArray) ProtoReflect() protoreflect.Message { + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[10] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MeshAccessLog_Format_JsonValueArray.ProtoReflect.Descriptor instead. +func (*MeshAccessLog_Format_JsonValueArray) Descriptor() ([]byte, []int) { + return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 0, 1} +} + +func (x *MeshAccessLog_Format_JsonValueArray) GetJson() []*MeshAccessLog_Format_JsonValue { + if x != nil { + return x.Json + } + return nil } var File_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto protoreflect.FileDescriptor @@ -127,20 +658,123 @@ var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_raw 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x72, 0x65, 0x66, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x15, 0x6b, 0x75, 0x6d, 0x61, 0x2d, 0x64, 0x6f, 0x63, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, - 0x5e, 0x0a, 0x0d, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, - 0x12, 0x3d, 0x0a, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, - 0x6e, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x61, 0x72, 0x67, 0x65, - 0x74, 0x52, 0x65, 0x66, 0x52, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x1a, - 0x06, 0x0a, 0x04, 0x43, 0x6f, 0x6e, 0x66, 0x3a, 0x06, 0xb2, 0x8c, 0x89, 0xa6, 0x01, 0x00, 0x42, - 0x6e, 0x5a, 0x46, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6b, 0x75, - 0x6d, 0x61, 0x68, 0x71, 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x6c, - 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2f, 0x6d, - 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2f, 0x61, 0x70, 0x69, - 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x8a, 0xb5, 0x18, 0x22, 0x50, 0x01, 0xa2, - 0x01, 0x0d, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0xf2, - 0x01, 0x0d, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x62, - 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0xd6, 0x0d, 0x0a, 0x0d, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, + 0x67, 0x12, 0x3d, 0x0a, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, + 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x61, 0x72, 0x67, + 0x65, 0x74, 0x52, 0x65, 0x66, 0x52, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, + 0x12, 0x54, 0x0a, 0x04, 0x66, 0x72, 0x6f, 0x6d, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, + 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, + 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, + 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, + 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x46, 0x72, 0x6f, 0x6d, + 0x52, 0x04, 0x66, 0x72, 0x6f, 0x6d, 0x12, 0x4e, 0x0a, 0x02, 0x74, 0x6f, 0x18, 0x04, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, + 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, + 0x54, 0x6f, 0x52, 0x02, 0x74, 0x6f, 0x1a, 0xc0, 0x02, 0x0a, 0x06, 0x46, 0x6f, 0x72, 0x6d, 0x61, + 0x74, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x12, 0x65, 0x0a, 0x04, 0x6a, 0x73, 0x6f, 0x6e, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x51, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, + 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, + 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, + 0x6f, 0x67, 0x2e, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x2e, 0x4a, 0x73, 0x6f, 0x6e, 0x56, 0x61, + 0x6c, 0x75, 0x65, 0x41, 0x72, 0x72, 0x61, 0x79, 0x52, 0x04, 0x6a, 0x73, 0x6f, 0x6e, 0x1a, 0x3f, + 0x0a, 0x09, 0x4a, 0x73, 0x6f, 0x6e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x16, 0x0a, 0x03, 0x6b, + 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x03, + 0x6b, 0x65, 0x79, 0x12, 0x1a, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x1a, + 0x78, 0x0a, 0x0e, 0x4a, 0x73, 0x6f, 0x6e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x41, 0x72, 0x72, 0x61, + 0x79, 0x12, 0x66, 0x0a, 0x04, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x4c, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, + 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, + 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x46, 0x6f, 0x72, + 0x6d, 0x61, 0x74, 0x2e, 0x4a, 0x73, 0x6f, 0x6e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x04, 0x88, + 0xb5, 0x18, 0x01, 0x52, 0x04, 0x6a, 0x73, 0x6f, 0x6e, 0x1a, 0x97, 0x01, 0x0a, 0x13, 0x54, 0x43, + 0x50, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, + 0x64, 0x12, 0x60, 0x0a, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x42, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, + 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, + 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x46, + 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x06, 0x66, 0x6f, 0x72, + 0x6d, 0x61, 0x74, 0x12, 0x1e, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, + 0x65, 0x73, 0x73, 0x1a, 0x92, 0x01, 0x0a, 0x14, 0x46, 0x69, 0x6c, 0x65, 0x41, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x60, 0x0a, 0x06, + 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x6b, + 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, + 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, + 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, + 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, + 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x18, + 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, 0xb5, + 0x18, 0x01, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x1a, 0x4f, 0x0a, 0x19, 0x52, 0x65, 0x66, 0x65, + 0x72, 0x65, 0x6e, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x42, 0x61, + 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x18, 0x0a, 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x12, + 0x18, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, + 0xb5, 0x18, 0x01, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x1a, 0xc7, 0x02, 0x0a, 0x07, 0x42, 0x61, + 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x61, 0x0a, 0x03, 0x74, 0x63, 0x70, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x4f, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, + 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, + 0x54, 0x43, 0x50, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x42, 0x61, 0x63, 0x6b, + 0x65, 0x6e, 0x64, 0x52, 0x03, 0x74, 0x63, 0x70, 0x12, 0x64, 0x0a, 0x04, 0x66, 0x69, 0x6c, 0x65, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x50, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, + 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, + 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, + 0x4c, 0x6f, 0x67, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, + 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x04, 0x66, 0x69, 0x6c, 0x65, 0x12, 0x73, + 0x0a, 0x09, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x55, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, + 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, + 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x52, + 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, + 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x09, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, + 0x6e, 0x63, 0x65, 0x1a, 0x6d, 0x0a, 0x04, 0x43, 0x6f, 0x6e, 0x66, 0x12, 0x65, 0x0a, 0x08, 0x62, + 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x43, 0x2e, + 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, + 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, + 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, + 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x42, 0x61, 0x63, 0x6b, 0x65, + 0x6e, 0x64, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x08, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, + 0x64, 0x73, 0x1a, 0xad, 0x01, 0x0a, 0x04, 0x46, 0x72, 0x6f, 0x6d, 0x12, 0x43, 0x0a, 0x09, 0x74, + 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, + 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x42, + 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, + 0x12, 0x60, 0x0a, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x40, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, + 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, + 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x43, + 0x6f, 0x6e, 0x66, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, + 0x6c, 0x74, 0x1a, 0xab, 0x01, 0x0a, 0x02, 0x54, 0x6f, 0x12, 0x43, 0x0a, 0x09, 0x74, 0x61, 0x72, + 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6b, + 0x75, 0x6d, 0x61, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0x2e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x42, 0x04, 0x88, + 0xb5, 0x18, 0x01, 0x52, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x12, 0x60, + 0x0a, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x40, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, + 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, + 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x43, 0x6f, 0x6e, + 0x66, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, + 0x3a, 0x06, 0xb2, 0x8c, 0x89, 0xa6, 0x01, 0x00, 0x42, 0x6e, 0x5a, 0x46, 0x67, 0x69, 0x74, 0x68, + 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x68, 0x71, 0x2f, 0x6b, 0x75, + 0x6d, 0x61, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2f, 0x70, + 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2f, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x31, 0x8a, 0xb5, 0x18, 0x22, 0x50, 0x01, 0xa2, 0x01, 0x0d, 0x4d, 0x65, 0x73, 0x68, 0x41, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0xf2, 0x01, 0x0d, 0x6d, 0x65, 0x73, 0x68, 0x61, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -155,19 +789,42 @@ func file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_ra return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescData } -var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes = make([]protoimpl.MessageInfo, 11) var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_goTypes = []interface{}{ - (*MeshAccessLog)(nil), // 0: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog - (*MeshAccessLog_Conf)(nil), // 1: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Conf - (*v1alpha1.TargetRef)(nil), // 2: kuma.common.v1alpha1.TargetRef + (*MeshAccessLog)(nil), // 0: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog + (*MeshAccessLog_Format)(nil), // 1: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format + (*MeshAccessLog_TCPAccessLogBackend)(nil), // 2: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.TCPAccessLogBackend + (*MeshAccessLog_FileAccessLogBackend)(nil), // 3: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.FileAccessLogBackend + (*MeshAccessLog_ReferenceAccessLogBackend)(nil), // 4: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.ReferenceAccessLogBackend + (*MeshAccessLog_Backend)(nil), // 5: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Backend + (*MeshAccessLog_Conf)(nil), // 6: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Conf + (*MeshAccessLog_From)(nil), // 7: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.From + (*MeshAccessLog_To)(nil), // 8: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.To + (*MeshAccessLog_Format_JsonValue)(nil), // 9: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format.JsonValue + (*MeshAccessLog_Format_JsonValueArray)(nil), // 10: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format.JsonValueArray + (*v1alpha1.TargetRef)(nil), // 11: kuma.common.v1alpha1.TargetRef } var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_depIdxs = []int32{ - 2, // 0: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.targetRef:type_name -> kuma.common.v1alpha1.TargetRef - 1, // [1:1] is the sub-list for method output_type - 1, // [1:1] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name + 11, // 0: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.targetRef:type_name -> kuma.common.v1alpha1.TargetRef + 7, // 1: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.from:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.From + 8, // 2: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.to:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.To + 10, // 3: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format.json:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format.JsonValueArray + 1, // 4: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.TCPAccessLogBackend.format:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format + 1, // 5: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.FileAccessLogBackend.format:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format + 2, // 6: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Backend.tcp:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.TCPAccessLogBackend + 3, // 7: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Backend.file:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.FileAccessLogBackend + 4, // 8: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Backend.reference:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.ReferenceAccessLogBackend + 5, // 9: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Conf.backends:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Backend + 11, // 10: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.From.targetRef:type_name -> kuma.common.v1alpha1.TargetRef + 6, // 11: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.From.default:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Conf + 11, // 12: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.To.targetRef:type_name -> kuma.common.v1alpha1.TargetRef + 6, // 13: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.To.default:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Conf + 9, // 14: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format.JsonValueArray.json:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format.JsonValue + 15, // [15:15] is the sub-list for method output_type + 15, // [15:15] is the sub-list for method input_type + 15, // [15:15] is the sub-list for extension type_name + 15, // [15:15] is the sub-list for extension extendee + 0, // [0:15] is the sub-list for field type_name } func init() { file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_init() } @@ -189,6 +846,66 @@ func file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_in } } file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MeshAccessLog_Format); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MeshAccessLog_TCPAccessLogBackend); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MeshAccessLog_FileAccessLogBackend); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MeshAccessLog_ReferenceAccessLogBackend); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MeshAccessLog_Backend); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*MeshAccessLog_Conf); i { case 0: return &v.state @@ -200,6 +917,54 @@ func file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_in return nil } } + file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MeshAccessLog_From); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MeshAccessLog_To); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MeshAccessLog_Format_JsonValue); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MeshAccessLog_Format_JsonValueArray); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } } type x struct{} out := protoimpl.TypeBuilder{ @@ -207,7 +972,7 @@ func file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_in GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDesc, NumEnums: 0, - NumMessages: 2, + NumMessages: 11, NumExtensions: 0, NumServices: 0, }, diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto index 7c532839450f..f6d25e2094ff 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto @@ -26,7 +26,71 @@ message MeshAccessLog { // defined inplace. kuma.common.v1alpha1.TargetRef targetRef = 1; + message Format { + message JsonValue { + string key = 1 [ (doc.required) = true ]; + string value = 2 [ (doc.required) = true ]; + } + + message JsonValueArray { + repeated JsonValue json = 1 [ (doc.required) = true ]; + } + + string plain = 1; + JsonValueArray json = 2; + } + + // Backend defines logging backend. + message TCPAccessLogBackend { + // Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + Format format = 1 [ (doc.required) = true ]; + + // Type of the backend (Kuma ships with 'tcp' and 'file') + string address = 2 [ (doc.required) = true ]; + } + + // FileBackend defines configuration for file based access logs + message FileAccessLogBackend { + // Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + Format format = 1 [ (doc.required) = true ]; + + // Path to a file that logs will be written to + string path = 2 [ (doc.required) = true ]; + } + + message ReferenceAccessLogBackend { + string kind = 1 [ (doc.required) = true ]; + string name = 2 [ (doc.required) = true ]; + } + + message Backend { + TCPAccessLogBackend tcp = 1; + FileAccessLogBackend file = 2; + ReferenceAccessLogBackend reference = 3; + } + message Conf { - // TODO add configuration fields + repeated Backend backends = 1 [ (doc.required) = true ]; + } + + message From { + // TargetRef is a reference to the resource that represents a group of clients. + kuma.common.v1alpha1.TargetRef targetRef = 1 [ (doc.required) = true ]; + + // Default is a configuration specific to the group of clients referenced in 'targetRef' + Conf default = 2 [ (doc.required) = true ]; } + + // From is a list of pairs – a group of clients and action applied for it + repeated From from = 3; + + message To { + // TargetRef is a reference to the resource that represents a group of clients. + kuma.common.v1alpha1.TargetRef targetRef = 1 [ (doc.required) = true ]; + + // Default is a configuration specific to the group of clients referenced in 'targetRef' + Conf default = 2 [ (doc.required) = true ]; + } + + repeated To to = 4; } diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/schema.yaml b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/schema.yaml index 542c1fe83c14..620201182f4f 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/schema.yaml +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/schema.yaml @@ -10,6 +10,103 @@ properties: name: description: 'Name of the Kuma resource' type: string + from: + description: From is a list of pairs – a group of clients and action applied for it + items: + properties: + default: + description: Default is a configuration specific to the group of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for file based access logs + properties: + format: + description: Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + plain: + type: string + type: object + path: + description: Path to a file that logs will be written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset to identify the service from another mesh. Could be useful when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset to define a subset of proxies + type: object + type: object + type: object + type: array targetRef: description: TargetRef is a reference to the resource the policy takes an effect on. The resource could be either a real store object or virtual resource defined inplace. properties: @@ -35,3 +132,99 @@ properties: description: Tags are used with MeshSubset and MeshServiceSubset to define a subset of proxies type: object type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for file based access logs + properties: + format: + description: Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + plain: + type: string + type: object + path: + description: Path to a file that logs will be written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset to identify the service from another mesh. Could be useful when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset to define a subset of proxies + type: object + type: object + type: object + type: array diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go index 257538771ad7..3e257b1c3a81 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go @@ -2,20 +2,120 @@ package v1alpha1 import ( common_proto "github.com/kumahq/kuma/api/common/v1alpha1" - matcher_validators "github.com/kumahq/kuma/pkg/plugins/policies/matchers/validators" "github.com/kumahq/kuma/pkg/core/validators" + matcher_validators "github.com/kumahq/kuma/pkg/plugins/policies/matchers/validators" ) func (r *MeshAccessLogResource) validate() error { var verr validators.ValidationError - path := validators.RootedAt("spec") + spec := validators.RootedAt("spec") + + r.validateTop(spec, &verr) + r.validateFrom(spec, &verr) + r.validateTo(spec, &verr) + r.validateIncompatibleCombinations(spec, &verr) + r.validateToOrFromDefined(spec, &verr) + + to := spec.Field("to") + for toIdx, toItem := range r.Spec.GetTo() { + toIndexed := to.Index(toIdx) + for backendIdx, backend := range toItem.GetDefault().GetBackends() { + backendIndexed := toIndexed.Field("default").Field("backend").Index(backendIdx) + + reference := bool2int(backend.GetReference() != nil) + file := bool2int(backend.GetFile() != nil) + tcp := bool2int(backend.GetTcp() != nil) + + if reference + file + tcp != 1 { + verr.AddViolationAt(backendIndexed, `backend can have only one type type defined: tcp, file, reference`) + } + + var formats []*MeshAccessLog_Format + formats = append(formats, backend.GetFile().Format) + formats = append(formats, backend.GetTcp().Format) + + for _, format := range formats { + plain := bool2int(format.GetPlain() != "") + json := bool2int(format.GetJson() != nil) + + if plain + json != 1 { + verr.AddViolationAt(backendIndexed, `format can only have one type defined: plain, json`) + } + } + } + } + + return verr.OrNil() +} - targetRefErr := matcher_validators.ValidateTargetRef(path.Field("targetRef"), r.Spec.GetTargetRef(), &matcher_validators.ValidateTargetRefOpts{ +func (r *MeshAccessLogResource) validateToOrFromDefined(spec validators.PathBuilder, verr *validators.ValidationError) { + if len(r.Spec.GetFrom()) == 0 && len(r.Spec.GetTo()) == 0 { + verr.AddViolationAt(spec, `at lest one of "from", "to" has to be defined`) + } +} + +func (r *MeshAccessLogResource) validateIncompatibleCombinations(spec validators.PathBuilder, verr *validators.ValidationError) { + to := spec.Field("to") + targetRef := r.Spec.GetTargetRef().GetKindEnum() + if targetRef == common_proto.TargetRef_MeshGatewayRoute && len(r.Spec.GetTo()) > 0 { + verr.AddViolationAt(to.Index(0), `cannot use "to" when "targetRef" is "MeshGatewayRoute" - there is no outbound`) + } + if targetRef == common_proto.TargetRef_MeshHTTPRoute && len(r.Spec.GetTo()) > 0 { + verr.AddViolationAt(to.Index(0), `cannot use "to" when "targetRef" is "MeshHTTPRoute" - "to" always goes to the application`) + } +} + +func (r *MeshAccessLogResource) validateTo(spec validators.PathBuilder, verr *validators.ValidationError) { + to := spec.Field("to") + for idx, toItem := range r.Spec.GetTo() { + targetRefErr := matcher_validators.ValidateTargetRef(to.Index(idx).Field("targetRef"), toItem.GetTargetRef(), &matcher_validators.ValidateTargetRefOpts{ + SupportedKinds: []common_proto.TargetRef_Kind{ + common_proto.TargetRef_Mesh, + common_proto.TargetRef_MeshSubset, + }, + }) + verr.AddError("", targetRefErr) + + if toItem.GetDefault() == nil { + verr.AddViolationAt(to.Index(idx).Field("default"), "cannot be nil") + } + } +} + +func (r *MeshAccessLogResource) validateFrom(spec validators.PathBuilder, verr *validators.ValidationError) { + from := spec.Field("from") + for idx, fromItem := range r.Spec.GetFrom() { + targetRefErr := matcher_validators.ValidateTargetRef(from.Index(idx).Field("targetRef"), fromItem.GetTargetRef(), &matcher_validators.ValidateTargetRefOpts{ + SupportedKinds: []common_proto.TargetRef_Kind{ + common_proto.TargetRef_Mesh, + }, + }) + verr.AddError("", targetRefErr) + + if fromItem.GetDefault() == nil { + verr.AddViolationAt(from.Index(idx).Field("default"), "cannot be nil") + } + } +} + +func (r *MeshAccessLogResource) validateTop(spec validators.PathBuilder, verr *validators.ValidationError) { + top := spec.Field("targetRef") + targetRefErr := matcher_validators.ValidateTargetRef(top, r.Spec.GetTargetRef(), &matcher_validators.ValidateTargetRefOpts{ SupportedKinds: []common_proto.TargetRef_Kind{ - // TODO add supported TargetRef kinds for this policy + common_proto.TargetRef_Mesh, + common_proto.TargetRef_MeshSubset, + common_proto.TargetRef_MeshService, + common_proto.TargetRef_MeshServiceSubset, + common_proto.TargetRef_MeshGatewayRoute, + common_proto.TargetRef_MeshHTTPRoute, }, }) verr.AddError("", targetRefErr) +} - return verr.OrNil() +func bool2int(b bool) int { + if b { + return 1 + } + return 0 } diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go new file mode 100644 index 000000000000..d44887bc5ce5 --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go @@ -0,0 +1,89 @@ +package v1alpha1_test + +import ( + "github.com/ghodss/yaml" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + + meshaccesslog_proto "github.com/kumahq/kuma/pkg/plugins/policies/meshaccesslog/api/v1alpha1" + util_proto "github.com/kumahq/kuma/pkg/util/proto" +) + +var _ = Describe("MeshAccessLog", func() { + Describe("Validate()", func() { + DescribeTable("should pass validation", + func(mtpYAML string) { + // setup + meshAccessLog := meshaccesslog_proto.NewMeshAccessLogResource() + + // when + err := util_proto.FromYAML([]byte(mtpYAML), meshAccessLog.Spec) + Expect(err).ToNot(HaveOccurred()) + // and + verr := meshAccessLog.Validate() + + // then + Expect(verr).To(BeNil()) + }, + Entry("example", ` +targetRef: + kind: MeshService + name: web-backend + tags: + kuma.io/zone: us-east +from: + - targetRef: + kind: MeshService + name: web-frontend + default: + backends: + - tcp: + conf: + format: + json: + - key: "start_time" + value: "%START_TIME%" + address: 127.0.0.1:5000 + - reference: + conf: + kind: MeshAccessLogBackend + name: file-backend +`), + ) + + type testCase struct { + inputYaml string + expected string + } + + DescribeTable("should validate all fields and return as much individual errors as possible", + func(given testCase) { + // setup + meshAccessLog := meshaccesslog_proto.NewMeshAccessLogResource() + + // when + err := util_proto.FromYAML([]byte(given.inputYaml), meshAccessLog.Spec) + Expect(err).ToNot(HaveOccurred()) + // and + verr := meshAccessLog.Validate() + actual, err := yaml.Marshal(verr) + Expect(err).ToNot(HaveOccurred()) + + // then + Expect(actual).To(MatchYAML(given.expected)) + }, + Entry("empty 'from' array", testCase{ + inputYaml: ` +targetRef: + kind: MeshService + name: backend +from: [] +`, + expected: ` +violations: + - field: spec.from + message: cannot be empty`, + }), + ) + }) +}) diff --git a/pkg/plugins/policies/meshaccesslog/k8s/crd/kuma.io_meshaccesslogs.yaml b/pkg/plugins/policies/meshaccesslog/k8s/crd/kuma.io_meshaccesslogs.yaml index 529d85fb49be..f9a6ee042f10 100644 --- a/pkg/plugins/policies/meshaccesslog/k8s/crd/kuma.io_meshaccesslogs.yaml +++ b/pkg/plugins/policies/meshaccesslog/k8s/crd/kuma.io_meshaccesslogs.yaml @@ -36,6 +36,114 @@ spec: spec: description: Spec is the specification of the Kuma MeshAccessLog resource. properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array targetRef: description: TargetRef is a reference to the resource the policy takes an effect on. The resource could be either a real store object or @@ -66,6 +174,112 @@ spec: to define a subset of proxies type: object type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array type: object type: object served: true From a9c4a73893ec4056624ee161a9b27aa94afe2535 Mon Sep 17 00:00:00 2001 From: slonka Date: Tue, 13 Sep 2022 10:15:56 +0200 Subject: [PATCH 03/27] feat(kumacp): update madr formats Signed-off-by: slonka --- docs/madr/decisions/008-mesh-logging.md | 58 ++++++++++++------------- 1 file changed, 27 insertions(+), 31 deletions(-) diff --git a/docs/madr/decisions/008-mesh-logging.md b/docs/madr/decisions/008-mesh-logging.md index 0fb9507e4315..1b940517b038 100644 --- a/docs/madr/decisions/008-mesh-logging.md +++ b/docs/madr/decisions/008-mesh-logging.md @@ -187,6 +187,9 @@ spec: name: file type: file conf: + format: + plain: + value: '{"start_time": "%START_TIME%"}' path: /tmp/access.log --- type: MeshAccessLog @@ -204,13 +207,17 @@ spec: name: web-frontend default: backends: - - type: tcp - conf: - address: 127.0.0.1:5000 - - type: reference - conf: - kind: MeshAccessLogBackend - name: file-backend + - tcp: + conf: + format: + json: + - key: "start_time" + value: "%START_TIME%" + address: 127.0.0.1:5000 + - reference: + conf: + kind: MeshAccessLogBackend + name: file-backend ``` ##### Positive Consequences @@ -411,8 +418,8 @@ New definition will look like this: backends: - name: logstash format: - type: string - value: '{"start_time": "%START_TIME%"}' + plain: + value: '{"start_time": "%START_TIME%"}' ``` And the new format type could be specified by a `type` parameter with a value of `json`: @@ -421,8 +428,7 @@ And the new format type could be specified by a `type` parameter with a value of backends: - name: logstash format: - type: json - value: + json: - key: "start_time" value: "%START_TIME%" ``` @@ -565,8 +571,7 @@ name: logstash-backend mesh: default spec: name: logstash - type: tcp - conf: + tcp: address: 127.0.0.1:5000 --- type: MeshAccessLogBackend @@ -574,8 +579,7 @@ name: file-backend mesh: default spec: name: file - type: file - conf: + file: path: /tmp/access.log --- type: MeshAccessLog @@ -591,8 +595,7 @@ spec: name: default default: backends: - - type: reference - conf: + - reference: kind: MeshAccessLogBackend name: logstash-backend to: @@ -601,8 +604,7 @@ spec: name: default default: backends: - - type: reference - conf: + - reference: kind: MeshAccessLogBackend name: logstash-backend --- @@ -619,8 +621,7 @@ spec: name: web-backend default: backends: - - type: reference - conf: + - reference: kind: MeshAccessLogBackend name: file-backend ``` @@ -652,8 +653,7 @@ spec: kind: Mesh default: backends: - - type: tcp - conf: + - tcp: address: 127.0.0.1:5000 ``` @@ -670,8 +670,7 @@ name: logstash-backend mesh: default spec: name: logstash-zone-a - type: tcp - conf: + tcp: address: 127.0.0.1:5000 --- type: MeshAccessLogBackend @@ -679,8 +678,7 @@ name: file-backend mesh: default spec: name: logstash-zone-b - type: tcp - conf: + tcp: address: 127.0.0.2:5000 --- type: MeshAccessLog @@ -697,8 +695,7 @@ spec: name: default default: backends: - - type: reference - conf: + - reference: kind: MeshAccessLogBackend name: logstash-zone-a --- @@ -716,8 +713,7 @@ spec: name: default default: backends: - - type: reference - conf: + - reference: kind: MeshAccessLogBackend name: logstash-zone-b ``` From e871718ad3d357937a21e57cb721a7cf8285740e Mon Sep 17 00:00:00 2001 From: slonka Date: Tue, 13 Sep 2022 11:05:36 +0200 Subject: [PATCH 04/27] feat(kumacp): make full mesh access log example pass validator Signed-off-by: slonka --- .../kuma/crds/kuma.io_meshaccesslogs.yaml | 76 +++-- docs/madr/decisions/008-mesh-logging.md | 8 +- .../api/v1alpha1/meshaccesslog.pb.go | 268 +++++++----------- .../api/v1alpha1/meshaccesslog.proto | 6 +- .../meshaccesslog/api/v1alpha1/schema.yaml | 76 +++-- .../meshaccesslog/api/v1alpha1/suite_test.go | 11 + .../meshaccesslog/api/v1alpha1/validator.go | 10 +- .../api/v1alpha1/validator_test.go | 49 ++-- .../k8s/crd/kuma.io_meshaccesslogs.yaml | 76 +++-- 9 files changed, 244 insertions(+), 336 deletions(-) create mode 100644 pkg/plugins/policies/meshaccesslog/api/v1alpha1/suite_test.go diff --git a/deployments/charts/kuma/crds/kuma.io_meshaccesslogs.yaml b/deployments/charts/kuma/crds/kuma.io_meshaccesslogs.yaml index f9a6ee042f10..7b8ee284a70b 100644 --- a/deployments/charts/kuma/crds/kuma.io_meshaccesslogs.yaml +++ b/deployments/charts/kuma/crds/kuma.io_meshaccesslogs.yaml @@ -57,17 +57,14 @@ spec: available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log properties: json: - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - type: object + items: + properties: + key: + type: string + value: + type: string + type: object + type: array plain: type: string type: object @@ -95,17 +92,14 @@ spec: available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log properties: json: - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - type: object + items: + properties: + key: + type: string + value: + type: string + type: object + type: array plain: type: string type: object @@ -193,17 +187,14 @@ spec: available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log properties: json: - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - type: object + items: + properties: + key: + type: string + value: + type: string + type: object + type: array plain: type: string type: object @@ -231,17 +222,14 @@ spec: available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log properties: json: - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - type: object + items: + properties: + key: + type: string + value: + type: string + type: object + type: array plain: type: string type: object diff --git a/docs/madr/decisions/008-mesh-logging.md b/docs/madr/decisions/008-mesh-logging.md index 1b940517b038..94c2a0940421 100644 --- a/docs/madr/decisions/008-mesh-logging.md +++ b/docs/madr/decisions/008-mesh-logging.md @@ -188,8 +188,7 @@ spec: type: file conf: format: - plain: - value: '{"start_time": "%START_TIME%"}' + plain: '{"start_time": "%START_TIME%"}' path: /tmp/access.log --- type: MeshAccessLog @@ -199,8 +198,6 @@ spec: targetRef: kind: MeshService name: web-backend - tags: - kuma.io/zone: us-east from: - targetRef: kind: MeshService @@ -418,8 +415,7 @@ New definition will look like this: backends: - name: logstash format: - plain: - value: '{"start_time": "%START_TIME%"}' + plain: '{"start_time": "%START_TIME%"}' ``` And the new format type could be specified by a `type` parameter with a value of `json`: diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go index 58de79bc0bb4..efe45209b882 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go @@ -96,8 +96,8 @@ type MeshAccessLog_Format struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Plain string `protobuf:"bytes,1,opt,name=plain,proto3" json:"plain,omitempty"` - Json *MeshAccessLog_Format_JsonValueArray `protobuf:"bytes,2,opt,name=json,proto3" json:"json,omitempty"` + Plain string `protobuf:"bytes,1,opt,name=plain,proto3" json:"plain,omitempty"` + Json []*MeshAccessLog_Format_JsonValue `protobuf:"bytes,2,rep,name=json,proto3" json:"json,omitempty"` } func (x *MeshAccessLog_Format) Reset() { @@ -139,7 +139,7 @@ func (x *MeshAccessLog_Format) GetPlain() string { return "" } -func (x *MeshAccessLog_Format) GetJson() *MeshAccessLog_Format_JsonValueArray { +func (x *MeshAccessLog_Format) GetJson() []*MeshAccessLog_Format_JsonValue { if x != nil { return x.Json } @@ -596,53 +596,6 @@ func (x *MeshAccessLog_Format_JsonValue) GetValue() string { return "" } -type MeshAccessLog_Format_JsonValueArray struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Json []*MeshAccessLog_Format_JsonValue `protobuf:"bytes,1,rep,name=json,proto3" json:"json,omitempty"` -} - -func (x *MeshAccessLog_Format_JsonValueArray) Reset() { - *x = MeshAccessLog_Format_JsonValueArray{} - if protoimpl.UnsafeEnabled { - mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MeshAccessLog_Format_JsonValueArray) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MeshAccessLog_Format_JsonValueArray) ProtoMessage() {} - -func (x *MeshAccessLog_Format_JsonValueArray) ProtoReflect() protoreflect.Message { - mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MeshAccessLog_Format_JsonValueArray.ProtoReflect.Descriptor instead. -func (*MeshAccessLog_Format_JsonValueArray) Descriptor() ([]byte, []int) { - return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 0, 1} -} - -func (x *MeshAccessLog_Format_JsonValueArray) GetJson() []*MeshAccessLog_Format_JsonValue { - if x != nil { - return x.Json - } - return nil -} - var File_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto protoreflect.FileDescriptor var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDesc = []byte{ @@ -658,7 +611,7 @@ var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_raw 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x72, 0x65, 0x66, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x15, 0x6b, 0x75, 0x6d, 0x61, 0x2d, 0x64, 0x6f, 0x63, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, - 0xd6, 0x0d, 0x0a, 0x0d, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, + 0xd7, 0x0c, 0x0a, 0x0d, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x12, 0x3d, 0x0a, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x61, 0x72, 0x67, @@ -673,108 +626,101 @@ var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_raw 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, - 0x54, 0x6f, 0x52, 0x02, 0x74, 0x6f, 0x1a, 0xc0, 0x02, 0x0a, 0x06, 0x46, 0x6f, 0x72, 0x6d, 0x61, + 0x54, 0x6f, 0x52, 0x02, 0x74, 0x6f, 0x1a, 0xc1, 0x01, 0x0a, 0x06, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x05, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x12, 0x65, 0x0a, 0x04, 0x6a, 0x73, 0x6f, 0x6e, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x51, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, + 0x52, 0x05, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x12, 0x60, 0x0a, 0x04, 0x6a, 0x73, 0x6f, 0x6e, 0x18, + 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x4c, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x2e, 0x4a, 0x73, 0x6f, 0x6e, 0x56, 0x61, - 0x6c, 0x75, 0x65, 0x41, 0x72, 0x72, 0x61, 0x79, 0x52, 0x04, 0x6a, 0x73, 0x6f, 0x6e, 0x1a, 0x3f, - 0x0a, 0x09, 0x4a, 0x73, 0x6f, 0x6e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x16, 0x0a, 0x03, 0x6b, - 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x03, - 0x6b, 0x65, 0x79, 0x12, 0x1a, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x1a, - 0x78, 0x0a, 0x0e, 0x4a, 0x73, 0x6f, 0x6e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x41, 0x72, 0x72, 0x61, - 0x79, 0x12, 0x66, 0x0a, 0x04, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x4c, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, - 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, - 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, - 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x46, 0x6f, 0x72, - 0x6d, 0x61, 0x74, 0x2e, 0x4a, 0x73, 0x6f, 0x6e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x04, 0x88, - 0xb5, 0x18, 0x01, 0x52, 0x04, 0x6a, 0x73, 0x6f, 0x6e, 0x1a, 0x97, 0x01, 0x0a, 0x13, 0x54, 0x43, - 0x50, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, - 0x64, 0x12, 0x60, 0x0a, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x42, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, - 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, - 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, - 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x46, - 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x06, 0x66, 0x6f, 0x72, - 0x6d, 0x61, 0x74, 0x12, 0x1e, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, - 0x65, 0x73, 0x73, 0x1a, 0x92, 0x01, 0x0a, 0x14, 0x46, 0x69, 0x6c, 0x65, 0x41, 0x63, 0x63, 0x65, - 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x60, 0x0a, 0x06, - 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x6b, - 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, - 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, - 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, - 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, - 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x18, - 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, 0xb5, - 0x18, 0x01, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x1a, 0x4f, 0x0a, 0x19, 0x52, 0x65, 0x66, 0x65, - 0x72, 0x65, 0x6e, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x42, 0x61, - 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x18, 0x0a, 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x12, - 0x18, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, - 0xb5, 0x18, 0x01, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x1a, 0xc7, 0x02, 0x0a, 0x07, 0x42, 0x61, - 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x61, 0x0a, 0x03, 0x74, 0x63, 0x70, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x4f, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, + 0x6c, 0x75, 0x65, 0x52, 0x04, 0x6a, 0x73, 0x6f, 0x6e, 0x1a, 0x3f, 0x0a, 0x09, 0x4a, 0x73, 0x6f, + 0x6e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x16, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x1a, + 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, + 0xb5, 0x18, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x1a, 0x97, 0x01, 0x0a, 0x13, 0x54, + 0x43, 0x50, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, + 0x6e, 0x64, 0x12, 0x60, 0x0a, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, - 0x54, 0x43, 0x50, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x42, 0x61, 0x63, 0x6b, - 0x65, 0x6e, 0x64, 0x52, 0x03, 0x74, 0x63, 0x70, 0x12, 0x64, 0x0a, 0x04, 0x66, 0x69, 0x6c, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x50, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, - 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, - 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, - 0x4c, 0x6f, 0x67, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, - 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x04, 0x66, 0x69, 0x6c, 0x65, 0x12, 0x73, - 0x0a, 0x09, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x55, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, - 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, - 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, - 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x52, - 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, - 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x09, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, - 0x6e, 0x63, 0x65, 0x1a, 0x6d, 0x0a, 0x04, 0x43, 0x6f, 0x6e, 0x66, 0x12, 0x65, 0x0a, 0x08, 0x62, - 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x43, 0x2e, + 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x06, 0x66, 0x6f, + 0x72, 0x6d, 0x61, 0x74, 0x12, 0x1e, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x07, 0x61, 0x64, 0x64, + 0x72, 0x65, 0x73, 0x73, 0x1a, 0x92, 0x01, 0x0a, 0x14, 0x46, 0x69, 0x6c, 0x65, 0x41, 0x63, 0x63, + 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x60, 0x0a, + 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, - 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x42, 0x61, 0x63, 0x6b, 0x65, - 0x6e, 0x64, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x08, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, - 0x64, 0x73, 0x1a, 0xad, 0x01, 0x0a, 0x04, 0x46, 0x72, 0x6f, 0x6d, 0x12, 0x43, 0x0a, 0x09, 0x74, - 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, - 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x42, - 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, - 0x12, 0x60, 0x0a, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x40, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, - 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, - 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, - 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x43, - 0x6f, 0x6e, 0x66, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, - 0x6c, 0x74, 0x1a, 0xab, 0x01, 0x0a, 0x02, 0x54, 0x6f, 0x12, 0x43, 0x0a, 0x09, 0x74, 0x61, 0x72, - 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6b, - 0x75, 0x6d, 0x61, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x31, 0x2e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x42, 0x04, 0x88, - 0xb5, 0x18, 0x01, 0x52, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x12, 0x60, - 0x0a, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x40, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, - 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, - 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, - 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x43, 0x6f, 0x6e, - 0x66, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, - 0x3a, 0x06, 0xb2, 0x8c, 0x89, 0xa6, 0x01, 0x00, 0x42, 0x6e, 0x5a, 0x46, 0x67, 0x69, 0x74, 0x68, - 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x68, 0x71, 0x2f, 0x6b, 0x75, - 0x6d, 0x61, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2f, 0x70, - 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2f, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, - 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x31, 0x8a, 0xb5, 0x18, 0x22, 0x50, 0x01, 0xa2, 0x01, 0x0d, 0x4d, 0x65, 0x73, 0x68, 0x41, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0xf2, 0x01, 0x0d, 0x6d, 0x65, 0x73, 0x68, 0x61, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x46, 0x6f, 0x72, 0x6d, 0x61, + 0x74, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, + 0x18, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, + 0xb5, 0x18, 0x01, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x1a, 0x4f, 0x0a, 0x19, 0x52, 0x65, 0x66, + 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x42, + 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x18, 0x0a, 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x04, 0x6b, 0x69, 0x6e, 0x64, + 0x12, 0x18, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, + 0x88, 0xb5, 0x18, 0x01, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x1a, 0xc7, 0x02, 0x0a, 0x07, 0x42, + 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x61, 0x0a, 0x03, 0x74, 0x63, 0x70, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x4f, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, + 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, + 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, + 0x2e, 0x54, 0x43, 0x50, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x42, 0x61, 0x63, + 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x03, 0x74, 0x63, 0x70, 0x12, 0x64, 0x0a, 0x04, 0x66, 0x69, 0x6c, + 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x50, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, + 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, + 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, + 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, + 0x6f, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x04, 0x66, 0x69, 0x6c, 0x65, 0x12, + 0x73, 0x0a, 0x09, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x55, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, + 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, + 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, + 0x6f, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x09, 0x72, 0x65, 0x66, 0x65, 0x72, + 0x65, 0x6e, 0x63, 0x65, 0x1a, 0x6d, 0x0a, 0x04, 0x43, 0x6f, 0x6e, 0x66, 0x12, 0x65, 0x0a, 0x08, + 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x43, + 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, + 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, + 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, + 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x42, 0x61, 0x63, 0x6b, + 0x65, 0x6e, 0x64, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x08, 0x62, 0x61, 0x63, 0x6b, 0x65, + 0x6e, 0x64, 0x73, 0x1a, 0xad, 0x01, 0x0a, 0x04, 0x46, 0x72, 0x6f, 0x6d, 0x12, 0x43, 0x0a, 0x09, + 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x1f, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, + 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, + 0x66, 0x12, 0x60, 0x0a, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, + 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, + 0x43, 0x6f, 0x6e, 0x66, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x07, 0x64, 0x65, 0x66, 0x61, + 0x75, 0x6c, 0x74, 0x1a, 0xab, 0x01, 0x0a, 0x02, 0x54, 0x6f, 0x12, 0x43, 0x0a, 0x09, 0x74, 0x61, + 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, + 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x42, 0x04, + 0x88, 0xb5, 0x18, 0x01, 0x52, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x12, + 0x60, 0x0a, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x40, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, + 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, + 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, + 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x43, 0x6f, + 0x6e, 0x66, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, + 0x74, 0x3a, 0x06, 0xb2, 0x8c, 0x89, 0xa6, 0x01, 0x00, 0x42, 0x6e, 0x5a, 0x46, 0x67, 0x69, 0x74, + 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x68, 0x71, 0x2f, 0x6b, + 0x75, 0x6d, 0x61, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2f, + 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2f, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, + 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0x8a, 0xb5, 0x18, 0x22, 0x50, 0x01, 0xa2, 0x01, 0x0d, 0x4d, 0x65, 0x73, 0x68, + 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0xf2, 0x01, 0x0d, 0x6d, 0x65, 0x73, 0x68, + 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x33, } var ( @@ -789,7 +735,7 @@ func file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_ra return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescData } -var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes = make([]protoimpl.MessageInfo, 11) +var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes = make([]protoimpl.MessageInfo, 10) var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_goTypes = []interface{}{ (*MeshAccessLog)(nil), // 0: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog (*MeshAccessLog_Format)(nil), // 1: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format @@ -801,30 +747,28 @@ var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_goT (*MeshAccessLog_From)(nil), // 7: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.From (*MeshAccessLog_To)(nil), // 8: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.To (*MeshAccessLog_Format_JsonValue)(nil), // 9: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format.JsonValue - (*MeshAccessLog_Format_JsonValueArray)(nil), // 10: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format.JsonValueArray - (*v1alpha1.TargetRef)(nil), // 11: kuma.common.v1alpha1.TargetRef + (*v1alpha1.TargetRef)(nil), // 10: kuma.common.v1alpha1.TargetRef } var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_depIdxs = []int32{ - 11, // 0: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.targetRef:type_name -> kuma.common.v1alpha1.TargetRef + 10, // 0: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.targetRef:type_name -> kuma.common.v1alpha1.TargetRef 7, // 1: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.from:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.From 8, // 2: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.to:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.To - 10, // 3: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format.json:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format.JsonValueArray + 9, // 3: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format.json:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format.JsonValue 1, // 4: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.TCPAccessLogBackend.format:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format 1, // 5: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.FileAccessLogBackend.format:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format 2, // 6: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Backend.tcp:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.TCPAccessLogBackend 3, // 7: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Backend.file:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.FileAccessLogBackend 4, // 8: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Backend.reference:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.ReferenceAccessLogBackend 5, // 9: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Conf.backends:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Backend - 11, // 10: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.From.targetRef:type_name -> kuma.common.v1alpha1.TargetRef + 10, // 10: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.From.targetRef:type_name -> kuma.common.v1alpha1.TargetRef 6, // 11: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.From.default:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Conf - 11, // 12: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.To.targetRef:type_name -> kuma.common.v1alpha1.TargetRef + 10, // 12: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.To.targetRef:type_name -> kuma.common.v1alpha1.TargetRef 6, // 13: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.To.default:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Conf - 9, // 14: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format.JsonValueArray.json:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format.JsonValue - 15, // [15:15] is the sub-list for method output_type - 15, // [15:15] is the sub-list for method input_type - 15, // [15:15] is the sub-list for extension type_name - 15, // [15:15] is the sub-list for extension extendee - 0, // [0:15] is the sub-list for field type_name + 14, // [14:14] is the sub-list for method output_type + 14, // [14:14] is the sub-list for method input_type + 14, // [14:14] is the sub-list for extension type_name + 14, // [14:14] is the sub-list for extension extendee + 0, // [0:14] is the sub-list for field type_name } func init() { file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_init() } @@ -953,18 +897,6 @@ func file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_in return nil } } - file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MeshAccessLog_Format_JsonValueArray); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } } type x struct{} out := protoimpl.TypeBuilder{ @@ -972,7 +904,7 @@ func file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_in GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDesc, NumEnums: 0, - NumMessages: 11, + NumMessages: 10, NumExtensions: 0, NumServices: 0, }, diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto index f6d25e2094ff..3ceef3ee5fec 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto @@ -32,12 +32,8 @@ message MeshAccessLog { string value = 2 [ (doc.required) = true ]; } - message JsonValueArray { - repeated JsonValue json = 1 [ (doc.required) = true ]; - } - string plain = 1; - JsonValueArray json = 2; + repeated JsonValue json = 2; } // Backend defines logging backend. diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/schema.yaml b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/schema.yaml index 620201182f4f..0079f3b52144 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/schema.yaml +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/schema.yaml @@ -27,17 +27,14 @@ properties: description: Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log properties: json: - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - type: object + items: + properties: + key: + type: string + value: + type: string + type: object + type: array plain: type: string type: object @@ -62,17 +59,14 @@ properties: description: Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log properties: json: - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - type: object + items: + properties: + key: + type: string + value: + type: string + type: object + type: array plain: type: string type: object @@ -148,17 +142,14 @@ properties: description: Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log properties: json: - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - type: object + items: + properties: + key: + type: string + value: + type: string + type: object + type: array plain: type: string type: object @@ -183,17 +174,14 @@ properties: description: Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log properties: json: - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - type: object + items: + properties: + key: + type: string + value: + type: string + type: object + type: array plain: type: string type: object diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/suite_test.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/suite_test.go new file mode 100644 index 000000000000..f0d9d6340c3e --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/suite_test.go @@ -0,0 +1,11 @@ +package v1alpha1_test + +import ( + "testing" + + "github.com/kumahq/kuma/pkg/test" +) + +func TestCommonAPI(t *testing.T) { + test.RunSpecs(t, "MeshAccessLog Suite") +} diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go index 3e257b1c3a81..23e7d93a05d0 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go @@ -31,8 +31,12 @@ func (r *MeshAccessLogResource) validate() error { } var formats []*MeshAccessLog_Format - formats = append(formats, backend.GetFile().Format) - formats = append(formats, backend.GetTcp().Format) + if backend.GetFile() != nil { + formats = append(formats, backend.GetFile().Format) + } + if backend.GetTcp() != nil { + formats = append(formats, backend.GetTcp().Format) + } for _, format := range formats { plain := bool2int(format.GetPlain() != "") @@ -71,7 +75,7 @@ func (r *MeshAccessLogResource) validateTo(spec validators.PathBuilder, verr *va targetRefErr := matcher_validators.ValidateTargetRef(to.Index(idx).Field("targetRef"), toItem.GetTargetRef(), &matcher_validators.ValidateTargetRefOpts{ SupportedKinds: []common_proto.TargetRef_Kind{ common_proto.TargetRef_Mesh, - common_proto.TargetRef_MeshSubset, + common_proto.TargetRef_MeshService, }, }) verr.AddError("", targetRefErr) diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go index d44887bc5ce5..4127b489e242 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go @@ -25,31 +25,37 @@ var _ = Describe("MeshAccessLog", func() { // then Expect(verr).To(BeNil()) }, - Entry("example", ` + Entry("mesh from/to example", ` targetRef: kind: MeshService - name: web-backend - tags: - kuma.io/zone: us-east + name: web-frontend from: - targetRef: - kind: MeshService - name: web-frontend + kind: Mesh + name: default default: backends: - tcp: - conf: - format: - json: - - key: "start_time" - value: "%START_TIME%" - address: 127.0.0.1:5000 + format: + json: + - key: "start_time" + value: "%START_TIME%" + address: 127.0.0.1:5000 - reference: - conf: - kind: MeshAccessLogBackend - name: file-backend + kind: MeshAccessLogBackend + name: file-backend +to: + - targetRef: + kind: MeshService + name: web-backend + default: + backends: + - file: + format: + plain: '{"start_time": "%START_TIME%"}' + path: '/tmp/logs.txt' `), - ) + ) type testCase struct { inputYaml string @@ -72,17 +78,16 @@ from: // then Expect(actual).To(MatchYAML(given.expected)) }, - Entry("empty 'from' array", testCase{ + Entry("empty 'from' and 'to' array", testCase{ inputYaml: ` targetRef: - kind: MeshService - name: backend -from: [] + kind: Mesh + name: default `, expected: ` violations: - - field: spec.from - message: cannot be empty`, + - field: spec + message: at lest one of "from", "to" has to be defined`, }), ) }) diff --git a/pkg/plugins/policies/meshaccesslog/k8s/crd/kuma.io_meshaccesslogs.yaml b/pkg/plugins/policies/meshaccesslog/k8s/crd/kuma.io_meshaccesslogs.yaml index f9a6ee042f10..7b8ee284a70b 100644 --- a/pkg/plugins/policies/meshaccesslog/k8s/crd/kuma.io_meshaccesslogs.yaml +++ b/pkg/plugins/policies/meshaccesslog/k8s/crd/kuma.io_meshaccesslogs.yaml @@ -57,17 +57,14 @@ spec: available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log properties: json: - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - type: object + items: + properties: + key: + type: string + value: + type: string + type: object + type: array plain: type: string type: object @@ -95,17 +92,14 @@ spec: available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log properties: json: - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - type: object + items: + properties: + key: + type: string + value: + type: string + type: object + type: array plain: type: string type: object @@ -193,17 +187,14 @@ spec: available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log properties: json: - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - type: object + items: + properties: + key: + type: string + value: + type: string + type: object + type: array plain: type: string type: object @@ -231,17 +222,14 @@ spec: available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log properties: json: - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - type: object + items: + properties: + key: + type: string + value: + type: string + type: object + type: array plain: type: string type: object From 10096a08af85866077760302afaad9f60ddafffa Mon Sep 17 00:00:00 2001 From: slonka Date: Tue, 13 Sep 2022 11:34:06 +0200 Subject: [PATCH 05/27] feat(kumacp): more validations Signed-off-by: slonka --- .../meshaccesslog/api/v1alpha1/validator.go | 76 +++++++++++++------ .../api/v1alpha1/validator_test.go | 33 ++++++++ .../api/v1alpha1/zz_generated.resource.go | 24 +++--- 3 files changed, 96 insertions(+), 37 deletions(-) diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go index 23e7d93a05d0..3bcbb54278b2 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go @@ -16,40 +16,54 @@ func (r *MeshAccessLogResource) validate() error { r.validateIncompatibleCombinations(spec, &verr) r.validateToOrFromDefined(spec, &verr) - to := spec.Field("to") - for toIdx, toItem := range r.Spec.GetTo() { - toIndexed := to.Index(toIdx) - for backendIdx, backend := range toItem.GetDefault().GetBackends() { - backendIndexed := toIndexed.Field("default").Field("backend").Index(backendIdx) - reference := bool2int(backend.GetReference() != nil) - file := bool2int(backend.GetFile() != nil) - tcp := bool2int(backend.GetTcp() != nil) + return verr.OrNil() +} - if reference + file + tcp != 1 { - verr.AddViolationAt(backendIndexed, `backend can have only one type type defined: tcp, file, reference`) - } +func (r *MeshAccessLogResource) validateBackend(backend *MeshAccessLog_Backend, verr *validators.ValidationError, backendIndexed validators.PathBuilder) { + reference := bool2int(backend.GetReference() != nil) + file := bool2int(backend.GetFile() != nil) + tcp := bool2int(backend.GetTcp() != nil) - var formats []*MeshAccessLog_Format - if backend.GetFile() != nil { - formats = append(formats, backend.GetFile().Format) - } - if backend.GetTcp() != nil { - formats = append(formats, backend.GetTcp().Format) - } + if reference+file+tcp != 1 { + verr.AddViolationAt(backendIndexed, `backend can have only one type type defined: tcp, file, reference`) + } - for _, format := range formats { - plain := bool2int(format.GetPlain() != "") - json := bool2int(format.GetJson() != nil) + r.validateFormats(backend, verr, backendIndexed) - if plain + json != 1 { - verr.AddViolationAt(backendIndexed, `format can only have one type defined: plain, json`) + if backend.GetFile() != nil && backend.GetFile().Path == "" { + verr.AddViolationAt(backendIndexed.Field("file").Field("path"), `file backend requires a path`) + } +} + +func (r *MeshAccessLogResource) validateFormats(backend *MeshAccessLog_Backend, verr *validators.ValidationError, backendIndexed validators.PathBuilder) { + var formats []*MeshAccessLog_Format + if backend.GetFile() != nil { + formats = append(formats, backend.GetFile().Format) + } + if backend.GetTcp() != nil { + formats = append(formats, backend.GetTcp().Format) + } + for _, format := range formats { + plain := bool2int(format.GetPlain() != "") + json := bool2int(format.GetJson() != nil) + + if plain+json > 1 { + verr.AddViolationAt(backendIndexed, `format can only have one type defined: plain, json`) + } + + if format.GetJson() != nil { + for idx, field := range format.GetJson() { + indexedField := backendIndexed.Field("json").Index(idx) + if field.GetKey() == "" { + verr.AddViolationAt(indexedField.Field("key"), `key cannot be empty`) + } + if field.GetValue() == "" { + verr.AddViolationAt(indexedField.Field("value"), `value cannot be empty`) } } } } - - return verr.OrNil() } func (r *MeshAccessLogResource) validateToOrFromDefined(spec validators.PathBuilder, verr *validators.ValidationError) { @@ -83,6 +97,12 @@ func (r *MeshAccessLogResource) validateTo(spec validators.PathBuilder, verr *va if toItem.GetDefault() == nil { verr.AddViolationAt(to.Index(idx).Field("default"), "cannot be nil") } + + toIndexed := to.Index(idx) + for backendIdx, backend := range toItem.GetDefault().GetBackends() { + backendIndexed := toIndexed.Field("default").Field("backend").Index(backendIdx) + r.validateBackend(backend, verr, backendIndexed) + } } } @@ -99,6 +119,12 @@ func (r *MeshAccessLogResource) validateFrom(spec validators.PathBuilder, verr * if fromItem.GetDefault() == nil { verr.AddViolationAt(from.Index(idx).Field("default"), "cannot be nil") } + + toIndexed := from.Index(idx) + for backendIdx, backend := range fromItem.GetDefault().GetBackends() { + backendIndexed := toIndexed.Field("default").Field("backend").Index(backendIdx) + r.validateBackend(backend, verr, backendIndexed) + } } } diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go index 4127b489e242..fdf79a008d6e 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go @@ -54,6 +54,19 @@ to: format: plain: '{"start_time": "%START_TIME%"}' path: '/tmp/logs.txt' +`), + Entry("empty format", ` +targetRef: + kind: MeshService + name: web-frontend +from: + - targetRef: + kind: Mesh + name: default + default: + backends: + - file: + path: '/tmp/logs.txt' `), ) @@ -89,6 +102,26 @@ violations: - field: spec message: at lest one of "from", "to" has to be defined`, }), + Entry("empty 'path'", testCase{ + inputYaml: ` +targetRef: + kind: MeshService + name: web-frontend +from: + - targetRef: + kind: Mesh + name: default + default: + backends: + - file: + format: + plain: '{"start_time": "%START_TIME%"}' +`, + expected: ` +violations: + - field: spec.from[0].default.backend[0].file.path + message: file backend requires a path`, + }), ) }) }) diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/zz_generated.resource.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/zz_generated.resource.go index 7db36c596681..99c0f7cd2c79 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/zz_generated.resource.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/zz_generated.resource.go @@ -27,38 +27,38 @@ func NewMeshAccessLogResource() *MeshAccessLogResource { } } -func (t *MeshAccessLogResource) GetMeta() model.ResourceMeta { - return t.Meta +func (r *MeshAccessLogResource) GetMeta() model.ResourceMeta { + return r.Meta } -func (t *MeshAccessLogResource) SetMeta(m model.ResourceMeta) { - t.Meta = m +func (r *MeshAccessLogResource) SetMeta(m model.ResourceMeta) { + r.Meta = m } -func (t *MeshAccessLogResource) GetSpec() model.ResourceSpec { - return t.Spec +func (r *MeshAccessLogResource) GetSpec() model.ResourceSpec { + return r.Spec } -func (t *MeshAccessLogResource) SetSpec(spec model.ResourceSpec) error { +func (r *MeshAccessLogResource) SetSpec(spec model.ResourceSpec) error { protoType, ok := spec.(*MeshAccessLog) if !ok { return fmt.Errorf("invalid type %T for Spec", spec) } else { if protoType == nil { - t.Spec = &MeshAccessLog{} + r.Spec = &MeshAccessLog{} } else { - t.Spec = protoType + r.Spec = protoType } return nil } } -func (t *MeshAccessLogResource) Descriptor() model.ResourceTypeDescriptor { +func (r *MeshAccessLogResource) Descriptor() model.ResourceTypeDescriptor { return MeshAccessLogResourceTypeDescriptor } -func (t *MeshAccessLogResource) Validate() error { - if v, ok := interface{}(t).(interface{ validate() error }); !ok { +func (r *MeshAccessLogResource) Validate() error { + if v, ok := interface{}(r).(interface{ validate() error }); !ok { return nil } else { return v.validate() From a5d9cfb546dcd579670b6faea2a09be72ea43dae Mon Sep 17 00:00:00 2001 From: slonka Date: Tue, 13 Sep 2022 11:43:11 +0200 Subject: [PATCH 06/27] feat(kumacp): more validations Signed-off-by: slonka --- .../meshaccesslog/api/v1alpha1/validator.go | 1 - .../api/v1alpha1/validator_test.go | 44 +++++++++++++++++++ 2 files changed, 44 insertions(+), 1 deletion(-) diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go index 3bcbb54278b2..b63a527d4fa9 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go @@ -16,7 +16,6 @@ func (r *MeshAccessLogResource) validate() error { r.validateIncompatibleCombinations(spec, &verr) r.validateToOrFromDefined(spec, &verr) - return verr.OrNil() } diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go index fdf79a008d6e..cac0aefdaa38 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go @@ -122,6 +122,50 @@ violations: - field: spec.from[0].default.backend[0].file.path message: file backend requires a path`, }), + Entry("empty 'key'", testCase{ + inputYaml: ` +targetRef: + kind: MeshService + name: web-frontend +from: + - targetRef: + kind: Mesh + name: default + default: + backends: + - file: + path: '/tmp/logs.txt' + format: + json: + - value: "%START_TIME%" +`, + expected: ` +violations: + - field: spec.from[0].default.backend[0].json[0].key + message: key cannot be empty`, + }), + Entry("empty 'value'", testCase{ + inputYaml: ` +targetRef: + kind: MeshService + name: web-frontend +from: + - targetRef: + kind: Mesh + name: default + default: + backends: + - file: + path: '/tmp/logs.txt' + format: + json: + - key: "start_time" +`, + expected: ` +violations: + - field: spec.from[0].default.backend[0].json[0].value + message: value cannot be empty`, + }), ) }) }) From af672ba49a739ebc33900cde23de83078e8c3467 Mon Sep 17 00:00:00 2001 From: slonka Date: Tue, 13 Sep 2022 11:53:17 +0200 Subject: [PATCH 07/27] feat(kumacp): more validations - tcp and reference Signed-off-by: slonka --- .../api/v1alpha1/validator_test.go | 77 +++++++++++++++++++ 1 file changed, 77 insertions(+) diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go index cac0aefdaa38..1622646ada24 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go @@ -166,6 +166,83 @@ violations: - field: spec.from[0].default.backend[0].json[0].value message: value cannot be empty`, }), + Entry("both 'plain' and 'json' defined", testCase{ + inputYaml: ` +targetRef: + kind: MeshService + name: web-frontend +from: + - targetRef: + kind: Mesh + name: default + default: + backends: + - tcp: + address: 127.0.0.1:5000 + format: + plain: '{"start_time": "%START_TIME%"}' + json: + - key: "start_time" + value: "%START_TIME%" +`, + expected: ` +violations: +- field: spec.from[0].default.backend[0] + message: 'format can only have one type defined: plain, json'`, + }), + Entry("both 'tcp' and 'reference' defined", testCase{ + inputYaml: ` +targetRef: + kind: MeshService + name: web-frontend +from: + - targetRef: + kind: Mesh + name: default + default: + backends: + - tcp: + address: 127.0.0.1:5000 + format: + json: + - key: "start_time" + value: "%START_TIME%" + reference: + kind: MeshAccessLogBackend + name: file-backend +`, + expected: ` +violations: +- field: spec.from[0].default.backend[0] + message: 'backend can have only one type type defined: tcp, file, reference'`, + }), + + Entry("both 'tcp' and 'reference' defined", testCase{ + inputYaml: ` +targetRef: + kind: MeshService + name: web-frontend +from: + - targetRef: + kind: Mesh + name: default + default: + backends: + - tcp: + address: 127.0.0.1:5000 + format: + json: + - key: "start_time" + value: "%START_TIME%" + reference: + kind: MeshAccessLogBackend + name: file-backend +`, + expected: ` +violations: +- field: spec.from[0].default.backend[0] + message: 'backend can have only one type type defined: tcp, file, reference'`, + }), ) }) }) From 6e738fc6e6afefe3acdd6a0818ab79f318d0eb64 Mon Sep 17 00:00:00 2001 From: slonka Date: Tue, 13 Sep 2022 11:55:14 +0200 Subject: [PATCH 08/27] feat(kumacp): more validations - to and mesh gateway route Signed-off-by: slonka --- .../meshaccesslog/api/v1alpha1/validator.go | 4 ++-- .../api/v1alpha1/validator_test.go | 20 +++++++------------ 2 files changed, 9 insertions(+), 15 deletions(-) diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go index b63a527d4fa9..45ec6a37eb9a 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go @@ -75,10 +75,10 @@ func (r *MeshAccessLogResource) validateIncompatibleCombinations(spec validators to := spec.Field("to") targetRef := r.Spec.GetTargetRef().GetKindEnum() if targetRef == common_proto.TargetRef_MeshGatewayRoute && len(r.Spec.GetTo()) > 0 { - verr.AddViolationAt(to.Index(0), `cannot use "to" when "targetRef" is "MeshGatewayRoute" - there is no outbound`) + verr.AddViolationAt(to, `cannot use "to" when "targetRef" is "MeshGatewayRoute" - there is no outbound`) } if targetRef == common_proto.TargetRef_MeshHTTPRoute && len(r.Spec.GetTo()) > 0 { - verr.AddViolationAt(to.Index(0), `cannot use "to" when "targetRef" is "MeshHTTPRoute" - "to" always goes to the application`) + verr.AddViolationAt(to, `cannot use "to" when "targetRef" is "MeshHTTPRoute" - "to" always goes to the application`) } } diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go index 1622646ada24..9fd7f2b7ebf5 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go @@ -217,31 +217,25 @@ violations: message: 'backend can have only one type type defined: tcp, file, reference'`, }), - Entry("both 'tcp' and 'reference' defined", testCase{ + Entry("'to' defined in MeshGatewayRoute", testCase{ inputYaml: ` targetRef: - kind: MeshService - name: web-frontend -from: + kind: MeshGatewayRoute + name: some-mesh-gateway-route +to: - targetRef: kind: Mesh name: default default: backends: - - tcp: - address: 127.0.0.1:5000 - format: - json: - - key: "start_time" - value: "%START_TIME%" - reference: + - reference: kind: MeshAccessLogBackend name: file-backend `, expected: ` violations: -- field: spec.from[0].default.backend[0] - message: 'backend can have only one type type defined: tcp, file, reference'`, +- field: spec.to + message: 'cannot use "to" when "targetRef" is "MeshGatewayRoute" - there is no outbound'`, }), ) }) From b49d532b3141f2ab70658d8efdcb2ef33aadc9e8 Mon Sep 17 00:00:00 2001 From: slonka Date: Tue, 13 Sep 2022 11:58:44 +0200 Subject: [PATCH 09/27] feat(kumacp): more validations - default must be defined Signed-off-by: slonka --- .../meshaccesslog/api/v1alpha1/validator.go | 4 +- .../api/v1alpha1/validator_test.go | 50 +++++++++++++++++++ 2 files changed, 52 insertions(+), 2 deletions(-) diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go index 45ec6a37eb9a..01d208deb420 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go @@ -94,7 +94,7 @@ func (r *MeshAccessLogResource) validateTo(spec validators.PathBuilder, verr *va verr.AddError("", targetRefErr) if toItem.GetDefault() == nil { - verr.AddViolationAt(to.Index(idx).Field("default"), "cannot be nil") + verr.AddViolationAt(to.Index(idx).Field("default"), "must be defined") } toIndexed := to.Index(idx) @@ -116,7 +116,7 @@ func (r *MeshAccessLogResource) validateFrom(spec validators.PathBuilder, verr * verr.AddError("", targetRefErr) if fromItem.GetDefault() == nil { - verr.AddViolationAt(from.Index(idx).Field("default"), "cannot be nil") + verr.AddViolationAt(from.Index(idx).Field("default"), "must be defined") } toIndexed := from.Index(idx) diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go index 9fd7f2b7ebf5..c511716c06b6 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go @@ -237,6 +237,56 @@ violations: - field: spec.to message: 'cannot use "to" when "targetRef" is "MeshGatewayRoute" - there is no outbound'`, }), + Entry("'to' defined in MeshHTTPRoute", testCase{ + inputYaml: ` +targetRef: + kind: MeshHTTPRoute + name: some-mesh-http-route +to: + - targetRef: + kind: Mesh + name: default + default: + backends: + - reference: + kind: MeshAccessLogBackend + name: file-backend +`, + expected: ` +violations: +- field: spec.to + message: 'cannot use "to" when "targetRef" is "MeshHTTPRoute" - "to" always goes to the application'`, + }), + Entry("'default' not defined in to", testCase{ + inputYaml: ` +targetRef: + kind: Mesh + name: default +to: + - targetRef: + kind: Mesh + name: default +`, + expected: ` +violations: +- field: spec.to[0].default + message: 'must be defined'`, + }), + Entry("'default' not defined in from", testCase{ + inputYaml: ` +targetRef: + kind: Mesh + name: default +from: + - targetRef: + kind: Mesh + name: default +`, + expected: ` +violations: +- field: spec.from[0].default + message: 'must be defined'`, + }), ) }) }) From 6d986d1463b3cce57f3327bd7b89152674cb95db Mon Sep 17 00:00:00 2001 From: slonka Date: Tue, 13 Sep 2022 12:01:31 +0200 Subject: [PATCH 10/27] feat(kumacp): update madr Signed-off-by: slonka --- docs/madr/decisions/008-mesh-logging.md | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/docs/madr/decisions/008-mesh-logging.md b/docs/madr/decisions/008-mesh-logging.md index 94c2a0940421..4e37f9daf4d0 100644 --- a/docs/madr/decisions/008-mesh-logging.md +++ b/docs/madr/decisions/008-mesh-logging.md @@ -205,16 +205,14 @@ spec: default: backends: - tcp: - conf: - format: - json: - - key: "start_time" - value: "%START_TIME%" - address: 127.0.0.1:5000 + format: + json: + - key: "start_time" + value: "%START_TIME%" + address: 127.0.0.1:5000 - reference: - conf: - kind: MeshAccessLogBackend - name: file-backend + kind: MeshAccessLogBackend + name: file-backend ``` ##### Positive Consequences From bc3f09af551781e330457c0a5ea3b73778d5596f Mon Sep 17 00:00:00 2001 From: slonka Date: Tue, 13 Sep 2022 12:04:43 +0200 Subject: [PATCH 11/27] feat(kumacp): make check pass Signed-off-by: slonka --- docs/generated/cmd/kumactl/kumactl_get.md | 2 ++ docs/generated/cmd/kumactl/kumactl_inspect.md | 1 + .../api/v1alpha1/meshaccesslog.pb.go | 18 +++++++++----- .../api/v1alpha1/meshaccesslog.proto | 24 +++++++++++-------- .../api/v1alpha1/validator_test.go | 4 ++-- .../api/v1alpha1/zz_generated.resource.go | 24 +++++++++---------- 6 files changed, 43 insertions(+), 30 deletions(-) diff --git a/docs/generated/cmd/kumactl/kumactl_get.md b/docs/generated/cmd/kumactl/kumactl_get.md index 63dad08a3f27..981008f044ea 100644 --- a/docs/generated/cmd/kumactl/kumactl_get.md +++ b/docs/generated/cmd/kumactl/kumactl_get.md @@ -38,6 +38,8 @@ Show Kuma resources. * [kumactl get healthcheck](kumactl_get_healthcheck.md) - Show a single HealthCheck resource * [kumactl get healthchecks](kumactl_get_healthchecks.md) - Show HealthCheck * [kumactl get mesh](kumactl_get_mesh.md) - Show a single Mesh resource +* [kumactl get meshaccesslog](kumactl_get_meshaccesslog.md) - Show a single MeshAccessLog resource +* [kumactl get meshaccesslogs](kumactl_get_meshaccesslogs.md) - Show MeshAccessLog * [kumactl get meshes](kumactl_get_meshes.md) - Show Mesh * [kumactl get meshgateway](kumactl_get_meshgateway.md) - Show a single MeshGateway resource * [kumactl get meshgatewayroute](kumactl_get_meshgatewayroute.md) - Show a single MeshGatewayRoute resource diff --git a/docs/generated/cmd/kumactl/kumactl_inspect.md b/docs/generated/cmd/kumactl/kumactl_inspect.md index 0f1ae9dc49ee..4ce40aadc6fd 100644 --- a/docs/generated/cmd/kumactl/kumactl_inspect.md +++ b/docs/generated/cmd/kumactl/kumactl_inspect.md @@ -30,6 +30,7 @@ Inspect Kuma resources. * [kumactl inspect dataplanes](kumactl_inspect_dataplanes.md) - Inspect Dataplanes * [kumactl inspect fault-injection](kumactl_inspect_fault-injection.md) - Inspect FaultInjection * [kumactl inspect healthcheck](kumactl_inspect_healthcheck.md) - Inspect HealthCheck +* [kumactl inspect meshaccesslog](kumactl_inspect_meshaccesslog.md) - Inspect MeshAccessLog * [kumactl inspect meshes](kumactl_inspect_meshes.md) - Inspect Meshes * [kumactl inspect meshgateway](kumactl_inspect_meshgateway.md) - Inspect MeshGateway * [kumactl inspect meshtrafficpermission](kumactl_inspect_meshtrafficpermission.md) - Inspect MeshTrafficPermission diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go index efe45209b882..768b2e2c1abb 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go @@ -152,7 +152,8 @@ type MeshAccessLog_TCPAccessLogBackend struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + // Format of access logs. Placeholders available on + // https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log Format *MeshAccessLog_Format `protobuf:"bytes,1,opt,name=format,proto3" json:"format,omitempty"` // Type of the backend (Kuma ships with 'tcp' and 'file') Address string `protobuf:"bytes,2,opt,name=address,proto3" json:"address,omitempty"` @@ -210,7 +211,8 @@ type MeshAccessLog_FileAccessLogBackend struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + // Format of access logs. Placeholders available on + // https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log Format *MeshAccessLog_Format `protobuf:"bytes,1,opt,name=format,proto3" json:"format,omitempty"` // Path to a file that logs will be written to Path string `protobuf:"bytes,2,opt,name=path,proto3" json:"path,omitempty"` @@ -432,9 +434,11 @@ type MeshAccessLog_From struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // TargetRef is a reference to the resource that represents a group of clients. + // TargetRef is a reference to the resource that represents a group of + // clients. TargetRef *v1alpha1.TargetRef `protobuf:"bytes,1,opt,name=targetRef,proto3" json:"targetRef,omitempty"` - // Default is a configuration specific to the group of clients referenced in 'targetRef' + // Default is a configuration specific to the group of clients referenced in + // 'targetRef' Default *MeshAccessLog_Conf `protobuf:"bytes,2,opt,name=default,proto3" json:"default,omitempty"` } @@ -489,9 +493,11 @@ type MeshAccessLog_To struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // TargetRef is a reference to the resource that represents a group of clients. + // TargetRef is a reference to the resource that represents a group of + // clients. TargetRef *v1alpha1.TargetRef `protobuf:"bytes,1,opt,name=targetRef,proto3" json:"targetRef,omitempty"` - // Default is a configuration specific to the group of clients referenced in 'targetRef' + // Default is a configuration specific to the group of clients referenced in + // 'targetRef' Default *MeshAccessLog_Conf `protobuf:"bytes,2,opt,name=default,proto3" json:"default,omitempty"` } diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto index 3ceef3ee5fec..58f5e0aa1a2c 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto @@ -38,7 +38,8 @@ message MeshAccessLog { // Backend defines logging backend. message TCPAccessLogBackend { - // Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + // Format of access logs. Placeholders available on + // https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log Format format = 1 [ (doc.required) = true ]; // Type of the backend (Kuma ships with 'tcp' and 'file') @@ -47,7 +48,8 @@ message MeshAccessLog { // FileBackend defines configuration for file based access logs message FileAccessLogBackend { - // Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + // Format of access logs. Placeholders available on + // https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log Format format = 1 [ (doc.required) = true ]; // Path to a file that logs will be written to @@ -65,15 +67,15 @@ message MeshAccessLog { ReferenceAccessLogBackend reference = 3; } - message Conf { - repeated Backend backends = 1 [ (doc.required) = true ]; - } + message Conf { repeated Backend backends = 1 [ (doc.required) = true ]; } message From { - // TargetRef is a reference to the resource that represents a group of clients. - kuma.common.v1alpha1.TargetRef targetRef = 1 [ (doc.required) = true ]; + // TargetRef is a reference to the resource that represents a group of + // clients. + kuma.common.v1alpha1.TargetRef targetRef = 1 [ (doc.required) = true ]; - // Default is a configuration specific to the group of clients referenced in 'targetRef' + // Default is a configuration specific to the group of clients referenced in + // 'targetRef' Conf default = 2 [ (doc.required) = true ]; } @@ -81,10 +83,12 @@ message MeshAccessLog { repeated From from = 3; message To { - // TargetRef is a reference to the resource that represents a group of clients. + // TargetRef is a reference to the resource that represents a group of + // clients. kuma.common.v1alpha1.TargetRef targetRef = 1 [ (doc.required) = true ]; - // Default is a configuration specific to the group of clients referenced in 'targetRef' + // Default is a configuration specific to the group of clients referenced in + // 'targetRef' Conf default = 2 [ (doc.required) = true ]; } diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go index c511716c06b6..253d8ae8dd8f 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go @@ -25,7 +25,7 @@ var _ = Describe("MeshAccessLog", func() { // then Expect(verr).To(BeNil()) }, - Entry("mesh from/to example", ` + Entry("mesh from/to example", ` targetRef: kind: MeshService name: web-frontend @@ -68,7 +68,7 @@ from: - file: path: '/tmp/logs.txt' `), - ) + ) type testCase struct { inputYaml string diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/zz_generated.resource.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/zz_generated.resource.go index 99c0f7cd2c79..7db36c596681 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/zz_generated.resource.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/zz_generated.resource.go @@ -27,38 +27,38 @@ func NewMeshAccessLogResource() *MeshAccessLogResource { } } -func (r *MeshAccessLogResource) GetMeta() model.ResourceMeta { - return r.Meta +func (t *MeshAccessLogResource) GetMeta() model.ResourceMeta { + return t.Meta } -func (r *MeshAccessLogResource) SetMeta(m model.ResourceMeta) { - r.Meta = m +func (t *MeshAccessLogResource) SetMeta(m model.ResourceMeta) { + t.Meta = m } -func (r *MeshAccessLogResource) GetSpec() model.ResourceSpec { - return r.Spec +func (t *MeshAccessLogResource) GetSpec() model.ResourceSpec { + return t.Spec } -func (r *MeshAccessLogResource) SetSpec(spec model.ResourceSpec) error { +func (t *MeshAccessLogResource) SetSpec(spec model.ResourceSpec) error { protoType, ok := spec.(*MeshAccessLog) if !ok { return fmt.Errorf("invalid type %T for Spec", spec) } else { if protoType == nil { - r.Spec = &MeshAccessLog{} + t.Spec = &MeshAccessLog{} } else { - r.Spec = protoType + t.Spec = protoType } return nil } } -func (r *MeshAccessLogResource) Descriptor() model.ResourceTypeDescriptor { +func (t *MeshAccessLogResource) Descriptor() model.ResourceTypeDescriptor { return MeshAccessLogResourceTypeDescriptor } -func (r *MeshAccessLogResource) Validate() error { - if v, ok := interface{}(r).(interface{ validate() error }); !ok { +func (t *MeshAccessLogResource) Validate() error { + if v, ok := interface{}(t).(interface{ validate() error }); !ok { return nil } else { return v.validate() From 8f4794899f91604a4f34d0813a8a4a7f5518f8ac Mon Sep 17 00:00:00 2001 From: slonka Date: Tue, 13 Sep 2022 12:04:59 +0200 Subject: [PATCH 12/27] feat(kumacp): make check pass Signed-off-by: slonka --- .../cmd/kumactl/kumactl_get_meshaccesslog.md | 33 +++++++++++++++++ .../cmd/kumactl/kumactl_get_meshaccesslogs.md | 35 +++++++++++++++++++ .../kumactl/kumactl_inspect_meshaccesslog.md | 32 +++++++++++++++++ 3 files changed, 100 insertions(+) create mode 100644 docs/generated/cmd/kumactl/kumactl_get_meshaccesslog.md create mode 100644 docs/generated/cmd/kumactl/kumactl_get_meshaccesslogs.md create mode 100644 docs/generated/cmd/kumactl/kumactl_inspect_meshaccesslog.md diff --git a/docs/generated/cmd/kumactl/kumactl_get_meshaccesslog.md b/docs/generated/cmd/kumactl/kumactl_get_meshaccesslog.md new file mode 100644 index 000000000000..1caa992ebc5c --- /dev/null +++ b/docs/generated/cmd/kumactl/kumactl_get_meshaccesslog.md @@ -0,0 +1,33 @@ +## kumactl get meshaccesslog + +Show a single MeshAccessLog resource + +### Synopsis + +Show a single MeshAccessLog resource. + +``` +kumactl get meshaccesslog NAME [flags] +``` + +### Options + +``` + -h, --help help for meshaccesslog + -m, --mesh string mesh to use (default "default") +``` + +### Options inherited from parent commands + +``` + --api-timeout duration the timeout for api calls. It includes connection time, any redirects, and reading the response body. A timeout of zero means no timeout (default 1m0s) + --config-file string path to the configuration file to use + --log-level string log level: one of off|info|debug (default "off") + --no-config if set no config file and config directory will be created + -o, --output string output format: one of table|yaml|json (default "table") +``` + +### SEE ALSO + +* [kumactl get](kumactl_get.md) - Show Kuma resources + diff --git a/docs/generated/cmd/kumactl/kumactl_get_meshaccesslogs.md b/docs/generated/cmd/kumactl/kumactl_get_meshaccesslogs.md new file mode 100644 index 000000000000..dcf2734a021f --- /dev/null +++ b/docs/generated/cmd/kumactl/kumactl_get_meshaccesslogs.md @@ -0,0 +1,35 @@ +## kumactl get meshaccesslogs + +Show MeshAccessLog + +### Synopsis + +Show MeshAccessLog entities. + +``` +kumactl get meshaccesslogs [flags] +``` + +### Options + +``` + -h, --help help for meshaccesslogs + -m, --mesh string mesh to use (default "default") + --offset string the offset that indicates starting element of the resources list to retrieve + --size int maximum number of elements to return +``` + +### Options inherited from parent commands + +``` + --api-timeout duration the timeout for api calls. It includes connection time, any redirects, and reading the response body. A timeout of zero means no timeout (default 1m0s) + --config-file string path to the configuration file to use + --log-level string log level: one of off|info|debug (default "off") + --no-config if set no config file and config directory will be created + -o, --output string output format: one of table|yaml|json (default "table") +``` + +### SEE ALSO + +* [kumactl get](kumactl_get.md) - Show Kuma resources + diff --git a/docs/generated/cmd/kumactl/kumactl_inspect_meshaccesslog.md b/docs/generated/cmd/kumactl/kumactl_inspect_meshaccesslog.md new file mode 100644 index 000000000000..325702c760fa --- /dev/null +++ b/docs/generated/cmd/kumactl/kumactl_inspect_meshaccesslog.md @@ -0,0 +1,32 @@ +## kumactl inspect meshaccesslog + +Inspect MeshAccessLog + +### Synopsis + +Inspect MeshAccessLog. + +``` +kumactl inspect meshaccesslog NAME [flags] +``` + +### Options + +``` + -h, --help help for meshaccesslog +``` + +### Options inherited from parent commands + +``` + --api-timeout duration the timeout for api calls. It includes connection time, any redirects, and reading the response body. A timeout of zero means no timeout (default 1m0s) + --config-file string path to the configuration file to use + --log-level string log level: one of off|info|debug (default "off") + --no-config if set no config file and config directory will be created + -o, --output string output format: one of table|yaml|json (default "table") +``` + +### SEE ALSO + +* [kumactl inspect](kumactl_inspect.md) - Inspect Kuma resources + From d10ea43dcd3fef43a0cff25388774fd6ae1f5104 Mon Sep 17 00:00:00 2001 From: slonka Date: Tue, 13 Sep 2022 12:19:49 +0200 Subject: [PATCH 13/27] feat(kumacp): make policies stable Signed-off-by: slonka --- mk/generate.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mk/generate.mk b/mk/generate.mk index 0a92a7f3367e..4d5c6f920e23 100644 --- a/mk/generate.mk +++ b/mk/generate.mk @@ -33,7 +33,7 @@ protoc/plugins: POLICIES_DIR := pkg/plugins/policies -policies = $(foreach dir,$(shell find pkg/plugins/policies -maxdepth 1 -mindepth 1 -type d | grep -v core | grep -v matchers),$(notdir $(dir))) +policies = $(foreach dir,$(shell find pkg/plugins/policies -maxdepth 1 -mindepth 1 -type d | grep -v core | grep -v matchers | sort),$(notdir $(dir))) generate_policy_targets = $(addprefix generate/policy/,$(policies)) cleanup_policy_targets = $(addprefix cleanup/policy/,$(policies)) From 14f0759e445165725b86b3346c47579e3e40b4e0 Mon Sep 17 00:00:00 2001 From: slonka Date: Tue, 13 Sep 2022 12:21:08 +0200 Subject: [PATCH 14/27] feat(kumacp): make check pass Signed-off-by: slonka --- deployments/charts/kuma/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/charts/kuma/values.yaml b/deployments/charts/kuma/values.yaml index 2ee8052c9d2b..52a816a050a5 100644 --- a/deployments/charts/kuma/values.yaml +++ b/deployments/charts/kuma/values.yaml @@ -690,5 +690,5 @@ experimental: # @ignored for helm-docs plugins: policies: - - meshtrafficpermissions - meshaccesslogs + - meshtrafficpermissions From d5a86ab5c23cd4bdf5b4495c552883f674a00d6b Mon Sep 17 00:00:00 2001 From: slonka Date: Tue, 13 Sep 2022 13:15:24 +0200 Subject: [PATCH 15/27] feat(kumacp): update golden files Signed-off-by: slonka --- .../cmd/completion/testdata/bash.golden | 103 +++ ...tall-control-plane.cni-enabled.golden.yaml | 402 +++++++-- ...plane.cni-experimental-enabled.golden.yaml | 402 +++++++-- ...install-control-plane.defaults.golden.yaml | 402 +++++++-- .../install-control-plane.dump-values.yaml | 1 + .../install-control-plane.global.golden.yaml | 402 +++++++-- ...ontrol-plane.override-env-vars.golden.yaml | 402 +++++++-- ...nstall-control-plane.overrides.golden.yaml | 844 ++++++++++++------ ...install-control-plane.registry.golden.yaml | 402 +++++++-- ...roxy-ebpf-experimental-enabled.golden.yaml | 402 +++++++-- ...tall-control-plane.with-egress.golden.yaml | 402 +++++++-- .../install-control-plane.with-helm-set.yaml | 402 +++++++-- ...nstall-control-plane.with-helm-values.yaml | 402 +++++++-- ...all-control-plane.with-ingress.golden.yaml | 402 +++++++-- .../install-control-plane.zone.golden.yaml | 402 +++++++-- .../install-cp-helm/empty.golden.yaml | 402 +++++++-- .../install-cp-helm/fix4485.golden.yaml | 402 +++++++-- .../install-cp-helm/fix4496.golden.yaml | 402 +++++++-- .../install-cp-helm/fix4935.golden.yaml | 402 +++++++-- .../testdata/install-crds.all.golden.yaml | 274 ++++++ ...l-crds.experimental-gatewayapi.golden.yaml | 274 ++++++ 21 files changed, 6653 insertions(+), 1275 deletions(-) diff --git a/app/kumactl/cmd/completion/testdata/bash.golden b/app/kumactl/cmd/completion/testdata/bash.golden index 62644144858d..cc1da274d3e5 100644 --- a/app/kumactl/cmd/completion/testdata/bash.golden +++ b/app/kumactl/cmd/completion/testdata/bash.golden @@ -1515,6 +1515,76 @@ _kumactl_get_mesh() noun_aliases=() } +_kumactl_get_meshaccesslog() +{ + last_command="kumactl_get_meshaccesslog" + + command_aliases=() + + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--mesh=") + two_word_flags+=("--mesh") + two_word_flags+=("-m") + flags+=("--api-timeout=") + two_word_flags+=("--api-timeout") + flags+=("--config-file=") + two_word_flags+=("--config-file") + flags+=("--log-level=") + two_word_flags+=("--log-level") + flags+=("--no-config") + flags+=("--output=") + two_word_flags+=("--output") + two_word_flags+=("-o") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + +_kumactl_get_meshaccesslogs() +{ + last_command="kumactl_get_meshaccesslogs" + + command_aliases=() + + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--mesh=") + two_word_flags+=("--mesh") + two_word_flags+=("-m") + flags+=("--offset=") + two_word_flags+=("--offset") + flags+=("--size=") + two_word_flags+=("--size") + flags+=("--api-timeout=") + two_word_flags+=("--api-timeout") + flags+=("--config-file=") + two_word_flags+=("--config-file") + flags+=("--log-level=") + two_word_flags+=("--log-level") + flags+=("--no-config") + flags+=("--output=") + two_word_flags+=("--output") + two_word_flags+=("-o") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + _kumactl_get_meshes() { last_command="kumactl_get_meshes" @@ -2692,6 +2762,8 @@ _kumactl_get() commands+=("healthcheck") commands+=("healthchecks") commands+=("mesh") + commands+=("meshaccesslog") + commands+=("meshaccesslogs") commands+=("meshes") commands+=("meshgateway") commands+=("meshgatewayroute") @@ -2938,6 +3010,36 @@ _kumactl_inspect_healthcheck() noun_aliases=() } +_kumactl_inspect_meshaccesslog() +{ + last_command="kumactl_inspect_meshaccesslog" + + command_aliases=() + + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--api-timeout=") + two_word_flags+=("--api-timeout") + flags+=("--config-file=") + two_word_flags+=("--config-file") + flags+=("--log-level=") + two_word_flags+=("--log-level") + flags+=("--no-config") + flags+=("--output=") + two_word_flags+=("--output") + two_word_flags+=("-o") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + _kumactl_inspect_meshes() { last_command="kumactl_inspect_meshes" @@ -3467,6 +3569,7 @@ _kumactl_inspect() commands+=("dataplanes") commands+=("fault-injection") commands+=("healthcheck") + commands+=("meshaccesslog") commands+=("meshes") commands+=("meshgateway") commands+=("meshtrafficpermission") diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml index a717251af955..1317b0404fe0 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml @@ -223,6 +223,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -714,17 +759,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -746,8 +791,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -759,17 +804,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -791,8 +836,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1386,6 +1431,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1688,51 +2007,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1873,6 +2147,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2166,7 +2441,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2324,6 +2599,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2358,6 +2634,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2474,6 +2751,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.cni-experimental-enabled.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.cni-experimental-enabled.golden.yaml index 1d195e86b1f1..8a00141ac480 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.cni-experimental-enabled.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.cni-experimental-enabled.golden.yaml @@ -223,6 +223,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -714,17 +759,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -746,8 +791,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -759,17 +804,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -791,8 +836,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1386,6 +1431,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1688,51 +2007,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1873,6 +2147,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2184,7 +2459,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2346,6 +2621,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2380,6 +2656,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2496,6 +2773,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml index d9bdff5ed4c1..967999db2cec 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml @@ -189,6 +189,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -680,17 +725,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -712,8 +757,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -725,17 +770,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +802,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1352,6 +1397,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1654,51 +1973,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1818,6 +2092,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -1988,7 +2263,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2146,6 +2421,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2180,6 +2456,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2296,6 +2573,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.dump-values.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.dump-values.yaml index 5d66c197c5e3..52a816a050a5 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.dump-values.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.dump-values.yaml @@ -690,4 +690,5 @@ experimental: # @ignored for helm-docs plugins: policies: + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml index fb7f46402b5c..70f35c3cf48e 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml @@ -189,6 +189,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -680,17 +725,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -712,8 +757,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -725,17 +770,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +802,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1352,6 +1397,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1654,51 +1973,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1818,6 +2092,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2005,7 +2280,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: fd5cb26395594662e1f976f50c10bee12480e1d1f27ab49903572bdc3bb43e7c + checksum/tls-secrets: 46432bff5dd0d9a42953e264b91e153419fe69950e8118d53e644d090274e074 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2162,6 +2437,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2196,6 +2472,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2249,6 +2526,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml index 2abcc595764b..7b683db32edc 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml @@ -189,6 +189,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -680,17 +725,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -712,8 +757,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -725,17 +770,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +802,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1352,6 +1397,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1654,51 +1973,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1818,6 +2092,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -1988,7 +2263,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2146,6 +2421,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2180,6 +2456,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2296,6 +2573,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml index fb4d35b8543c..d4d3826331d9 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml @@ -189,6 +189,265 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayinstances.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayInstance + listKind: MeshGatewayInstanceList + plural: meshgatewayinstances + singular: meshgatewayinstance + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: MeshGatewayInstance represents a managed instance of a dataplane + proxy for a Kuma Gateway. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MeshGatewayInstanceSpec specifies the options available for + a GatewayDataplane. + properties: + replicas: + default: 1 + description: Replicas is the number of dataplane proxy replicas to + create. For now this is a fixed number, but in the future it could + be automatically scaled based on metrics. + format: int32 + minimum: 1 + type: integer + resources: + description: Resources specifies the compute resources for the proxy + container. The default can be set in the control plane config. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + serviceTemplate: + description: ServiceTemplate configures the Service owned by this + config. + properties: + metadata: + description: Metadata holds metadata configuration for a Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations holds annotations to be set on a + Service. + type: object + type: object + spec: + description: Spec holds some customizable fields of a Service. + properties: + loadBalancerIP: + description: LoadBalancerIP corresponds to ServiceSpec.LoadBalancerIP. + type: string + type: object + type: object + serviceType: + default: LoadBalancer + description: ServiceType specifies the type of managed Service that + will be created to expose the dataplane proxies to traffic from + outside the cluster. The ports to expose will be taken from the + matching Gateway resource. If there is no matching Gateway, the + managed Service will be deleted. + enum: + - LoadBalancer + - ClusterIP + - NodePort + type: string + tags: + additionalProperties: + type: string + description: Tags specifies the Kuma tags that are propagated to the + managed dataplane proxies. These tags should include exactly one + `kuma.io/service` tag, and should match exactly one Gateway resource. + type: object + type: object + status: + description: MeshGatewayInstanceStatus holds information about the status + of the gateway instance. + properties: + conditions: + description: Conditions is an array of gateway instance conditions. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer, + if one is present. + properties: + ingress: + description: Ingress is a list containing ingress points for the + load-balancer. Traffic intended for the service should be sent + to these ingress points. + items: + description: 'LoadBalancerIngress represents the status of a + load-balancer ingress point: traffic intended for the service + should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer ingress points + that are DNS based (typically AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress points + that are IP based (typically GCE or OpenStack load-balancers) + type: string + ports: + description: Ports is a list of records of service ports + If used, every port defined in the service should have + an entry in it + items: + properties: + error: + description: 'Error is to record the problem with + the service port The format of the error shall comply + with the following rules: - built-in error values + shall be specified in this file and those shall + use CamelCase names - cloud provider specific error + values must have names that comply with the format + foo.example.com/CamelCase. --- The regex it matches + is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service + port of which status is recorded here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of the service + port of which status is recorded here The supported + values are: "TCP", "UDP", "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -680,17 +939,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficlogs.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficLog - listKind: TrafficLogList - plural: trafficlogs - singular: trafficlog - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -712,8 +971,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficLog resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -725,17 +984,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficlogs.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficLog + listKind: TrafficLogList + plural: trafficlogs + singular: trafficlog + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +1016,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficLog resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1176,17 +1435,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: zones.kuma.io + name: dataplanes.kuma.io spec: group: kuma.io names: categories: - kuma - kind: Zone - listKind: ZoneList - plural: zones - singular: zone - scope: Cluster + kind: Dataplane + listKind: DataplaneList + plural: dataplanes + singular: dataplane + scope: Namespaced versions: - name: v1alpha1 schema: @@ -1209,7 +1468,7 @@ spec: metadata: type: object spec: - description: Spec is the specification of the Kuma Zone resource. + description: Spec is the specification of the Kuma Dataplane resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1221,17 +1480,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplanes.kuma.io + name: zones.kuma.io spec: group: kuma.io names: categories: - kuma - kind: Dataplane - listKind: DataplaneList - plural: dataplanes - singular: dataplane - scope: Namespaced + kind: Zone + listKind: ZoneList + plural: zones + singular: zone + scope: Cluster versions: - name: v1alpha1 schema: @@ -1254,7 +1513,7 @@ spec: metadata: type: object spec: - description: Spec is the specification of the Kuma Dataplane resource. + description: Spec is the specification of the Kuma Zone resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1401,17 +1660,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: meshes.kuma.io + name: meshaccesslogs.kuma.io spec: group: kuma.io names: categories: - kuma - kind: Mesh - listKind: MeshList - plural: meshes - singular: mesh - scope: Cluster + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced versions: - name: v1alpha1 schema: @@ -1427,15 +1686,244 @@ spec: object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string metadata: type: object spec: - description: Spec is the specification of the Kuma Mesh resource. - x-kubernetes-preserve-unknown-fields: true + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object type: object served: true storage: true @@ -1446,23 +1934,21 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: meshgatewayconfigs.kuma.io + name: meshes.kuma.io spec: group: kuma.io names: categories: - kuma - kind: MeshGatewayConfig - listKind: MeshGatewayConfigList - plural: meshgatewayconfigs - singular: meshgatewayconfig + kind: Mesh + listKind: MeshList + plural: meshes + singular: mesh scope: Cluster versions: - name: v1alpha1 schema: openAPIV3Schema: - description: MeshGatewayConfig holds the configuration of a MeshGateway. A - GatewayClass can refer to a MeshGatewayConfig via parametersRef. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -1474,99 +1960,18 @@ spec: object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string metadata: type: object spec: - description: MeshGatewayConfigSpec specifies the options available for - a Kuma MeshGateway. - properties: - replicas: - default: 1 - description: Replicas is the number of dataplane proxy replicas to - create. For now this is a fixed number, but in the future it could - be automatically scaled based on metrics. - format: int32 - minimum: 1 - type: integer - resources: - description: Resources specifies the compute resources for the proxy - container. The default can be set in the control plane config. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - serviceTemplate: - description: ServiceTemplate configures the Service owned by this - config. - properties: - metadata: - description: Metadata holds metadata configuration for a Service. - properties: - annotations: - additionalProperties: - type: string - description: Annotations holds annotations to be set on a - Service. - type: object - type: object - spec: - description: Spec holds some customizable fields of a Service. - properties: - loadBalancerIP: - description: LoadBalancerIP corresponds to ServiceSpec.LoadBalancerIP. - type: string - type: object - type: object - serviceType: - default: LoadBalancer - description: ServiceType specifies the type of managed Service that - will be created to expose the dataplane proxies to traffic from - outside the cluster. The ports to expose will be taken from the - matching Gateway resource. If there is no matching Gateway, the - managed Service will be deleted. - enum: - - LoadBalancer - - ClusterIP - - NodePort - type: string - tags: - additionalProperties: - type: string - description: Tags specifies a set of Kuma tags that are included in - the MeshGatewayInstance and thus propagated to every Dataplane generated - to serve the MeshGateway. These tags should include a maximum of - one `kuma.io/service` tag. - type: object - type: object - status: - description: MeshGatewayConfigStatus holds information about the status - of the gateway instance. - type: object + description: Spec is the specification of the Kuma Mesh resource. + x-kubernetes-preserve-unknown-fields: true type: object served: true storage: true - subresources: - status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -1574,23 +1979,23 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: meshgatewayinstances.kuma.io + name: meshgatewayconfigs.kuma.io spec: group: kuma.io names: categories: - kuma - kind: MeshGatewayInstance - listKind: MeshGatewayInstanceList - plural: meshgatewayinstances - singular: meshgatewayinstance - scope: Namespaced + kind: MeshGatewayConfig + listKind: MeshGatewayConfigList + plural: meshgatewayconfigs + singular: meshgatewayconfig + scope: Cluster versions: - name: v1alpha1 schema: openAPIV3Schema: - description: MeshGatewayInstance represents a managed instance of a dataplane - proxy for a Kuma Gateway. + description: MeshGatewayConfig holds the configuration of a MeshGateway. A + GatewayClass can refer to a MeshGatewayConfig via parametersRef. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -1605,8 +2010,8 @@ spec: metadata: type: object spec: - description: MeshGatewayInstanceSpec specifies the options available for - a GatewayDataplane. + description: MeshGatewayConfigSpec specifies the options available for + a Kuma MeshGateway. properties: replicas: default: 1 @@ -1680,146 +2085,15 @@ spec: tags: additionalProperties: type: string - description: Tags specifies the Kuma tags that are propagated to the - managed dataplane proxies. These tags should include exactly one - `kuma.io/service` tag, and should match exactly one Gateway resource. + description: Tags specifies a set of Kuma tags that are included in + the MeshGatewayInstance and thus propagated to every Dataplane generated + to serve the MeshGateway. These tags should include a maximum of + one `kuma.io/service` tag. type: object type: object status: - description: MeshGatewayInstanceStatus holds information about the status + description: MeshGatewayConfigStatus holds information about the status of the gateway instance. - properties: - conditions: - description: Conditions is an array of gateway instance conditions. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer, - if one is present. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific error - values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object type: object type: object served: true @@ -1948,6 +2222,7 @@ rules: - meshgatewayroutes - meshgatewayinstances - meshgatewayconfigs + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2118,7 +2393,7 @@ spec: metadata: annotations: checksum/config: 1ddb2793e3c20c70cd0520f7a4fde01d98a29f277eb94d778097c8d1c992128f - checksum/tls-secrets: 7f615c364a983efeb4034f3aa765835f7d5f11ca524e62608f396a8a92b824f6 + checksum/tls-secrets: 89546bbec659c19712feb75febdb553ff294c7e60aaa3fc0a5cf0e1fe74d926f labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2311,6 +2586,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2345,6 +2621,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2461,6 +2738,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.registry.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.registry.golden.yaml index 643c58242d09..d22251892811 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.registry.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.registry.golden.yaml @@ -189,6 +189,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -680,17 +725,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -712,8 +757,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -725,17 +770,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +802,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1352,6 +1397,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1654,51 +1973,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1818,6 +2092,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -1988,7 +2263,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2146,6 +2421,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2180,6 +2456,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2296,6 +2573,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.tproxy-ebpf-experimental-enabled.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.tproxy-ebpf-experimental-enabled.golden.yaml index fee729d775f8..af9c7f4e5e32 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.tproxy-ebpf-experimental-enabled.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.tproxy-ebpf-experimental-enabled.golden.yaml @@ -189,6 +189,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -680,17 +725,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -712,8 +757,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -725,17 +770,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +802,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1352,6 +1397,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1654,51 +1973,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1818,6 +2092,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -1988,7 +2263,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2154,6 +2429,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2188,6 +2464,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2304,6 +2581,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.with-egress.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.with-egress.golden.yaml index 3a2fc070180a..4ab88424deca 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.with-egress.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.with-egress.golden.yaml @@ -199,6 +199,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -690,17 +735,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -722,8 +767,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -735,17 +780,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -767,8 +812,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1362,6 +1407,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1664,51 +1983,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1828,6 +2102,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2019,7 +2294,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2294,6 +2569,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2328,6 +2604,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2444,6 +2721,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-set.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-set.yaml index 352963d759d0..924b56e68126 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-set.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-set.yaml @@ -209,6 +209,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -700,17 +745,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -732,8 +777,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -745,17 +790,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -777,8 +822,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1372,6 +1417,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1674,51 +1993,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1838,6 +2112,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2050,7 +2325,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2448,6 +2723,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2482,6 +2758,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2598,6 +2875,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-values.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-values.yaml index 3af208e9df4b..4fae53a10efe 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-values.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-values.yaml @@ -189,6 +189,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -680,17 +725,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -712,8 +757,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -725,17 +770,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +802,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1352,6 +1397,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1654,51 +1973,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1818,6 +2092,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -1988,7 +2263,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2146,6 +2421,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2180,6 +2456,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2296,6 +2573,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml index 281766497649..19e966bbd72c 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml @@ -199,6 +199,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -690,17 +735,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -722,8 +767,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -735,17 +780,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -767,8 +812,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1362,6 +1407,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1664,51 +1983,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1828,6 +2102,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2019,7 +2294,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2300,6 +2575,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2334,6 +2610,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2450,6 +2727,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml index 3c0d245e4637..75c9bf80b755 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml @@ -189,6 +189,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -680,17 +725,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -712,8 +757,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -725,17 +770,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +802,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1352,6 +1397,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1654,51 +1973,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1818,6 +2092,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -1988,7 +2263,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2150,6 +2425,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2184,6 +2460,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2300,6 +2577,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-cp-helm/empty.golden.yaml b/app/kumactl/cmd/install/testdata/install-cp-helm/empty.golden.yaml index d9bdff5ed4c1..967999db2cec 100644 --- a/app/kumactl/cmd/install/testdata/install-cp-helm/empty.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-cp-helm/empty.golden.yaml @@ -189,6 +189,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -680,17 +725,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -712,8 +757,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -725,17 +770,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +802,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1352,6 +1397,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1654,51 +1973,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1818,6 +2092,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -1988,7 +2263,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2146,6 +2421,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2180,6 +2456,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2296,6 +2573,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-cp-helm/fix4485.golden.yaml b/app/kumactl/cmd/install/testdata/install-cp-helm/fix4485.golden.yaml index f53b9ac4a82b..b19f1c9bea88 100644 --- a/app/kumactl/cmd/install/testdata/install-cp-helm/fix4485.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-cp-helm/fix4485.golden.yaml @@ -205,6 +205,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -696,17 +741,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -728,8 +773,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -741,17 +786,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -773,8 +818,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1368,6 +1413,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1670,51 +1989,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1835,6 +2109,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2010,7 +2285,7 @@ spec: metadata: annotations: checksum/config: a339f834847039f79aed19d73fd8903aeb736f152c512a641f4fb907dbad1429 - checksum/tls-secrets: 6c59f080c0827192e886efb995ae009149bee063ab26e28eac17b70cfd7ae974 + checksum/tls-secrets: d4fe8d8c11082db886259be6f0d966db192fb51bb893de8afba38016de18cc87 labels: app: kuma-control-plane "foo": "baz" @@ -2176,6 +2451,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2210,6 +2486,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2327,6 +2604,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-cp-helm/fix4496.golden.yaml b/app/kumactl/cmd/install/testdata/install-cp-helm/fix4496.golden.yaml index 13aa2e137e08..4091f03209ed 100644 --- a/app/kumactl/cmd/install/testdata/install-cp-helm/fix4496.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-cp-helm/fix4496.golden.yaml @@ -202,6 +202,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -693,17 +738,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -725,8 +770,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -738,17 +783,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -770,8 +815,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1365,6 +1410,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1667,51 +1986,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1832,6 +2106,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2029,7 +2304,7 @@ spec: metadata: annotations: checksum/config: 8e3d9b7078c00005eae94f443d41866ae6d12b93b99888c865c01e843e16dd38 - checksum/tls-secrets: 6a60bfebb565d14f3eb7deea8f96a8d4eb674254ab8a60c3e19e7ff761168e0b + checksum/tls-secrets: 2d44490a2bdaa8b664483ca275b8a4885782116b3d9a4b060f6c8dec26a316bc labels: app: kuma-control-plane "foo": "bar" @@ -2338,6 +2613,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2372,6 +2648,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2489,6 +2766,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-cp-helm/fix4935.golden.yaml b/app/kumactl/cmd/install/testdata/install-cp-helm/fix4935.golden.yaml index b97550849ffb..6d7efee43737 100644 --- a/app/kumactl/cmd/install/testdata/install-cp-helm/fix4935.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-cp-helm/fix4935.golden.yaml @@ -243,6 +243,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -734,17 +779,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -766,8 +811,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -779,17 +824,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -811,8 +856,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1406,6 +1451,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1708,51 +2027,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1893,6 +2167,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2236,7 +2511,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 bim: "bam" foo: "{\"bar\": \"baz\"}" labels: @@ -2668,6 +2943,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2702,6 +2978,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2818,6 +3095,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-crds.all.golden.yaml b/app/kumactl/cmd/install/testdata/install-crds.all.golden.yaml index 97c1668986d7..1d23d499c85f 100644 --- a/app/kumactl/cmd/install/testdata/install-crds.all.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-crds.all.golden.yaml @@ -382,6 +382,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 diff --git a/app/kumactl/cmd/install/testdata/install-crds.experimental-gatewayapi.golden.yaml b/app/kumactl/cmd/install/testdata/install-crds.experimental-gatewayapi.golden.yaml index d4c6a54a5d65..7d405b7a5b0a 100644 --- a/app/kumactl/cmd/install/testdata/install-crds.experimental-gatewayapi.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-crds.experimental-gatewayapi.golden.yaml @@ -382,6 +382,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 From dd9b3c4e2c43fe8f22f6dc35dfc1f22fbd5c0cf7 Mon Sep 17 00:00:00 2001 From: slonka Date: Tue, 13 Sep 2022 14:08:54 +0200 Subject: [PATCH 16/27] feat(kumacp): skip registration Signed-off-by: slonka --- .../kuma/crds/kuma.io_meshaccesslogs.yaml | 274 ------------------ deployments/charts/kuma/values.yaml | 1 - docs/generated/cmd/kumactl/kumactl_get.md | 2 - .../cmd/kumactl/kumactl_get_meshaccesslog.md | 33 --- .../cmd/kumactl/kumactl_get_meshaccesslogs.md | 35 --- docs/generated/cmd/kumactl/kumactl_inspect.md | 1 - .../kumactl/kumactl_inspect_meshaccesslog.md | 32 -- pkg/plugins/policies/imports.go | 1 - .../api/v1alpha1/meshaccesslog.pb.go | 20 +- .../api/v1alpha1/meshaccesslog.proto | 2 +- .../k8s/v1alpha1/zz_generated.types.go | 17 -- .../meshaccesslog/zz_generated.plugin.go | 16 - 12 files changed, 11 insertions(+), 423 deletions(-) delete mode 100644 deployments/charts/kuma/crds/kuma.io_meshaccesslogs.yaml delete mode 100644 docs/generated/cmd/kumactl/kumactl_get_meshaccesslog.md delete mode 100644 docs/generated/cmd/kumactl/kumactl_get_meshaccesslogs.md delete mode 100644 docs/generated/cmd/kumactl/kumactl_inspect_meshaccesslog.md delete mode 100644 pkg/plugins/policies/meshaccesslog/zz_generated.plugin.go diff --git a/deployments/charts/kuma/crds/kuma.io_meshaccesslogs.yaml b/deployments/charts/kuma/crds/kuma.io_meshaccesslogs.yaml deleted file mode 100644 index 7b8ee284a70b..000000000000 --- a/deployments/charts/kuma/crds/kuma.io_meshaccesslogs.yaml +++ /dev/null @@ -1,274 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshaccesslogs.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshAccessLog - listKind: MeshAccessLogList - plural: meshaccesslogs - singular: meshaccesslog - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshAccessLog resource. - properties: - from: - description: From is a list of pairs – a group of clients and action - applied for it - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful when - implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - to: - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - type: object - type: object - served: true - storage: true diff --git a/deployments/charts/kuma/values.yaml b/deployments/charts/kuma/values.yaml index 52a816a050a5..5d66c197c5e3 100644 --- a/deployments/charts/kuma/values.yaml +++ b/deployments/charts/kuma/values.yaml @@ -690,5 +690,4 @@ experimental: # @ignored for helm-docs plugins: policies: - - meshaccesslogs - meshtrafficpermissions diff --git a/docs/generated/cmd/kumactl/kumactl_get.md b/docs/generated/cmd/kumactl/kumactl_get.md index 981008f044ea..63dad08a3f27 100644 --- a/docs/generated/cmd/kumactl/kumactl_get.md +++ b/docs/generated/cmd/kumactl/kumactl_get.md @@ -38,8 +38,6 @@ Show Kuma resources. * [kumactl get healthcheck](kumactl_get_healthcheck.md) - Show a single HealthCheck resource * [kumactl get healthchecks](kumactl_get_healthchecks.md) - Show HealthCheck * [kumactl get mesh](kumactl_get_mesh.md) - Show a single Mesh resource -* [kumactl get meshaccesslog](kumactl_get_meshaccesslog.md) - Show a single MeshAccessLog resource -* [kumactl get meshaccesslogs](kumactl_get_meshaccesslogs.md) - Show MeshAccessLog * [kumactl get meshes](kumactl_get_meshes.md) - Show Mesh * [kumactl get meshgateway](kumactl_get_meshgateway.md) - Show a single MeshGateway resource * [kumactl get meshgatewayroute](kumactl_get_meshgatewayroute.md) - Show a single MeshGatewayRoute resource diff --git a/docs/generated/cmd/kumactl/kumactl_get_meshaccesslog.md b/docs/generated/cmd/kumactl/kumactl_get_meshaccesslog.md deleted file mode 100644 index 1caa992ebc5c..000000000000 --- a/docs/generated/cmd/kumactl/kumactl_get_meshaccesslog.md +++ /dev/null @@ -1,33 +0,0 @@ -## kumactl get meshaccesslog - -Show a single MeshAccessLog resource - -### Synopsis - -Show a single MeshAccessLog resource. - -``` -kumactl get meshaccesslog NAME [flags] -``` - -### Options - -``` - -h, --help help for meshaccesslog - -m, --mesh string mesh to use (default "default") -``` - -### Options inherited from parent commands - -``` - --api-timeout duration the timeout for api calls. It includes connection time, any redirects, and reading the response body. A timeout of zero means no timeout (default 1m0s) - --config-file string path to the configuration file to use - --log-level string log level: one of off|info|debug (default "off") - --no-config if set no config file and config directory will be created - -o, --output string output format: one of table|yaml|json (default "table") -``` - -### SEE ALSO - -* [kumactl get](kumactl_get.md) - Show Kuma resources - diff --git a/docs/generated/cmd/kumactl/kumactl_get_meshaccesslogs.md b/docs/generated/cmd/kumactl/kumactl_get_meshaccesslogs.md deleted file mode 100644 index dcf2734a021f..000000000000 --- a/docs/generated/cmd/kumactl/kumactl_get_meshaccesslogs.md +++ /dev/null @@ -1,35 +0,0 @@ -## kumactl get meshaccesslogs - -Show MeshAccessLog - -### Synopsis - -Show MeshAccessLog entities. - -``` -kumactl get meshaccesslogs [flags] -``` - -### Options - -``` - -h, --help help for meshaccesslogs - -m, --mesh string mesh to use (default "default") - --offset string the offset that indicates starting element of the resources list to retrieve - --size int maximum number of elements to return -``` - -### Options inherited from parent commands - -``` - --api-timeout duration the timeout for api calls. It includes connection time, any redirects, and reading the response body. A timeout of zero means no timeout (default 1m0s) - --config-file string path to the configuration file to use - --log-level string log level: one of off|info|debug (default "off") - --no-config if set no config file and config directory will be created - -o, --output string output format: one of table|yaml|json (default "table") -``` - -### SEE ALSO - -* [kumactl get](kumactl_get.md) - Show Kuma resources - diff --git a/docs/generated/cmd/kumactl/kumactl_inspect.md b/docs/generated/cmd/kumactl/kumactl_inspect.md index 4ce40aadc6fd..0f1ae9dc49ee 100644 --- a/docs/generated/cmd/kumactl/kumactl_inspect.md +++ b/docs/generated/cmd/kumactl/kumactl_inspect.md @@ -30,7 +30,6 @@ Inspect Kuma resources. * [kumactl inspect dataplanes](kumactl_inspect_dataplanes.md) - Inspect Dataplanes * [kumactl inspect fault-injection](kumactl_inspect_fault-injection.md) - Inspect FaultInjection * [kumactl inspect healthcheck](kumactl_inspect_healthcheck.md) - Inspect HealthCheck -* [kumactl inspect meshaccesslog](kumactl_inspect_meshaccesslog.md) - Inspect MeshAccessLog * [kumactl inspect meshes](kumactl_inspect_meshes.md) - Inspect Meshes * [kumactl inspect meshgateway](kumactl_inspect_meshgateway.md) - Inspect MeshGateway * [kumactl inspect meshtrafficpermission](kumactl_inspect_meshtrafficpermission.md) - Inspect MeshTrafficPermission diff --git a/docs/generated/cmd/kumactl/kumactl_inspect_meshaccesslog.md b/docs/generated/cmd/kumactl/kumactl_inspect_meshaccesslog.md deleted file mode 100644 index 325702c760fa..000000000000 --- a/docs/generated/cmd/kumactl/kumactl_inspect_meshaccesslog.md +++ /dev/null @@ -1,32 +0,0 @@ -## kumactl inspect meshaccesslog - -Inspect MeshAccessLog - -### Synopsis - -Inspect MeshAccessLog. - -``` -kumactl inspect meshaccesslog NAME [flags] -``` - -### Options - -``` - -h, --help help for meshaccesslog -``` - -### Options inherited from parent commands - -``` - --api-timeout duration the timeout for api calls. It includes connection time, any redirects, and reading the response body. A timeout of zero means no timeout (default 1m0s) - --config-file string path to the configuration file to use - --log-level string log level: one of off|info|debug (default "off") - --no-config if set no config file and config directory will be created - -o, --output string output format: one of table|yaml|json (default "table") -``` - -### SEE ALSO - -* [kumactl inspect](kumactl_inspect.md) - Inspect Kuma resources - diff --git a/pkg/plugins/policies/imports.go b/pkg/plugins/policies/imports.go index ebab3881a582..23b97ebd7b66 100644 --- a/pkg/plugins/policies/imports.go +++ b/pkg/plugins/policies/imports.go @@ -1,6 +1,5 @@ package policies import ( - _ "github.com/kumahq/kuma/pkg/plugins/policies/meshaccesslog" _ "github.com/kumahq/kuma/pkg/plugins/policies/meshtrafficpermission" ) diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go index 768b2e2c1abb..24cc1e1819f3 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go @@ -617,7 +617,7 @@ var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_raw 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x72, 0x65, 0x66, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x15, 0x6b, 0x75, 0x6d, 0x61, 0x2d, 0x64, 0x6f, 0x63, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, - 0xd7, 0x0c, 0x0a, 0x0d, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, + 0xd9, 0x0c, 0x0a, 0x0d, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x12, 0x3d, 0x0a, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x61, 0x72, 0x67, @@ -718,15 +718,15 @@ var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_raw 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, - 0x74, 0x3a, 0x06, 0xb2, 0x8c, 0x89, 0xa6, 0x01, 0x00, 0x42, 0x6e, 0x5a, 0x46, 0x67, 0x69, 0x74, - 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x68, 0x71, 0x2f, 0x6b, - 0x75, 0x6d, 0x61, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2f, - 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2f, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, - 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x31, 0x8a, 0xb5, 0x18, 0x22, 0x50, 0x01, 0xa2, 0x01, 0x0d, 0x4d, 0x65, 0x73, 0x68, - 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0xf2, 0x01, 0x0d, 0x6d, 0x65, 0x73, 0x68, - 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, + 0x74, 0x3a, 0x08, 0xb2, 0x8c, 0x89, 0xa6, 0x01, 0x02, 0x08, 0x01, 0x42, 0x6e, 0x5a, 0x46, 0x67, + 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x68, 0x71, + 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, + 0x73, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2f, 0x6d, 0x65, 0x73, 0x68, 0x61, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x31, 0x8a, 0xb5, 0x18, 0x22, 0x50, 0x01, 0xa2, 0x01, 0x0d, 0x4d, 0x65, + 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0xf2, 0x01, 0x0d, 0x6d, 0x65, + 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x33, } var ( diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto index 58f5e0aa1a2c..88cd47148686 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto @@ -18,7 +18,7 @@ option (doc.config) = { message MeshAccessLog { option (kuma.mesh.policy) = { // Toggle this to have the policy registered or not in Kuma - skip_registration : false, + skip_registration : true, }; // TargetRef is a reference to the resource the policy takes an effect on. diff --git a/pkg/plugins/policies/meshaccesslog/k8s/v1alpha1/zz_generated.types.go b/pkg/plugins/policies/meshaccesslog/k8s/v1alpha1/zz_generated.types.go index 61bf5780454e..faaa7c620dc0 100644 --- a/pkg/plugins/policies/meshaccesslog/k8s/v1alpha1/zz_generated.types.go +++ b/pkg/plugins/policies/meshaccesslog/k8s/v1alpha1/zz_generated.types.go @@ -13,7 +13,6 @@ import ( core_model "github.com/kumahq/kuma/pkg/core/resources/model" policy "github.com/kumahq/kuma/pkg/plugins/policies/meshaccesslog/api/v1alpha1" "github.com/kumahq/kuma/pkg/plugins/resources/k8s/native/pkg/model" - "github.com/kumahq/kuma/pkg/plugins/resources/k8s/native/pkg/registry" "github.com/kumahq/kuma/pkg/plugins/runtime/k8s/metadata" ) @@ -87,19 +86,3 @@ func (l *MeshAccessLogList) GetItems() []model.KubernetesObject { } return result } - -func init() { - SchemeBuilder.Register(&MeshAccessLog{}, &MeshAccessLogList{}) - registry.RegisterObjectType(&policy.MeshAccessLog{}, &MeshAccessLog{ - TypeMeta: metav1.TypeMeta{ - APIVersion: GroupVersion.String(), - Kind: "MeshAccessLog", - }, - }) - registry.RegisterListType(&policy.MeshAccessLog{}, &MeshAccessLogList{ - TypeMeta: metav1.TypeMeta{ - APIVersion: GroupVersion.String(), - Kind: "MeshAccessLogList", - }, - }) -} diff --git a/pkg/plugins/policies/meshaccesslog/zz_generated.plugin.go b/pkg/plugins/policies/meshaccesslog/zz_generated.plugin.go deleted file mode 100644 index ccf2cbd1b5ea..000000000000 --- a/pkg/plugins/policies/meshaccesslog/zz_generated.plugin.go +++ /dev/null @@ -1,16 +0,0 @@ -package meshaccesslog - -import ( - "github.com/kumahq/kuma/pkg/plugins/policies/core" - api_v1alpha1 "github.com/kumahq/kuma/pkg/plugins/policies/meshaccesslog/api/v1alpha1" - k8s_v1alpha1 "github.com/kumahq/kuma/pkg/plugins/policies/meshaccesslog/k8s/v1alpha1" - plugin_v1alpha1 "github.com/kumahq/kuma/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1" -) - -func init() { - core.Register( - api_v1alpha1.MeshAccessLogResourceTypeDescriptor, - k8s_v1alpha1.AddToScheme, - plugin_v1alpha1.NewPlugin(), - ) -} From cb8f771d26234c0deffa94bd189b91d367800ad6 Mon Sep 17 00:00:00 2001 From: slonka Date: Tue, 13 Sep 2022 14:10:48 +0200 Subject: [PATCH 17/27] feat(kumacp): skip registration 2 Signed-off-by: slonka --- .../cmd/completion/testdata/bash.golden | 103 --- ...tall-control-plane.cni-enabled.golden.yaml | 402 ++------- ...plane.cni-experimental-enabled.golden.yaml | 402 ++------- ...install-control-plane.defaults.golden.yaml | 402 ++------- .../install-control-plane.dump-values.yaml | 1 - .../install-control-plane.global.golden.yaml | 402 ++------- ...ontrol-plane.override-env-vars.golden.yaml | 402 ++------- ...nstall-control-plane.overrides.golden.yaml | 844 ++++++------------ ...install-control-plane.registry.golden.yaml | 402 ++------- ...roxy-ebpf-experimental-enabled.golden.yaml | 402 ++------- ...tall-control-plane.with-egress.golden.yaml | 402 ++------- .../install-control-plane.with-helm-set.yaml | 402 ++------- ...nstall-control-plane.with-helm-values.yaml | 402 ++------- ...all-control-plane.with-ingress.golden.yaml | 402 ++------- .../install-control-plane.zone.golden.yaml | 402 ++------- .../install-cp-helm/empty.golden.yaml | 402 ++------- .../install-cp-helm/fix4485.golden.yaml | 402 ++------- .../install-cp-helm/fix4496.golden.yaml | 402 ++------- .../install-cp-helm/fix4935.golden.yaml | 402 ++------- .../testdata/install-crds.all.golden.yaml | 274 ------ ...l-crds.experimental-gatewayapi.golden.yaml | 274 ------ 21 files changed, 1275 insertions(+), 6653 deletions(-) diff --git a/app/kumactl/cmd/completion/testdata/bash.golden b/app/kumactl/cmd/completion/testdata/bash.golden index cc1da274d3e5..62644144858d 100644 --- a/app/kumactl/cmd/completion/testdata/bash.golden +++ b/app/kumactl/cmd/completion/testdata/bash.golden @@ -1515,76 +1515,6 @@ _kumactl_get_mesh() noun_aliases=() } -_kumactl_get_meshaccesslog() -{ - last_command="kumactl_get_meshaccesslog" - - command_aliases=() - - commands=() - - flags=() - two_word_flags=() - local_nonpersistent_flags=() - flags_with_completion=() - flags_completion=() - - flags+=("--mesh=") - two_word_flags+=("--mesh") - two_word_flags+=("-m") - flags+=("--api-timeout=") - two_word_flags+=("--api-timeout") - flags+=("--config-file=") - two_word_flags+=("--config-file") - flags+=("--log-level=") - two_word_flags+=("--log-level") - flags+=("--no-config") - flags+=("--output=") - two_word_flags+=("--output") - two_word_flags+=("-o") - - must_have_one_flag=() - must_have_one_noun=() - noun_aliases=() -} - -_kumactl_get_meshaccesslogs() -{ - last_command="kumactl_get_meshaccesslogs" - - command_aliases=() - - commands=() - - flags=() - two_word_flags=() - local_nonpersistent_flags=() - flags_with_completion=() - flags_completion=() - - flags+=("--mesh=") - two_word_flags+=("--mesh") - two_word_flags+=("-m") - flags+=("--offset=") - two_word_flags+=("--offset") - flags+=("--size=") - two_word_flags+=("--size") - flags+=("--api-timeout=") - two_word_flags+=("--api-timeout") - flags+=("--config-file=") - two_word_flags+=("--config-file") - flags+=("--log-level=") - two_word_flags+=("--log-level") - flags+=("--no-config") - flags+=("--output=") - two_word_flags+=("--output") - two_word_flags+=("-o") - - must_have_one_flag=() - must_have_one_noun=() - noun_aliases=() -} - _kumactl_get_meshes() { last_command="kumactl_get_meshes" @@ -2762,8 +2692,6 @@ _kumactl_get() commands+=("healthcheck") commands+=("healthchecks") commands+=("mesh") - commands+=("meshaccesslog") - commands+=("meshaccesslogs") commands+=("meshes") commands+=("meshgateway") commands+=("meshgatewayroute") @@ -3010,36 +2938,6 @@ _kumactl_inspect_healthcheck() noun_aliases=() } -_kumactl_inspect_meshaccesslog() -{ - last_command="kumactl_inspect_meshaccesslog" - - command_aliases=() - - commands=() - - flags=() - two_word_flags=() - local_nonpersistent_flags=() - flags_with_completion=() - flags_completion=() - - flags+=("--api-timeout=") - two_word_flags+=("--api-timeout") - flags+=("--config-file=") - two_word_flags+=("--config-file") - flags+=("--log-level=") - two_word_flags+=("--log-level") - flags+=("--no-config") - flags+=("--output=") - two_word_flags+=("--output") - two_word_flags+=("-o") - - must_have_one_flag=() - must_have_one_noun=() - noun_aliases=() -} - _kumactl_inspect_meshes() { last_command="kumactl_inspect_meshes" @@ -3569,7 +3467,6 @@ _kumactl_inspect() commands+=("dataplanes") commands+=("fault-injection") commands+=("healthcheck") - commands+=("meshaccesslog") commands+=("meshes") commands+=("meshgateway") commands+=("meshtrafficpermission") diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml index 1317b0404fe0..a717251af955 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml @@ -223,51 +223,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -759,17 +714,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -791,8 +746,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -804,17 +759,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -836,8 +791,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1431,280 +1386,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshaccesslogs.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshAccessLog - listKind: MeshAccessLogList - plural: meshaccesslogs - singular: meshaccesslog - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshAccessLog resource. - properties: - from: - description: From is a list of pairs – a group of clients and action - applied for it - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful when - implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - to: - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -2007,6 +1688,51 @@ spec: subresources: status: {} --- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -2147,7 +1873,6 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances - - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2441,7 +2166,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 + checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2599,7 +2324,6 @@ webhooks: - UPDATE resources: - meshes - - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2634,7 +2358,6 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds - - meshaccesslogs - meshtrafficpermissions @@ -2751,7 +2474,6 @@ webhooks: - virtualoutbounds - zones - containerpatches - - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.cni-experimental-enabled.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.cni-experimental-enabled.golden.yaml index 8a00141ac480..1d195e86b1f1 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.cni-experimental-enabled.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.cni-experimental-enabled.golden.yaml @@ -223,51 +223,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -759,17 +714,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -791,8 +746,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -804,17 +759,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -836,8 +791,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1431,280 +1386,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshaccesslogs.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshAccessLog - listKind: MeshAccessLogList - plural: meshaccesslogs - singular: meshaccesslog - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshAccessLog resource. - properties: - from: - description: From is a list of pairs – a group of clients and action - applied for it - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful when - implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - to: - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -2007,6 +1688,51 @@ spec: subresources: status: {} --- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -2147,7 +1873,6 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances - - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2459,7 +2184,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 + checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2621,7 +2346,6 @@ webhooks: - UPDATE resources: - meshes - - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2656,7 +2380,6 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds - - meshaccesslogs - meshtrafficpermissions @@ -2773,7 +2496,6 @@ webhooks: - virtualoutbounds - zones - containerpatches - - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml index 967999db2cec..d9bdff5ed4c1 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml @@ -189,51 +189,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -725,17 +680,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +712,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -770,17 +725,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -802,8 +757,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1397,280 +1352,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshaccesslogs.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshAccessLog - listKind: MeshAccessLogList - plural: meshaccesslogs - singular: meshaccesslog - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshAccessLog resource. - properties: - from: - description: From is a list of pairs – a group of clients and action - applied for it - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful when - implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - to: - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1973,6 +1654,51 @@ spec: subresources: status: {} --- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -2092,7 +1818,6 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances - - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2263,7 +1988,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 + checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2421,7 +2146,6 @@ webhooks: - UPDATE resources: - meshes - - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2456,7 +2180,6 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds - - meshaccesslogs - meshtrafficpermissions @@ -2573,7 +2296,6 @@ webhooks: - virtualoutbounds - zones - containerpatches - - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.dump-values.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.dump-values.yaml index 52a816a050a5..5d66c197c5e3 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.dump-values.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.dump-values.yaml @@ -690,5 +690,4 @@ experimental: # @ignored for helm-docs plugins: policies: - - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml index 70f35c3cf48e..fb7f46402b5c 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml @@ -189,51 +189,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -725,17 +680,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +712,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -770,17 +725,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -802,8 +757,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1397,280 +1352,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshaccesslogs.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshAccessLog - listKind: MeshAccessLogList - plural: meshaccesslogs - singular: meshaccesslog - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshAccessLog resource. - properties: - from: - description: From is a list of pairs – a group of clients and action - applied for it - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful when - implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - to: - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1973,6 +1654,51 @@ spec: subresources: status: {} --- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -2092,7 +1818,6 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances - - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2280,7 +2005,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 46432bff5dd0d9a42953e264b91e153419fe69950e8118d53e644d090274e074 + checksum/tls-secrets: fd5cb26395594662e1f976f50c10bee12480e1d1f27ab49903572bdc3bb43e7c labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2437,7 +2162,6 @@ webhooks: - UPDATE resources: - meshes - - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2472,7 +2196,6 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds - - meshaccesslogs - meshtrafficpermissions @@ -2526,7 +2249,6 @@ webhooks: - virtualoutbounds - zones - containerpatches - - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml index 7b683db32edc..2abcc595764b 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml @@ -189,51 +189,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -725,17 +680,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +712,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -770,17 +725,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -802,8 +757,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1397,280 +1352,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshaccesslogs.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshAccessLog - listKind: MeshAccessLogList - plural: meshaccesslogs - singular: meshaccesslog - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshAccessLog resource. - properties: - from: - description: From is a list of pairs – a group of clients and action - applied for it - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful when - implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - to: - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1973,6 +1654,51 @@ spec: subresources: status: {} --- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -2092,7 +1818,6 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances - - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2263,7 +1988,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 + checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2421,7 +2146,6 @@ webhooks: - UPDATE resources: - meshes - - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2456,7 +2180,6 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds - - meshaccesslogs - meshtrafficpermissions @@ -2573,7 +2296,6 @@ webhooks: - virtualoutbounds - zones - containerpatches - - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml index d4d3826331d9..fb4d35b8543c 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml @@ -189,265 +189,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayinstances.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayInstance - listKind: MeshGatewayInstanceList - plural: meshgatewayinstances - singular: meshgatewayinstance - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: MeshGatewayInstance represents a managed instance of a dataplane - proxy for a Kuma Gateway. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MeshGatewayInstanceSpec specifies the options available for - a GatewayDataplane. - properties: - replicas: - default: 1 - description: Replicas is the number of dataplane proxy replicas to - create. For now this is a fixed number, but in the future it could - be automatically scaled based on metrics. - format: int32 - minimum: 1 - type: integer - resources: - description: Resources specifies the compute resources for the proxy - container. The default can be set in the control plane config. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - serviceTemplate: - description: ServiceTemplate configures the Service owned by this - config. - properties: - metadata: - description: Metadata holds metadata configuration for a Service. - properties: - annotations: - additionalProperties: - type: string - description: Annotations holds annotations to be set on a - Service. - type: object - type: object - spec: - description: Spec holds some customizable fields of a Service. - properties: - loadBalancerIP: - description: LoadBalancerIP corresponds to ServiceSpec.LoadBalancerIP. - type: string - type: object - type: object - serviceType: - default: LoadBalancer - description: ServiceType specifies the type of managed Service that - will be created to expose the dataplane proxies to traffic from - outside the cluster. The ports to expose will be taken from the - matching Gateway resource. If there is no matching Gateway, the - managed Service will be deleted. - enum: - - LoadBalancer - - ClusterIP - - NodePort - type: string - tags: - additionalProperties: - type: string - description: Tags specifies the Kuma tags that are propagated to the - managed dataplane proxies. These tags should include exactly one - `kuma.io/service` tag, and should match exactly one Gateway resource. - type: object - type: object - status: - description: MeshGatewayInstanceStatus holds information about the status - of the gateway instance. - properties: - conditions: - description: Conditions is an array of gateway instance conditions. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer, - if one is present. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific error - values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -939,17 +680,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficlogs.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficLog + listKind: TrafficLogList + plural: trafficlogs + singular: trafficlog + scope: Cluster versions: - name: v1alpha1 schema: @@ -971,8 +712,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficLog resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -984,17 +725,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficlogs.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficLog - listKind: TrafficLogList - plural: trafficlogs - singular: trafficlog - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -1016,8 +757,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficLog resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1435,17 +1176,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplanes.kuma.io + name: zones.kuma.io spec: group: kuma.io names: categories: - kuma - kind: Dataplane - listKind: DataplaneList - plural: dataplanes - singular: dataplane - scope: Namespaced + kind: Zone + listKind: ZoneList + plural: zones + singular: zone + scope: Cluster versions: - name: v1alpha1 schema: @@ -1468,7 +1209,7 @@ spec: metadata: type: object spec: - description: Spec is the specification of the Kuma Dataplane resource. + description: Spec is the specification of the Kuma Zone resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1480,17 +1221,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: zones.kuma.io + name: dataplanes.kuma.io spec: group: kuma.io names: categories: - kuma - kind: Zone - listKind: ZoneList - plural: zones - singular: zone - scope: Cluster + kind: Dataplane + listKind: DataplaneList + plural: dataplanes + singular: dataplane + scope: Namespaced versions: - name: v1alpha1 schema: @@ -1513,7 +1254,7 @@ spec: metadata: type: object spec: - description: Spec is the specification of the Kuma Zone resource. + description: Spec is the specification of the Kuma Dataplane resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1660,17 +1401,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: meshaccesslogs.kuma.io + name: meshes.kuma.io spec: group: kuma.io names: categories: - kuma - kind: MeshAccessLog - listKind: MeshAccessLogList - plural: meshaccesslogs - singular: meshaccesslog - scope: Namespaced + kind: Mesh + listKind: MeshList + plural: meshes + singular: mesh + scope: Cluster versions: - name: v1alpha1 schema: @@ -1686,244 +1427,15 @@ spec: object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string metadata: type: object spec: - description: Spec is the specification of the Kuma MeshAccessLog resource. - properties: - from: - description: From is a list of pairs – a group of clients and action - applied for it - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful when - implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - to: - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - type: object + description: Spec is the specification of the Kuma Mesh resource. + x-kubernetes-preserve-unknown-fields: true type: object served: true storage: true @@ -1934,21 +1446,23 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: meshes.kuma.io + name: meshgatewayconfigs.kuma.io spec: group: kuma.io names: categories: - kuma - kind: Mesh - listKind: MeshList - plural: meshes - singular: mesh + kind: MeshGatewayConfig + listKind: MeshGatewayConfigList + plural: meshgatewayconfigs + singular: meshgatewayconfig scope: Cluster versions: - name: v1alpha1 schema: openAPIV3Schema: + description: MeshGatewayConfig holds the configuration of a MeshGateway. A + GatewayClass can refer to a MeshGatewayConfig via parametersRef. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -1960,18 +1474,99 @@ spec: object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string metadata: type: object spec: - description: Spec is the specification of the Kuma Mesh resource. - x-kubernetes-preserve-unknown-fields: true + description: MeshGatewayConfigSpec specifies the options available for + a Kuma MeshGateway. + properties: + replicas: + default: 1 + description: Replicas is the number of dataplane proxy replicas to + create. For now this is a fixed number, but in the future it could + be automatically scaled based on metrics. + format: int32 + minimum: 1 + type: integer + resources: + description: Resources specifies the compute resources for the proxy + container. The default can be set in the control plane config. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + serviceTemplate: + description: ServiceTemplate configures the Service owned by this + config. + properties: + metadata: + description: Metadata holds metadata configuration for a Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations holds annotations to be set on a + Service. + type: object + type: object + spec: + description: Spec holds some customizable fields of a Service. + properties: + loadBalancerIP: + description: LoadBalancerIP corresponds to ServiceSpec.LoadBalancerIP. + type: string + type: object + type: object + serviceType: + default: LoadBalancer + description: ServiceType specifies the type of managed Service that + will be created to expose the dataplane proxies to traffic from + outside the cluster. The ports to expose will be taken from the + matching Gateway resource. If there is no matching Gateway, the + managed Service will be deleted. + enum: + - LoadBalancer + - ClusterIP + - NodePort + type: string + tags: + additionalProperties: + type: string + description: Tags specifies a set of Kuma tags that are included in + the MeshGatewayInstance and thus propagated to every Dataplane generated + to serve the MeshGateway. These tags should include a maximum of + one `kuma.io/service` tag. + type: object + type: object + status: + description: MeshGatewayConfigStatus holds information about the status + of the gateway instance. + type: object type: object served: true storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -1979,23 +1574,23 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: meshgatewayconfigs.kuma.io + name: meshgatewayinstances.kuma.io spec: group: kuma.io names: categories: - kuma - kind: MeshGatewayConfig - listKind: MeshGatewayConfigList - plural: meshgatewayconfigs - singular: meshgatewayconfig - scope: Cluster + kind: MeshGatewayInstance + listKind: MeshGatewayInstanceList + plural: meshgatewayinstances + singular: meshgatewayinstance + scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: - description: MeshGatewayConfig holds the configuration of a MeshGateway. A - GatewayClass can refer to a MeshGatewayConfig via parametersRef. + description: MeshGatewayInstance represents a managed instance of a dataplane + proxy for a Kuma Gateway. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -2010,8 +1605,8 @@ spec: metadata: type: object spec: - description: MeshGatewayConfigSpec specifies the options available for - a Kuma MeshGateway. + description: MeshGatewayInstanceSpec specifies the options available for + a GatewayDataplane. properties: replicas: default: 1 @@ -2085,15 +1680,146 @@ spec: tags: additionalProperties: type: string - description: Tags specifies a set of Kuma tags that are included in - the MeshGatewayInstance and thus propagated to every Dataplane generated - to serve the MeshGateway. These tags should include a maximum of - one `kuma.io/service` tag. + description: Tags specifies the Kuma tags that are propagated to the + managed dataplane proxies. These tags should include exactly one + `kuma.io/service` tag, and should match exactly one Gateway resource. type: object type: object status: - description: MeshGatewayConfigStatus holds information about the status + description: MeshGatewayInstanceStatus holds information about the status of the gateway instance. + properties: + conditions: + description: Conditions is an array of gateway instance conditions. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer, + if one is present. + properties: + ingress: + description: Ingress is a list containing ingress points for the + load-balancer. Traffic intended for the service should be sent + to these ingress points. + items: + description: 'LoadBalancerIngress represents the status of a + load-balancer ingress point: traffic intended for the service + should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer ingress points + that are DNS based (typically AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress points + that are IP based (typically GCE or OpenStack load-balancers) + type: string + ports: + description: Ports is a list of records of service ports + If used, every port defined in the service should have + an entry in it + items: + properties: + error: + description: 'Error is to record the problem with + the service port The format of the error shall comply + with the following rules: - built-in error values + shall be specified in this file and those shall + use CamelCase names - cloud provider specific error + values must have names that comply with the format + foo.example.com/CamelCase. --- The regex it matches + is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service + port of which status is recorded here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of the service + port of which status is recorded here The supported + values are: "TCP", "UDP", "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object type: object type: object served: true @@ -2222,7 +1948,6 @@ rules: - meshgatewayroutes - meshgatewayinstances - meshgatewayconfigs - - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2393,7 +2118,7 @@ spec: metadata: annotations: checksum/config: 1ddb2793e3c20c70cd0520f7a4fde01d98a29f277eb94d778097c8d1c992128f - checksum/tls-secrets: 89546bbec659c19712feb75febdb553ff294c7e60aaa3fc0a5cf0e1fe74d926f + checksum/tls-secrets: 7f615c364a983efeb4034f3aa765835f7d5f11ca524e62608f396a8a92b824f6 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2586,7 +2311,6 @@ webhooks: - UPDATE resources: - meshes - - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2621,7 +2345,6 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds - - meshaccesslogs - meshtrafficpermissions @@ -2738,7 +2461,6 @@ webhooks: - virtualoutbounds - zones - containerpatches - - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.registry.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.registry.golden.yaml index d22251892811..643c58242d09 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.registry.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.registry.golden.yaml @@ -189,51 +189,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -725,17 +680,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +712,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -770,17 +725,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -802,8 +757,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1397,280 +1352,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshaccesslogs.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshAccessLog - listKind: MeshAccessLogList - plural: meshaccesslogs - singular: meshaccesslog - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshAccessLog resource. - properties: - from: - description: From is a list of pairs – a group of clients and action - applied for it - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful when - implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - to: - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1973,6 +1654,51 @@ spec: subresources: status: {} --- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -2092,7 +1818,6 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances - - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2263,7 +1988,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 + checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2421,7 +2146,6 @@ webhooks: - UPDATE resources: - meshes - - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2456,7 +2180,6 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds - - meshaccesslogs - meshtrafficpermissions @@ -2573,7 +2296,6 @@ webhooks: - virtualoutbounds - zones - containerpatches - - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.tproxy-ebpf-experimental-enabled.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.tproxy-ebpf-experimental-enabled.golden.yaml index af9c7f4e5e32..fee729d775f8 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.tproxy-ebpf-experimental-enabled.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.tproxy-ebpf-experimental-enabled.golden.yaml @@ -189,51 +189,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -725,17 +680,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +712,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -770,17 +725,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -802,8 +757,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1397,280 +1352,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshaccesslogs.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshAccessLog - listKind: MeshAccessLogList - plural: meshaccesslogs - singular: meshaccesslog - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshAccessLog resource. - properties: - from: - description: From is a list of pairs – a group of clients and action - applied for it - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful when - implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - to: - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1973,6 +1654,51 @@ spec: subresources: status: {} --- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -2092,7 +1818,6 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances - - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2263,7 +1988,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 + checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2429,7 +2154,6 @@ webhooks: - UPDATE resources: - meshes - - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2464,7 +2188,6 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds - - meshaccesslogs - meshtrafficpermissions @@ -2581,7 +2304,6 @@ webhooks: - virtualoutbounds - zones - containerpatches - - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.with-egress.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.with-egress.golden.yaml index 4ab88424deca..3a2fc070180a 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.with-egress.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.with-egress.golden.yaml @@ -199,51 +199,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -735,17 +690,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -767,8 +722,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -780,17 +735,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -812,8 +767,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1407,280 +1362,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshaccesslogs.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshAccessLog - listKind: MeshAccessLogList - plural: meshaccesslogs - singular: meshaccesslog - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshAccessLog resource. - properties: - from: - description: From is a list of pairs – a group of clients and action - applied for it - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful when - implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - to: - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1983,6 +1664,51 @@ spec: subresources: status: {} --- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -2102,7 +1828,6 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances - - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2294,7 +2019,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 + checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2569,7 +2294,6 @@ webhooks: - UPDATE resources: - meshes - - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2604,7 +2328,6 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds - - meshaccesslogs - meshtrafficpermissions @@ -2721,7 +2444,6 @@ webhooks: - virtualoutbounds - zones - containerpatches - - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-set.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-set.yaml index 924b56e68126..352963d759d0 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-set.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-set.yaml @@ -209,51 +209,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -745,17 +700,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -777,8 +732,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -790,17 +745,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -822,8 +777,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1417,280 +1372,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshaccesslogs.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshAccessLog - listKind: MeshAccessLogList - plural: meshaccesslogs - singular: meshaccesslog - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshAccessLog resource. - properties: - from: - description: From is a list of pairs – a group of clients and action - applied for it - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful when - implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - to: - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1993,6 +1674,51 @@ spec: subresources: status: {} --- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -2112,7 +1838,6 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances - - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2325,7 +2050,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 + checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2723,7 +2448,6 @@ webhooks: - UPDATE resources: - meshes - - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2758,7 +2482,6 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds - - meshaccesslogs - meshtrafficpermissions @@ -2875,7 +2598,6 @@ webhooks: - virtualoutbounds - zones - containerpatches - - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-values.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-values.yaml index 4fae53a10efe..3af208e9df4b 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-values.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-values.yaml @@ -189,51 +189,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -725,17 +680,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +712,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -770,17 +725,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -802,8 +757,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1397,280 +1352,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshaccesslogs.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshAccessLog - listKind: MeshAccessLogList - plural: meshaccesslogs - singular: meshaccesslog - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshAccessLog resource. - properties: - from: - description: From is a list of pairs – a group of clients and action - applied for it - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful when - implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - to: - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1973,6 +1654,51 @@ spec: subresources: status: {} --- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -2092,7 +1818,6 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances - - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2263,7 +1988,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 + checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2421,7 +2146,6 @@ webhooks: - UPDATE resources: - meshes - - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2456,7 +2180,6 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds - - meshaccesslogs - meshtrafficpermissions @@ -2573,7 +2296,6 @@ webhooks: - virtualoutbounds - zones - containerpatches - - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml index 19e966bbd72c..281766497649 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml @@ -199,51 +199,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -735,17 +690,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -767,8 +722,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -780,17 +735,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -812,8 +767,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1407,280 +1362,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshaccesslogs.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshAccessLog - listKind: MeshAccessLogList - plural: meshaccesslogs - singular: meshaccesslog - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshAccessLog resource. - properties: - from: - description: From is a list of pairs – a group of clients and action - applied for it - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful when - implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - to: - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1983,6 +1664,51 @@ spec: subresources: status: {} --- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -2102,7 +1828,6 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances - - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2294,7 +2019,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 + checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2575,7 +2300,6 @@ webhooks: - UPDATE resources: - meshes - - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2610,7 +2334,6 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds - - meshaccesslogs - meshtrafficpermissions @@ -2727,7 +2450,6 @@ webhooks: - virtualoutbounds - zones - containerpatches - - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml index 75c9bf80b755..3c0d245e4637 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml @@ -189,51 +189,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -725,17 +680,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +712,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -770,17 +725,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -802,8 +757,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1397,280 +1352,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshaccesslogs.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshAccessLog - listKind: MeshAccessLogList - plural: meshaccesslogs - singular: meshaccesslog - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshAccessLog resource. - properties: - from: - description: From is a list of pairs – a group of clients and action - applied for it - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful when - implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - to: - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1973,6 +1654,51 @@ spec: subresources: status: {} --- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -2092,7 +1818,6 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances - - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2263,7 +1988,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 + checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2425,7 +2150,6 @@ webhooks: - UPDATE resources: - meshes - - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2460,7 +2184,6 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds - - meshaccesslogs - meshtrafficpermissions @@ -2577,7 +2300,6 @@ webhooks: - virtualoutbounds - zones - containerpatches - - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-cp-helm/empty.golden.yaml b/app/kumactl/cmd/install/testdata/install-cp-helm/empty.golden.yaml index 967999db2cec..d9bdff5ed4c1 100644 --- a/app/kumactl/cmd/install/testdata/install-cp-helm/empty.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-cp-helm/empty.golden.yaml @@ -189,51 +189,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -725,17 +680,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +712,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -770,17 +725,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -802,8 +757,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1397,280 +1352,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshaccesslogs.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshAccessLog - listKind: MeshAccessLogList - plural: meshaccesslogs - singular: meshaccesslog - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshAccessLog resource. - properties: - from: - description: From is a list of pairs – a group of clients and action - applied for it - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful when - implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - to: - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1973,6 +1654,51 @@ spec: subresources: status: {} --- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -2092,7 +1818,6 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances - - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2263,7 +1988,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 + checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2421,7 +2146,6 @@ webhooks: - UPDATE resources: - meshes - - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2456,7 +2180,6 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds - - meshaccesslogs - meshtrafficpermissions @@ -2573,7 +2296,6 @@ webhooks: - virtualoutbounds - zones - containerpatches - - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-cp-helm/fix4485.golden.yaml b/app/kumactl/cmd/install/testdata/install-cp-helm/fix4485.golden.yaml index b19f1c9bea88..f53b9ac4a82b 100644 --- a/app/kumactl/cmd/install/testdata/install-cp-helm/fix4485.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-cp-helm/fix4485.golden.yaml @@ -205,51 +205,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -741,17 +696,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -773,8 +728,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -786,17 +741,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -818,8 +773,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1413,280 +1368,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshaccesslogs.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshAccessLog - listKind: MeshAccessLogList - plural: meshaccesslogs - singular: meshaccesslog - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshAccessLog resource. - properties: - from: - description: From is a list of pairs – a group of clients and action - applied for it - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful when - implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - to: - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1989,6 +1670,51 @@ spec: subresources: status: {} --- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -2109,7 +1835,6 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances - - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2285,7 +2010,7 @@ spec: metadata: annotations: checksum/config: a339f834847039f79aed19d73fd8903aeb736f152c512a641f4fb907dbad1429 - checksum/tls-secrets: d4fe8d8c11082db886259be6f0d966db192fb51bb893de8afba38016de18cc87 + checksum/tls-secrets: 6c59f080c0827192e886efb995ae009149bee063ab26e28eac17b70cfd7ae974 labels: app: kuma-control-plane "foo": "baz" @@ -2451,7 +2176,6 @@ webhooks: - UPDATE resources: - meshes - - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2486,7 +2210,6 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds - - meshaccesslogs - meshtrafficpermissions @@ -2604,7 +2327,6 @@ webhooks: - virtualoutbounds - zones - containerpatches - - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-cp-helm/fix4496.golden.yaml b/app/kumactl/cmd/install/testdata/install-cp-helm/fix4496.golden.yaml index 4091f03209ed..13aa2e137e08 100644 --- a/app/kumactl/cmd/install/testdata/install-cp-helm/fix4496.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-cp-helm/fix4496.golden.yaml @@ -202,51 +202,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -738,17 +693,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -770,8 +725,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -783,17 +738,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -815,8 +770,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1410,280 +1365,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshaccesslogs.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshAccessLog - listKind: MeshAccessLogList - plural: meshaccesslogs - singular: meshaccesslog - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshAccessLog resource. - properties: - from: - description: From is a list of pairs – a group of clients and action - applied for it - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful when - implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - to: - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1986,6 +1667,51 @@ spec: subresources: status: {} --- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -2106,7 +1832,6 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances - - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2304,7 +2029,7 @@ spec: metadata: annotations: checksum/config: 8e3d9b7078c00005eae94f443d41866ae6d12b93b99888c865c01e843e16dd38 - checksum/tls-secrets: 2d44490a2bdaa8b664483ca275b8a4885782116b3d9a4b060f6c8dec26a316bc + checksum/tls-secrets: 6a60bfebb565d14f3eb7deea8f96a8d4eb674254ab8a60c3e19e7ff761168e0b labels: app: kuma-control-plane "foo": "bar" @@ -2613,7 +2338,6 @@ webhooks: - UPDATE resources: - meshes - - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2648,7 +2372,6 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds - - meshaccesslogs - meshtrafficpermissions @@ -2766,7 +2489,6 @@ webhooks: - virtualoutbounds - zones - containerpatches - - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-cp-helm/fix4935.golden.yaml b/app/kumactl/cmd/install/testdata/install-cp-helm/fix4935.golden.yaml index 6d7efee43737..b97550849ffb 100644 --- a/app/kumactl/cmd/install/testdata/install-cp-helm/fix4935.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-cp-helm/fix4935.golden.yaml @@ -243,51 +243,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -779,17 +734,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -811,8 +766,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -824,17 +779,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -856,8 +811,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1451,280 +1406,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshaccesslogs.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshAccessLog - listKind: MeshAccessLogList - plural: meshaccesslogs - singular: meshaccesslog - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshAccessLog resource. - properties: - from: - description: From is a list of pairs – a group of clients and action - applied for it - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful when - implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - to: - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -2027,6 +1708,51 @@ spec: subresources: status: {} --- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -2167,7 +1893,6 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances - - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2511,7 +2236,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 + checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd bim: "bam" foo: "{\"bar\": \"baz\"}" labels: @@ -2943,7 +2668,6 @@ webhooks: - UPDATE resources: - meshes - - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2978,7 +2702,6 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds - - meshaccesslogs - meshtrafficpermissions @@ -3095,7 +2818,6 @@ webhooks: - virtualoutbounds - zones - containerpatches - - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-crds.all.golden.yaml b/app/kumactl/cmd/install/testdata/install-crds.all.golden.yaml index 1d23d499c85f..97c1668986d7 100644 --- a/app/kumactl/cmd/install/testdata/install-crds.all.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-crds.all.golden.yaml @@ -382,280 +382,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshaccesslogs.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshAccessLog - listKind: MeshAccessLogList - plural: meshaccesslogs - singular: meshaccesslog - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshAccessLog resource. - properties: - from: - description: From is a list of pairs – a group of clients and action - applied for it - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful when - implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - to: - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 diff --git a/app/kumactl/cmd/install/testdata/install-crds.experimental-gatewayapi.golden.yaml b/app/kumactl/cmd/install/testdata/install-crds.experimental-gatewayapi.golden.yaml index 7d405b7a5b0a..d4c6a54a5d65 100644 --- a/app/kumactl/cmd/install/testdata/install-crds.experimental-gatewayapi.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-crds.experimental-gatewayapi.golden.yaml @@ -382,280 +382,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshaccesslogs.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshAccessLog - listKind: MeshAccessLogList - plural: meshaccesslogs - singular: meshaccesslog - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshAccessLog resource. - properties: - from: - description: From is a list of pairs – a group of clients and action - applied for it - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful when - implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - to: - items: - properties: - default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' - properties: - backends: - items: - properties: - file: - description: FileBackend defines configuration for - file based access logs - properties: - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - path: - description: Path to a file that logs will be - written to - type: string - type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object - tcp: - description: Backend defines logging backend. - properties: - address: - description: Type of the backend (Kuma ships with - 'tcp' and 'file') - type: string - format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - properties: - json: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array - plain: - type: string - type: object - type: object - type: object - type: array - type: object - targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshService - - MeshServiceSubset - - MeshGatewayRoute - - MeshHTTPRoute - type: string - mesh: - description: Mesh is used with MeshService and MeshServiceSubset - to identify the service from another mesh. Could be useful - when implementing policies with cross-mesh support. - type: string - name: - description: Name of the referenced resource - type: string - tags: - additionalProperties: - type: string - description: Tags are used with MeshSubset and MeshServiceSubset - to define a subset of proxies - type: object - type: object - type: object - type: array - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 From 98f71c079afaadead46e65e73d1722d199daeac1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krzysztof=20S=C5=82onka?= Date: Wed, 14 Sep 2022 09:07:02 +0200 Subject: [PATCH 18/27] Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Charly Molter Signed-off-by: Krzysztof Słonka --- pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go index 01d208deb420..60b9b53d10f5 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go @@ -25,7 +25,7 @@ func (r *MeshAccessLogResource) validateBackend(backend *MeshAccessLog_Backend, tcp := bool2int(backend.GetTcp() != nil) if reference+file+tcp != 1 { - verr.AddViolationAt(backendIndexed, `backend can have only one type type defined: tcp, file, reference`) + verr.AddViolationAt(backendIndexed, `backend can have only one type defined: tcp, file, reference`) } r.validateFormats(backend, verr, backendIndexed) @@ -67,7 +67,7 @@ func (r *MeshAccessLogResource) validateFormats(backend *MeshAccessLog_Backend, func (r *MeshAccessLogResource) validateToOrFromDefined(spec validators.PathBuilder, verr *validators.ValidationError) { if len(r.Spec.GetFrom()) == 0 && len(r.Spec.GetTo()) == 0 { - verr.AddViolationAt(spec, `at lest one of "from", "to" has to be defined`) + verr.AddViolationAt(spec, `at least one of "from", "to" has to be defined`) } } From 4d17bd179b218af58d04648ae60853e70376ed72 Mon Sep 17 00:00:00 2001 From: slonka Date: Wed, 14 Sep 2022 13:28:12 +0200 Subject: [PATCH 19/27] feat(kumacp): fix typos in test assertions Signed-off-by: slonka --- .../policies/meshaccesslog/api/v1alpha1/validator_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go index 253d8ae8dd8f..6d7e7d227cb9 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go @@ -100,7 +100,7 @@ targetRef: expected: ` violations: - field: spec - message: at lest one of "from", "to" has to be defined`, + message: at least one of "from", "to" has to be defined`, }), Entry("empty 'path'", testCase{ inputYaml: ` @@ -214,7 +214,7 @@ from: expected: ` violations: - field: spec.from[0].default.backend[0] - message: 'backend can have only one type type defined: tcp, file, reference'`, + message: 'backend can have only one type defined: tcp, file, reference'`, }), Entry("'to' defined in MeshGatewayRoute", testCase{ From e6f55e657a5a849362bd8afc1a7dd46659a6bc77 Mon Sep 17 00:00:00 2001 From: slonka Date: Wed, 14 Sep 2022 15:31:10 +0200 Subject: [PATCH 20/27] feat(kumacp): rename mesh access log types Signed-off-by: slonka --- .../api/v1alpha1/meshaccesslog.pb.go | 270 +++++++++--------- .../api/v1alpha1/meshaccesslog.proto | 14 +- 2 files changed, 140 insertions(+), 144 deletions(-) diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go index 24cc1e1819f3..866e79eb4ef4 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go @@ -23,7 +23,7 @@ const ( _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) -// MeshAccessLog +// MeshAccessLog defines access log policies between different data plane proxies entities. type MeshAccessLog struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -147,7 +147,7 @@ func (x *MeshAccessLog_Format) GetJson() []*MeshAccessLog_Format_JsonValue { } // Backend defines logging backend. -type MeshAccessLog_TCPAccessLogBackend struct { +type MeshAccessLog_TCPBackend struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields @@ -159,8 +159,8 @@ type MeshAccessLog_TCPAccessLogBackend struct { Address string `protobuf:"bytes,2,opt,name=address,proto3" json:"address,omitempty"` } -func (x *MeshAccessLog_TCPAccessLogBackend) Reset() { - *x = MeshAccessLog_TCPAccessLogBackend{} +func (x *MeshAccessLog_TCPBackend) Reset() { + *x = MeshAccessLog_TCPBackend{} if protoimpl.UnsafeEnabled { mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -168,13 +168,13 @@ func (x *MeshAccessLog_TCPAccessLogBackend) Reset() { } } -func (x *MeshAccessLog_TCPAccessLogBackend) String() string { +func (x *MeshAccessLog_TCPBackend) String() string { return protoimpl.X.MessageStringOf(x) } -func (*MeshAccessLog_TCPAccessLogBackend) ProtoMessage() {} +func (*MeshAccessLog_TCPBackend) ProtoMessage() {} -func (x *MeshAccessLog_TCPAccessLogBackend) ProtoReflect() protoreflect.Message { +func (x *MeshAccessLog_TCPBackend) ProtoReflect() protoreflect.Message { mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[2] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -186,19 +186,19 @@ func (x *MeshAccessLog_TCPAccessLogBackend) ProtoReflect() protoreflect.Message return mi.MessageOf(x) } -// Deprecated: Use MeshAccessLog_TCPAccessLogBackend.ProtoReflect.Descriptor instead. -func (*MeshAccessLog_TCPAccessLogBackend) Descriptor() ([]byte, []int) { +// Deprecated: Use MeshAccessLog_TCPBackend.ProtoReflect.Descriptor instead. +func (*MeshAccessLog_TCPBackend) Descriptor() ([]byte, []int) { return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 1} } -func (x *MeshAccessLog_TCPAccessLogBackend) GetFormat() *MeshAccessLog_Format { +func (x *MeshAccessLog_TCPBackend) GetFormat() *MeshAccessLog_Format { if x != nil { return x.Format } return nil } -func (x *MeshAccessLog_TCPAccessLogBackend) GetAddress() string { +func (x *MeshAccessLog_TCPBackend) GetAddress() string { if x != nil { return x.Address } @@ -206,7 +206,7 @@ func (x *MeshAccessLog_TCPAccessLogBackend) GetAddress() string { } // FileBackend defines configuration for file based access logs -type MeshAccessLog_FileAccessLogBackend struct { +type MeshAccessLog_FileBackend struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields @@ -218,8 +218,8 @@ type MeshAccessLog_FileAccessLogBackend struct { Path string `protobuf:"bytes,2,opt,name=path,proto3" json:"path,omitempty"` } -func (x *MeshAccessLog_FileAccessLogBackend) Reset() { - *x = MeshAccessLog_FileAccessLogBackend{} +func (x *MeshAccessLog_FileBackend) Reset() { + *x = MeshAccessLog_FileBackend{} if protoimpl.UnsafeEnabled { mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -227,13 +227,13 @@ func (x *MeshAccessLog_FileAccessLogBackend) Reset() { } } -func (x *MeshAccessLog_FileAccessLogBackend) String() string { +func (x *MeshAccessLog_FileBackend) String() string { return protoimpl.X.MessageStringOf(x) } -func (*MeshAccessLog_FileAccessLogBackend) ProtoMessage() {} +func (*MeshAccessLog_FileBackend) ProtoMessage() {} -func (x *MeshAccessLog_FileAccessLogBackend) ProtoReflect() protoreflect.Message { +func (x *MeshAccessLog_FileBackend) ProtoReflect() protoreflect.Message { mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -245,26 +245,26 @@ func (x *MeshAccessLog_FileAccessLogBackend) ProtoReflect() protoreflect.Message return mi.MessageOf(x) } -// Deprecated: Use MeshAccessLog_FileAccessLogBackend.ProtoReflect.Descriptor instead. -func (*MeshAccessLog_FileAccessLogBackend) Descriptor() ([]byte, []int) { +// Deprecated: Use MeshAccessLog_FileBackend.ProtoReflect.Descriptor instead. +func (*MeshAccessLog_FileBackend) Descriptor() ([]byte, []int) { return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 2} } -func (x *MeshAccessLog_FileAccessLogBackend) GetFormat() *MeshAccessLog_Format { +func (x *MeshAccessLog_FileBackend) GetFormat() *MeshAccessLog_Format { if x != nil { return x.Format } return nil } -func (x *MeshAccessLog_FileAccessLogBackend) GetPath() string { +func (x *MeshAccessLog_FileBackend) GetPath() string { if x != nil { return x.Path } return "" } -type MeshAccessLog_ReferenceAccessLogBackend struct { +type MeshAccessLog_ReferenceBackend struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields @@ -273,8 +273,8 @@ type MeshAccessLog_ReferenceAccessLogBackend struct { Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` } -func (x *MeshAccessLog_ReferenceAccessLogBackend) Reset() { - *x = MeshAccessLog_ReferenceAccessLogBackend{} +func (x *MeshAccessLog_ReferenceBackend) Reset() { + *x = MeshAccessLog_ReferenceBackend{} if protoimpl.UnsafeEnabled { mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -282,13 +282,13 @@ func (x *MeshAccessLog_ReferenceAccessLogBackend) Reset() { } } -func (x *MeshAccessLog_ReferenceAccessLogBackend) String() string { +func (x *MeshAccessLog_ReferenceBackend) String() string { return protoimpl.X.MessageStringOf(x) } -func (*MeshAccessLog_ReferenceAccessLogBackend) ProtoMessage() {} +func (*MeshAccessLog_ReferenceBackend) ProtoMessage() {} -func (x *MeshAccessLog_ReferenceAccessLogBackend) ProtoReflect() protoreflect.Message { +func (x *MeshAccessLog_ReferenceBackend) ProtoReflect() protoreflect.Message { mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -300,19 +300,19 @@ func (x *MeshAccessLog_ReferenceAccessLogBackend) ProtoReflect() protoreflect.Me return mi.MessageOf(x) } -// Deprecated: Use MeshAccessLog_ReferenceAccessLogBackend.ProtoReflect.Descriptor instead. -func (*MeshAccessLog_ReferenceAccessLogBackend) Descriptor() ([]byte, []int) { +// Deprecated: Use MeshAccessLog_ReferenceBackend.ProtoReflect.Descriptor instead. +func (*MeshAccessLog_ReferenceBackend) Descriptor() ([]byte, []int) { return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 3} } -func (x *MeshAccessLog_ReferenceAccessLogBackend) GetKind() string { +func (x *MeshAccessLog_ReferenceBackend) GetKind() string { if x != nil { return x.Kind } return "" } -func (x *MeshAccessLog_ReferenceAccessLogBackend) GetName() string { +func (x *MeshAccessLog_ReferenceBackend) GetName() string { if x != nil { return x.Name } @@ -324,9 +324,9 @@ type MeshAccessLog_Backend struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Tcp *MeshAccessLog_TCPAccessLogBackend `protobuf:"bytes,1,opt,name=tcp,proto3" json:"tcp,omitempty"` - File *MeshAccessLog_FileAccessLogBackend `protobuf:"bytes,2,opt,name=file,proto3" json:"file,omitempty"` - Reference *MeshAccessLog_ReferenceAccessLogBackend `protobuf:"bytes,3,opt,name=reference,proto3" json:"reference,omitempty"` + Tcp *MeshAccessLog_TCPBackend `protobuf:"bytes,1,opt,name=tcp,proto3" json:"tcp,omitempty"` + File *MeshAccessLog_FileBackend `protobuf:"bytes,2,opt,name=file,proto3" json:"file,omitempty"` + Reference *MeshAccessLog_ReferenceBackend `protobuf:"bytes,3,opt,name=reference,proto3" json:"reference,omitempty"` } func (x *MeshAccessLog_Backend) Reset() { @@ -361,21 +361,21 @@ func (*MeshAccessLog_Backend) Descriptor() ([]byte, []int) { return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 4} } -func (x *MeshAccessLog_Backend) GetTcp() *MeshAccessLog_TCPAccessLogBackend { +func (x *MeshAccessLog_Backend) GetTcp() *MeshAccessLog_TCPBackend { if x != nil { return x.Tcp } return nil } -func (x *MeshAccessLog_Backend) GetFile() *MeshAccessLog_FileAccessLogBackend { +func (x *MeshAccessLog_Backend) GetFile() *MeshAccessLog_FileBackend { if x != nil { return x.File } return nil } -func (x *MeshAccessLog_Backend) GetReference() *MeshAccessLog_ReferenceAccessLogBackend { +func (x *MeshAccessLog_Backend) GetReference() *MeshAccessLog_ReferenceBackend { if x != nil { return x.Reference } @@ -617,7 +617,7 @@ var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_raw 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x72, 0x65, 0x66, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x15, 0x6b, 0x75, 0x6d, 0x61, 0x2d, 0x64, 0x6f, 0x63, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, - 0xd9, 0x0c, 0x0a, 0x0d, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, + 0xa3, 0x0c, 0x0a, 0x0d, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x12, 0x3d, 0x0a, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x61, 0x72, 0x67, @@ -644,89 +644,85 @@ var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_raw 0x6e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x16, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x1a, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, - 0xb5, 0x18, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x1a, 0x97, 0x01, 0x0a, 0x13, 0x54, - 0x43, 0x50, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, - 0x6e, 0x64, 0x12, 0x60, 0x0a, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, - 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, - 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x06, 0x66, 0x6f, - 0x72, 0x6d, 0x61, 0x74, 0x12, 0x1e, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x07, 0x61, 0x64, 0x64, - 0x72, 0x65, 0x73, 0x73, 0x1a, 0x92, 0x01, 0x0a, 0x14, 0x46, 0x69, 0x6c, 0x65, 0x41, 0x63, 0x63, - 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x60, 0x0a, - 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x42, 0x2e, - 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, - 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, - 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, - 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x46, 0x6f, 0x72, 0x6d, 0x61, - 0x74, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, - 0x18, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, - 0xb5, 0x18, 0x01, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x1a, 0x4f, 0x0a, 0x19, 0x52, 0x65, 0x66, - 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x42, - 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x18, 0x0a, 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x04, 0x6b, 0x69, 0x6e, 0x64, - 0x12, 0x18, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, - 0x88, 0xb5, 0x18, 0x01, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x1a, 0xc7, 0x02, 0x0a, 0x07, 0x42, - 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x61, 0x0a, 0x03, 0x74, 0x63, 0x70, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x4f, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, + 0xb5, 0x18, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x1a, 0x8e, 0x01, 0x0a, 0x0a, 0x54, + 0x43, 0x50, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x60, 0x0a, 0x06, 0x66, 0x6f, 0x72, + 0x6d, 0x61, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x6b, 0x75, 0x6d, 0x61, + 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, + 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, + 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x42, 0x04, 0x88, + 0xb5, 0x18, 0x01, 0x52, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x1e, 0x0a, 0x07, 0x61, + 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, 0xb5, + 0x18, 0x01, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x1a, 0x89, 0x01, 0x0a, 0x0b, + 0x46, 0x69, 0x6c, 0x65, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x60, 0x0a, 0x06, 0x66, + 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x6b, 0x75, + 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, + 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, + 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x42, + 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x18, 0x0a, + 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, 0xb5, 0x18, + 0x01, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x1a, 0x46, 0x0a, 0x10, 0x52, 0x65, 0x66, 0x65, 0x72, + 0x65, 0x6e, 0x63, 0x65, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x18, 0x0a, 0x04, 0x6b, + 0x69, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, + 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x12, 0x18, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x1a, + 0xac, 0x02, 0x0a, 0x07, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x58, 0x0a, 0x03, 0x74, + 0x63, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x46, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, + 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, + 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x54, 0x43, 0x50, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, + 0x52, 0x03, 0x74, 0x63, 0x70, 0x12, 0x5b, 0x0a, 0x04, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x47, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, - 0x2e, 0x54, 0x43, 0x50, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x42, 0x61, 0x63, - 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x03, 0x74, 0x63, 0x70, 0x12, 0x64, 0x0a, 0x04, 0x66, 0x69, 0x6c, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x50, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, - 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, - 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, - 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, - 0x6f, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x04, 0x66, 0x69, 0x6c, 0x65, 0x12, - 0x73, 0x0a, 0x09, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x55, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, - 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, - 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, - 0x6f, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x09, 0x72, 0x65, 0x66, 0x65, 0x72, - 0x65, 0x6e, 0x63, 0x65, 0x1a, 0x6d, 0x0a, 0x04, 0x43, 0x6f, 0x6e, 0x66, 0x12, 0x65, 0x0a, 0x08, - 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x43, - 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, - 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, - 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, - 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x42, 0x61, 0x63, 0x6b, - 0x65, 0x6e, 0x64, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x08, 0x62, 0x61, 0x63, 0x6b, 0x65, - 0x6e, 0x64, 0x73, 0x1a, 0xad, 0x01, 0x0a, 0x04, 0x46, 0x72, 0x6f, 0x6d, 0x12, 0x43, 0x0a, 0x09, - 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x1f, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, - 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, - 0x66, 0x12, 0x60, 0x0a, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, - 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, - 0x43, 0x6f, 0x6e, 0x66, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x07, 0x64, 0x65, 0x66, 0x61, - 0x75, 0x6c, 0x74, 0x1a, 0xab, 0x01, 0x0a, 0x02, 0x54, 0x6f, 0x12, 0x43, 0x0a, 0x09, 0x74, 0x61, - 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, - 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x61, 0x6c, - 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x42, 0x04, - 0x88, 0xb5, 0x18, 0x01, 0x52, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x12, - 0x60, 0x0a, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x40, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, - 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, - 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, - 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x43, 0x6f, - 0x6e, 0x66, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, - 0x74, 0x3a, 0x08, 0xb2, 0x8c, 0x89, 0xa6, 0x01, 0x02, 0x08, 0x01, 0x42, 0x6e, 0x5a, 0x46, 0x67, - 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x68, 0x71, - 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, - 0x73, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2f, 0x6d, 0x65, 0x73, 0x68, 0x61, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x8a, 0xb5, 0x18, 0x22, 0x50, 0x01, 0xa2, 0x01, 0x0d, 0x4d, 0x65, - 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0xf2, 0x01, 0x0d, 0x6d, 0x65, - 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, + 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x04, 0x66, 0x69, + 0x6c, 0x65, 0x12, 0x6a, 0x0a, 0x09, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4c, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, + 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, + 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, + 0x6f, 0x67, 0x2e, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x42, 0x61, 0x63, 0x6b, + 0x65, 0x6e, 0x64, 0x52, 0x09, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x1a, 0x6d, + 0x0a, 0x04, 0x43, 0x6f, 0x6e, 0x66, 0x12, 0x65, 0x0a, 0x08, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, + 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x43, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, + 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, + 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x42, 0x04, 0x88, + 0xb5, 0x18, 0x01, 0x52, 0x08, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x73, 0x1a, 0xad, 0x01, + 0x0a, 0x04, 0x46, 0x72, 0x6f, 0x6d, 0x12, 0x43, 0x0a, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, + 0x52, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6b, 0x75, 0x6d, 0x61, + 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, + 0x2e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, + 0x52, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x12, 0x60, 0x0a, 0x07, 0x64, + 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x6b, + 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, + 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, + 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, + 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x42, 0x04, + 0x88, 0xb5, 0x18, 0x01, 0x52, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x1a, 0xab, 0x01, + 0x0a, 0x02, 0x54, 0x6f, 0x12, 0x43, 0x0a, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, + 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x63, + 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, + 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x09, + 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x12, 0x60, 0x0a, 0x07, 0x64, 0x65, 0x66, + 0x61, 0x75, 0x6c, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x6b, 0x75, 0x6d, + 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, + 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x42, 0x04, 0x88, 0xb5, + 0x18, 0x01, 0x52, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x3a, 0x08, 0xb2, 0x8c, 0x89, + 0xa6, 0x01, 0x02, 0x08, 0x01, 0x42, 0x6e, 0x5a, 0x46, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, + 0x63, 0x6f, 0x6d, 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x68, 0x71, 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x2f, + 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2f, 0x70, 0x6f, 0x6c, 0x69, + 0x63, 0x69, 0x65, 0x73, 0x2f, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, + 0x6f, 0x67, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x8a, + 0xb5, 0x18, 0x22, 0x50, 0x01, 0xa2, 0x01, 0x0d, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x4c, 0x6f, 0x67, 0xf2, 0x01, 0x0d, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -743,28 +739,28 @@ func file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_ra var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes = make([]protoimpl.MessageInfo, 10) var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_goTypes = []interface{}{ - (*MeshAccessLog)(nil), // 0: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog - (*MeshAccessLog_Format)(nil), // 1: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format - (*MeshAccessLog_TCPAccessLogBackend)(nil), // 2: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.TCPAccessLogBackend - (*MeshAccessLog_FileAccessLogBackend)(nil), // 3: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.FileAccessLogBackend - (*MeshAccessLog_ReferenceAccessLogBackend)(nil), // 4: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.ReferenceAccessLogBackend - (*MeshAccessLog_Backend)(nil), // 5: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Backend - (*MeshAccessLog_Conf)(nil), // 6: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Conf - (*MeshAccessLog_From)(nil), // 7: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.From - (*MeshAccessLog_To)(nil), // 8: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.To - (*MeshAccessLog_Format_JsonValue)(nil), // 9: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format.JsonValue - (*v1alpha1.TargetRef)(nil), // 10: kuma.common.v1alpha1.TargetRef + (*MeshAccessLog)(nil), // 0: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog + (*MeshAccessLog_Format)(nil), // 1: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format + (*MeshAccessLog_TCPBackend)(nil), // 2: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.TCPBackend + (*MeshAccessLog_FileBackend)(nil), // 3: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.FileBackend + (*MeshAccessLog_ReferenceBackend)(nil), // 4: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.ReferenceBackend + (*MeshAccessLog_Backend)(nil), // 5: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Backend + (*MeshAccessLog_Conf)(nil), // 6: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Conf + (*MeshAccessLog_From)(nil), // 7: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.From + (*MeshAccessLog_To)(nil), // 8: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.To + (*MeshAccessLog_Format_JsonValue)(nil), // 9: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format.JsonValue + (*v1alpha1.TargetRef)(nil), // 10: kuma.common.v1alpha1.TargetRef } var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_depIdxs = []int32{ 10, // 0: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.targetRef:type_name -> kuma.common.v1alpha1.TargetRef 7, // 1: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.from:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.From 8, // 2: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.to:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.To 9, // 3: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format.json:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format.JsonValue - 1, // 4: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.TCPAccessLogBackend.format:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format - 1, // 5: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.FileAccessLogBackend.format:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format - 2, // 6: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Backend.tcp:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.TCPAccessLogBackend - 3, // 7: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Backend.file:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.FileAccessLogBackend - 4, // 8: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Backend.reference:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.ReferenceAccessLogBackend + 1, // 4: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.TCPBackend.format:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format + 1, // 5: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.FileBackend.format:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format + 2, // 6: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Backend.tcp:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.TCPBackend + 3, // 7: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Backend.file:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.FileBackend + 4, // 8: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Backend.reference:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.ReferenceBackend 5, // 9: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Conf.backends:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Backend 10, // 10: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.From.targetRef:type_name -> kuma.common.v1alpha1.TargetRef 6, // 11: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.From.default:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Conf @@ -808,7 +804,7 @@ func file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_in } } file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MeshAccessLog_TCPAccessLogBackend); i { + switch v := v.(*MeshAccessLog_TCPBackend); i { case 0: return &v.state case 1: @@ -820,7 +816,7 @@ func file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_in } } file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MeshAccessLog_FileAccessLogBackend); i { + switch v := v.(*MeshAccessLog_FileBackend); i { case 0: return &v.state case 1: @@ -832,7 +828,7 @@ func file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_in } } file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MeshAccessLog_ReferenceAccessLogBackend); i { + switch v := v.(*MeshAccessLog_ReferenceBackend); i { case 0: return &v.state case 1: diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto index 88cd47148686..77b0b1b03714 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto @@ -14,7 +14,7 @@ option (doc.config) = { file_name : "meshaccesslog" }; -// MeshAccessLog +// MeshAccessLog defines access log policies between different data plane proxies entities. message MeshAccessLog { option (kuma.mesh.policy) = { // Toggle this to have the policy registered or not in Kuma @@ -37,7 +37,7 @@ message MeshAccessLog { } // Backend defines logging backend. - message TCPAccessLogBackend { + message TCPBackend { // Format of access logs. Placeholders available on // https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log Format format = 1 [ (doc.required) = true ]; @@ -47,7 +47,7 @@ message MeshAccessLog { } // FileBackend defines configuration for file based access logs - message FileAccessLogBackend { + message FileBackend { // Format of access logs. Placeholders available on // https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log Format format = 1 [ (doc.required) = true ]; @@ -56,15 +56,15 @@ message MeshAccessLog { string path = 2 [ (doc.required) = true ]; } - message ReferenceAccessLogBackend { + message ReferenceBackend { string kind = 1 [ (doc.required) = true ]; string name = 2 [ (doc.required) = true ]; } message Backend { - TCPAccessLogBackend tcp = 1; - FileAccessLogBackend file = 2; - ReferenceAccessLogBackend reference = 3; + TCPBackend tcp = 1; + FileBackend file = 2; + ReferenceBackend reference = 3; } message Conf { repeated Backend backends = 1 [ (doc.required) = true ]; } From d16bcb458b66e60c350d54f342bad69210a117f3 Mon Sep 17 00:00:00 2001 From: slonka Date: Wed, 14 Sep 2022 15:34:47 +0200 Subject: [PATCH 21/27] feat(kumacp): change skip_registration to false Signed-off-by: slonka --- .../kuma/crds/kuma.io_meshaccesslogs.yaml | 274 ++++++++++++++++++ deployments/charts/kuma/values.yaml | 1 + pkg/plugins/policies/imports.go | 1 + .../api/v1alpha1/meshaccesslog.pb.go | 20 +- .../api/v1alpha1/meshaccesslog.proto | 2 +- .../k8s/v1alpha1/zz_generated.types.go | 17 ++ .../meshaccesslog/plugin/v1alpha1/plugin.go | 4 +- .../meshaccesslog/zz_generated.plugin.go | 16 + 8 files changed, 323 insertions(+), 12 deletions(-) create mode 100644 deployments/charts/kuma/crds/kuma.io_meshaccesslogs.yaml create mode 100644 pkg/plugins/policies/meshaccesslog/zz_generated.plugin.go diff --git a/deployments/charts/kuma/crds/kuma.io_meshaccesslogs.yaml b/deployments/charts/kuma/crds/kuma.io_meshaccesslogs.yaml new file mode 100644 index 000000000000..7b8ee284a70b --- /dev/null +++ b/deployments/charts/kuma/crds/kuma.io_meshaccesslogs.yaml @@ -0,0 +1,274 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true diff --git a/deployments/charts/kuma/values.yaml b/deployments/charts/kuma/values.yaml index 5d66c197c5e3..52a816a050a5 100644 --- a/deployments/charts/kuma/values.yaml +++ b/deployments/charts/kuma/values.yaml @@ -690,4 +690,5 @@ experimental: # @ignored for helm-docs plugins: policies: + - meshaccesslogs - meshtrafficpermissions diff --git a/pkg/plugins/policies/imports.go b/pkg/plugins/policies/imports.go index 23b97ebd7b66..ebab3881a582 100644 --- a/pkg/plugins/policies/imports.go +++ b/pkg/plugins/policies/imports.go @@ -1,5 +1,6 @@ package policies import ( + _ "github.com/kumahq/kuma/pkg/plugins/policies/meshaccesslog" _ "github.com/kumahq/kuma/pkg/plugins/policies/meshtrafficpermission" ) diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go index 866e79eb4ef4..ffff2f16439b 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go @@ -617,7 +617,7 @@ var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_raw 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x72, 0x65, 0x66, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x15, 0x6b, 0x75, 0x6d, 0x61, 0x2d, 0x64, 0x6f, 0x63, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, - 0xa3, 0x0c, 0x0a, 0x0d, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, + 0xa1, 0x0c, 0x0a, 0x0d, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x12, 0x3d, 0x0a, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x61, 0x72, 0x67, @@ -714,15 +714,15 @@ var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_raw 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x42, 0x04, 0x88, 0xb5, - 0x18, 0x01, 0x52, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x3a, 0x08, 0xb2, 0x8c, 0x89, - 0xa6, 0x01, 0x02, 0x08, 0x01, 0x42, 0x6e, 0x5a, 0x46, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x68, 0x71, 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x2f, - 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2f, 0x70, 0x6f, 0x6c, 0x69, - 0x63, 0x69, 0x65, 0x73, 0x2f, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, - 0x6f, 0x67, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x8a, - 0xb5, 0x18, 0x22, 0x50, 0x01, 0xa2, 0x01, 0x0d, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, - 0x73, 0x73, 0x4c, 0x6f, 0x67, 0xf2, 0x01, 0x0d, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, - 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x18, 0x01, 0x52, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x3a, 0x06, 0xb2, 0x8c, 0x89, + 0xa6, 0x01, 0x00, 0x42, 0x6e, 0x5a, 0x46, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, + 0x6d, 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x68, 0x71, 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x2f, 0x70, 0x6b, + 0x67, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, + 0x65, 0x73, 0x2f, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, + 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x8a, 0xb5, 0x18, + 0x22, 0x50, 0x01, 0xa2, 0x01, 0x0d, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, + 0x4c, 0x6f, 0x67, 0xf2, 0x01, 0x0d, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, + 0x6c, 0x6f, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto index 77b0b1b03714..b83a5c738be8 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto @@ -18,7 +18,7 @@ option (doc.config) = { message MeshAccessLog { option (kuma.mesh.policy) = { // Toggle this to have the policy registered or not in Kuma - skip_registration : true, + skip_registration : false, }; // TargetRef is a reference to the resource the policy takes an effect on. diff --git a/pkg/plugins/policies/meshaccesslog/k8s/v1alpha1/zz_generated.types.go b/pkg/plugins/policies/meshaccesslog/k8s/v1alpha1/zz_generated.types.go index faaa7c620dc0..61bf5780454e 100644 --- a/pkg/plugins/policies/meshaccesslog/k8s/v1alpha1/zz_generated.types.go +++ b/pkg/plugins/policies/meshaccesslog/k8s/v1alpha1/zz_generated.types.go @@ -13,6 +13,7 @@ import ( core_model "github.com/kumahq/kuma/pkg/core/resources/model" policy "github.com/kumahq/kuma/pkg/plugins/policies/meshaccesslog/api/v1alpha1" "github.com/kumahq/kuma/pkg/plugins/resources/k8s/native/pkg/model" + "github.com/kumahq/kuma/pkg/plugins/resources/k8s/native/pkg/registry" "github.com/kumahq/kuma/pkg/plugins/runtime/k8s/metadata" ) @@ -86,3 +87,19 @@ func (l *MeshAccessLogList) GetItems() []model.KubernetesObject { } return result } + +func init() { + SchemeBuilder.Register(&MeshAccessLog{}, &MeshAccessLogList{}) + registry.RegisterObjectType(&policy.MeshAccessLog{}, &MeshAccessLog{ + TypeMeta: metav1.TypeMeta{ + APIVersion: GroupVersion.String(), + Kind: "MeshAccessLog", + }, + }) + registry.RegisterListType(&policy.MeshAccessLog{}, &MeshAccessLogList{ + TypeMeta: metav1.TypeMeta{ + APIVersion: GroupVersion.String(), + Kind: "MeshAccessLogList", + }, + }) +} diff --git a/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/plugin.go b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/plugin.go index 1beaea667acb..bc96dd321769 100644 --- a/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/plugin.go +++ b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/plugin.go @@ -1,6 +1,7 @@ package v1alpha1 import ( + "github.com/kumahq/kuma/pkg/core" core_plugins "github.com/kumahq/kuma/pkg/core/plugins" core_mesh "github.com/kumahq/kuma/pkg/core/resources/apis/mesh" core_xds "github.com/kumahq/kuma/pkg/core/xds" @@ -23,5 +24,6 @@ func (p plugin) MatchedPolicies(dataplane *core_mesh.DataplaneResource, resource } func (p plugin) Apply(rs *core_xds.ResourceSet, ctx xds_context.Context, proxy *core_xds.Proxy) error { - panic("implement me") + core.Log.V(1).Info("MeshAccessLog apply is not implemented") + return nil } diff --git a/pkg/plugins/policies/meshaccesslog/zz_generated.plugin.go b/pkg/plugins/policies/meshaccesslog/zz_generated.plugin.go new file mode 100644 index 000000000000..ccf2cbd1b5ea --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/zz_generated.plugin.go @@ -0,0 +1,16 @@ +package meshaccesslog + +import ( + "github.com/kumahq/kuma/pkg/plugins/policies/core" + api_v1alpha1 "github.com/kumahq/kuma/pkg/plugins/policies/meshaccesslog/api/v1alpha1" + k8s_v1alpha1 "github.com/kumahq/kuma/pkg/plugins/policies/meshaccesslog/k8s/v1alpha1" + plugin_v1alpha1 "github.com/kumahq/kuma/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1" +) + +func init() { + core.Register( + api_v1alpha1.MeshAccessLogResourceTypeDescriptor, + k8s_v1alpha1.AddToScheme, + plugin_v1alpha1.NewPlugin(), + ) +} From 0ae60d729ee4df6a5493351ab5e3fab2e302f8f7 Mon Sep 17 00:00:00 2001 From: slonka Date: Wed, 14 Sep 2022 15:38:14 +0200 Subject: [PATCH 22/27] feat(kumacp): update golden files Signed-off-by: slonka --- .../cmd/completion/testdata/bash.golden | 103 +++ ...tall-control-plane.cni-enabled.golden.yaml | 402 +++++++-- ...plane.cni-experimental-enabled.golden.yaml | 402 +++++++-- ...install-control-plane.defaults.golden.yaml | 402 +++++++-- .../install-control-plane.dump-values.yaml | 1 + .../install-control-plane.global.golden.yaml | 402 +++++++-- ...ontrol-plane.override-env-vars.golden.yaml | 402 +++++++-- ...nstall-control-plane.overrides.golden.yaml | 844 ++++++++++++------ ...install-control-plane.registry.golden.yaml | 402 +++++++-- ...roxy-ebpf-experimental-enabled.golden.yaml | 402 +++++++-- ...tall-control-plane.with-egress.golden.yaml | 402 +++++++-- .../install-control-plane.with-helm-set.yaml | 402 +++++++-- ...nstall-control-plane.with-helm-values.yaml | 402 +++++++-- ...all-control-plane.with-ingress.golden.yaml | 402 +++++++-- .../install-control-plane.zone.golden.yaml | 402 +++++++-- .../install-cp-helm/empty.golden.yaml | 402 +++++++-- .../install-cp-helm/fix4485.golden.yaml | 402 +++++++-- .../install-cp-helm/fix4496.golden.yaml | 402 +++++++-- .../install-cp-helm/fix4935.golden.yaml | 402 +++++++-- .../testdata/install-crds.all.golden.yaml | 274 ++++++ ...l-crds.experimental-gatewayapi.golden.yaml | 274 ++++++ docs/generated/cmd/kumactl/kumactl_get.md | 2 + .../cmd/kumactl/kumactl_get_meshaccesslog.md | 33 + .../cmd/kumactl/kumactl_get_meshaccesslogs.md | 35 + docs/generated/cmd/kumactl/kumactl_inspect.md | 1 + .../kumactl/kumactl_inspect_meshaccesslog.md | 32 + .../api/v1alpha1/meshaccesslog.pb.go | 3 +- .../api/v1alpha1/meshaccesslog.proto | 3 +- 28 files changed, 6760 insertions(+), 1277 deletions(-) create mode 100644 docs/generated/cmd/kumactl/kumactl_get_meshaccesslog.md create mode 100644 docs/generated/cmd/kumactl/kumactl_get_meshaccesslogs.md create mode 100644 docs/generated/cmd/kumactl/kumactl_inspect_meshaccesslog.md diff --git a/app/kumactl/cmd/completion/testdata/bash.golden b/app/kumactl/cmd/completion/testdata/bash.golden index 62644144858d..cc1da274d3e5 100644 --- a/app/kumactl/cmd/completion/testdata/bash.golden +++ b/app/kumactl/cmd/completion/testdata/bash.golden @@ -1515,6 +1515,76 @@ _kumactl_get_mesh() noun_aliases=() } +_kumactl_get_meshaccesslog() +{ + last_command="kumactl_get_meshaccesslog" + + command_aliases=() + + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--mesh=") + two_word_flags+=("--mesh") + two_word_flags+=("-m") + flags+=("--api-timeout=") + two_word_flags+=("--api-timeout") + flags+=("--config-file=") + two_word_flags+=("--config-file") + flags+=("--log-level=") + two_word_flags+=("--log-level") + flags+=("--no-config") + flags+=("--output=") + two_word_flags+=("--output") + two_word_flags+=("-o") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + +_kumactl_get_meshaccesslogs() +{ + last_command="kumactl_get_meshaccesslogs" + + command_aliases=() + + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--mesh=") + two_word_flags+=("--mesh") + two_word_flags+=("-m") + flags+=("--offset=") + two_word_flags+=("--offset") + flags+=("--size=") + two_word_flags+=("--size") + flags+=("--api-timeout=") + two_word_flags+=("--api-timeout") + flags+=("--config-file=") + two_word_flags+=("--config-file") + flags+=("--log-level=") + two_word_flags+=("--log-level") + flags+=("--no-config") + flags+=("--output=") + two_word_flags+=("--output") + two_word_flags+=("-o") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + _kumactl_get_meshes() { last_command="kumactl_get_meshes" @@ -2692,6 +2762,8 @@ _kumactl_get() commands+=("healthcheck") commands+=("healthchecks") commands+=("mesh") + commands+=("meshaccesslog") + commands+=("meshaccesslogs") commands+=("meshes") commands+=("meshgateway") commands+=("meshgatewayroute") @@ -2938,6 +3010,36 @@ _kumactl_inspect_healthcheck() noun_aliases=() } +_kumactl_inspect_meshaccesslog() +{ + last_command="kumactl_inspect_meshaccesslog" + + command_aliases=() + + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--api-timeout=") + two_word_flags+=("--api-timeout") + flags+=("--config-file=") + two_word_flags+=("--config-file") + flags+=("--log-level=") + two_word_flags+=("--log-level") + flags+=("--no-config") + flags+=("--output=") + two_word_flags+=("--output") + two_word_flags+=("-o") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + _kumactl_inspect_meshes() { last_command="kumactl_inspect_meshes" @@ -3467,6 +3569,7 @@ _kumactl_inspect() commands+=("dataplanes") commands+=("fault-injection") commands+=("healthcheck") + commands+=("meshaccesslog") commands+=("meshes") commands+=("meshgateway") commands+=("meshtrafficpermission") diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml index a717251af955..1317b0404fe0 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml @@ -223,6 +223,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -714,17 +759,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -746,8 +791,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -759,17 +804,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -791,8 +836,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1386,6 +1431,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1688,51 +2007,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1873,6 +2147,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2166,7 +2441,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2324,6 +2599,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2358,6 +2634,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2474,6 +2751,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.cni-experimental-enabled.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.cni-experimental-enabled.golden.yaml index 1d195e86b1f1..8a00141ac480 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.cni-experimental-enabled.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.cni-experimental-enabled.golden.yaml @@ -223,6 +223,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -714,17 +759,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -746,8 +791,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -759,17 +804,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -791,8 +836,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1386,6 +1431,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1688,51 +2007,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1873,6 +2147,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2184,7 +2459,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2346,6 +2621,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2380,6 +2656,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2496,6 +2773,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml index d9bdff5ed4c1..967999db2cec 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml @@ -189,6 +189,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -680,17 +725,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -712,8 +757,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -725,17 +770,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +802,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1352,6 +1397,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1654,51 +1973,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1818,6 +2092,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -1988,7 +2263,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2146,6 +2421,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2180,6 +2456,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2296,6 +2573,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.dump-values.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.dump-values.yaml index 5d66c197c5e3..52a816a050a5 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.dump-values.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.dump-values.yaml @@ -690,4 +690,5 @@ experimental: # @ignored for helm-docs plugins: policies: + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml index fb7f46402b5c..70f35c3cf48e 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml @@ -189,6 +189,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -680,17 +725,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -712,8 +757,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -725,17 +770,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +802,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1352,6 +1397,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1654,51 +1973,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1818,6 +2092,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2005,7 +2280,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: fd5cb26395594662e1f976f50c10bee12480e1d1f27ab49903572bdc3bb43e7c + checksum/tls-secrets: 46432bff5dd0d9a42953e264b91e153419fe69950e8118d53e644d090274e074 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2162,6 +2437,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2196,6 +2472,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2249,6 +2526,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml index 2abcc595764b..7b683db32edc 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml @@ -189,6 +189,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -680,17 +725,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -712,8 +757,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -725,17 +770,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +802,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1352,6 +1397,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1654,51 +1973,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1818,6 +2092,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -1988,7 +2263,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2146,6 +2421,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2180,6 +2456,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2296,6 +2573,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml index fb4d35b8543c..d4d3826331d9 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml @@ -189,6 +189,265 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayinstances.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayInstance + listKind: MeshGatewayInstanceList + plural: meshgatewayinstances + singular: meshgatewayinstance + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: MeshGatewayInstance represents a managed instance of a dataplane + proxy for a Kuma Gateway. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MeshGatewayInstanceSpec specifies the options available for + a GatewayDataplane. + properties: + replicas: + default: 1 + description: Replicas is the number of dataplane proxy replicas to + create. For now this is a fixed number, but in the future it could + be automatically scaled based on metrics. + format: int32 + minimum: 1 + type: integer + resources: + description: Resources specifies the compute resources for the proxy + container. The default can be set in the control plane config. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + serviceTemplate: + description: ServiceTemplate configures the Service owned by this + config. + properties: + metadata: + description: Metadata holds metadata configuration for a Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations holds annotations to be set on a + Service. + type: object + type: object + spec: + description: Spec holds some customizable fields of a Service. + properties: + loadBalancerIP: + description: LoadBalancerIP corresponds to ServiceSpec.LoadBalancerIP. + type: string + type: object + type: object + serviceType: + default: LoadBalancer + description: ServiceType specifies the type of managed Service that + will be created to expose the dataplane proxies to traffic from + outside the cluster. The ports to expose will be taken from the + matching Gateway resource. If there is no matching Gateway, the + managed Service will be deleted. + enum: + - LoadBalancer + - ClusterIP + - NodePort + type: string + tags: + additionalProperties: + type: string + description: Tags specifies the Kuma tags that are propagated to the + managed dataplane proxies. These tags should include exactly one + `kuma.io/service` tag, and should match exactly one Gateway resource. + type: object + type: object + status: + description: MeshGatewayInstanceStatus holds information about the status + of the gateway instance. + properties: + conditions: + description: Conditions is an array of gateway instance conditions. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer, + if one is present. + properties: + ingress: + description: Ingress is a list containing ingress points for the + load-balancer. Traffic intended for the service should be sent + to these ingress points. + items: + description: 'LoadBalancerIngress represents the status of a + load-balancer ingress point: traffic intended for the service + should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer ingress points + that are DNS based (typically AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress points + that are IP based (typically GCE or OpenStack load-balancers) + type: string + ports: + description: Ports is a list of records of service ports + If used, every port defined in the service should have + an entry in it + items: + properties: + error: + description: 'Error is to record the problem with + the service port The format of the error shall comply + with the following rules: - built-in error values + shall be specified in this file and those shall + use CamelCase names - cloud provider specific error + values must have names that comply with the format + foo.example.com/CamelCase. --- The regex it matches + is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service + port of which status is recorded here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of the service + port of which status is recorded here The supported + values are: "TCP", "UDP", "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -680,17 +939,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficlogs.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficLog - listKind: TrafficLogList - plural: trafficlogs - singular: trafficlog - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -712,8 +971,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficLog resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -725,17 +984,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficlogs.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficLog + listKind: TrafficLogList + plural: trafficlogs + singular: trafficlog + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +1016,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficLog resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1176,17 +1435,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: zones.kuma.io + name: dataplanes.kuma.io spec: group: kuma.io names: categories: - kuma - kind: Zone - listKind: ZoneList - plural: zones - singular: zone - scope: Cluster + kind: Dataplane + listKind: DataplaneList + plural: dataplanes + singular: dataplane + scope: Namespaced versions: - name: v1alpha1 schema: @@ -1209,7 +1468,7 @@ spec: metadata: type: object spec: - description: Spec is the specification of the Kuma Zone resource. + description: Spec is the specification of the Kuma Dataplane resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1221,17 +1480,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplanes.kuma.io + name: zones.kuma.io spec: group: kuma.io names: categories: - kuma - kind: Dataplane - listKind: DataplaneList - plural: dataplanes - singular: dataplane - scope: Namespaced + kind: Zone + listKind: ZoneList + plural: zones + singular: zone + scope: Cluster versions: - name: v1alpha1 schema: @@ -1254,7 +1513,7 @@ spec: metadata: type: object spec: - description: Spec is the specification of the Kuma Dataplane resource. + description: Spec is the specification of the Kuma Zone resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1401,17 +1660,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: meshes.kuma.io + name: meshaccesslogs.kuma.io spec: group: kuma.io names: categories: - kuma - kind: Mesh - listKind: MeshList - plural: meshes - singular: mesh - scope: Cluster + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced versions: - name: v1alpha1 schema: @@ -1427,15 +1686,244 @@ spec: object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string metadata: type: object spec: - description: Spec is the specification of the Kuma Mesh resource. - x-kubernetes-preserve-unknown-fields: true + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object type: object served: true storage: true @@ -1446,23 +1934,21 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: meshgatewayconfigs.kuma.io + name: meshes.kuma.io spec: group: kuma.io names: categories: - kuma - kind: MeshGatewayConfig - listKind: MeshGatewayConfigList - plural: meshgatewayconfigs - singular: meshgatewayconfig + kind: Mesh + listKind: MeshList + plural: meshes + singular: mesh scope: Cluster versions: - name: v1alpha1 schema: openAPIV3Schema: - description: MeshGatewayConfig holds the configuration of a MeshGateway. A - GatewayClass can refer to a MeshGatewayConfig via parametersRef. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -1474,99 +1960,18 @@ spec: object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string metadata: type: object spec: - description: MeshGatewayConfigSpec specifies the options available for - a Kuma MeshGateway. - properties: - replicas: - default: 1 - description: Replicas is the number of dataplane proxy replicas to - create. For now this is a fixed number, but in the future it could - be automatically scaled based on metrics. - format: int32 - minimum: 1 - type: integer - resources: - description: Resources specifies the compute resources for the proxy - container. The default can be set in the control plane config. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - serviceTemplate: - description: ServiceTemplate configures the Service owned by this - config. - properties: - metadata: - description: Metadata holds metadata configuration for a Service. - properties: - annotations: - additionalProperties: - type: string - description: Annotations holds annotations to be set on a - Service. - type: object - type: object - spec: - description: Spec holds some customizable fields of a Service. - properties: - loadBalancerIP: - description: LoadBalancerIP corresponds to ServiceSpec.LoadBalancerIP. - type: string - type: object - type: object - serviceType: - default: LoadBalancer - description: ServiceType specifies the type of managed Service that - will be created to expose the dataplane proxies to traffic from - outside the cluster. The ports to expose will be taken from the - matching Gateway resource. If there is no matching Gateway, the - managed Service will be deleted. - enum: - - LoadBalancer - - ClusterIP - - NodePort - type: string - tags: - additionalProperties: - type: string - description: Tags specifies a set of Kuma tags that are included in - the MeshGatewayInstance and thus propagated to every Dataplane generated - to serve the MeshGateway. These tags should include a maximum of - one `kuma.io/service` tag. - type: object - type: object - status: - description: MeshGatewayConfigStatus holds information about the status - of the gateway instance. - type: object + description: Spec is the specification of the Kuma Mesh resource. + x-kubernetes-preserve-unknown-fields: true type: object served: true storage: true - subresources: - status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -1574,23 +1979,23 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: meshgatewayinstances.kuma.io + name: meshgatewayconfigs.kuma.io spec: group: kuma.io names: categories: - kuma - kind: MeshGatewayInstance - listKind: MeshGatewayInstanceList - plural: meshgatewayinstances - singular: meshgatewayinstance - scope: Namespaced + kind: MeshGatewayConfig + listKind: MeshGatewayConfigList + plural: meshgatewayconfigs + singular: meshgatewayconfig + scope: Cluster versions: - name: v1alpha1 schema: openAPIV3Schema: - description: MeshGatewayInstance represents a managed instance of a dataplane - proxy for a Kuma Gateway. + description: MeshGatewayConfig holds the configuration of a MeshGateway. A + GatewayClass can refer to a MeshGatewayConfig via parametersRef. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -1605,8 +2010,8 @@ spec: metadata: type: object spec: - description: MeshGatewayInstanceSpec specifies the options available for - a GatewayDataplane. + description: MeshGatewayConfigSpec specifies the options available for + a Kuma MeshGateway. properties: replicas: default: 1 @@ -1680,146 +2085,15 @@ spec: tags: additionalProperties: type: string - description: Tags specifies the Kuma tags that are propagated to the - managed dataplane proxies. These tags should include exactly one - `kuma.io/service` tag, and should match exactly one Gateway resource. + description: Tags specifies a set of Kuma tags that are included in + the MeshGatewayInstance and thus propagated to every Dataplane generated + to serve the MeshGateway. These tags should include a maximum of + one `kuma.io/service` tag. type: object type: object status: - description: MeshGatewayInstanceStatus holds information about the status + description: MeshGatewayConfigStatus holds information about the status of the gateway instance. - properties: - conditions: - description: Conditions is an array of gateway instance conditions. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer, - if one is present. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific error - values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object type: object type: object served: true @@ -1948,6 +2222,7 @@ rules: - meshgatewayroutes - meshgatewayinstances - meshgatewayconfigs + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2118,7 +2393,7 @@ spec: metadata: annotations: checksum/config: 1ddb2793e3c20c70cd0520f7a4fde01d98a29f277eb94d778097c8d1c992128f - checksum/tls-secrets: 7f615c364a983efeb4034f3aa765835f7d5f11ca524e62608f396a8a92b824f6 + checksum/tls-secrets: 89546bbec659c19712feb75febdb553ff294c7e60aaa3fc0a5cf0e1fe74d926f labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2311,6 +2586,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2345,6 +2621,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2461,6 +2738,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.registry.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.registry.golden.yaml index 643c58242d09..d22251892811 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.registry.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.registry.golden.yaml @@ -189,6 +189,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -680,17 +725,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -712,8 +757,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -725,17 +770,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +802,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1352,6 +1397,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1654,51 +1973,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1818,6 +2092,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -1988,7 +2263,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2146,6 +2421,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2180,6 +2456,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2296,6 +2573,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.tproxy-ebpf-experimental-enabled.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.tproxy-ebpf-experimental-enabled.golden.yaml index fee729d775f8..af9c7f4e5e32 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.tproxy-ebpf-experimental-enabled.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.tproxy-ebpf-experimental-enabled.golden.yaml @@ -189,6 +189,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -680,17 +725,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -712,8 +757,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -725,17 +770,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +802,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1352,6 +1397,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1654,51 +1973,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1818,6 +2092,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -1988,7 +2263,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2154,6 +2429,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2188,6 +2464,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2304,6 +2581,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.with-egress.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.with-egress.golden.yaml index 3a2fc070180a..4ab88424deca 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.with-egress.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.with-egress.golden.yaml @@ -199,6 +199,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -690,17 +735,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -722,8 +767,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -735,17 +780,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -767,8 +812,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1362,6 +1407,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1664,51 +1983,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1828,6 +2102,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2019,7 +2294,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2294,6 +2569,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2328,6 +2604,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2444,6 +2721,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-set.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-set.yaml index 352963d759d0..924b56e68126 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-set.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-set.yaml @@ -209,6 +209,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -700,17 +745,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -732,8 +777,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -745,17 +790,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -777,8 +822,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1372,6 +1417,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1674,51 +1993,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1838,6 +2112,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2050,7 +2325,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2448,6 +2723,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2482,6 +2758,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2598,6 +2875,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-values.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-values.yaml index 3af208e9df4b..4fae53a10efe 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-values.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-values.yaml @@ -189,6 +189,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -680,17 +725,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -712,8 +757,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -725,17 +770,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +802,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1352,6 +1397,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1654,51 +1973,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1818,6 +2092,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -1988,7 +2263,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2146,6 +2421,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2180,6 +2456,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2296,6 +2573,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml index 281766497649..19e966bbd72c 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml @@ -199,6 +199,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -690,17 +735,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -722,8 +767,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -735,17 +780,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -767,8 +812,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1362,6 +1407,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1664,51 +1983,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1828,6 +2102,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2019,7 +2294,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2300,6 +2575,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2334,6 +2610,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2450,6 +2727,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml index 3c0d245e4637..75c9bf80b755 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml @@ -189,6 +189,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -680,17 +725,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -712,8 +757,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -725,17 +770,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +802,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1352,6 +1397,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1654,51 +1973,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1818,6 +2092,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -1988,7 +2263,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2150,6 +2425,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2184,6 +2460,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2300,6 +2577,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-cp-helm/empty.golden.yaml b/app/kumactl/cmd/install/testdata/install-cp-helm/empty.golden.yaml index d9bdff5ed4c1..967999db2cec 100644 --- a/app/kumactl/cmd/install/testdata/install-cp-helm/empty.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-cp-helm/empty.golden.yaml @@ -189,6 +189,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -680,17 +725,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -712,8 +757,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -725,17 +770,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -757,8 +802,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1352,6 +1397,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1654,51 +1973,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1818,6 +2092,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -1988,7 +2263,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 labels: app: kuma-control-plane app.kubernetes.io/name: kuma @@ -2146,6 +2421,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2180,6 +2456,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2296,6 +2573,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-cp-helm/fix4485.golden.yaml b/app/kumactl/cmd/install/testdata/install-cp-helm/fix4485.golden.yaml index f53b9ac4a82b..b19f1c9bea88 100644 --- a/app/kumactl/cmd/install/testdata/install-cp-helm/fix4485.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-cp-helm/fix4485.golden.yaml @@ -205,6 +205,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -696,17 +741,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -728,8 +773,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -741,17 +786,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -773,8 +818,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1368,6 +1413,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1670,51 +1989,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1835,6 +2109,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2010,7 +2285,7 @@ spec: metadata: annotations: checksum/config: a339f834847039f79aed19d73fd8903aeb736f152c512a641f4fb907dbad1429 - checksum/tls-secrets: 6c59f080c0827192e886efb995ae009149bee063ab26e28eac17b70cfd7ae974 + checksum/tls-secrets: d4fe8d8c11082db886259be6f0d966db192fb51bb893de8afba38016de18cc87 labels: app: kuma-control-plane "foo": "baz" @@ -2176,6 +2451,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2210,6 +2486,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2327,6 +2604,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-cp-helm/fix4496.golden.yaml b/app/kumactl/cmd/install/testdata/install-cp-helm/fix4496.golden.yaml index 13aa2e137e08..4091f03209ed 100644 --- a/app/kumactl/cmd/install/testdata/install-cp-helm/fix4496.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-cp-helm/fix4496.golden.yaml @@ -202,6 +202,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -693,17 +738,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -725,8 +770,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -738,17 +783,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -770,8 +815,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1365,6 +1410,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1667,51 +1986,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1832,6 +2106,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2029,7 +2304,7 @@ spec: metadata: annotations: checksum/config: 8e3d9b7078c00005eae94f443d41866ae6d12b93b99888c865c01e843e16dd38 - checksum/tls-secrets: 6a60bfebb565d14f3eb7deea8f96a8d4eb674254ab8a60c3e19e7ff761168e0b + checksum/tls-secrets: 2d44490a2bdaa8b664483ca275b8a4885782116b3d9a4b060f6c8dec26a316bc labels: app: kuma-control-plane "foo": "bar" @@ -2338,6 +2613,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2372,6 +2648,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2489,6 +2766,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-cp-helm/fix4935.golden.yaml b/app/kumactl/cmd/install/testdata/install-cp-helm/fix4935.golden.yaml index b97550849ffb..6d7efee43737 100644 --- a/app/kumactl/cmd/install/testdata/install-cp-helm/fix4935.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-cp-helm/fix4935.golden.yaml @@ -243,6 +243,51 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -734,17 +779,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: trafficpermissions.kuma.io + name: dataplaneinsights.kuma.io spec: group: kuma.io names: categories: - kuma - kind: TrafficPermission - listKind: TrafficPermissionList - plural: trafficpermissions - singular: trafficpermission - scope: Cluster + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced versions: - name: v1alpha1 schema: @@ -766,8 +811,8 @@ spec: type: string metadata: type: object - spec: - description: Spec is the specification of the Kuma TrafficPermission resource. + status: + description: Status is the status the Kuma resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -779,17 +824,17 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null - name: dataplaneinsights.kuma.io + name: trafficpermissions.kuma.io spec: group: kuma.io names: categories: - kuma - kind: DataplaneInsight - listKind: DataplaneInsightList - plural: dataplaneinsights - singular: dataplaneinsight - scope: Namespaced + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster versions: - name: v1alpha1 schema: @@ -811,8 +856,8 @@ spec: type: string metadata: type: object - status: - description: Status is the status the Kuma resource. + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. x-kubernetes-preserve-unknown-fields: true type: object served: true @@ -1406,6 +1451,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1708,51 +2027,6 @@ spec: subresources: status: {} --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: meshgatewayroutes.kuma.io -spec: - group: kuma.io - names: - categories: - - kuma - kind: MeshGatewayRoute - listKind: MeshGatewayRouteList - plural: meshgatewayroutes - singular: meshgatewayroute - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. - It may be omitted for cluster-scoped resources. - type: string - metadata: - type: object - spec: - description: Spec is the specification of the Kuma MeshGatewayRoute resource. - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1893,6 +2167,7 @@ rules: - meshgateways - meshgatewayroutes - meshgatewayinstances + - meshaccesslogs - meshtrafficpermissions verbs: - get @@ -2236,7 +2511,7 @@ spec: metadata: annotations: checksum/config: c52be51867deb8823a422dc1d188c7a2ab7fc5e501f620467d7fdd8fc4637d47 - checksum/tls-secrets: 0f778cb0c1f035e562a58b0fac0af5eb78fa2ed5d89f26c9e7968d50cea2a1dd + checksum/tls-secrets: f1f8dc94ccd3ec63acaf5294783d13152ed681236aa62c6049b391f0d8965476 bim: "bam" foo: "{\"bar\": \"baz\"}" labels: @@ -2668,6 +2943,7 @@ webhooks: - UPDATE resources: - meshes + - meshaccesslogs - meshtrafficpermissions sideEffects: None - name: owner-reference.kuma-admission.kuma.io @@ -2702,6 +2978,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds + - meshaccesslogs - meshtrafficpermissions @@ -2818,6 +3095,7 @@ webhooks: - virtualoutbounds - zones - containerpatches + - meshaccesslogs - meshtrafficpermissions diff --git a/app/kumactl/cmd/install/testdata/install-crds.all.golden.yaml b/app/kumactl/cmd/install/testdata/install-crds.all.golden.yaml index 97c1668986d7..1d23d499c85f 100644 --- a/app/kumactl/cmd/install/testdata/install-crds.all.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-crds.all.golden.yaml @@ -382,6 +382,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 diff --git a/app/kumactl/cmd/install/testdata/install-crds.experimental-gatewayapi.golden.yaml b/app/kumactl/cmd/install/testdata/install-crds.experimental-gatewayapi.golden.yaml index d4c6a54a5d65..7d405b7a5b0a 100644 --- a/app/kumactl/cmd/install/testdata/install-crds.experimental-gatewayapi.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-crds.experimental-gatewayapi.golden.yaml @@ -382,6 +382,280 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From is a list of pairs – a group of clients and action + applied for it + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful when + implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + to: + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + type: object + reference: + properties: + kind: + type: string + name: + type: string + type: object + tcp: + description: Backend defines logging backend. + properties: + address: + description: Type of the backend (Kuma ships with + 'tcp' and 'file') + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + plain: + type: string + type: object + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + - MeshHTTPRoute + type: string + mesh: + description: Mesh is used with MeshService and MeshServiceSubset + to identify the service from another mesh. Could be useful + when implementing policies with cross-mesh support. + type: string + name: + description: Name of the referenced resource + type: string + tags: + additionalProperties: + type: string + description: Tags are used with MeshSubset and MeshServiceSubset + to define a subset of proxies + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 diff --git a/docs/generated/cmd/kumactl/kumactl_get.md b/docs/generated/cmd/kumactl/kumactl_get.md index 63dad08a3f27..981008f044ea 100644 --- a/docs/generated/cmd/kumactl/kumactl_get.md +++ b/docs/generated/cmd/kumactl/kumactl_get.md @@ -38,6 +38,8 @@ Show Kuma resources. * [kumactl get healthcheck](kumactl_get_healthcheck.md) - Show a single HealthCheck resource * [kumactl get healthchecks](kumactl_get_healthchecks.md) - Show HealthCheck * [kumactl get mesh](kumactl_get_mesh.md) - Show a single Mesh resource +* [kumactl get meshaccesslog](kumactl_get_meshaccesslog.md) - Show a single MeshAccessLog resource +* [kumactl get meshaccesslogs](kumactl_get_meshaccesslogs.md) - Show MeshAccessLog * [kumactl get meshes](kumactl_get_meshes.md) - Show Mesh * [kumactl get meshgateway](kumactl_get_meshgateway.md) - Show a single MeshGateway resource * [kumactl get meshgatewayroute](kumactl_get_meshgatewayroute.md) - Show a single MeshGatewayRoute resource diff --git a/docs/generated/cmd/kumactl/kumactl_get_meshaccesslog.md b/docs/generated/cmd/kumactl/kumactl_get_meshaccesslog.md new file mode 100644 index 000000000000..1caa992ebc5c --- /dev/null +++ b/docs/generated/cmd/kumactl/kumactl_get_meshaccesslog.md @@ -0,0 +1,33 @@ +## kumactl get meshaccesslog + +Show a single MeshAccessLog resource + +### Synopsis + +Show a single MeshAccessLog resource. + +``` +kumactl get meshaccesslog NAME [flags] +``` + +### Options + +``` + -h, --help help for meshaccesslog + -m, --mesh string mesh to use (default "default") +``` + +### Options inherited from parent commands + +``` + --api-timeout duration the timeout for api calls. It includes connection time, any redirects, and reading the response body. A timeout of zero means no timeout (default 1m0s) + --config-file string path to the configuration file to use + --log-level string log level: one of off|info|debug (default "off") + --no-config if set no config file and config directory will be created + -o, --output string output format: one of table|yaml|json (default "table") +``` + +### SEE ALSO + +* [kumactl get](kumactl_get.md) - Show Kuma resources + diff --git a/docs/generated/cmd/kumactl/kumactl_get_meshaccesslogs.md b/docs/generated/cmd/kumactl/kumactl_get_meshaccesslogs.md new file mode 100644 index 000000000000..dcf2734a021f --- /dev/null +++ b/docs/generated/cmd/kumactl/kumactl_get_meshaccesslogs.md @@ -0,0 +1,35 @@ +## kumactl get meshaccesslogs + +Show MeshAccessLog + +### Synopsis + +Show MeshAccessLog entities. + +``` +kumactl get meshaccesslogs [flags] +``` + +### Options + +``` + -h, --help help for meshaccesslogs + -m, --mesh string mesh to use (default "default") + --offset string the offset that indicates starting element of the resources list to retrieve + --size int maximum number of elements to return +``` + +### Options inherited from parent commands + +``` + --api-timeout duration the timeout for api calls. It includes connection time, any redirects, and reading the response body. A timeout of zero means no timeout (default 1m0s) + --config-file string path to the configuration file to use + --log-level string log level: one of off|info|debug (default "off") + --no-config if set no config file and config directory will be created + -o, --output string output format: one of table|yaml|json (default "table") +``` + +### SEE ALSO + +* [kumactl get](kumactl_get.md) - Show Kuma resources + diff --git a/docs/generated/cmd/kumactl/kumactl_inspect.md b/docs/generated/cmd/kumactl/kumactl_inspect.md index 0f1ae9dc49ee..4ce40aadc6fd 100644 --- a/docs/generated/cmd/kumactl/kumactl_inspect.md +++ b/docs/generated/cmd/kumactl/kumactl_inspect.md @@ -30,6 +30,7 @@ Inspect Kuma resources. * [kumactl inspect dataplanes](kumactl_inspect_dataplanes.md) - Inspect Dataplanes * [kumactl inspect fault-injection](kumactl_inspect_fault-injection.md) - Inspect FaultInjection * [kumactl inspect healthcheck](kumactl_inspect_healthcheck.md) - Inspect HealthCheck +* [kumactl inspect meshaccesslog](kumactl_inspect_meshaccesslog.md) - Inspect MeshAccessLog * [kumactl inspect meshes](kumactl_inspect_meshes.md) - Inspect Meshes * [kumactl inspect meshgateway](kumactl_inspect_meshgateway.md) - Inspect MeshGateway * [kumactl inspect meshtrafficpermission](kumactl_inspect_meshtrafficpermission.md) - Inspect MeshTrafficPermission diff --git a/docs/generated/cmd/kumactl/kumactl_inspect_meshaccesslog.md b/docs/generated/cmd/kumactl/kumactl_inspect_meshaccesslog.md new file mode 100644 index 000000000000..325702c760fa --- /dev/null +++ b/docs/generated/cmd/kumactl/kumactl_inspect_meshaccesslog.md @@ -0,0 +1,32 @@ +## kumactl inspect meshaccesslog + +Inspect MeshAccessLog + +### Synopsis + +Inspect MeshAccessLog. + +``` +kumactl inspect meshaccesslog NAME [flags] +``` + +### Options + +``` + -h, --help help for meshaccesslog +``` + +### Options inherited from parent commands + +``` + --api-timeout duration the timeout for api calls. It includes connection time, any redirects, and reading the response body. A timeout of zero means no timeout (default 1m0s) + --config-file string path to the configuration file to use + --log-level string log level: one of off|info|debug (default "off") + --no-config if set no config file and config directory will be created + -o, --output string output format: one of table|yaml|json (default "table") +``` + +### SEE ALSO + +* [kumactl inspect](kumactl_inspect.md) - Inspect Kuma resources + diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go index ffff2f16439b..16bcef7d8b91 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go @@ -23,7 +23,8 @@ const ( _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) -// MeshAccessLog defines access log policies between different data plane proxies entities. +// MeshAccessLog defines access log policies between different data plane +// proxies entities. type MeshAccessLog struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto index b83a5c738be8..08cae62de4e4 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto @@ -14,7 +14,8 @@ option (doc.config) = { file_name : "meshaccesslog" }; -// MeshAccessLog defines access log policies between different data plane proxies entities. +// MeshAccessLog defines access log policies between different data plane +// proxies entities. message MeshAccessLog { option (kuma.mesh.policy) = { // Toggle this to have the policy registered or not in Kuma From 39a475d5fb90474a8c35fcf79d2b15d6c3856d04 Mon Sep 17 00:00:00 2001 From: slonka Date: Wed, 14 Sep 2022 16:37:51 +0200 Subject: [PATCH 23/27] feat(kumacp): add validations for file and tcp backend Signed-off-by: slonka --- .../meshaccesslog/api/v1alpha1/validator.go | 18 ++++- .../api/v1alpha1/validator_test.go | 69 ++++++++++++++++++- 2 files changed, 84 insertions(+), 3 deletions(-) diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go index 60b9b53d10f5..ff9e4831ce30 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go @@ -1,6 +1,8 @@ package v1alpha1 import ( + "fmt" + "github.com/asaskevich/govalidator" common_proto "github.com/kumahq/kuma/api/common/v1alpha1" "github.com/kumahq/kuma/pkg/core/validators" matcher_validators "github.com/kumahq/kuma/pkg/plugins/policies/matchers/validators" @@ -30,8 +32,17 @@ func (r *MeshAccessLogResource) validateBackend(backend *MeshAccessLog_Backend, r.validateFormats(backend, verr, backendIndexed) - if backend.GetFile() != nil && backend.GetFile().Path == "" { - verr.AddViolationAt(backendIndexed.Field("file").Field("path"), `file backend requires a path`) + if backend.GetFile() != nil { + isFilePath, _ := govalidator.IsFilePath(backend.GetFile().GetPath()) + if !isFilePath { + verr.AddViolationAt(backendIndexed.Field("file").Field("path"), `file backend requires a valid path`) + } + } + + if backend.GetTcp() != nil { + if !govalidator.IsURL(backend.GetTcp().GetAddress()) { + verr.AddViolationAt(backendIndexed.Field("tcp").Field("address"), `tcp backend requires valid address`) + } } } @@ -60,6 +71,9 @@ func (r *MeshAccessLogResource) validateFormats(backend *MeshAccessLog_Backend, if field.GetValue() == "" { verr.AddViolationAt(indexedField.Field("value"), `value cannot be empty`) } + if !govalidator.IsJSON(fmt.Sprintf(`{"%s": "%s"}`, field.GetKey(), field.GetValue())) { + verr.AddViolationAt(indexedField, `is not a valid JSON object`) + } } } } diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go index 6d7e7d227cb9..21f202d9dcb8 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go @@ -120,7 +120,28 @@ from: expected: ` violations: - field: spec.from[0].default.backend[0].file.path - message: file backend requires a path`, + message: file backend requires a valid path`, + }), + Entry("invalid 'path'", testCase{ + inputYaml: ` +targetRef: + kind: MeshService + name: web-frontend +from: + - targetRef: + kind: Mesh + name: default + default: + backends: + - file: + format: + plain: '{"start_time": "%START_TIME%"}' + path: '#not_valid' +`, + expected: ` +violations: + - field: spec.from[0].default.backend[0].file.path + message: file backend requires a valid path`, }), Entry("empty 'key'", testCase{ inputYaml: ` @@ -165,6 +186,29 @@ from: violations: - field: spec.from[0].default.backend[0].json[0].value message: value cannot be empty`, + }), + Entry("invalid 'key'", testCase{ + inputYaml: ` +targetRef: + kind: MeshService + name: web-frontend +from: + - targetRef: + kind: Mesh + name: default + default: + backends: + - file: + path: '/tmp/logs.txt' + format: + json: + - key: '"' + value: "%START_TIME%" +`, + expected: ` +violations: + - field: spec.from[0].default.backend[0].json[0] + message: is not a valid JSON object`, }), Entry("both 'plain' and 'json' defined", testCase{ inputYaml: ` @@ -287,6 +331,29 @@ violations: - field: spec.from[0].default message: 'must be defined'`, }), + Entry("'address' not valid", testCase{ + inputYaml: ` +targetRef: + kind: MeshService + name: web-frontend +from: + - targetRef: + kind: Mesh + name: default + default: + backends: + - tcp: + format: + json: + - key: "start_time" + value: "%START_TIME%" + address: not_valid_url +`, + expected: ` +violations: +- field: spec.from[0].default.backend[0].tcp.address + message: 'tcp backend requires valid address'`, + }), ) }) }) From 08c97678a7dc75b3fc79678eee9bc42c99d6b29a Mon Sep 17 00:00:00 2001 From: slonka Date: Wed, 14 Sep 2022 16:43:09 +0200 Subject: [PATCH 24/27] feat(kumacp): add validation for reference Signed-off-by: slonka --- .../policies/meshaccesslog/api/v1alpha1/validator.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go index ff9e4831ce30..fb2636faadc1 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go @@ -44,6 +44,12 @@ func (r *MeshAccessLogResource) validateBackend(backend *MeshAccessLog_Backend, verr.AddViolationAt(backendIndexed.Field("tcp").Field("address"), `tcp backend requires valid address`) } } + + if backend.GetReference() != nil { + if backend.GetReference().GetName() == "" { + verr.AddViolationAt(backendIndexed.Field("reference").Field("name"), `reference name cannot be empty`) + } + } } func (r *MeshAccessLogResource) validateFormats(backend *MeshAccessLog_Backend, verr *validators.ValidationError, backendIndexed validators.PathBuilder) { From 99b4203ccad338e9137676be5ff1da119a182b7c Mon Sep 17 00:00:00 2001 From: slonka Date: Wed, 14 Sep 2022 16:48:26 +0200 Subject: [PATCH 25/27] feat(kumacp): remove reference since it's not for this stage, this commit can be reverted Signed-off-by: slonka --- .../kuma/crds/kuma.io_meshaccesslogs.yaml | 14 - .../api/v1alpha1/meshaccesslog.pb.go | 268 ++++++------------ .../api/v1alpha1/meshaccesslog.proto | 6 - .../meshaccesslog/api/v1alpha1/schema.yaml | 14 - .../meshaccesslog/api/v1alpha1/validator.go | 11 +- .../api/v1alpha1/validator_test.go | 28 +- .../k8s/crd/kuma.io_meshaccesslogs.yaml | 14 - 7 files changed, 106 insertions(+), 249 deletions(-) diff --git a/deployments/charts/kuma/crds/kuma.io_meshaccesslogs.yaml b/deployments/charts/kuma/crds/kuma.io_meshaccesslogs.yaml index 7b8ee284a70b..71c6a7cb0d1f 100644 --- a/deployments/charts/kuma/crds/kuma.io_meshaccesslogs.yaml +++ b/deployments/charts/kuma/crds/kuma.io_meshaccesslogs.yaml @@ -73,13 +73,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: @@ -203,13 +196,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go index 16bcef7d8b91..ea577ffe3eae 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.pb.go @@ -265,75 +265,19 @@ func (x *MeshAccessLog_FileBackend) GetPath() string { return "" } -type MeshAccessLog_ReferenceBackend struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Kind string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"` - Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` -} - -func (x *MeshAccessLog_ReferenceBackend) Reset() { - *x = MeshAccessLog_ReferenceBackend{} - if protoimpl.UnsafeEnabled { - mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MeshAccessLog_ReferenceBackend) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MeshAccessLog_ReferenceBackend) ProtoMessage() {} - -func (x *MeshAccessLog_ReferenceBackend) ProtoReflect() protoreflect.Message { - mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MeshAccessLog_ReferenceBackend.ProtoReflect.Descriptor instead. -func (*MeshAccessLog_ReferenceBackend) Descriptor() ([]byte, []int) { - return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 3} -} - -func (x *MeshAccessLog_ReferenceBackend) GetKind() string { - if x != nil { - return x.Kind - } - return "" -} - -func (x *MeshAccessLog_ReferenceBackend) GetName() string { - if x != nil { - return x.Name - } - return "" -} - type MeshAccessLog_Backend struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Tcp *MeshAccessLog_TCPBackend `protobuf:"bytes,1,opt,name=tcp,proto3" json:"tcp,omitempty"` - File *MeshAccessLog_FileBackend `protobuf:"bytes,2,opt,name=file,proto3" json:"file,omitempty"` - Reference *MeshAccessLog_ReferenceBackend `protobuf:"bytes,3,opt,name=reference,proto3" json:"reference,omitempty"` + Tcp *MeshAccessLog_TCPBackend `protobuf:"bytes,1,opt,name=tcp,proto3" json:"tcp,omitempty"` + File *MeshAccessLog_FileBackend `protobuf:"bytes,2,opt,name=file,proto3" json:"file,omitempty"` } func (x *MeshAccessLog_Backend) Reset() { *x = MeshAccessLog_Backend{} if protoimpl.UnsafeEnabled { - mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[5] + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -346,7 +290,7 @@ func (x *MeshAccessLog_Backend) String() string { func (*MeshAccessLog_Backend) ProtoMessage() {} func (x *MeshAccessLog_Backend) ProtoReflect() protoreflect.Message { - mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[5] + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -359,7 +303,7 @@ func (x *MeshAccessLog_Backend) ProtoReflect() protoreflect.Message { // Deprecated: Use MeshAccessLog_Backend.ProtoReflect.Descriptor instead. func (*MeshAccessLog_Backend) Descriptor() ([]byte, []int) { - return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 4} + return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 3} } func (x *MeshAccessLog_Backend) GetTcp() *MeshAccessLog_TCPBackend { @@ -376,13 +320,6 @@ func (x *MeshAccessLog_Backend) GetFile() *MeshAccessLog_FileBackend { return nil } -func (x *MeshAccessLog_Backend) GetReference() *MeshAccessLog_ReferenceBackend { - if x != nil { - return x.Reference - } - return nil -} - type MeshAccessLog_Conf struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -394,7 +331,7 @@ type MeshAccessLog_Conf struct { func (x *MeshAccessLog_Conf) Reset() { *x = MeshAccessLog_Conf{} if protoimpl.UnsafeEnabled { - mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[6] + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -407,7 +344,7 @@ func (x *MeshAccessLog_Conf) String() string { func (*MeshAccessLog_Conf) ProtoMessage() {} func (x *MeshAccessLog_Conf) ProtoReflect() protoreflect.Message { - mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[6] + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[5] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -420,7 +357,7 @@ func (x *MeshAccessLog_Conf) ProtoReflect() protoreflect.Message { // Deprecated: Use MeshAccessLog_Conf.ProtoReflect.Descriptor instead. func (*MeshAccessLog_Conf) Descriptor() ([]byte, []int) { - return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 5} + return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 4} } func (x *MeshAccessLog_Conf) GetBackends() []*MeshAccessLog_Backend { @@ -446,7 +383,7 @@ type MeshAccessLog_From struct { func (x *MeshAccessLog_From) Reset() { *x = MeshAccessLog_From{} if protoimpl.UnsafeEnabled { - mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[7] + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -459,7 +396,7 @@ func (x *MeshAccessLog_From) String() string { func (*MeshAccessLog_From) ProtoMessage() {} func (x *MeshAccessLog_From) ProtoReflect() protoreflect.Message { - mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[7] + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[6] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -472,7 +409,7 @@ func (x *MeshAccessLog_From) ProtoReflect() protoreflect.Message { // Deprecated: Use MeshAccessLog_From.ProtoReflect.Descriptor instead. func (*MeshAccessLog_From) Descriptor() ([]byte, []int) { - return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 6} + return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 5} } func (x *MeshAccessLog_From) GetTargetRef() *v1alpha1.TargetRef { @@ -505,7 +442,7 @@ type MeshAccessLog_To struct { func (x *MeshAccessLog_To) Reset() { *x = MeshAccessLog_To{} if protoimpl.UnsafeEnabled { - mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[8] + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[7] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -518,7 +455,7 @@ func (x *MeshAccessLog_To) String() string { func (*MeshAccessLog_To) ProtoMessage() {} func (x *MeshAccessLog_To) ProtoReflect() protoreflect.Message { - mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[8] + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[7] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -531,7 +468,7 @@ func (x *MeshAccessLog_To) ProtoReflect() protoreflect.Message { // Deprecated: Use MeshAccessLog_To.ProtoReflect.Descriptor instead. func (*MeshAccessLog_To) Descriptor() ([]byte, []int) { - return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 7} + return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescGZIP(), []int{0, 6} } func (x *MeshAccessLog_To) GetTargetRef() *v1alpha1.TargetRef { @@ -560,7 +497,7 @@ type MeshAccessLog_Format_JsonValue struct { func (x *MeshAccessLog_Format_JsonValue) Reset() { *x = MeshAccessLog_Format_JsonValue{} if protoimpl.UnsafeEnabled { - mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[9] + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[8] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -573,7 +510,7 @@ func (x *MeshAccessLog_Format_JsonValue) String() string { func (*MeshAccessLog_Format_JsonValue) ProtoMessage() {} func (x *MeshAccessLog_Format_JsonValue) ProtoReflect() protoreflect.Message { - mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[9] + mi := &file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[8] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -618,7 +555,7 @@ var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_raw 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x72, 0x65, 0x66, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x15, 0x6b, 0x75, 0x6d, 0x61, 0x2d, 0x64, 0x6f, 0x63, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, - 0xa1, 0x0c, 0x0a, 0x0d, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, + 0xed, 0x0a, 0x0a, 0x0d, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x12, 0x3d, 0x0a, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x61, 0x72, 0x67, @@ -663,67 +600,56 @@ var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_raw 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x18, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, 0xb5, 0x18, - 0x01, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x1a, 0x46, 0x0a, 0x10, 0x52, 0x65, 0x66, 0x65, 0x72, - 0x65, 0x6e, 0x63, 0x65, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x18, 0x0a, 0x04, 0x6b, - 0x69, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, - 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x12, 0x18, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x1a, - 0xac, 0x02, 0x0a, 0x07, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x58, 0x0a, 0x03, 0x74, - 0x63, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x46, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, - 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, - 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, - 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x54, 0x43, 0x50, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, - 0x52, 0x03, 0x74, 0x63, 0x70, 0x12, 0x5b, 0x0a, 0x04, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x47, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, - 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, - 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, - 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x04, 0x66, 0x69, - 0x6c, 0x65, 0x12, 0x6a, 0x0a, 0x09, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4c, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, - 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, - 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, - 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, - 0x6f, 0x67, 0x2e, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x42, 0x61, 0x63, 0x6b, - 0x65, 0x6e, 0x64, 0x52, 0x09, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x1a, 0x6d, - 0x0a, 0x04, 0x43, 0x6f, 0x6e, 0x66, 0x12, 0x65, 0x0a, 0x08, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, - 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x43, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, + 0x01, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x1a, 0xc0, 0x01, 0x0a, 0x07, 0x42, 0x61, 0x63, 0x6b, + 0x65, 0x6e, 0x64, 0x12, 0x58, 0x0a, 0x03, 0x74, 0x63, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x46, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, + 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, + 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, + 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x54, 0x43, + 0x50, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x03, 0x74, 0x63, 0x70, 0x12, 0x5b, 0x0a, + 0x04, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x47, 0x2e, 0x6b, 0x75, + 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, + 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, + 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x42, 0x61, 0x63, + 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x04, 0x66, 0x69, 0x6c, 0x65, 0x1a, 0x6d, 0x0a, 0x04, 0x43, 0x6f, + 0x6e, 0x66, 0x12, 0x65, 0x0a, 0x08, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x73, 0x18, 0x01, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x43, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, + 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, + 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, + 0x67, 0x2e, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, + 0x08, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x73, 0x1a, 0xad, 0x01, 0x0a, 0x04, 0x46, 0x72, + 0x6f, 0x6d, 0x12, 0x43, 0x0a, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x63, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x61, 0x72, + 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x09, 0x74, 0x61, + 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x12, 0x60, 0x0a, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, + 0x6c, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, - 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x42, 0x04, 0x88, - 0xb5, 0x18, 0x01, 0x52, 0x08, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x73, 0x1a, 0xad, 0x01, - 0x0a, 0x04, 0x46, 0x72, 0x6f, 0x6d, 0x12, 0x43, 0x0a, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, - 0x52, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6b, 0x75, 0x6d, 0x61, - 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, - 0x2e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, - 0x52, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x12, 0x60, 0x0a, 0x07, 0x64, - 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x6b, - 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, - 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, - 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, - 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x42, 0x04, - 0x88, 0xb5, 0x18, 0x01, 0x52, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x1a, 0xab, 0x01, - 0x0a, 0x02, 0x54, 0x6f, 0x12, 0x43, 0x0a, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, - 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x63, - 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, - 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x09, - 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x12, 0x60, 0x0a, 0x07, 0x64, 0x65, 0x66, - 0x61, 0x75, 0x6c, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x6b, 0x75, 0x6d, - 0x61, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, - 0x65, 0x73, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, - 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, - 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x42, 0x04, 0x88, 0xb5, - 0x18, 0x01, 0x52, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x3a, 0x06, 0xb2, 0x8c, 0x89, - 0xa6, 0x01, 0x00, 0x42, 0x6e, 0x5a, 0x46, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x68, 0x71, 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x2f, 0x70, 0x6b, - 0x67, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, - 0x65, 0x73, 0x2f, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, - 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x8a, 0xb5, 0x18, - 0x22, 0x50, 0x01, 0xa2, 0x01, 0x0d, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, - 0x4c, 0x6f, 0x67, 0xf2, 0x01, 0x0d, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, - 0x6c, 0x6f, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, + 0x52, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x1a, 0xab, 0x01, 0x0a, 0x02, 0x54, 0x6f, + 0x12, 0x43, 0x0a, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, + 0x6e, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x61, 0x72, 0x67, 0x65, + 0x74, 0x52, 0x65, 0x66, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x09, 0x74, 0x61, 0x72, 0x67, + 0x65, 0x74, 0x52, 0x65, 0x66, 0x12, 0x60, 0x0a, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x70, 0x6c, + 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2e, 0x6d, + 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, + 0x4c, 0x6f, 0x67, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x42, 0x04, 0x88, 0xb5, 0x18, 0x01, 0x52, 0x07, + 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x3a, 0x06, 0xb2, 0x8c, 0x89, 0xa6, 0x01, 0x00, 0x42, + 0x6e, 0x5a, 0x46, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6b, 0x75, + 0x6d, 0x61, 0x68, 0x71, 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x6c, + 0x75, 0x67, 0x69, 0x6e, 0x73, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x2f, 0x6d, + 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2f, 0x61, 0x70, 0x69, + 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x8a, 0xb5, 0x18, 0x22, 0x50, 0x01, 0xa2, + 0x01, 0x0d, 0x4d, 0x65, 0x73, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0xf2, + 0x01, 0x0d, 0x6d, 0x65, 0x73, 0x68, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x62, + 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -738,40 +664,38 @@ func file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_ra return file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDescData } -var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes = make([]protoimpl.MessageInfo, 10) +var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes = make([]protoimpl.MessageInfo, 9) var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_goTypes = []interface{}{ (*MeshAccessLog)(nil), // 0: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog (*MeshAccessLog_Format)(nil), // 1: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format (*MeshAccessLog_TCPBackend)(nil), // 2: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.TCPBackend (*MeshAccessLog_FileBackend)(nil), // 3: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.FileBackend - (*MeshAccessLog_ReferenceBackend)(nil), // 4: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.ReferenceBackend - (*MeshAccessLog_Backend)(nil), // 5: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Backend - (*MeshAccessLog_Conf)(nil), // 6: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Conf - (*MeshAccessLog_From)(nil), // 7: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.From - (*MeshAccessLog_To)(nil), // 8: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.To - (*MeshAccessLog_Format_JsonValue)(nil), // 9: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format.JsonValue - (*v1alpha1.TargetRef)(nil), // 10: kuma.common.v1alpha1.TargetRef + (*MeshAccessLog_Backend)(nil), // 4: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Backend + (*MeshAccessLog_Conf)(nil), // 5: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Conf + (*MeshAccessLog_From)(nil), // 6: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.From + (*MeshAccessLog_To)(nil), // 7: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.To + (*MeshAccessLog_Format_JsonValue)(nil), // 8: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format.JsonValue + (*v1alpha1.TargetRef)(nil), // 9: kuma.common.v1alpha1.TargetRef } var file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_depIdxs = []int32{ - 10, // 0: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.targetRef:type_name -> kuma.common.v1alpha1.TargetRef - 7, // 1: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.from:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.From - 8, // 2: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.to:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.To - 9, // 3: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format.json:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format.JsonValue + 9, // 0: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.targetRef:type_name -> kuma.common.v1alpha1.TargetRef + 6, // 1: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.from:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.From + 7, // 2: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.to:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.To + 8, // 3: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format.json:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format.JsonValue 1, // 4: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.TCPBackend.format:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format 1, // 5: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.FileBackend.format:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Format 2, // 6: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Backend.tcp:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.TCPBackend 3, // 7: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Backend.file:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.FileBackend - 4, // 8: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Backend.reference:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.ReferenceBackend - 5, // 9: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Conf.backends:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Backend - 10, // 10: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.From.targetRef:type_name -> kuma.common.v1alpha1.TargetRef - 6, // 11: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.From.default:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Conf - 10, // 12: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.To.targetRef:type_name -> kuma.common.v1alpha1.TargetRef - 6, // 13: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.To.default:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Conf - 14, // [14:14] is the sub-list for method output_type - 14, // [14:14] is the sub-list for method input_type - 14, // [14:14] is the sub-list for extension type_name - 14, // [14:14] is the sub-list for extension extendee - 0, // [0:14] is the sub-list for field type_name + 4, // 8: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Conf.backends:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Backend + 9, // 9: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.From.targetRef:type_name -> kuma.common.v1alpha1.TargetRef + 5, // 10: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.From.default:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Conf + 9, // 11: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.To.targetRef:type_name -> kuma.common.v1alpha1.TargetRef + 5, // 12: kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.To.default:type_name -> kuma.plugins.policies.meshaccesslog.v1alpha1.MeshAccessLog.Conf + 13, // [13:13] is the sub-list for method output_type + 13, // [13:13] is the sub-list for method input_type + 13, // [13:13] is the sub-list for extension type_name + 13, // [13:13] is the sub-list for extension extendee + 0, // [0:13] is the sub-list for field type_name } func init() { file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_init() } @@ -829,18 +753,6 @@ func file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_in } } file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MeshAccessLog_ReferenceBackend); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*MeshAccessLog_Backend); i { case 0: return &v.state @@ -852,7 +764,7 @@ func file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_in return nil } } - file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*MeshAccessLog_Conf); i { case 0: return &v.state @@ -864,7 +776,7 @@ func file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_in return nil } } - file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*MeshAccessLog_From); i { case 0: return &v.state @@ -876,7 +788,7 @@ func file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_in return nil } } - file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*MeshAccessLog_To); i { case 0: return &v.state @@ -888,7 +800,7 @@ func file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_in return nil } } - file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*MeshAccessLog_Format_JsonValue); i { case 0: return &v.state @@ -907,7 +819,7 @@ func file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_in GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_pkg_plugins_policies_meshaccesslog_api_v1alpha1_meshaccesslog_proto_rawDesc, NumEnums: 0, - NumMessages: 10, + NumMessages: 9, NumExtensions: 0, NumServices: 0, }, diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto index 08cae62de4e4..038a2d4f9a0f 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/meshaccesslog.proto @@ -57,15 +57,9 @@ message MeshAccessLog { string path = 2 [ (doc.required) = true ]; } - message ReferenceBackend { - string kind = 1 [ (doc.required) = true ]; - string name = 2 [ (doc.required) = true ]; - } - message Backend { TCPBackend tcp = 1; FileBackend file = 2; - ReferenceBackend reference = 3; } message Conf { repeated Backend backends = 1 [ (doc.required) = true ]; } diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/schema.yaml b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/schema.yaml index 0079f3b52144..b6b4c2f93221 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/schema.yaml +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/schema.yaml @@ -42,13 +42,6 @@ properties: description: Path to a file that logs will be written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: @@ -157,13 +150,6 @@ properties: description: Path to a file that logs will be written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go index fb2636faadc1..56fc1fa9f8a8 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go @@ -22,12 +22,11 @@ func (r *MeshAccessLogResource) validate() error { } func (r *MeshAccessLogResource) validateBackend(backend *MeshAccessLog_Backend, verr *validators.ValidationError, backendIndexed validators.PathBuilder) { - reference := bool2int(backend.GetReference() != nil) file := bool2int(backend.GetFile() != nil) tcp := bool2int(backend.GetTcp() != nil) - if reference+file+tcp != 1 { - verr.AddViolationAt(backendIndexed, `backend can have only one type defined: tcp, file, reference`) + if file+tcp != 1 { + verr.AddViolationAt(backendIndexed, `backend can have only one type defined: tcp, file`) } r.validateFormats(backend, verr, backendIndexed) @@ -44,12 +43,6 @@ func (r *MeshAccessLogResource) validateBackend(backend *MeshAccessLog_Backend, verr.AddViolationAt(backendIndexed.Field("tcp").Field("address"), `tcp backend requires valid address`) } } - - if backend.GetReference() != nil { - if backend.GetReference().GetName() == "" { - verr.AddViolationAt(backendIndexed.Field("reference").Field("name"), `reference name cannot be empty`) - } - } } func (r *MeshAccessLogResource) validateFormats(backend *MeshAccessLog_Backend, verr *validators.ValidationError, backendIndexed validators.PathBuilder) { diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go index 21f202d9dcb8..fc483f84db33 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator_test.go @@ -41,9 +41,6 @@ from: - key: "start_time" value: "%START_TIME%" address: 127.0.0.1:5000 - - reference: - kind: MeshAccessLogBackend - name: file-backend to: - targetRef: kind: MeshService @@ -234,7 +231,7 @@ violations: - field: spec.from[0].default.backend[0] message: 'format can only have one type defined: plain, json'`, }), - Entry("both 'tcp' and 'reference' defined", testCase{ + Entry("both 'tcp' and 'file' defined", testCase{ inputYaml: ` targetRef: kind: MeshService @@ -251,14 +248,15 @@ from: json: - key: "start_time" value: "%START_TIME%" - reference: - kind: MeshAccessLogBackend - name: file-backend + file: + format: + plain: '{"start_time": "%START_TIME%"}' + path: '/tmp/logs.txt' `, expected: ` violations: - field: spec.from[0].default.backend[0] - message: 'backend can have only one type defined: tcp, file, reference'`, + message: 'backend can have only one type defined: tcp, file'`, }), Entry("'to' defined in MeshGatewayRoute", testCase{ @@ -272,9 +270,10 @@ to: name: default default: backends: - - reference: - kind: MeshAccessLogBackend - name: file-backend + - file: + format: + plain: '{"start_time": "%START_TIME%"}' + path: '/tmp/logs.txt' `, expected: ` violations: @@ -292,9 +291,10 @@ to: name: default default: backends: - - reference: - kind: MeshAccessLogBackend - name: file-backend + - file: + format: + plain: '{"start_time": "%START_TIME%"}' + path: '/tmp/logs.txt' `, expected: ` violations: diff --git a/pkg/plugins/policies/meshaccesslog/k8s/crd/kuma.io_meshaccesslogs.yaml b/pkg/plugins/policies/meshaccesslog/k8s/crd/kuma.io_meshaccesslogs.yaml index 7b8ee284a70b..71c6a7cb0d1f 100644 --- a/pkg/plugins/policies/meshaccesslog/k8s/crd/kuma.io_meshaccesslogs.yaml +++ b/pkg/plugins/policies/meshaccesslog/k8s/crd/kuma.io_meshaccesslogs.yaml @@ -73,13 +73,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: @@ -203,13 +196,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: From ec79f37baed98dcae2af5b535f02e84d7297a31a Mon Sep 17 00:00:00 2001 From: slonka Date: Wed, 14 Sep 2022 16:49:59 +0200 Subject: [PATCH 26/27] feat(kumacp): make check pass Signed-off-by: slonka --- pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go index 56fc1fa9f8a8..e0ad3708a2e2 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go @@ -2,7 +2,9 @@ package v1alpha1 import ( "fmt" + "github.com/asaskevich/govalidator" + common_proto "github.com/kumahq/kuma/api/common/v1alpha1" "github.com/kumahq/kuma/pkg/core/validators" matcher_validators "github.com/kumahq/kuma/pkg/plugins/policies/matchers/validators" From b20824e7de3550a16a872b67097280e76cc22364 Mon Sep 17 00:00:00 2001 From: slonka Date: Wed, 14 Sep 2022 16:51:57 +0200 Subject: [PATCH 27/27] feat(kumacp): update golden files Signed-off-by: slonka --- .../install-control-plane.cni-enabled.golden.yaml | 14 -------------- ...trol-plane.cni-experimental-enabled.golden.yaml | 14 -------------- .../install-control-plane.defaults.golden.yaml | 14 -------------- .../install-control-plane.global.golden.yaml | 14 -------------- ...all-control-plane.override-env-vars.golden.yaml | 14 -------------- .../install-control-plane.overrides.golden.yaml | 14 -------------- .../install-control-plane.registry.golden.yaml | 14 -------------- ...ne.tproxy-ebpf-experimental-enabled.golden.yaml | 14 -------------- .../install-control-plane.with-egress.golden.yaml | 14 -------------- .../install-control-plane.with-helm-set.yaml | 14 -------------- .../install-control-plane.with-helm-values.yaml | 14 -------------- .../install-control-plane.with-ingress.golden.yaml | 14 -------------- .../install-control-plane.zone.golden.yaml | 14 -------------- .../testdata/install-cp-helm/empty.golden.yaml | 14 -------------- .../testdata/install-cp-helm/fix4485.golden.yaml | 14 -------------- .../testdata/install-cp-helm/fix4496.golden.yaml | 14 -------------- .../testdata/install-cp-helm/fix4935.golden.yaml | 14 -------------- .../install/testdata/install-crds.all.golden.yaml | 14 -------------- ...nstall-crds.experimental-gatewayapi.golden.yaml | 14 -------------- 19 files changed, 266 deletions(-) diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml index 1317b0404fe0..8020538e2e00 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml @@ -1503,13 +1503,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: @@ -1633,13 +1626,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.cni-experimental-enabled.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.cni-experimental-enabled.golden.yaml index 8a00141ac480..9e1940b02655 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.cni-experimental-enabled.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.cni-experimental-enabled.golden.yaml @@ -1503,13 +1503,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: @@ -1633,13 +1626,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml index 967999db2cec..a1aa8efe2c10 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml @@ -1469,13 +1469,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: @@ -1599,13 +1592,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml index 70f35c3cf48e..fe43d1a1e19e 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml @@ -1469,13 +1469,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: @@ -1599,13 +1592,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml index 7b683db32edc..36088c3b26a9 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml @@ -1469,13 +1469,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: @@ -1599,13 +1592,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml index d4d3826331d9..36e1b81e04f6 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml @@ -1728,13 +1728,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: @@ -1858,13 +1851,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.registry.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.registry.golden.yaml index d22251892811..168df29434b8 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.registry.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.registry.golden.yaml @@ -1469,13 +1469,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: @@ -1599,13 +1592,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.tproxy-ebpf-experimental-enabled.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.tproxy-ebpf-experimental-enabled.golden.yaml index af9c7f4e5e32..d4876fdc383e 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.tproxy-ebpf-experimental-enabled.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.tproxy-ebpf-experimental-enabled.golden.yaml @@ -1469,13 +1469,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: @@ -1599,13 +1592,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.with-egress.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.with-egress.golden.yaml index 4ab88424deca..5da2bb5b7ee8 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.with-egress.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.with-egress.golden.yaml @@ -1479,13 +1479,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: @@ -1609,13 +1602,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-set.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-set.yaml index 924b56e68126..6d0f392f4d22 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-set.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-set.yaml @@ -1489,13 +1489,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: @@ -1619,13 +1612,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-values.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-values.yaml index 4fae53a10efe..28f64f4f22be 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-values.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-values.yaml @@ -1469,13 +1469,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: @@ -1599,13 +1592,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml index 19e966bbd72c..0adda256dea2 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml @@ -1479,13 +1479,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: @@ -1609,13 +1602,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml index 75c9bf80b755..67e4fcf64f93 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml @@ -1469,13 +1469,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: @@ -1599,13 +1592,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: diff --git a/app/kumactl/cmd/install/testdata/install-cp-helm/empty.golden.yaml b/app/kumactl/cmd/install/testdata/install-cp-helm/empty.golden.yaml index 967999db2cec..a1aa8efe2c10 100644 --- a/app/kumactl/cmd/install/testdata/install-cp-helm/empty.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-cp-helm/empty.golden.yaml @@ -1469,13 +1469,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: @@ -1599,13 +1592,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: diff --git a/app/kumactl/cmd/install/testdata/install-cp-helm/fix4485.golden.yaml b/app/kumactl/cmd/install/testdata/install-cp-helm/fix4485.golden.yaml index b19f1c9bea88..7faefd2862b2 100644 --- a/app/kumactl/cmd/install/testdata/install-cp-helm/fix4485.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-cp-helm/fix4485.golden.yaml @@ -1485,13 +1485,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: @@ -1615,13 +1608,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: diff --git a/app/kumactl/cmd/install/testdata/install-cp-helm/fix4496.golden.yaml b/app/kumactl/cmd/install/testdata/install-cp-helm/fix4496.golden.yaml index 4091f03209ed..7cbd6f51a6de 100644 --- a/app/kumactl/cmd/install/testdata/install-cp-helm/fix4496.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-cp-helm/fix4496.golden.yaml @@ -1482,13 +1482,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: @@ -1612,13 +1605,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: diff --git a/app/kumactl/cmd/install/testdata/install-cp-helm/fix4935.golden.yaml b/app/kumactl/cmd/install/testdata/install-cp-helm/fix4935.golden.yaml index 6d7efee43737..c89adb6b87f3 100644 --- a/app/kumactl/cmd/install/testdata/install-cp-helm/fix4935.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-cp-helm/fix4935.golden.yaml @@ -1523,13 +1523,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: @@ -1653,13 +1646,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: diff --git a/app/kumactl/cmd/install/testdata/install-crds.all.golden.yaml b/app/kumactl/cmd/install/testdata/install-crds.all.golden.yaml index 1d23d499c85f..161885c2b9e0 100644 --- a/app/kumactl/cmd/install/testdata/install-crds.all.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-crds.all.golden.yaml @@ -454,13 +454,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: @@ -584,13 +577,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: diff --git a/app/kumactl/cmd/install/testdata/install-crds.experimental-gatewayapi.golden.yaml b/app/kumactl/cmd/install/testdata/install-crds.experimental-gatewayapi.golden.yaml index 7d405b7a5b0a..21bddd3dd49f 100644 --- a/app/kumactl/cmd/install/testdata/install-crds.experimental-gatewayapi.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-crds.experimental-gatewayapi.golden.yaml @@ -454,13 +454,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: @@ -584,13 +577,6 @@ spec: written to type: string type: object - reference: - properties: - kind: - type: string - name: - type: string - type: object tcp: description: Backend defines logging backend. properties: