mirror of
https://github.com/alibaba/higress.git
synced 2026-03-23 12:37:41 +08:00
Feat: upgrade gateway api to latest (#3160)
This commit is contained in:
EndlessSeeker
GitHub
@@ -224,7 +224,7 @@ install: pre-install
|
||||
|
||||
HIGRESS_LATEST_IMAGE_TAG ?= latest
|
||||
ENVOY_LATEST_IMAGE_TAG ?= cdf0f16bf622102f89a0d0257834f43f502e4b99
|
||||
ISTIO_LATEST_IMAGE_TAG ?= 2124b6819c805d16507d4bb0bb394160281169e7
|
||||
ISTIO_LATEST_IMAGE_TAG ?= a7525f292c38d7d3380f3ce7ee971ad6e3c46adf
|
||||
|
||||
install-dev: pre-install
|
||||
helm install higress helm/core -n higress-system --create-namespace --set 'controller.tag=$(TAG)' --set 'gateway.replicas=1' --set 'pilot.tag=$(ISTIO_LATEST_IMAGE_TAG)' --set 'gateway.tag=$(ENVOY_LATEST_IMAGE_TAG)' --set 'global.local=true'
|
||||
|
||||
138
go.mod
138
go.mod
@@ -26,7 +26,7 @@ require (
|
||||
github.com/golang/protobuf v1.5.4
|
||||
github.com/google/go-cmp v0.7.0
|
||||
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
|
||||
github.com/hashicorp/consul/api v1.31.2
|
||||
github.com/hashicorp/consul/api v1.32.0
|
||||
github.com/hashicorp/go-multierror v1.1.1
|
||||
github.com/hudl/fargo v1.4.0
|
||||
github.com/mholt/acmez v1.2.0
|
||||
@@ -34,44 +34,44 @@ require (
|
||||
github.com/nacos-group/nacos-sdk-go/v2 v2.3.2
|
||||
github.com/spf13/cobra v1.9.1
|
||||
github.com/spf13/pflag v1.0.7
|
||||
github.com/stretchr/testify v1.10.0
|
||||
github.com/stretchr/testify v1.11.1
|
||||
github.com/tidwall/gjson v1.17.0
|
||||
go.uber.org/atomic v1.11.0
|
||||
go.uber.org/zap v1.27.0
|
||||
golang.org/x/net v0.41.0
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822
|
||||
google.golang.org/grpc v1.73.0
|
||||
google.golang.org/protobuf v1.36.6
|
||||
golang.org/x/net v0.44.0
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20250929231259-57b25ae835d4
|
||||
google.golang.org/grpc v1.76.0
|
||||
google.golang.org/protobuf v1.36.10
|
||||
istio.io/api v1.27.1-0.20250820125923-f5a5d3a605a9
|
||||
istio.io/client-go v1.27.1-0.20250820130622-12f6d11feb40
|
||||
istio.io/istio v0.0.0
|
||||
istio.io/pkg v0.0.0-20250718200944-0aab346caa39
|
||||
k8s.io/api v0.33.3
|
||||
k8s.io/apiextensions-apiserver v0.33.3
|
||||
k8s.io/apimachinery v0.33.3
|
||||
k8s.io/api v0.34.1
|
||||
k8s.io/apiextensions-apiserver v0.34.1
|
||||
k8s.io/apimachinery v0.34.1
|
||||
k8s.io/cli-runtime v0.33.3
|
||||
k8s.io/client-go v0.33.3
|
||||
k8s.io/client-go v0.34.1
|
||||
knative.dev/networking v0.0.0-20220302134042-e8b2eb995165
|
||||
knative.dev/pkg v0.0.0-20220301181942-2fdd5f232e77
|
||||
sigs.k8s.io/controller-runtime v0.21.0
|
||||
sigs.k8s.io/gateway-api v1.3.0
|
||||
sigs.k8s.io/gateway-api-inference-extension v0.5.0
|
||||
sigs.k8s.io/controller-runtime v0.22.3
|
||||
sigs.k8s.io/gateway-api v1.4.0
|
||||
sigs.k8s.io/gateway-api-inference-extension v1.1.0
|
||||
sigs.k8s.io/structured-merge-diff/v4 v4.7.0
|
||||
sigs.k8s.io/yaml v1.5.0
|
||||
sigs.k8s.io/yaml v1.6.0
|
||||
)
|
||||
|
||||
require (
|
||||
cel.dev/expr v0.24.0 // indirect
|
||||
cloud.google.com/go v0.115.1 // indirect
|
||||
cloud.google.com/go/auth v0.15.0 // indirect
|
||||
cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect
|
||||
cloud.google.com/go/compute/metadata v0.6.0 // indirect
|
||||
cloud.google.com/go/logging v1.11.0 // indirect
|
||||
cloud.google.com/go/longrunning v0.6.0 // indirect
|
||||
cloud.google.com/go v0.120.0 // indirect
|
||||
cloud.google.com/go/auth v0.16.5 // indirect
|
||||
cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
|
||||
cloud.google.com/go/compute/metadata v0.8.4 // indirect
|
||||
cloud.google.com/go/logging v1.13.0 // indirect
|
||||
cloud.google.com/go/longrunning v0.6.7 // indirect
|
||||
dario.cat/mergo v1.0.2 // indirect
|
||||
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
|
||||
github.com/Masterminds/goutils v1.1.1 // indirect
|
||||
github.com/Masterminds/semver/v3 v3.3.1 // indirect
|
||||
github.com/Masterminds/semver/v3 v3.4.0 // indirect
|
||||
github.com/Masterminds/sprig/v3 v3.3.0 // indirect
|
||||
github.com/alecholmes/xfccparser v0.4.0 // indirect
|
||||
github.com/alecthomas/participle/v2 v2.1.4 // indirect
|
||||
@@ -102,6 +102,7 @@ require (
|
||||
github.com/blang/semver/v4 v4.0.0 // indirect
|
||||
github.com/buger/jsonparser v1.1.1 // indirect
|
||||
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
|
||||
github.com/cenkalti/backoff/v5 v5.0.3 // indirect
|
||||
github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
|
||||
github.com/cespare/xxhash/v2 v2.3.0 // indirect
|
||||
github.com/clbanning/mxj v1.8.4 // indirect
|
||||
@@ -115,7 +116,7 @@ require (
|
||||
github.com/docker/cli v28.1.1+incompatible // indirect
|
||||
github.com/docker/distribution v2.8.3+incompatible // indirect
|
||||
github.com/docker/docker-credential-helpers v0.9.3 // indirect
|
||||
github.com/emicklei/go-restful/v3 v3.12.2 // indirect
|
||||
github.com/emicklei/go-restful/v3 v3.13.0 // indirect
|
||||
github.com/envoyproxy/go-control-plane v0.13.4 // indirect
|
||||
github.com/envoyproxy/go-control-plane/contrib v0.0.0-20251016030003-90eca0228178 // indirect
|
||||
github.com/envoyproxy/protoc-gen-validate v1.2.1 // indirect
|
||||
@@ -124,30 +125,30 @@ require (
|
||||
github.com/felixge/httpsnoop v1.0.4 // indirect
|
||||
github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8 // indirect
|
||||
github.com/fsnotify/fsnotify v1.9.0 // indirect
|
||||
github.com/fxamacker/cbor/v2 v2.8.0 // indirect
|
||||
github.com/go-jose/go-jose/v4 v4.1.0 // indirect
|
||||
github.com/fxamacker/cbor/v2 v2.9.0 // indirect
|
||||
github.com/go-jose/go-jose/v4 v4.1.2 // indirect
|
||||
github.com/go-logr/logr v1.4.3 // indirect
|
||||
github.com/go-logr/stdr v1.2.2 // indirect
|
||||
github.com/go-openapi/jsonpointer v0.21.1 // indirect
|
||||
github.com/go-openapi/jsonpointer v0.21.2 // indirect
|
||||
github.com/go-openapi/jsonreference v0.21.0 // indirect
|
||||
github.com/go-openapi/swag v0.23.1 // indirect
|
||||
github.com/goccy/go-json v0.10.5 // indirect
|
||||
github.com/golang/mock v1.6.0 // indirect
|
||||
github.com/google/btree v1.1.3 // indirect
|
||||
github.com/google/cel-go v0.25.0 // indirect
|
||||
github.com/google/gnostic-models v0.6.9 // indirect
|
||||
github.com/google/cel-go v0.26.0 // indirect
|
||||
github.com/google/gnostic-models v0.7.0 // indirect
|
||||
github.com/google/go-containerregistry v0.20.3 // indirect
|
||||
github.com/google/s2a-go v0.1.9 // indirect
|
||||
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
|
||||
github.com/google/uuid v1.6.0 // indirect
|
||||
github.com/googleapis/enterprise-certificate-proxy v0.3.5 // indirect
|
||||
github.com/googleapis/gax-go/v2 v2.14.1 // indirect
|
||||
github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
|
||||
github.com/googleapis/gax-go/v2 v2.15.0 // indirect
|
||||
github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
|
||||
github.com/grafana/regexp v0.0.0-20240518133315-a468a5bfb3bc // indirect
|
||||
github.com/grafana/regexp v0.0.0-20250905093917-f7b3be9d1853 // indirect
|
||||
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
|
||||
github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
|
||||
github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.2 // indirect
|
||||
github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 // indirect
|
||||
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 // indirect
|
||||
github.com/hashicorp/errwrap v1.1.0 // indirect
|
||||
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
|
||||
github.com/hashicorp/go-hclog v1.6.3 // indirect
|
||||
@@ -177,7 +178,7 @@ require (
|
||||
github.com/mailru/easyjson v0.9.0 // indirect
|
||||
github.com/mattn/go-colorable v0.1.14 // indirect
|
||||
github.com/mattn/go-isatty v0.0.20 // indirect
|
||||
github.com/miekg/dns v1.1.66 // indirect
|
||||
github.com/miekg/dns v1.1.68 // indirect
|
||||
github.com/mitchellh/copystructure v1.2.0 // indirect
|
||||
github.com/mitchellh/go-homedir v1.1.0 // indirect
|
||||
github.com/mitchellh/mapstructure v1.5.0 // indirect
|
||||
@@ -185,7 +186,7 @@ require (
|
||||
github.com/moby/spdystream v0.5.0 // indirect
|
||||
github.com/moby/term v0.5.2 // indirect
|
||||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
|
||||
github.com/modern-go/reflect2 v1.0.2 // indirect
|
||||
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
|
||||
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
|
||||
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
|
||||
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
|
||||
@@ -198,11 +199,11 @@ require (
|
||||
github.com/pkg/errors v0.9.1 // indirect
|
||||
github.com/planetscale/vtprotobuf v0.6.1-0.20240409071808-615f978279ca // indirect
|
||||
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
|
||||
github.com/prometheus/client_golang v1.22.0 // indirect
|
||||
github.com/prometheus/client_golang v1.23.2 // indirect
|
||||
github.com/prometheus/client_model v0.6.2 // indirect
|
||||
github.com/prometheus/common v0.65.0 // indirect
|
||||
github.com/prometheus/procfs v0.16.1 // indirect
|
||||
github.com/prometheus/prometheus v0.303.1 // indirect
|
||||
github.com/prometheus/common v0.67.1 // indirect
|
||||
github.com/prometheus/procfs v0.17.0 // indirect
|
||||
github.com/prometheus/prometheus v0.307.1 // indirect
|
||||
github.com/shopspring/decimal v1.4.0 // indirect
|
||||
github.com/sirupsen/logrus v1.9.3 // indirect
|
||||
github.com/spf13/cast v1.8.0 // indirect
|
||||
@@ -220,53 +221,54 @@ require (
|
||||
github.com/zeebo/blake3 v0.2.3 // indirect
|
||||
go.opencensus.io v0.24.0 // indirect
|
||||
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
|
||||
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.59.0 // indirect
|
||||
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect
|
||||
go.opentelemetry.io/otel v1.35.0 // indirect
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 // indirect
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0 // indirect
|
||||
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 // indirect
|
||||
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 // indirect
|
||||
go.opentelemetry.io/otel v1.38.0 // indirect
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 // indirect
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0 // indirect
|
||||
go.opentelemetry.io/otel/exporters/prometheus v0.57.0 // indirect
|
||||
go.opentelemetry.io/otel/metric v1.35.0 // indirect
|
||||
go.opentelemetry.io/otel/sdk v1.35.0 // indirect
|
||||
go.opentelemetry.io/otel/sdk/metric v1.35.0 // indirect
|
||||
go.opentelemetry.io/otel/trace v1.35.0 // indirect
|
||||
go.opentelemetry.io/proto/otlp v1.7.0 // indirect
|
||||
go.opentelemetry.io/otel/metric v1.38.0 // indirect
|
||||
go.opentelemetry.io/otel/sdk v1.38.0 // indirect
|
||||
go.opentelemetry.io/otel/sdk/metric v1.38.0 // indirect
|
||||
go.opentelemetry.io/otel/trace v1.38.0 // indirect
|
||||
go.opentelemetry.io/proto/otlp v1.7.1 // indirect
|
||||
go.uber.org/multierr v1.11.0 // indirect
|
||||
go.yaml.in/yaml/v2 v2.4.2 // indirect
|
||||
go.yaml.in/yaml/v3 v3.0.3 // indirect
|
||||
golang.org/x/crypto v0.40.0 // indirect
|
||||
golang.org/x/exp v0.0.0-20250717185816-542afb5b7346 // indirect
|
||||
golang.org/x/mod v0.25.0 // indirect
|
||||
golang.org/x/oauth2 v0.30.0 // indirect
|
||||
golang.org/x/sync v0.16.0 // indirect
|
||||
golang.org/x/sys v0.34.0 // indirect
|
||||
golang.org/x/term v0.33.0 // indirect
|
||||
golang.org/x/text v0.27.0 // indirect
|
||||
golang.org/x/time v0.11.0 // indirect
|
||||
golang.org/x/tools v0.34.0 // indirect
|
||||
go.yaml.in/yaml/v2 v2.4.3 // indirect
|
||||
go.yaml.in/yaml/v3 v3.0.4 // indirect
|
||||
golang.org/x/crypto v0.42.0 // indirect
|
||||
golang.org/x/exp v0.0.0-20250808145144-a408d31f581a // indirect
|
||||
golang.org/x/mod v0.28.0 // indirect
|
||||
golang.org/x/oauth2 v0.31.0 // indirect
|
||||
golang.org/x/sync v0.17.0 // indirect
|
||||
golang.org/x/sys v0.36.0 // indirect
|
||||
golang.org/x/term v0.35.0 // indirect
|
||||
golang.org/x/text v0.29.0 // indirect
|
||||
golang.org/x/time v0.13.0 // indirect
|
||||
golang.org/x/tools v0.37.0 // indirect
|
||||
gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect
|
||||
google.golang.org/api v0.224.0 // indirect
|
||||
google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 // indirect
|
||||
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
|
||||
google.golang.org/api v0.250.0 // indirect
|
||||
google.golang.org/genproto v0.0.0-20250603155806-513f23925822 // indirect
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20250922171735-9219d122eba9 // indirect
|
||||
gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
|
||||
gopkg.in/gcfg.v1 v1.2.3 // indirect
|
||||
gopkg.in/inf.v0 v0.9.1 // indirect
|
||||
gopkg.in/ini.v1 v1.67.0 // indirect
|
||||
gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
|
||||
gopkg.in/warnings.v0 v0.1.2 // indirect
|
||||
gopkg.in/yaml.v3 v3.0.1 // indirect
|
||||
k8s.io/apiserver v0.33.3 // indirect
|
||||
k8s.io/component-base v0.33.3 // indirect
|
||||
k8s.io/apiserver v0.34.1 // indirect
|
||||
k8s.io/component-base v0.34.1 // indirect
|
||||
k8s.io/klog/v2 v2.130.1 // indirect
|
||||
k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect
|
||||
k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3 // indirect
|
||||
k8s.io/kubectl v0.33.3 // indirect
|
||||
k8s.io/utils v0.0.0-20250502105355-0f33e8f1c979 // indirect
|
||||
k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d // indirect
|
||||
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.32.1 // indirect
|
||||
sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
|
||||
sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect
|
||||
sigs.k8s.io/kustomize/api v0.19.0 // indirect
|
||||
sigs.k8s.io/kustomize/kyaml v0.19.0 // indirect
|
||||
sigs.k8s.io/mcs-api v0.1.1-0.20240624222831-d7001fe1d21c // indirect
|
||||
sigs.k8s.io/randfill v1.0.0 // indirect
|
||||
sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect
|
||||
)
|
||||
|
||||
replace istio.io/api => ./external/api
|
||||
|
||||
298
go.sum
298
go.sum
@@ -55,8 +55,8 @@ cloud.google.com/go v0.110.10/go.mod h1:v1OoFqYxiBkUrruItNM3eT4lLByNjxmJSV/xDKJN
|
||||
cloud.google.com/go v0.111.0/go.mod h1:0mibmpKP1TyOOFYQY5izo0LnT+ecvOQ0Sg3OdmMiNRU=
|
||||
cloud.google.com/go v0.112.0/go.mod h1:3jEEVwZ/MHU4djK5t5RHuKOA/GbLddgTdVubX1qnPD4=
|
||||
cloud.google.com/go v0.112.1/go.mod h1:+Vbu+Y1UU+I1rjmzeMOb/8RfkKJK2Gyxi1X6jJCZLo4=
|
||||
cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ=
|
||||
cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc=
|
||||
cloud.google.com/go v0.120.0 h1:wc6bgG9DHyKqF5/vQvX1CiZrtHnxJjBlKUyF9nP6meA=
|
||||
cloud.google.com/go v0.120.0/go.mod h1:/beW32s8/pGRuj4IILWQNd4uuebeT4dkOhKmkfit64Q=
|
||||
cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4=
|
||||
cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw=
|
||||
cloud.google.com/go/accessapproval v1.6.0/go.mod h1:R0EiYnwV5fsRFiKZkPHr6mwyk2wxUJ30nL4j2pcFY2E=
|
||||
@@ -193,10 +193,10 @@ cloud.google.com/go/assuredworkloads v1.11.2/go.mod h1:O1dfr+oZJMlE6mw0Bp0P1KZSl
|
||||
cloud.google.com/go/assuredworkloads v1.11.3/go.mod h1:vEjfTKYyRUaIeA0bsGJceFV2JKpVRgyG2op3jfa59Zs=
|
||||
cloud.google.com/go/assuredworkloads v1.11.4/go.mod h1:4pwwGNwy1RP0m+y12ef3Q/8PaiWrIDQ6nD2E8kvWI9U=
|
||||
cloud.google.com/go/assuredworkloads v1.11.5/go.mod h1:FKJ3g3ZvkL2D7qtqIGnDufFkHxwIpNM9vtmhvt+6wqk=
|
||||
cloud.google.com/go/auth v0.15.0 h1:Ly0u4aA5vG/fsSsxu98qCQBemXtAtJf+95z9HK+cxps=
|
||||
cloud.google.com/go/auth v0.15.0/go.mod h1:WJDGqZ1o9E9wKIL+IwStfyn/+s59zl4Bi+1KQNVXLZ8=
|
||||
cloud.google.com/go/auth/oauth2adapt v0.2.7 h1:/Lc7xODdqcEw8IrZ9SvwnlLX6j9FHQM74z6cBk9Rw6M=
|
||||
cloud.google.com/go/auth/oauth2adapt v0.2.7/go.mod h1:NTbTTzfvPl1Y3V1nPpOgl2w6d/FjO7NNUQaWSox6ZMc=
|
||||
cloud.google.com/go/auth v0.16.5 h1:mFWNQ2FEVWAliEQWpAdH80omXFokmrnbDhUS9cBywsI=
|
||||
cloud.google.com/go/auth v0.16.5/go.mod h1:utzRfHMP+Vv0mpOkTRQoWD2q3BatTOoWbA7gCc2dUhQ=
|
||||
cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc=
|
||||
cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c=
|
||||
cloud.google.com/go/automl v1.5.0/go.mod h1:34EjfoFGMZ5sgJ9EoLsRtdPSNZLcfflJR39VbVNS2M0=
|
||||
cloud.google.com/go/automl v1.6.0/go.mod h1:ugf8a6Fx+zP0D59WLhqgTDsQI9w07o64uf/Is3Nh5p8=
|
||||
cloud.google.com/go/automl v1.7.0/go.mod h1:RL9MYCCsJEOmt0Wf3z9uzG0a7adTT1fe+aObgSpkCt8=
|
||||
@@ -368,8 +368,9 @@ cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2Aawl
|
||||
cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
|
||||
cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY=
|
||||
cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k=
|
||||
cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I=
|
||||
cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg=
|
||||
cloud.google.com/go/compute/metadata v0.8.4 h1:oXMa1VMQBVCyewMIOm3WQsnVd9FbKBtm8reqWRaXnHQ=
|
||||
cloud.google.com/go/compute/metadata v0.8.4/go.mod h1:E0bWwX5wTnLPedCKqk3pJmVgCBSM6qQI1yTBdEb3C10=
|
||||
cloud.google.com/go/contactcenterinsights v1.3.0/go.mod h1:Eu2oemoePuEFc/xKFPjbTuPSj0fYJcPls9TFlPNnHHY=
|
||||
cloud.google.com/go/contactcenterinsights v1.4.0/go.mod h1:L2YzkGbPsv+vMQMCADxJoT9YiTTnSEd6fEvCeHTYVck=
|
||||
cloud.google.com/go/contactcenterinsights v1.6.0/go.mod h1:IIDlT6CLcDoyv79kDv8iWxMSTZhLxSCofVV5W6YFM/w=
|
||||
@@ -705,8 +706,8 @@ cloud.google.com/go/iam v1.1.3/go.mod h1:3khUlaBXfPKKe7huYgEpDn6FtgRyMEqbkvBxrQy
|
||||
cloud.google.com/go/iam v1.1.4/go.mod h1:l/rg8l1AaA+VFMho/HYx2Vv6xinPSLMF8qfhRPIZ0L8=
|
||||
cloud.google.com/go/iam v1.1.5/go.mod h1:rB6P/Ic3mykPbFio+vo7403drjlgvoWfYpJhMXEbzv8=
|
||||
cloud.google.com/go/iam v1.1.6/go.mod h1:O0zxdPeGBoFdWW3HWmBxJsk0pfvNM/p/qa82rWOGTwI=
|
||||
cloud.google.com/go/iam v1.2.0 h1:kZKMKVNk/IsSSc/udOb83K0hL/Yh/Gcqpz+oAkoIFN8=
|
||||
cloud.google.com/go/iam v1.2.0/go.mod h1:zITGuWgsLZxd8OwAlX+eMFgZDXzBm7icj1PVTYG766Q=
|
||||
cloud.google.com/go/iam v1.5.2 h1:qgFRAGEmd8z6dJ/qyEchAuL9jpswyODjA2lS+w234g8=
|
||||
cloud.google.com/go/iam v1.5.2/go.mod h1:SE1vg0N81zQqLzQEwxL2WI6yhetBdbNQuTvIKCSkUHE=
|
||||
cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc=
|
||||
cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/Ix9A=
|
||||
cloud.google.com/go/iap v1.6.0/go.mod h1:NSuvI9C/j7UdjGjIde7t7HBz+QTwBcapPE07+sSRcLk=
|
||||
@@ -774,8 +775,8 @@ cloud.google.com/go/logging v1.6.1/go.mod h1:5ZO0mHHbvm8gEmeEUHrmDlTDSu5imF6MUP9
|
||||
cloud.google.com/go/logging v1.7.0/go.mod h1:3xjP2CjkM3ZkO73aj4ASA5wRPGGCRrPIAeNqVNkzY8M=
|
||||
cloud.google.com/go/logging v1.8.1/go.mod h1:TJjR+SimHwuC8MZ9cjByQulAMgni+RkXeI3wwctHJEI=
|
||||
cloud.google.com/go/logging v1.9.0/go.mod h1:1Io0vnZv4onoUnsVUQY3HZ3Igb1nBchky0A0y7BBBhE=
|
||||
cloud.google.com/go/logging v1.11.0 h1:v3ktVzXMV7CwHq1MBF65wcqLMA7i+z3YxbUsoK7mOKs=
|
||||
cloud.google.com/go/logging v1.11.0/go.mod h1:5LDiJC/RxTt+fHc1LAt20R9TKiUTReDg6RuuFOZ67+A=
|
||||
cloud.google.com/go/logging v1.13.0 h1:7j0HgAp0B94o1YRDqiqm26w4q1rDMH7XNRU34lJXHYc=
|
||||
cloud.google.com/go/logging v1.13.0/go.mod h1:36CoKh6KA/M0PbhPKMq6/qety2DCAErbhXT62TuXALA=
|
||||
cloud.google.com/go/longrunning v0.1.1/go.mod h1:UUFxuDWkv22EuY93jjmDMFT5GPQKeFVJBIF6QlTqdsE=
|
||||
cloud.google.com/go/longrunning v0.3.0/go.mod h1:qth9Y41RRSUE69rDcOn6DdK3HfQfsUI0YSmW3iIlLJc=
|
||||
cloud.google.com/go/longrunning v0.4.1/go.mod h1:4iWDqhBZ70CvZ6BfETbvam3T8FMvLK+eFj0E6AaRQTo=
|
||||
@@ -786,8 +787,8 @@ cloud.google.com/go/longrunning v0.5.2/go.mod h1:nqo6DQbNV2pXhGDbDMoN2bWz68MjZUz
|
||||
cloud.google.com/go/longrunning v0.5.3/go.mod h1:y/0ga59EYu58J6SHmmQOvekvND2qODbu8ywBBW7EK7Y=
|
||||
cloud.google.com/go/longrunning v0.5.4/go.mod h1:zqNVncI0BOP8ST6XQD1+VcvuShMmq7+xFSzOL++V0dI=
|
||||
cloud.google.com/go/longrunning v0.5.5/go.mod h1:WV2LAxD8/rg5Z1cNW6FJ/ZpX4E4VnDnoTk0yawPBB7s=
|
||||
cloud.google.com/go/longrunning v0.6.0 h1:mM1ZmaNsQsnb+5n1DNPeL0KwQd9jQRqSqSDEkBZr+aI=
|
||||
cloud.google.com/go/longrunning v0.6.0/go.mod h1:uHzSZqW89h7/pasCWNYdUpwGz3PcVWhrWupreVPYLts=
|
||||
cloud.google.com/go/longrunning v0.6.7 h1:IGtfDWHhQCgCjwQjV9iiLnUta9LBCo8R9QmAFsS/PrE=
|
||||
cloud.google.com/go/longrunning v0.6.7/go.mod h1:EAFV3IZAKmM56TyiE6VAP3VoTzhZzySwI/YI1s/nRsY=
|
||||
cloud.google.com/go/managedidentities v1.3.0/go.mod h1:UzlW3cBOiPrzucO5qWkNkh0w33KFtBJU281hacNvsdE=
|
||||
cloud.google.com/go/managedidentities v1.4.0/go.mod h1:NWSBYbEMgqmbZsLIyKvxrYbtqOsxY1ZrGM+9RgDqInM=
|
||||
cloud.google.com/go/managedidentities v1.5.0/go.mod h1:+dWcZ0JlUmpuxpIDfyP5pP5y0bLdRwOS4Lp7gMni/LA=
|
||||
@@ -1373,8 +1374,8 @@ github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0
|
||||
github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
|
||||
github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
|
||||
github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
|
||||
github.com/Masterminds/semver/v3 v3.3.1 h1:QtNSWtVZ3nBfk8mAOu/B6v7FMJ+NHTIgUPi7rj+4nv4=
|
||||
github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
|
||||
github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0=
|
||||
github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
|
||||
github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs=
|
||||
github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0=
|
||||
github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
|
||||
@@ -1539,6 +1540,8 @@ github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QH
|
||||
github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
|
||||
github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
|
||||
github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
|
||||
github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=
|
||||
github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=
|
||||
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
|
||||
github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
|
||||
github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g=
|
||||
@@ -1603,8 +1606,8 @@ github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7 h1:u9SHYsPQNyt5t
|
||||
github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
|
||||
github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
|
||||
github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
|
||||
github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
|
||||
github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
|
||||
github.com/coreos/go-systemd/v22 v22.6.0 h1:aGVa/v8B7hpb0TKl0MWoAavPDmHvobFe5R5zn0bCJWo=
|
||||
github.com/coreos/go-systemd/v22 v22.6.0/go.mod h1:iG+pp635Fo7ZmV/j14KUcmEyWF+0X7Lua8rrTWzYgWU=
|
||||
github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
|
||||
@@ -1653,8 +1656,8 @@ github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaB
|
||||
github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
|
||||
github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
|
||||
github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
|
||||
github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU=
|
||||
github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
|
||||
github.com/emicklei/go-restful/v3 v3.13.0 h1:C4Bl2xDndpU6nJ4bc1jXd+uTmYPVUwkD6bFY/oTyCes=
|
||||
github.com/emicklei/go-restful/v3 v3.13.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
|
||||
github.com/envoyproxy/go-control-plane/ratelimit v0.1.0/go.mod h1:Wk+tMFAFbCXaJPzVVHnPgRKdUdwW/KdbRt94AzgRee4=
|
||||
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
|
||||
github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w=
|
||||
@@ -1701,8 +1704,8 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo
|
||||
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
|
||||
github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
|
||||
github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
|
||||
github.com/fxamacker/cbor/v2 v2.8.0 h1:fFtUGXUzXPHTIUdne5+zzMPTfffl3RD5qYnkY40vtxU=
|
||||
github.com/fxamacker/cbor/v2 v2.8.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
|
||||
github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM=
|
||||
github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
|
||||
github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY=
|
||||
github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ=
|
||||
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
|
||||
@@ -1717,8 +1720,8 @@ github.com/go-fonts/stix v0.1.0/go.mod h1:w/c1f0ldAUlJmLBvlbkvVXLAD+tAMqobIIQpmn
|
||||
github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
|
||||
github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
|
||||
github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA=
|
||||
github.com/go-jose/go-jose/v4 v4.1.0 h1:cYSYxd3pw5zd2FSXk2vGdn9igQU2PS8MuxrCOCl0FdY=
|
||||
github.com/go-jose/go-jose/v4 v4.1.0/go.mod h1:GG/vqmYm3Von2nYiB2vGTXzdoNKE5tix5tuc6iAd+sw=
|
||||
github.com/go-jose/go-jose/v4 v4.1.2 h1:TK/7NqRQZfgAh+Td8AlsrvtPoUyiHh0LqVvokh+1vHI=
|
||||
github.com/go-jose/go-jose/v4 v4.1.2/go.mod h1:22cg9HWM1pOlnRiY+9cQYJ9XHmya1bYW8OeDM6Ku6Oo=
|
||||
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
|
||||
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
|
||||
github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
|
||||
@@ -1746,8 +1749,8 @@ github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR
|
||||
github.com/go-ole/go-ole v1.2.4/go.mod h1:XCwSNxSkXRo4vlyPy93sltvi/qJq0jqQhjqQNIwKuxM=
|
||||
github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
|
||||
github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
|
||||
github.com/go-openapi/jsonpointer v0.21.1 h1:whnzv/pNXtK2FbX/W9yJfRmE2gsmkfahjMKB0fZvcic=
|
||||
github.com/go-openapi/jsonpointer v0.21.1/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk=
|
||||
github.com/go-openapi/jsonpointer v0.21.2 h1:AqQaNADVwq/VnkCmQg6ogE+M3FOsKTytwges0JdwVuA=
|
||||
github.com/go-openapi/jsonpointer v0.21.2/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk=
|
||||
github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
|
||||
github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg=
|
||||
github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
|
||||
@@ -1850,12 +1853,12 @@ github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ
|
||||
github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
|
||||
github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
|
||||
github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
|
||||
github.com/google/cel-go v0.25.0 h1:jsFw9Fhn+3y2kBbltZR4VEz5xKkcIFRPDnuEzAGv5GY=
|
||||
github.com/google/cel-go v0.25.0/go.mod h1:hjEb6r5SuOSlhCHmFoLzu8HGCERvIsDAbxDAyNU/MmI=
|
||||
github.com/google/cel-go v0.26.0 h1:DPGjXackMpJWH680oGY4lZhYjIameYmR+/6RBdDGmaI=
|
||||
github.com/google/cel-go v0.26.0/go.mod h1:A9O8OU9rdvrK5MQyrqfIxo1a0u4g3sF8KB6PUIaryMM=
|
||||
github.com/google/flatbuffers v2.0.8+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8=
|
||||
github.com/google/flatbuffers v23.5.26+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8=
|
||||
github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw=
|
||||
github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw=
|
||||
github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo=
|
||||
github.com/google/gnostic-models v0.7.0/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ=
|
||||
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
|
||||
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
|
||||
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
|
||||
@@ -1906,8 +1909,8 @@ github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLe
|
||||
github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
|
||||
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
|
||||
github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo=
|
||||
github.com/google/pprof v0.0.0-20250501235452-c0086092b71a h1:rDA3FfmxwXR+BVKKdz55WwMJ1pD2hJQNW31d+l3mPk4=
|
||||
github.com/google/pprof v0.0.0-20250501235452-c0086092b71a/go.mod h1:5hDyRhoBCxViHszMt12TnOpEI4VVi+U8Gm9iphldiMA=
|
||||
github.com/google/pprof v0.0.0-20250923004556-9e5a51aed1e8 h1:ZI8gCoCjGzPsum4L21jHdQs8shFBIQih1TM9Rd/c+EQ=
|
||||
github.com/google/pprof v0.0.0-20250923004556-9e5a51aed1e8/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U=
|
||||
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
|
||||
github.com/google/s2a-go v0.1.0/go.mod h1:OJpEgntRZo8ugHpF9hkoLJbS5dSI20XZeXJ9JVywLlM=
|
||||
github.com/google/s2a-go v0.1.3/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
|
||||
@@ -1934,8 +1937,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5
|
||||
github.com/googleapis/enterprise-certificate-proxy v0.2.4/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
|
||||
github.com/googleapis/enterprise-certificate-proxy v0.2.5/go.mod h1:RxW0N9901Cko1VOCW3SXCpWP+mlIEkk2tP7jnHy9a3w=
|
||||
github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
|
||||
github.com/googleapis/enterprise-certificate-proxy v0.3.5 h1:VgzTY2jogw3xt39CusEnFJWm7rlsq5yL5q9XdLOuP5g=
|
||||
github.com/googleapis/enterprise-certificate-proxy v0.3.5/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA=
|
||||
github.com/googleapis/enterprise-certificate-proxy v0.3.6 h1:GW/XbdyBFQ8Qe+YAmFU9uHLo7OnF5tL52HFAgMmyrf4=
|
||||
github.com/googleapis/enterprise-certificate-proxy v0.3.6/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA=
|
||||
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
|
||||
github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
|
||||
github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
|
||||
@@ -1953,8 +1956,8 @@ github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5i
|
||||
github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
|
||||
github.com/googleapis/gax-go/v2 v2.12.1/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc=
|
||||
github.com/googleapis/gax-go/v2 v2.12.2/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc=
|
||||
github.com/googleapis/gax-go/v2 v2.14.1 h1:hb0FFeiPaQskmvakKu5EbCbpntQn48jyHuvrkurSS/Q=
|
||||
github.com/googleapis/gax-go/v2 v2.14.1/go.mod h1:Hb/NubMaVM88SrNkvl8X/o8XWwDJEPqouaLeN2IUxoA=
|
||||
github.com/googleapis/gax-go/v2 v2.15.0 h1:SyjDc1mGgZU5LncH8gimWo9lW1DtIfPibOG81vgd/bo=
|
||||
github.com/googleapis/gax-go/v2 v2.15.0/go.mod h1:zVVkkxAQHa1RQpg9z2AUCMnKhi0Qld9rcmyfL1OZhoc=
|
||||
github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU=
|
||||
github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA=
|
||||
github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4=
|
||||
@@ -1976,8 +1979,8 @@ github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY
|
||||
github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
|
||||
github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo=
|
||||
github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA=
|
||||
github.com/grafana/regexp v0.0.0-20240518133315-a468a5bfb3bc h1:GN2Lv3MGO7AS6PrRoT6yV5+wkrOpcszoIsO4+4ds248=
|
||||
github.com/grafana/regexp v0.0.0-20240518133315-a468a5bfb3bc/go.mod h1:+JKpmjMGhpgPL+rXZ5nsZieVzvarn86asRlBg4uNGnk=
|
||||
github.com/grafana/regexp v0.0.0-20250905093917-f7b3be9d1853 h1:cLN4IBkmkYZNnk7EAJ0BHIethd+J6LqxFNw5mSiI2bM=
|
||||
github.com/grafana/regexp v0.0.0-20250905093917-f7b3be9d1853/go.mod h1:+JKpmjMGhpgPL+rXZ5nsZieVzvarn86asRlBg4uNGnk=
|
||||
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
|
||||
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
|
||||
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
|
||||
@@ -1994,11 +1997,12 @@ github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t
|
||||
github.com/grpc-ecosystem/grpc-gateway v1.14.6/go.mod h1:zdiPV4Yse/1gnckTHtghG4GkDEdKCRJduHpTxT3/jcw=
|
||||
github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
|
||||
github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w=
|
||||
github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 h1:5ZPtiqj0JL5oKWmcsq4VMaAW5ukBEgSGXEN89zeH1Jo=
|
||||
github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3/go.mod h1:ndYquD05frm2vACXE1nsccT4oJzjhw2arTS2cpUD1PI=
|
||||
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 h1:8Tjv8EJ+pM1xP8mK6egEbD1OgnVTyacbefKhmbLhIhU=
|
||||
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2/go.mod h1:pkJQ2tZHJ0aFOVEEot6oZmaVEZcRme73eIFmhiVuRWs=
|
||||
github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE=
|
||||
github.com/hashicorp/consul/api v1.31.2 h1:NicObVJHcCmyOIl7Z9iHPvvFrocgTYo9cITSGg0/7pw=
|
||||
github.com/hashicorp/consul/api v1.31.2/go.mod h1:Z8YgY0eVPukT/17ejW+l+C7zJmKwgPHtjU1q16v/Y40=
|
||||
github.com/hashicorp/consul/api v1.32.0 h1:5wp5u780Gri7c4OedGEPzmlUEzi0g2KyiPphSr6zjVg=
|
||||
github.com/hashicorp/consul/api v1.32.0/go.mod h1:Z8YgY0eVPukT/17ejW+l+C7zJmKwgPHtjU1q16v/Y40=
|
||||
github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
|
||||
github.com/hashicorp/consul/sdk v0.16.1 h1:V8TxTnImoPD5cj0U9Spl0TUxcytjcbbJeADFF07KdHg=
|
||||
github.com/hashicorp/consul/sdk v0.16.1/go.mod h1:fSXvwxB2hmh1FMZCNl6PwX0Q/1wdWtHJcZ7Ea5tns0s=
|
||||
@@ -2095,8 +2099,8 @@ github.com/johnlanni/gost v1.11.23-0.20220713132522-0967a24036c6 h1:i9IP6menkNYR
|
||||
github.com/johnlanni/gost v1.11.23-0.20220713132522-0967a24036c6/go.mod h1:PhJ8+qZJx+Txjx1KthNPuVkCvUca0jRLgKWj/noGgeI=
|
||||
github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
|
||||
github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
|
||||
github.com/jonboulle/clockwork v0.4.0 h1:p4Cf1aMWXnXAUh8lVfewRBx1zaTSYKrKMF2g3ST4RZ4=
|
||||
github.com/jonboulle/clockwork v0.4.0/go.mod h1:xgRqUGwRcjKCO1vbZUEtSLrqKoPSsUpK7fnezOII0kc=
|
||||
github.com/jonboulle/clockwork v0.5.0 h1:Hyh9A8u51kptdkR+cqRpT1EebBwTn1oK9YfGYbdFz6I=
|
||||
github.com/jonboulle/clockwork v0.5.0/go.mod h1:3mZlmanh0g2NDKO5TWZVJAfofYk64M7XN3SzBPjZF60=
|
||||
github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
|
||||
github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
|
||||
github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
|
||||
@@ -2227,8 +2231,8 @@ github.com/miekg/dns v1.1.17/go.mod h1:WgzbA6oji13JREwiNsRDNfl7jYdPnmz+VEuLrA+/4
|
||||
github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
|
||||
github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
|
||||
github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4=
|
||||
github.com/miekg/dns v1.1.66 h1:FeZXOS3VCVsKnEAd+wBkjMC3D2K+ww66Cq3VnCINuJE=
|
||||
github.com/miekg/dns v1.1.66/go.mod h1:jGFzBsSNbJw6z1HYut1RKBKHA9PBdxeHrZG8J+gC2WE=
|
||||
github.com/miekg/dns v1.1.68 h1:jsSRkNozw7G/mnmXULynzMNIsgY2dHC8LO6U6Ij2JEA=
|
||||
github.com/miekg/dns v1.1.68/go.mod h1:fujopn7TB3Pu3JM69XaawiU0wqjpL9/8xGop5UrTPps=
|
||||
github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY=
|
||||
github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE=
|
||||
github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
|
||||
@@ -2259,8 +2263,9 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w
|
||||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
|
||||
github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
|
||||
github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
|
||||
github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
|
||||
github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
|
||||
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFdJifH4BDsTlE89Zl93FEloxaWZfGcifgq8=
|
||||
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
|
||||
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0=
|
||||
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4=
|
||||
github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
|
||||
@@ -2297,16 +2302,16 @@ github.com/onsi/ginkgo v1.16.2/go.mod h1:CObGmKUOKaSC0RjmoAK7tKyn4Azo5P2IWuoMnvw
|
||||
github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
|
||||
github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
|
||||
github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
|
||||
github.com/onsi/ginkgo/v2 v2.23.4 h1:ktYTpKJAVZnDT4VjxSbiBenUjmlL/5QkBEocaWXiQus=
|
||||
github.com/onsi/ginkgo/v2 v2.23.4/go.mod h1:Bt66ApGPBFzHyR+JO10Zbt0Gsp4uWxu5mIOTusL46e8=
|
||||
github.com/onsi/ginkgo/v2 v2.26.0 h1:1J4Wut1IlYZNEAWIV3ALrT9NfiaGW2cDCJQSFQMs/gE=
|
||||
github.com/onsi/ginkgo/v2 v2.26.0/go.mod h1:qhEywmzWTBUY88kfO0BRvX4py7scov9yR+Az2oavUzw=
|
||||
github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
|
||||
github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
|
||||
github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
|
||||
github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
|
||||
github.com/onsi/gomega v1.13.0/go.mod h1:lRk9szgn8TxENtWd0Tp4c3wjlRfMTMH27I+3Je41yGY=
|
||||
github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
|
||||
github.com/onsi/gomega v1.37.0 h1:CdEG8g0S133B4OswTDC/5XPSzE1OeP29QOioj2PID2Y=
|
||||
github.com/onsi/gomega v1.37.0/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
|
||||
github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A=
|
||||
github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k=
|
||||
github.com/op/go-logging v0.0.0-20160315200505-970db520ece7 h1:lDH9UUVJtmYCjyT0CI4q8xvlXPxeZ0gYCVvWbmPlp88=
|
||||
github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
|
||||
github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
|
||||
@@ -2372,8 +2377,8 @@ github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3O
|
||||
github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
|
||||
github.com/prometheus/client_golang v1.9.0/go.mod h1:FqZLKOZnGdFAhOK4nqGHa7D66IdsO+O441Eve7ptJDU=
|
||||
github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
|
||||
github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q=
|
||||
github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0=
|
||||
github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o=
|
||||
github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg=
|
||||
github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
|
||||
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
|
||||
github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
|
||||
@@ -2392,8 +2397,8 @@ github.com/prometheus/common v0.15.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16
|
||||
github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
|
||||
github.com/prometheus/common v0.28.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
|
||||
github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
|
||||
github.com/prometheus/common v0.65.0 h1:QDwzd+G1twt//Kwj/Ww6E9FQq1iVMmODnILtW1t2VzE=
|
||||
github.com/prometheus/common v0.65.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8=
|
||||
github.com/prometheus/common v0.67.1 h1:OTSON1P4DNxzTg4hmKCc37o4ZAZDv0cfXLkOt0oEowI=
|
||||
github.com/prometheus/common v0.67.1/go.mod h1:RpmT9v35q2Y+lsieQsdOh5sXZ6ajUGC8NjZAmr8vb0Q=
|
||||
github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
|
||||
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
|
||||
github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
|
||||
@@ -2402,10 +2407,10 @@ github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+Gx
|
||||
github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
|
||||
github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
|
||||
github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
|
||||
github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg=
|
||||
github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is=
|
||||
github.com/prometheus/prometheus v0.303.1 h1:He/2jRE6sB23Ew38AIoR1WRR3fCMgPlJA2E0obD2WSY=
|
||||
github.com/prometheus/prometheus v0.303.1/go.mod h1:WEq2ogBPZoLjj9x5K67VEk7ECR0nRD9XCjaOt1lsYck=
|
||||
github.com/prometheus/procfs v0.17.0 h1:FuLQ+05u4ZI+SS/w9+BWEM2TXiHKsUQ9TADiRH7DuK0=
|
||||
github.com/prometheus/procfs v0.17.0/go.mod h1:oPQLaDAMRbA+u8H5Pbfq+dl3VDAvHxMUOVhe0wYB2zw=
|
||||
github.com/prometheus/prometheus v0.307.1 h1:Hh3kRMFn+xpQGLe/bR6qpUfW4GXQO0spuYeY7f2JZs4=
|
||||
github.com/prometheus/prometheus v0.307.1/go.mod h1:/7YQG/jOLg7ktxGritmdkZvezE1fa6aWDj0MGDIZvcY=
|
||||
github.com/prometheus/statsd_exporter v0.21.0/go.mod h1:rbT83sZq2V+p73lHhPZfMc3MLCHmSHelCh9hSGYNLTQ=
|
||||
github.com/rabbitmq/amqp091-go v1.1.0/go.mod h1:ogQDLSOACsLPsIq0NpbtiifNZi2YOz0VTJ0kHRghqbM=
|
||||
github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
|
||||
@@ -2508,8 +2513,9 @@ github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o
|
||||
github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
|
||||
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
|
||||
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
|
||||
github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
|
||||
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
|
||||
github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
|
||||
github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
|
||||
github.com/substrait-io/substrait-go v0.4.2/go.mod h1:qhpnLmrcvAnlZsUyPXZRqldiHapPTXC3t7xFgDi3aQg=
|
||||
github.com/tebeka/strftime v0.1.3 h1:5HQXOqWKYRFfNyBMNVc9z5+QzuBtIXy03psIhtdJYto=
|
||||
github.com/tebeka/strftime v0.1.3/go.mod h1:7wJm3dZlpr4l/oVK0t1HYIc4rMzQ2XJlOMIUJUJH6XQ=
|
||||
@@ -2577,17 +2583,17 @@ go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738 h1:VcrIfasaLFkyjk6KNlXQSzO+B0
|
||||
go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
|
||||
go.etcd.io/etcd/api/v3 v3.5.0-alpha.0/go.mod h1:mPcW6aZJukV6Aa81LSKpBjQXTWlXB5r74ymPoSWa3Sw=
|
||||
go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
|
||||
go.etcd.io/etcd/api/v3 v3.5.21 h1:A6O2/JDb3tvHhiIz3xf9nJ7REHvtEFJJ3veW3FbCnS8=
|
||||
go.etcd.io/etcd/api/v3 v3.5.21/go.mod h1:c3aH5wcvXv/9dqIw2Y810LDXJfhSYdHQ0vxmP3CCHVY=
|
||||
go.etcd.io/etcd/api/v3 v3.6.4 h1:7F6N7toCKcV72QmoUKa23yYLiiljMrT4xCeBL9BmXdo=
|
||||
go.etcd.io/etcd/api/v3 v3.6.4/go.mod h1:eFhhvfR8Px1P6SEuLT600v+vrhdDTdcfMzmnxVXXSbk=
|
||||
go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
|
||||
go.etcd.io/etcd/client/pkg/v3 v3.5.21 h1:lPBu71Y7osQmzlflM9OfeIV2JlmpBjqBNlLtcoBqUTc=
|
||||
go.etcd.io/etcd/client/pkg/v3 v3.5.21/go.mod h1:BgqT/IXPjK9NkeSDjbzwsHySX3yIle2+ndz28nVsjUs=
|
||||
go.etcd.io/etcd/client/pkg/v3 v3.6.4 h1:9HBYrjppeOfFjBjaMTRxT3R7xT0GLK8EJMVC4xg6ok0=
|
||||
go.etcd.io/etcd/client/pkg/v3 v3.6.4/go.mod h1:sbdzr2cl3HzVmxNw//PH7aLGVtY4QySjQFuaCgcRFAI=
|
||||
go.etcd.io/etcd/client/v2 v2.305.0-alpha.0/go.mod h1:kdV+xzCJ3luEBSIeQyB/OEKkWKd8Zkux4sbDeANrosU=
|
||||
go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ=
|
||||
go.etcd.io/etcd/client/v3 v3.5.0-alpha.0/go.mod h1:wKt7jgDgf/OfKiYmCq5WFGxOFAkVMLxiiXgLDFhECr8=
|
||||
go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0=
|
||||
go.etcd.io/etcd/client/v3 v3.5.21 h1:T6b1Ow6fNjOLOtM0xSoKNQt1ASPCLWrF9XMHcH9pEyY=
|
||||
go.etcd.io/etcd/client/v3 v3.5.21/go.mod h1:mFYy67IOqmbRf/kRUvsHixzo3iG+1OF2W2+jVIQRAnU=
|
||||
go.etcd.io/etcd/client/v3 v3.6.4 h1:YOMrCfMhRzY8NgtzUsHl8hC2EBSnuqbR3dh84Uryl7A=
|
||||
go.etcd.io/etcd/client/v3 v3.6.4/go.mod h1:jaNNHCyg2FdALyKWnd7hxZXZxZANb0+KGY+YQaEMISo=
|
||||
go.etcd.io/etcd/pkg/v3 v3.5.0-alpha.0/go.mod h1:tV31atvwzcybuqejDoY3oaNRTtlD2l/Ot78Pc9w7DMY=
|
||||
go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE=
|
||||
go.etcd.io/etcd/raft/v3 v3.5.0-alpha.0/go.mod h1:FAwse6Zlm5v4tEWZaTjmNhe17Int4Oxbu7+2r0DiD3w=
|
||||
@@ -2616,15 +2622,15 @@ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.4
|
||||
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0/go.mod h1:r9vWsPS/3AQItv3OSlEJ/E4mbrhUbbw18meOjArPtKQ=
|
||||
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.48.0/go.mod h1:tIKj3DbO8N9Y2xo52og3irLsPI4GW02DSMtrVgNMgxg=
|
||||
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0/go.mod h1:Mjt1i1INqiaoZOMGR1RIUJN+i3ChKoFRqzrRQhlkbs0=
|
||||
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.59.0 h1:rgMkmiGfix9vFJDcDi1PK8WEQP4FLQwLDfhp5ZLpFeE=
|
||||
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.59.0/go.mod h1:ijPqXp5P6IRRByFVVg9DY8P5HkxkHE5ARIa+86aXPf4=
|
||||
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 h1:q4XOmH/0opmeuJtPsbFNivyl7bCt7yRBbeEm2sC/XtQ=
|
||||
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0/go.mod h1:snMWehoOh2wsEwnvvwtDyFCxVeDAODenXHtn5vzrKjo=
|
||||
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4=
|
||||
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:sEGXWArGqc3tVa+ekntsN65DmVbVeW+7lTKTjZF3/Fo=
|
||||
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0/go.mod h1:SK2UL73Zy1quvRPonmOmRDiWk1KBV3LyIeeIxcEApWw=
|
||||
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0/go.mod h1:rdENBZMT2OE6Ne/KLwpiXudnAsbdrdBaqBvTN8M8BgA=
|
||||
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw=
|
||||
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 h1:sbiXRNDSWJOTobXh5HyQKjq6wUC5tNybqjIqDpAY4CU=
|
||||
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0/go.mod h1:69uWxva0WgAA/4bu2Yy70SLDBwZXuQ6PbBpbsa5iZrQ=
|
||||
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 h1:RbKq8BG0FI8OiXhBfcRtqqHcZcka+gU3cskNuf05R18=
|
||||
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0/go.mod h1:h06DGIukJOevXaj/xrNjhi/2098RZzcLTbc0jDAUbsg=
|
||||
go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo=
|
||||
go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY=
|
||||
go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo=
|
||||
@@ -2633,13 +2639,14 @@ go.opentelemetry.io/otel v1.23.0/go.mod h1:YCycw9ZeKhcJFrb34iVSkyT0iczq/zYDtZYFu
|
||||
go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo=
|
||||
go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg=
|
||||
go.opentelemetry.io/otel v1.34.0/go.mod h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI=
|
||||
go.opentelemetry.io/otel v1.35.0 h1:xKWKPxrxB6OtMCbmMY021CqC45J+3Onta9MqjhnusiQ=
|
||||
go.opentelemetry.io/otel v1.35.0/go.mod h1:UEqy8Zp11hpkUrL73gSlELM0DupHoiq72dR+Zqel/+Y=
|
||||
go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8=
|
||||
go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM=
|
||||
go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 h1:1fTNlAIJZGWLP5FVu0fikVry1IsiUnXjf7QFvoNN3Xw=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0/go.mod h1:zjPK58DtkqQFn+YUMbx0M2XV3QgKU0gS9LeGohREyK4=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0 h1:m639+BofXTvcY1q8CGs4ItwQarYtJPOWmVobfM1HpVI=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0/go.mod h1:LjReUci/F4BUyv+y4dwnq3h/26iNOeC3wAIqgvTIZVo=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 h1:GqRJVj7UmLjCVyVJ3ZFLdPRmhDUp2zFmQe3RHIOsw24=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0/go.mod h1:ri3aaHSmCTVYu2AWv44YMauwAQc0aqI9gHKIcSbI1pU=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0 h1:lwI4Dc5leUqENgGuQImwLo4WnuXFPetmPpkLi2IrX54=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0/go.mod h1:Kz/oCE7z5wuyhPxsXDuaPteSWqjSBD5YaSdbxZYGbGk=
|
||||
go.opentelemetry.io/otel/exporters/prometheus v0.57.0 h1:AHh/lAP1BHrY5gBwk8ncc25FXWm/gmmY3BX258z5nuk=
|
||||
go.opentelemetry.io/otel/exporters/prometheus v0.57.0/go.mod h1:QpFWz1QxqevfjwzYdbMb4Y1NnlJvqSGwyuU0B4iuc9c=
|
||||
go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU=
|
||||
@@ -2650,8 +2657,9 @@ go.opentelemetry.io/otel/metric v1.23.0/go.mod h1:MqUW2X2a6Q8RN96E2/nqNoT+z9BSms
|
||||
go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco=
|
||||
go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8=
|
||||
go.opentelemetry.io/otel/metric v1.34.0/go.mod h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE=
|
||||
go.opentelemetry.io/otel/metric v1.35.0 h1:0znxYu2SNyuMSQT4Y9WDWej0VpcsxkuklLa4/siN90M=
|
||||
go.opentelemetry.io/otel/metric v1.35.0/go.mod h1:nKVFgxBZ2fReX6IlyW28MgZojkoAkJGaE8CpgeAU3oE=
|
||||
go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA=
|
||||
go.opentelemetry.io/otel/metric v1.38.0/go.mod h1:kB5n/QoRM8YwmUahxvI3bO34eVtQf2i4utNVLr9gEmI=
|
||||
go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw=
|
||||
go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc=
|
||||
go.opentelemetry.io/otel/sdk v1.19.0/go.mod h1:NedEbbS4w3C6zElbLdPJKOpJQOrGUJ+GfzpjUvI0v1A=
|
||||
@@ -2659,14 +2667,16 @@ go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6
|
||||
go.opentelemetry.io/otel/sdk v1.22.0/go.mod h1:iu7luyVGYovrRpe2fmj3CVKouQNdTOkxtLzPvPz1DOc=
|
||||
go.opentelemetry.io/otel/sdk v1.32.0/go.mod h1:LqgegDBjKMmb2GC6/PrTnteJG39I8/vJCAP9LlJXEjU=
|
||||
go.opentelemetry.io/otel/sdk v1.34.0/go.mod h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU=
|
||||
go.opentelemetry.io/otel/sdk v1.35.0 h1:iPctf8iprVySXSKJffSS79eOjl9pvxV9ZqOWT0QejKY=
|
||||
go.opentelemetry.io/otel/sdk v1.35.0/go.mod h1:+ga1bZliga3DxJ3CQGg3updiaAJoNECOgJREo9KHGQg=
|
||||
go.opentelemetry.io/otel/sdk v1.38.0 h1:l48sr5YbNf2hpCUj/FoGhW9yDkl+Ma+LrVl8qaM5b+E=
|
||||
go.opentelemetry.io/otel/sdk v1.38.0/go.mod h1:ghmNdGlVemJI3+ZB5iDEuk4bWA3GkTpW+DOoZMYBVVg=
|
||||
go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE=
|
||||
go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE=
|
||||
go.opentelemetry.io/otel/sdk/metric v1.32.0/go.mod h1:PWeZlq0zt9YkYAp3gjKZ0eicRYvOh1Gd+X99x6GHpCQ=
|
||||
go.opentelemetry.io/otel/sdk/metric v1.34.0/go.mod h1:jQ/r8Ze28zRKoNRdkjCZxfs6YvBTG1+YIqyFVFYec5w=
|
||||
go.opentelemetry.io/otel/sdk/metric v1.35.0 h1:1RriWBmCKgkeHEhM7a2uMjMUfP7MsOF5JpUCaEqEI9o=
|
||||
go.opentelemetry.io/otel/sdk/metric v1.35.0/go.mod h1:is6XYCUMpcKi+ZsOvfluY5YstFnhW0BidkR+gL+qN+w=
|
||||
go.opentelemetry.io/otel/sdk/metric v1.38.0 h1:aSH66iL0aZqo//xXzQLYozmWrXxyFkBJ6qT5wthqPoM=
|
||||
go.opentelemetry.io/otel/sdk/metric v1.38.0/go.mod h1:dg9PBnW9XdQ1Hd6ZnRz689CbtrUp0wMMs9iPcgT9EZA=
|
||||
go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw=
|
||||
go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo=
|
||||
go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ=
|
||||
@@ -2675,11 +2685,13 @@ go.opentelemetry.io/otel/trace v1.23.0/go.mod h1:GSGTbIClEsuZrGIzoEHqsVfxgn5Ukgg
|
||||
go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
|
||||
go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8=
|
||||
go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE=
|
||||
go.opentelemetry.io/otel/trace v1.35.0 h1:dPpEfJu1sDIqruz7BHFG3c7528f6ddfSWfFDVt/xgMs=
|
||||
go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc=
|
||||
go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE=
|
||||
go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs=
|
||||
go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
|
||||
go.opentelemetry.io/proto/otlp v1.7.0 h1:jX1VolD6nHuFzOYso2E73H85i92Mv8JQYk0K9vz09os=
|
||||
go.opentelemetry.io/proto/otlp v1.7.0/go.mod h1:fSKjH6YJ7HDlwzltzyMj036AJ3ejJLCgCSHGj4efDDo=
|
||||
go.opentelemetry.io/proto/otlp v1.7.1 h1:gTOMpGDb0WTBOP8JaO72iL3auEZhVmAQg4ipjOVAtj4=
|
||||
go.opentelemetry.io/proto/otlp v1.7.1/go.mod h1:b2rVh6rfI/s2pHWNlB7ILJcRALpcNDzKhACevjI+ZnE=
|
||||
go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
|
||||
go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
|
||||
go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
|
||||
@@ -2711,10 +2723,10 @@ go.uber.org/zap v1.18.1/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI=
|
||||
go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI=
|
||||
go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
|
||||
go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
|
||||
go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI=
|
||||
go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU=
|
||||
go.yaml.in/yaml/v3 v3.0.3 h1:bXOww4E/J3f66rav3pX3m8w6jDE4knZjGOw8b5Y6iNE=
|
||||
go.yaml.in/yaml/v3 v3.0.3/go.mod h1:tBHosrYAkRZjRAOREWbDnBXUf08JOwYq++0QNwQiWzI=
|
||||
go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0=
|
||||
go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8=
|
||||
go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
|
||||
go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
|
||||
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
||||
golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
||||
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
||||
@@ -2764,8 +2776,8 @@ golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ug
|
||||
golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M=
|
||||
golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
|
||||
golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw=
|
||||
golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM=
|
||||
golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY=
|
||||
golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
|
||||
golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
|
||||
golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1 h1:MGwJjxBy0HJshjDNfLsYO8xppfqWlA5ZT9OhtUUhTNw=
|
||||
golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
|
||||
golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs=
|
||||
@@ -2811,8 +2823,8 @@ golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
|
||||
golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
|
||||
golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
|
||||
golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
|
||||
golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w=
|
||||
golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
|
||||
golang.org/x/mod v0.28.0 h1:gQBtGhjxykdjY9YhZpSlZIsbnaE2+PgjfLWUQTnoZ1U=
|
||||
golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI=
|
||||
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
@@ -2915,8 +2927,8 @@ golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk=
|
||||
golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
|
||||
golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
|
||||
golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
|
||||
golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw=
|
||||
golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA=
|
||||
golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I=
|
||||
golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
|
||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
@@ -2962,8 +2974,8 @@ golang.org/x/oauth2 v0.25.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbht
|
||||
golang.org/x/oauth2 v0.26.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
|
||||
golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
|
||||
golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
|
||||
golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
|
||||
golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
|
||||
golang.org/x/oauth2 v0.31.0 h1:8Fq0yVZLh4j4YA47vHKFTa9Ew5XIrCP8LC6UeNZnLxo=
|
||||
golang.org/x/oauth2 v0.31.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
|
||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
@@ -2991,8 +3003,8 @@ golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
|
||||
golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
|
||||
golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
|
||||
golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
|
||||
golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
|
||||
golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
|
||||
golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
|
||||
golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
|
||||
golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
@@ -3133,8 +3145,8 @@ golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
|
||||
golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
|
||||
golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA=
|
||||
golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
|
||||
golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
|
||||
golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
|
||||
golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
|
||||
golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0=
|
||||
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
|
||||
@@ -3168,8 +3180,8 @@ golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
|
||||
golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
|
||||
golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
|
||||
golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
|
||||
golang.org/x/term v0.33.0 h1:NuFncQrRcaRvVmgRkvM3j/F00gWIAlcmlB8ACEKmGIg=
|
||||
golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0=
|
||||
golang.org/x/term v0.35.0 h1:bZBVKBudEyhRcajGcNc3jIfWPqV4y/Kt2XcoigOWtDQ=
|
||||
golang.org/x/term v0.35.0/go.mod h1:TPGtkTLesOwf2DE8CgVYiZinHAOuy5AYUYT1lENIZnA=
|
||||
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
@@ -3198,8 +3210,8 @@ golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
|
||||
golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
|
||||
golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
|
||||
golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
|
||||
golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4=
|
||||
golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU=
|
||||
golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
|
||||
golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
|
||||
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
@@ -3213,8 +3225,8 @@ golang.org/x/time v0.0.0-20220922220347-f3bd1da661af/go.mod h1:tRJNPiyCQ0inRvYxb
|
||||
golang.org/x/time v0.1.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
|
||||
golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
|
||||
golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
|
||||
golang.org/x/time v0.13.0 h1:eUlYslOIt32DgYD6utsuUeHs4d7AsEYLuIAdg7FlYgI=
|
||||
golang.org/x/time v0.13.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
|
||||
golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
@@ -3297,8 +3309,8 @@ golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58
|
||||
golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=
|
||||
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
|
||||
golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
|
||||
golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo=
|
||||
golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg=
|
||||
golang.org/x/tools v0.37.0 h1:DVSRzp7FwePZW356yEAChSdNcQo6Nsp+fex1SUW09lE=
|
||||
golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w=
|
||||
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
@@ -3316,6 +3328,8 @@ gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0=
|
||||
gonum.org/v1/gonum v0.9.3/go.mod h1:TZumC3NeyVQskjXqmyWt4S3bINhy7B4eYwW69EbyX+0=
|
||||
gonum.org/v1/gonum v0.11.0/go.mod h1:fSG4YDCxxUZQJ7rKsQrj0gMOg00Il0Z96/qMA4bVQhA=
|
||||
gonum.org/v1/gonum v0.12.0/go.mod h1:73TDxJfAAHeA8Mk9mf8NlIppyhQNo5GLTcYeqgo2lvY=
|
||||
gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
|
||||
gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
|
||||
gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
|
||||
gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc=
|
||||
gonum.org/v1/plot v0.9.0/go.mod h1:3Pcqqmp6RHvJI72kgb8fThyUnav364FOsdDo2aGW5lY=
|
||||
@@ -3397,8 +3411,8 @@ google.golang.org/api v0.162.0/go.mod h1:6SulDkfoBIg4NFmCuZ39XeeAgSHCPecfSUuDyYl
|
||||
google.golang.org/api v0.164.0/go.mod h1:2OatzO7ZDQsoS7IFf3rvsE17/TldiU3F/zxFHeqUB5o=
|
||||
google.golang.org/api v0.166.0/go.mod h1:4FcBc686KFi7QI/U51/2GKKevfZMpM17sCdibqe/bSA=
|
||||
google.golang.org/api v0.169.0/go.mod h1:gpNOiMA2tZ4mf5R9Iwf4rK/Dcz0fbdIgWYWVoxmsyLg=
|
||||
google.golang.org/api v0.224.0 h1:Ir4UPtDsNiwIOHdExr3fAj4xZ42QjK7uQte3lORLJwU=
|
||||
google.golang.org/api v0.224.0/go.mod h1:3V39my2xAGkodXy0vEqcEtkqgw2GtrFL5WuBZlCTCOQ=
|
||||
google.golang.org/api v0.250.0 h1:qvkwrf/raASj82UegU2RSDGWi/89WkLckn4LuO4lVXM=
|
||||
google.golang.org/api v0.250.0/go.mod h1:Y9Uup8bDLJJtMzJyQnu+rLRJLA0wn+wTtc6vTlOvfXo=
|
||||
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
|
||||
google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
|
||||
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
|
||||
@@ -3575,8 +3589,8 @@ google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqt
|
||||
google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro=
|
||||
google.golang.org/genproto v0.0.0-20240205150955-31a09d347014/go.mod h1:xEgQu1e4stdSSsxPDK8Azkrk/ECl5HvdPf6nbZrTS5M=
|
||||
google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s=
|
||||
google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 h1:BulPr26Jqjnd4eYDVe+YvyR7Yc2vJGkO5/0UxD0/jZU=
|
||||
google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:hL97c3SYopEHblzpxRL4lSs523++l8DYxGM1FQiYmb4=
|
||||
google.golang.org/genproto v0.0.0-20250603155806-513f23925822 h1:rHWScKit0gvAPuOnu87KpaYtjK5zBMLcULh7gxkCXu4=
|
||||
google.golang.org/genproto v0.0.0-20250603155806-513f23925822/go.mod h1:HubltRL7rMh0LfnQPkMH4NPDFEWp0jw3vixw7jEM53s=
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a/go.mod h1:ts19tUU+Z0ZShN1y3aPyq2+O3d5FUNNgT6FtOzmrNn8=
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig=
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig=
|
||||
@@ -3613,8 +3627,8 @@ google.golang.org/genproto/googleapis/api v0.0.0-20250218202821-56aae31c358a/go.
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb/go.mod h1:jbe3Bkdp+Dh2IrslsFCklNhweNTBgSYanP1UXhJDhKg=
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20250324211829-b45e905df463/go.mod h1:U90ffi8eUL9MwPcrJylN5+Mk2v3vuPDptd5yyNUiRR8=
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20250528174236-200df99c418a/go.mod h1:a77HrdMjoeKbnd2jmgcWdaS++ZLZAEq3orIOAEIKiVw=
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822 h1:oWVWY3NzT7KJppx2UKhKmzPq4SRe0LdCijVRwvGeikY=
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822/go.mod h1:h3c4v36UTKzUiuaOKQ6gr3S+0hovBtUrXzTG/i3+XEc=
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20250929231259-57b25ae835d4 h1:8XJ4pajGwOlasW+L13MnEGA8W4115jJySQtVfS2/IBU=
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20250929231259-57b25ae835d4/go.mod h1:NnuHhy+bxcg30o7FnVAZbXsPHUDQ9qKWAQKCD7VxFtk=
|
||||
google.golang.org/genproto/googleapis/bytestream v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:ylj+BE99M198VPbBh6A8d9n3w8fChvyLK3wwBOjXBFA=
|
||||
google.golang.org/genproto/googleapis/bytestream v0.0.0-20230807174057-1744710a1577/go.mod h1:NjCQG/D8JandXxM57PZbAJL1DCNL6EypA0vPPwfsc7c=
|
||||
google.golang.org/genproto/googleapis/bytestream v0.0.0-20231030173426-d783a09b4405/go.mod h1:GRUCuLdzVqZte8+Dl/D4N25yLzcGqqWaYkeVOwulFqw=
|
||||
@@ -3672,8 +3686,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4/go.
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A=
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20250519155744-55703ea1f237/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A=
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20250528174236-200df99c418a/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A=
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 h1:fc6jSaCT0vBduLYZHYrBBNY4dsWuvgyff9noRNDdBeE=
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A=
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20250922171735-9219d122eba9 h1:V1jCN2HBa8sySkR5vLcCSqJSTMv093Rw9EJefhQGP7M=
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20250922171735-9219d122eba9/go.mod h1:HSkG/KdJWusxU1F6CNrwNDjBMgisKxGnc5dAZfT0mjQ=
|
||||
google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
|
||||
google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
|
||||
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
|
||||
@@ -3739,8 +3753,9 @@ google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFN
|
||||
google.golang.org/grpc v1.70.0/go.mod h1:ofIJqVKDXx/JiXrwr2IG4/zwdH9txy3IlF40RmcJSQw=
|
||||
google.golang.org/grpc v1.71.0/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec=
|
||||
google.golang.org/grpc v1.72.2/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM=
|
||||
google.golang.org/grpc v1.73.0 h1:VIWSmpI2MegBtTuFt5/JWy2oXxtjJ/e89Z70ImfD2ok=
|
||||
google.golang.org/grpc v1.73.0/go.mod h1:50sbHOUqWoCQGI8V2HQLJM0B+LMlIUjNSZmow7EVBQc=
|
||||
google.golang.org/grpc v1.76.0 h1:UnVkv1+uMLYXoIz6o7chp59WfQUYA2ex/BXQ9rHZu7A=
|
||||
google.golang.org/grpc v1.76.0/go.mod h1:Ju12QI8M6iQJtbcsV+awF5a4hfJMLi4X0JLo94ULZ6c=
|
||||
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
|
||||
google.golang.org/grpc/examples v0.0.0-20230224211313-3775f633ce20/go.mod h1:Nr5H8+MlGWr5+xX/STzdoEqJrO+YteqFbMyCsrb6mH0=
|
||||
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
|
||||
@@ -3769,8 +3784,9 @@ google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojt
|
||||
google.golang.org/protobuf v1.36.3/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
|
||||
google.golang.org/protobuf v1.36.4/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
|
||||
google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
|
||||
google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
|
||||
google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
|
||||
google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
|
||||
google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
|
||||
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/check.v1 v1.0.0-20141024133853-64131543e789/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
@@ -3781,8 +3797,8 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN
|
||||
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
|
||||
gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
|
||||
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
|
||||
gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
|
||||
gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
|
||||
gopkg.in/evanphx/json-patch.v4 v4.13.0 h1:czT3CmqEaQ1aanPc5SdlgQrrEIb8w/wwCvWWnfEbYzo=
|
||||
gopkg.in/evanphx/json-patch.v4 v4.13.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
|
||||
gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
|
||||
gopkg.in/gcfg.v1 v1.2.3 h1:m8OOJ4ccYHnx2f4gQwpno8nAX5OGOh7RLaaz0pj3Ogs=
|
||||
gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o=
|
||||
@@ -3832,26 +3848,26 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
|
||||
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
|
||||
honnef.co/go/tools v0.1.3/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las=
|
||||
k8s.io/api v0.22.5/go.mod h1:mEhXyLaSD1qTOf40rRiKXkc+2iCem09rWLlFwhCEiAs=
|
||||
k8s.io/api v0.33.3 h1:SRd5t//hhkI1buzxb288fy2xvjubstenEKL9K51KBI8=
|
||||
k8s.io/api v0.33.3/go.mod h1:01Y/iLUjNBM3TAvypct7DIj0M0NIZc+PzAHCIo0CYGE=
|
||||
k8s.io/api v0.34.1 h1:jC+153630BMdlFukegoEL8E/yT7aLyQkIVuwhmwDgJM=
|
||||
k8s.io/api v0.34.1/go.mod h1:SB80FxFtXn5/gwzCoN6QCtPD7Vbu5w2n1S0J5gFfTYk=
|
||||
k8s.io/apiextensions-apiserver v0.22.5/go.mod h1:tIXeZ0BrDxUb1PoAz+tgOz43Zi1Bp4BEEqVtUccMJbE=
|
||||
k8s.io/apiextensions-apiserver v0.33.3 h1:qmOcAHN6DjfD0v9kxL5udB27SRP6SG/MTopmge3MwEs=
|
||||
k8s.io/apiextensions-apiserver v0.33.3/go.mod h1:oROuctgo27mUsyp9+Obahos6CWcMISSAPzQ77CAQGz8=
|
||||
k8s.io/apiextensions-apiserver v0.34.1 h1:NNPBva8FNAPt1iSVwIE0FsdrVriRXMsaWFMqJbII2CI=
|
||||
k8s.io/apiextensions-apiserver v0.34.1/go.mod h1:hP9Rld3zF5Ay2Of3BeEpLAToP+l4s5UlxiHfqRaRcMc=
|
||||
k8s.io/apimachinery v0.22.5/go.mod h1:xziclGKwuuJ2RM5/rSFQSYAj0zdbci3DH8kj+WvyN0U=
|
||||
k8s.io/apimachinery v0.33.3 h1:4ZSrmNa0c/ZpZJhAgRdcsFcZOw1PQU1bALVQ0B3I5LA=
|
||||
k8s.io/apimachinery v0.33.3/go.mod h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM=
|
||||
k8s.io/apimachinery v0.34.1 h1:dTlxFls/eikpJxmAC7MVE8oOeP1zryV7iRyIjB0gky4=
|
||||
k8s.io/apimachinery v0.34.1/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw=
|
||||
k8s.io/apiserver v0.22.5/go.mod h1:s2WbtgZAkTKt679sYtSudEQrTGWUSQAPe6MupLnlmaQ=
|
||||
k8s.io/apiserver v0.33.3 h1:Wv0hGc+QFdMJB4ZSiHrCgN3zL3QRatu56+rpccKC3J4=
|
||||
k8s.io/apiserver v0.33.3/go.mod h1:05632ifFEe6TxwjdAIrwINHWE2hLwyADFk5mBsQa15E=
|
||||
k8s.io/apiserver v0.34.1 h1:U3JBGdgANK3dfFcyknWde1G6X1F4bg7PXuvlqt8lITA=
|
||||
k8s.io/apiserver v0.34.1/go.mod h1:eOOc9nrVqlBI1AFCvVzsob0OxtPZUCPiUJL45JOTBG0=
|
||||
k8s.io/cli-runtime v0.33.3 h1:Dgy4vPjNIu8LMJBSvs8W0LcdV0PX/8aGG1DA1W8lklA=
|
||||
k8s.io/cli-runtime v0.33.3/go.mod h1:yklhLklD4vLS8HNGgC9wGiuHWze4g7x6XQZ+8edsKEo=
|
||||
k8s.io/client-go v0.22.5/go.mod h1:cs6yf/61q2T1SdQL5Rdcjg9J1ElXSwbjSrW2vFImM4Y=
|
||||
k8s.io/client-go v0.33.3 h1:M5AfDnKfYmVJif92ngN532gFqakcGi6RvaOF16efrpA=
|
||||
k8s.io/client-go v0.33.3/go.mod h1:luqKBQggEf3shbxHY4uVENAxrDISLOarxpTKMiUuujg=
|
||||
k8s.io/client-go v0.34.1 h1:ZUPJKgXsnKwVwmKKdPfw4tB58+7/Ik3CrjOEhsiZ7mY=
|
||||
k8s.io/client-go v0.34.1/go.mod h1:kA8v0FP+tk6sZA0yKLRG67LWjqufAoSHA2xVGKw9Of8=
|
||||
k8s.io/code-generator v0.22.5/go.mod h1:sbdWCOVob+KaQ5O7xs8PNNaCTpbWVqNgA6EPwLOmRNk=
|
||||
k8s.io/component-base v0.22.5/go.mod h1:VK3I+TjuF9eaa+Ln67dKxhGar5ynVbwnGrUiNF4MqCI=
|
||||
k8s.io/component-base v0.33.3 h1:mlAuyJqyPlKZM7FyaoM/LcunZaaY353RXiOd2+B5tGA=
|
||||
k8s.io/component-base v0.33.3/go.mod h1:ktBVsBzkI3imDuxYXmVxZ2zxJnYTZ4HAsVj9iF09qp4=
|
||||
k8s.io/component-base v0.34.1 h1:v7xFgG+ONhytZNFpIz5/kecwD+sUhVE6HU7qQUiRM4A=
|
||||
k8s.io/component-base v0.34.1/go.mod h1:mknCpLlTSKHzAQJJnnHVKqjxR7gBeHRv0rPXA7gdtQ0=
|
||||
k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
|
||||
k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
|
||||
k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
|
||||
@@ -3862,13 +3878,13 @@ k8s.io/klog/v2 v2.40.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
|
||||
k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
|
||||
k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
|
||||
k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
|
||||
k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff h1:/usPimJzUKKu+m+TE36gUyGcf03XZEP0ZIKgKj35LS4=
|
||||
k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8=
|
||||
k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3 h1:liMHz39T5dJO1aOKHLvwaCjDbf07wVh6yaUlTpunnkE=
|
||||
k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts=
|
||||
k8s.io/kubectl v0.33.3 h1:r/phHvH1iU7gO/l7tTjQk2K01ER7/OAJi8uFHHyWSac=
|
||||
k8s.io/kubectl v0.33.3/go.mod h1:euj2bG56L6kUGOE/ckZbCoudPwuj4Kud7BR0GzyNiT0=
|
||||
k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
|
||||
k8s.io/utils v0.0.0-20250502105355-0f33e8f1c979 h1:jgJW5IePPXLGB8e/1wvd0Ich9QE97RvvF3a8J3fP/Lg=
|
||||
k8s.io/utils v0.0.0-20250502105355-0f33e8f1c979/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
|
||||
k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d h1:wAhiDyZ4Tdtt7e46e9M5ZSAJ/MnPGPs+Ki1gHw4w1R0=
|
||||
k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
|
||||
knative.dev/hack v0.0.0-20220224013837-e1785985d364/go.mod h1:PHt8x8yX5Z9pPquBEfIj0X66f8iWkWfR0S/sarACJrI=
|
||||
knative.dev/networking v0.0.0-20220302134042-e8b2eb995165 h1:mkUDPTqfRPNhsUTVOH53IOx0Utzlfwl48t8lLc1bfL4=
|
||||
knative.dev/networking v0.0.0-20220302134042-e8b2eb995165/go.mod h1:EdQTSLl8BDeLLrC8pymGOiPMRAknFg+7oRO6MMUts94=
|
||||
@@ -3943,14 +3959,14 @@ rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
|
||||
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
|
||||
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.32.1 h1:Cf+ed5N8038zbsaXFO7mKQDi/+VcSRafb0jM84KX5so=
|
||||
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.32.1/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw=
|
||||
sigs.k8s.io/controller-runtime v0.21.0 h1:CYfjpEuicjUecRk+KAeyYh+ouUBn4llGyDYytIGcJS8=
|
||||
sigs.k8s.io/controller-runtime v0.21.0/go.mod h1:OSg14+F65eWqIu4DceX7k/+QRAbTTvxeQSNSOQpukWM=
|
||||
sigs.k8s.io/gateway-api v1.3.0 h1:q6okN+/UKDATola4JY7zXzx40WO4VISk7i9DIfOvr9M=
|
||||
sigs.k8s.io/gateway-api v1.3.0/go.mod h1:d8NV8nJbaRbEKem+5IuxkL8gJGOZ+FJ+NvOIltV8gDk=
|
||||
sigs.k8s.io/gateway-api-inference-extension v0.5.0 h1:bYtXffUF1WUUFT2gYXaQBXIEXxXq/ZZLP9gqQweTrBI=
|
||||
sigs.k8s.io/gateway-api-inference-extension v0.5.0/go.mod h1:lki0jx1qysZSZT4Ai2BxuAcpx6G8g5oBgOGuuJzjy/k=
|
||||
sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE=
|
||||
sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
|
||||
sigs.k8s.io/controller-runtime v0.22.3 h1:I7mfqz/a/WdmDCEnXmSPm8/b/yRTy6JsKKENTijTq8Y=
|
||||
sigs.k8s.io/controller-runtime v0.22.3/go.mod h1:+QX1XUpTXN4mLoblf4tqr5CQcyHPAki2HLXqQMY6vh8=
|
||||
sigs.k8s.io/gateway-api v1.4.0 h1:ZwlNM6zOHq0h3WUX2gfByPs2yAEsy/EenYJB78jpQfQ=
|
||||
sigs.k8s.io/gateway-api v1.4.0/go.mod h1:AR5RSqciWP98OPckEjOjh2XJhAe2Na4LHyXD2FUY7Qk=
|
||||
sigs.k8s.io/gateway-api-inference-extension v1.1.0 h1:MqRYk+3LNUWB0MbTgTZVhmJGNDTvm8l3ze4MOlzR7MU=
|
||||
sigs.k8s.io/gateway-api-inference-extension v1.1.0/go.mod h1:BmJy8Hvc2EHl3Oa/Ka8/4RqwVHCCbX7BLndLdMNtugI=
|
||||
sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg=
|
||||
sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
|
||||
sigs.k8s.io/kustomize/api v0.19.0 h1:F+2HB2mU1MSiR9Hp1NEgoU2q9ItNOaBJl0I4Dlus5SQ=
|
||||
sigs.k8s.io/kustomize/api v0.19.0/go.mod h1:/BbwnivGVcBh1r+8m3tH1VNxJmHSk1PzP5fkP6lbL1o=
|
||||
sigs.k8s.io/kustomize/kyaml v0.19.0 h1:RFge5qsO1uHhwJsu3ipV7RNolC7Uozc0jUBC/61XSlA=
|
||||
@@ -3964,10 +3980,12 @@ sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK
|
||||
sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4=
|
||||
sigs.k8s.io/structured-merge-diff/v4 v4.7.0 h1:qPeWmscJcXP0snki5IYF79Z8xrl8ETFxgMd7wez1XkI=
|
||||
sigs.k8s.io/structured-merge-diff/v4 v4.7.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps=
|
||||
sigs.k8s.io/structured-merge-diff/v6 v6.3.0 h1:jTijUJbW353oVOd9oTlifJqOGEkUw2jB/fXCbTiQEco=
|
||||
sigs.k8s.io/structured-merge-diff/v6 v6.3.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE=
|
||||
sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
|
||||
sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
|
||||
sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
|
||||
sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
|
||||
sigs.k8s.io/yaml v1.5.0 h1:M10b2U7aEUY6hRtU870n2VTPgR5RZiL/I6Lcc2F4NUQ=
|
||||
sigs.k8s.io/yaml v1.5.0/go.mod h1:wZs27Rbxoai4C0f8/9urLZtZtF3avA3gKvGyPdDqTO4=
|
||||
sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs=
|
||||
sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4=
|
||||
sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU=
|
||||
|
||||
@@ -38,6 +38,14 @@ rules:
|
||||
resources: ["*"]
|
||||
verbs: ["get", "watch", "list", "create", "update", "delete", "patch"]
|
||||
|
||||
# Gateway api inference extension
|
||||
- apiGroups: ["inference.networking.k8s.io"]
|
||||
resources: ["*"]
|
||||
verbs: ["get", "watch", "list", "create", "update", "delete", "patch"]
|
||||
- apiGroups: ["inference.networking.x-k8s.io"]
|
||||
resources: ["*"]
|
||||
verbs: ["get", "watch", "list", "create", "update", "delete", "patch"]
|
||||
|
||||
# Needed for multicluster secret reading, possibly ingress certs in the future
|
||||
- apiGroups: [""]
|
||||
resources: ["secrets"]
|
||||
|
||||
@@ -44,7 +44,7 @@ global:
|
||||
# -- If true, Higress Controller will monitor istio resources as well
|
||||
enableIstioAPI: true
|
||||
# -- If true, Higress Controller will monitor Gateway API resources as well
|
||||
enableGatewayAPI: false
|
||||
enableGatewayAPI: true
|
||||
# -- Used to locate istiod.
|
||||
istioNamespace: istio-system
|
||||
# -- enable pod disruption budget for the control plane, which is used to
|
||||
|
||||
@@ -160,7 +160,7 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| global.defaultResources | object | `{"requests":{"cpu":"10m"}}` | A minimal set of requested resources to applied to all deployments so that Horizontal Pod Autoscaler will be able to function (if set). Each component can overwrite these default values by adding its own resources block in the relevant section below and setting the desired resources values. |
|
||||
| global.defaultUpstreamConcurrencyThreshold | int | `10000` | |
|
||||
| global.disableAlpnH2 | bool | `false` | Whether to disable HTTP/2 in ALPN |
|
||||
| global.enableGatewayAPI | bool | `false` | If true, Higress Controller will monitor Gateway API resources as well |
|
||||
| global.enableGatewayAPI | bool | `true` | If true, Higress Controller will monitor Gateway API resources as well |
|
||||
| global.enableH3 | bool | `false` | |
|
||||
| global.enableIPv6 | bool | `false` | |
|
||||
| global.enableIstioAPI | bool | `true` | If true, Higress Controller will monitor istio resources as well |
|
||||
|
||||
@@ -24,14 +24,13 @@ import (
|
||||
v1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
gatewayalpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
|
||||
gatewayalpha3 "sigs.k8s.io/gateway-api/apis/v1alpha3"
|
||||
k8s "sigs.k8s.io/gateway-api/apis/v1beta1"
|
||||
gw "sigs.k8s.io/gateway-api/apis/v1"
|
||||
gatewayx "sigs.k8s.io/gateway-api/apisx/v1alpha1"
|
||||
|
||||
higressconstants "github.com/alibaba/higress/v2/pkg/config/constants"
|
||||
networking "istio.io/api/networking/v1alpha3"
|
||||
networkingclient "istio.io/client-go/pkg/apis/networking/v1"
|
||||
kubesecrets "istio.io/istio/pilot/pkg/credentials/kube"
|
||||
"istio.io/istio/pilot/pkg/features"
|
||||
"istio.io/istio/pilot/pkg/model/credentials"
|
||||
"istio.io/istio/pilot/pkg/status"
|
||||
"istio.io/istio/pilot/pkg/util/protoconv"
|
||||
@@ -45,21 +44,33 @@ import (
|
||||
"istio.io/istio/pkg/maps"
|
||||
"istio.io/istio/pkg/ptr"
|
||||
"istio.io/istio/pkg/slices"
|
||||
"istio.io/istio/pkg/util/sets"
|
||||
)
|
||||
|
||||
type TypedNamedspacedName struct {
|
||||
type TypedNamespacedName struct {
|
||||
types.NamespacedName
|
||||
Kind kind.Kind
|
||||
}
|
||||
|
||||
func (n TypedNamedspacedName) String() string {
|
||||
func (n TypedNamespacedName) String() string {
|
||||
return n.Kind.String() + "/" + n.NamespacedName.String()
|
||||
}
|
||||
|
||||
type TypedNamespacedNamePerHost struct {
|
||||
Target TypedNamespacedName
|
||||
Host string
|
||||
}
|
||||
|
||||
func (t TypedNamespacedNamePerHost) String() string {
|
||||
return t.Target.String() + "/" + t.Host
|
||||
}
|
||||
|
||||
type BackendPolicy struct {
|
||||
Source TypedNamedspacedName
|
||||
Source TypedNamespacedName
|
||||
TargetIndex int
|
||||
Target TypedNamedspacedName
|
||||
Target TypedNamespacedName
|
||||
Host string
|
||||
SectionName *string
|
||||
TLS *networking.ClientTLSSettings
|
||||
LoadBalancer *networking.LoadBalancerSettings
|
||||
RetryBudget *networking.TrafficPolicy_RetryBudget
|
||||
@@ -67,11 +78,43 @@ type BackendPolicy struct {
|
||||
}
|
||||
|
||||
func (b BackendPolicy) ResourceName() string {
|
||||
return b.Source.String() + "/" + fmt.Sprint(b.TargetIndex)
|
||||
return b.Source.String() + "/" + fmt.Sprint(b.TargetIndex) + "/" + b.Host
|
||||
}
|
||||
|
||||
var TypedNamespacedNameIndexCollectionFunc = krt.WithIndexCollectionFromString(func(s string) TypedNamespacedName {
|
||||
parts := strings.Split(s, "/")
|
||||
if len(parts) != 3 {
|
||||
panic("invalid TypedNamespacedName: " + s)
|
||||
}
|
||||
return TypedNamespacedName{
|
||||
NamespacedName: types.NamespacedName{
|
||||
Namespace: parts[1],
|
||||
Name: parts[2],
|
||||
},
|
||||
Kind: kind.FromString(parts[0]),
|
||||
}
|
||||
})
|
||||
|
||||
var TypedNamespacedNamePerHostIndexCollectionFunc = krt.WithIndexCollectionFromString(func(s string) TypedNamespacedNamePerHost {
|
||||
parts := strings.Split(s, "/")
|
||||
if len(parts) != 4 {
|
||||
panic("invalid TypedNamespacedNamePerHost: " + s)
|
||||
}
|
||||
return TypedNamespacedNamePerHost{
|
||||
Target: TypedNamespacedName{
|
||||
NamespacedName: types.NamespacedName{
|
||||
Namespace: parts[1],
|
||||
Name: parts[2],
|
||||
},
|
||||
Kind: kind.FromString(parts[0]),
|
||||
},
|
||||
Host: parts[3],
|
||||
}
|
||||
})
|
||||
|
||||
func (b BackendPolicy) Equals(other BackendPolicy) bool {
|
||||
return b.Source == other.Source &&
|
||||
ptr.Equal(b.SectionName, other.SectionName) &&
|
||||
protoconv.Equals(b.TLS, other.TLS) &&
|
||||
protoconv.Equals(b.LoadBalancer, other.LoadBalancer) &&
|
||||
protoconv.Equals(b.RetryBudget, other.RetryBudget)
|
||||
@@ -81,40 +124,33 @@ func (b BackendPolicy) Equals(other BackendPolicy) bool {
|
||||
// policy types that are merged together.
|
||||
func DestinationRuleCollection(
|
||||
trafficPolicies krt.Collection[*gatewayx.XBackendTrafficPolicy],
|
||||
tlsPolicies krt.Collection[*gatewayalpha3.BackendTLSPolicy],
|
||||
tlsPolicies krt.Collection[*gw.BackendTLSPolicy],
|
||||
ancestors krt.Index[TypedNamespacedName, AncestorBackend],
|
||||
references *ReferenceSet,
|
||||
domainSuffix string,
|
||||
c *Controller,
|
||||
services krt.Collection[*v1.Service],
|
||||
opts krt.OptionsBuilder,
|
||||
) krt.Collection[*config.Config] {
|
||||
trafficPolicyStatus, backendTrafficPolicies := BackendTrafficPolicyCollection(trafficPolicies, references, opts)
|
||||
trafficPolicyStatus, backendTrafficPolicies := BackendTrafficPolicyCollection(trafficPolicies, references, domainSuffix, opts)
|
||||
status.RegisterStatus(c.status, trafficPolicyStatus, GetStatus)
|
||||
|
||||
tlsPolicyStatus, backendTLSPolicies := BackendTLSPolicyCollection(tlsPolicies, references, opts)
|
||||
// TODO: BackendTrafficPolicy should also probably use ancestorCollection. However, its still up for debate in the
|
||||
// Gateway API community if having the Gateway as an ancestor ref is required or not; we would prefer it to not be if possible.
|
||||
// Until conformance requires it, for now we skip it.
|
||||
ancestorCollection := ancestors.AsCollection(append(opts.WithName("AncestorBackend"), TypedNamespacedNameIndexCollectionFunc)...)
|
||||
tlsPolicyStatus, backendTLSPolicies := BackendTLSPolicyCollection(tlsPolicies, ancestorCollection, references, domainSuffix, opts)
|
||||
status.RegisterStatus(c.status, tlsPolicyStatus, GetStatus)
|
||||
|
||||
// We need to merge these by hostname into a single DR
|
||||
allPolicies := krt.JoinCollection([]krt.Collection[BackendPolicy]{backendTrafficPolicies, backendTLSPolicies})
|
||||
byTarget := krt.NewIndex(allPolicies, "target", func(o BackendPolicy) []TypedNamedspacedName {
|
||||
return []TypedNamedspacedName{o.Target}
|
||||
byTargetAndHost := krt.NewIndex(allPolicies, "targetAndHost", func(o BackendPolicy) []TypedNamespacedNamePerHost {
|
||||
return []TypedNamespacedNamePerHost{{Target: o.Target, Host: o.Host}}
|
||||
})
|
||||
indexOpts := append(opts.WithName("BackendPolicyByTarget"), krt.WithIndexCollectionFromString(func(s string) TypedNamedspacedName {
|
||||
parts := strings.Split(s, "/")
|
||||
if len(parts) != 3 {
|
||||
panic("invalid TypedNamedspacedName: " + s)
|
||||
}
|
||||
return TypedNamedspacedName{
|
||||
NamespacedName: types.NamespacedName{
|
||||
Namespace: parts[1],
|
||||
Name: parts[2],
|
||||
},
|
||||
Kind: kind.FromString(parts[0]),
|
||||
}
|
||||
}))
|
||||
indexOpts := append(opts.WithName("BackendPolicyByTarget"), TypedNamespacedNamePerHostIndexCollectionFunc)
|
||||
merged := krt.NewCollection(
|
||||
byTarget.AsCollection(indexOpts...),
|
||||
func(ctx krt.HandlerContext, i krt.IndexObject[TypedNamedspacedName, BackendPolicy]) **config.Config {
|
||||
svc := i.Key
|
||||
byTargetAndHost.AsCollection(indexOpts...),
|
||||
func(ctx krt.HandlerContext, i krt.IndexObject[TypedNamespacedNamePerHost, BackendPolicy]) **config.Config {
|
||||
// Sort so we can pick the oldest, which will win.
|
||||
// Not yet standardized but likely will be (https://github.com/kubernetes-sigs/gateway-api/issues/3516#issuecomment-2684039692)
|
||||
pols := slices.SortFunc(i.Objects, func(a, b BackendPolicy) int {
|
||||
@@ -129,19 +165,35 @@ func DestinationRuleCollection(
|
||||
tlsSet := false
|
||||
lbSet := false
|
||||
rbSet := false
|
||||
|
||||
targetWithHost := i.Key
|
||||
host := targetWithHost.Host
|
||||
spec := &networking.DestinationRule{
|
||||
Host: fmt.Sprintf("%s.%s.svc.%v", svc.Name, svc.Namespace, domainSuffix),
|
||||
Host: host,
|
||||
TrafficPolicy: &networking.TrafficPolicy{},
|
||||
}
|
||||
portLevelSettings := make(map[string]*networking.TrafficPolicy_PortTrafficPolicy)
|
||||
parents := make([]string, 0, len(pols))
|
||||
for _, pol := range pols {
|
||||
if pol.TLS != nil {
|
||||
if tlsSet {
|
||||
// We only allow 1. TODO: report status if there are multiple
|
||||
continue
|
||||
if pol.SectionName != nil {
|
||||
// Port-specific TLS setting
|
||||
portName := *pol.SectionName
|
||||
if _, exists := portLevelSettings[portName]; !exists {
|
||||
portLevelSettings[portName] = &networking.TrafficPolicy_PortTrafficPolicy{
|
||||
Port: &networking.PortSelector{Number: 0}, // Will be resolved later
|
||||
Tls: pol.TLS,
|
||||
}
|
||||
}
|
||||
} else {
|
||||
// Service-wide TLS setting
|
||||
if tlsSet {
|
||||
// We only allow 1. TODO: report status if there are multiple
|
||||
continue
|
||||
}
|
||||
tlsSet = true
|
||||
spec.TrafficPolicy.Tls = pol.TLS
|
||||
}
|
||||
tlsSet = true
|
||||
spec.TrafficPolicy.Tls = pol.TLS
|
||||
}
|
||||
if pol.LoadBalancer != nil {
|
||||
if lbSet {
|
||||
@@ -159,13 +211,64 @@ func DestinationRuleCollection(
|
||||
rbSet = true
|
||||
spec.TrafficPolicy.RetryBudget = pol.RetryBudget
|
||||
}
|
||||
parents = append(parents, fmt.Sprintf("%s/%s.%s", pol.Source.Kind, pol.Source.Namespace, pol.Source.Name))
|
||||
parentName := pol.Source.Kind.String() + "/" + pol.Source.Namespace + "." + pol.Source.Name
|
||||
if !slices.Contains(parents, parentName) {
|
||||
parents = append(parents, parentName)
|
||||
}
|
||||
}
|
||||
|
||||
type servicePort struct {
|
||||
Name string
|
||||
Number uint32
|
||||
}
|
||||
var servicePorts []servicePort
|
||||
|
||||
target := targetWithHost.Target
|
||||
switch target.Kind {
|
||||
case kind.Service:
|
||||
serviceKey := target.Namespace + "/" + target.Name
|
||||
service := ptr.Flatten(krt.FetchOne(ctx, services, krt.FilterKey(serviceKey)))
|
||||
if service != nil {
|
||||
for _, port := range service.Spec.Ports {
|
||||
servicePorts = append(servicePorts, servicePort{
|
||||
Name: port.Name,
|
||||
Number: uint32(port.Port),
|
||||
})
|
||||
}
|
||||
}
|
||||
case kind.ServiceEntry:
|
||||
serviceEntryObj, err := references.LocalPolicyTargetRef(gw.LocalPolicyTargetReference{
|
||||
Group: "networking.istio.io",
|
||||
Kind: "ServiceEntry",
|
||||
Name: gw.ObjectName(target.Name),
|
||||
}, target.Namespace)
|
||||
if err == nil {
|
||||
if serviceEntryPtr, ok := serviceEntryObj.(*networkingclient.ServiceEntry); ok {
|
||||
for _, port := range serviceEntryPtr.Spec.Ports {
|
||||
servicePorts = append(servicePorts, servicePort{
|
||||
Name: port.Name,
|
||||
Number: port.Number,
|
||||
})
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
for portName, portPolicy := range portLevelSettings {
|
||||
for _, port := range servicePorts {
|
||||
if port.Name == portName {
|
||||
portPolicy.Port = &networking.PortSelector{Number: port.Number}
|
||||
break
|
||||
}
|
||||
}
|
||||
spec.TrafficPolicy.PortLevelSettings = append(spec.TrafficPolicy.PortLevelSettings, portPolicy)
|
||||
}
|
||||
|
||||
cfg := &config.Config{
|
||||
Meta: config.Meta{
|
||||
GroupVersionKind: gvk.DestinationRule,
|
||||
Name: fmt.Sprintf("%s-%s", svc.Name, constants.KubernetesGatewayName),
|
||||
Namespace: svc.Namespace,
|
||||
Name: generateDRName(target, host),
|
||||
Namespace: target.Namespace,
|
||||
Annotations: map[string]string{
|
||||
constants.InternalParentNames: strings.Join(parents, ","),
|
||||
},
|
||||
@@ -178,93 +281,170 @@ func DestinationRuleCollection(
|
||||
}
|
||||
|
||||
func BackendTLSPolicyCollection(
|
||||
tlsPolicies krt.Collection[*gatewayalpha3.BackendTLSPolicy],
|
||||
tlsPolicies krt.Collection[*gw.BackendTLSPolicy],
|
||||
ancestors krt.IndexCollection[TypedNamespacedName, AncestorBackend],
|
||||
references *ReferenceSet,
|
||||
domainSuffix string,
|
||||
opts krt.OptionsBuilder,
|
||||
) (krt.StatusCollection[*gatewayalpha3.BackendTLSPolicy, gatewayalpha2.PolicyStatus], krt.Collection[BackendPolicy]) {
|
||||
return krt.NewStatusManyCollection(tlsPolicies, func(ctx krt.HandlerContext, i *gatewayalpha3.BackendTLSPolicy) (
|
||||
*gatewayalpha2.PolicyStatus,
|
||||
) (krt.StatusCollection[*gw.BackendTLSPolicy, gw.PolicyStatus], krt.Collection[BackendPolicy]) {
|
||||
return krt.NewStatusManyCollection(tlsPolicies, func(ctx krt.HandlerContext, i *gw.BackendTLSPolicy) (
|
||||
*gw.PolicyStatus,
|
||||
[]BackendPolicy,
|
||||
) {
|
||||
status := i.Status.DeepCopy()
|
||||
res := make([]BackendPolicy, 0, len(i.Spec.TargetRefs))
|
||||
ancestors := make([]gatewayalpha2.PolicyAncestorStatus, 0, len(i.Spec.TargetRefs))
|
||||
|
||||
tls := &networking.ClientTLSSettings{Mode: networking.ClientTLSSettings_SIMPLE}
|
||||
s := i.Spec
|
||||
|
||||
conds := map[string]*condition{
|
||||
string(gatewayalpha2.PolicyConditionAccepted): {
|
||||
reason: string(gatewayalpha2.PolicyReasonAccepted),
|
||||
string(gw.PolicyConditionAccepted): {
|
||||
reason: string(gw.PolicyReasonAccepted),
|
||||
message: "Configuration is valid",
|
||||
},
|
||||
string(gw.BackendTLSPolicyConditionResolvedRefs): {
|
||||
reason: string(gw.BackendTLSPolicyReasonResolvedRefs),
|
||||
message: "Configuration is valid",
|
||||
},
|
||||
}
|
||||
tls.Sni = string(s.Validation.Hostname)
|
||||
tls.SubjectAltNames = slices.MapFilter(s.Validation.SubjectAltNames, func(e gatewayalpha3.SubjectAltName) *string {
|
||||
tls.SubjectAltNames = slices.MapFilter(s.Validation.SubjectAltNames, func(e gw.SubjectAltName) *string {
|
||||
switch e.Type {
|
||||
case gatewayalpha3.HostnameSubjectAltNameType:
|
||||
case gw.HostnameSubjectAltNameType:
|
||||
return ptr.Of(string(e.Hostname))
|
||||
case gatewayalpha3.URISubjectAltNameType:
|
||||
case gw.URISubjectAltNameType:
|
||||
return ptr.Of(string(e.URI))
|
||||
}
|
||||
return nil
|
||||
})
|
||||
tls.CredentialName = getBackendTLSCredentialName(s.Validation, i.Namespace, conds, references)
|
||||
|
||||
// In ancestor status, we need to report for Service (for mesh) and for each relevant Gateway.
|
||||
// However, there is a max of 16 items we can report.
|
||||
// Reporting per-Gateway has no value (perhaps for anyone, but certainly not for Istio), so we favor the Service attachments
|
||||
// getting to take the 16 slots.
|
||||
// The Gateway API spec says that if there are more than 16, the policy should not be applied. This is a terrible, anti-user, decision
|
||||
// that Istio will not follow, even if it means failing conformance tests.
|
||||
ancestorStatus := make([]gw.PolicyAncestorStatus, 0, len(i.Spec.TargetRefs))
|
||||
uniqueGateways := sets.New[types.NamespacedName]()
|
||||
for idx, t := range i.Spec.TargetRefs {
|
||||
conds = maps.Clone(conds)
|
||||
refo, err := references.LocalPolicyTargetRef(t.LocalPolicyTargetReference, i.Namespace)
|
||||
var sectionName *string
|
||||
if err == nil {
|
||||
switch refo.(type) {
|
||||
switch refType := refo.(type) {
|
||||
case *v1.Service:
|
||||
if t.SectionName != nil && *t.SectionName != "" {
|
||||
sectionName = ptr.Of(string(*t.SectionName))
|
||||
portExists := false
|
||||
for _, port := range refType.Spec.Ports {
|
||||
if port.Name == *sectionName {
|
||||
portExists = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if !portExists {
|
||||
err = fmt.Errorf("sectionName %q does not exist in Service %s/%s", *sectionName, refType.Namespace, refType.Name)
|
||||
}
|
||||
}
|
||||
case *networkingclient.ServiceEntry:
|
||||
if t.SectionName != nil && *t.SectionName != "" {
|
||||
sectionName = ptr.Of(string(*t.SectionName))
|
||||
portExists := false
|
||||
for _, port := range refType.Spec.Ports {
|
||||
if port.Name == *sectionName {
|
||||
portExists = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if !portExists {
|
||||
err = fmt.Errorf("sectionName %q does not exist in ServiceEntry %s/%s", *sectionName, refType.Namespace, refType.Name)
|
||||
}
|
||||
}
|
||||
default:
|
||||
err = fmt.Errorf("unsupported reference kind: %v", t.Kind)
|
||||
}
|
||||
}
|
||||
if err != nil {
|
||||
conds[string(gatewayalpha2.PolicyConditionAccepted)].error = &ConfigError{
|
||||
Reason: string(gatewayalpha2.PolicyReasonTargetNotFound),
|
||||
Message: fmt.Sprintf("targetRefs invalid: %v", err),
|
||||
conds[string(gw.PolicyConditionAccepted)].error = &ConfigError{
|
||||
Reason: string(gw.PolicyReasonTargetNotFound),
|
||||
Message: "targetRefs invalid: " + err.Error(),
|
||||
}
|
||||
} else {
|
||||
// Only create an object if we can resolve the target
|
||||
res = append(res, BackendPolicy{
|
||||
Source: TypedNamedspacedName{
|
||||
NamespacedName: config.NamespacedName(i),
|
||||
Kind: kind.BackendTLSPolicy,
|
||||
targetKind := gvk.MustToKind(schematypes.GvkFromObject(refo.(controllers.Object)))
|
||||
target := TypedNamespacedName{
|
||||
NamespacedName: types.NamespacedName{
|
||||
Name: string(t.Name),
|
||||
Namespace: i.Namespace,
|
||||
},
|
||||
TargetIndex: idx,
|
||||
Target: TypedNamedspacedName{
|
||||
NamespacedName: types.NamespacedName{
|
||||
Name: string(t.Name),
|
||||
Namespace: i.Namespace,
|
||||
Kind: targetKind,
|
||||
}
|
||||
var hosts []string
|
||||
if targetKind == kind.Service {
|
||||
hosts = []string{string(t.Name) + "." + i.Namespace + ".svc." + domainSuffix}
|
||||
} else if targetKind == kind.ServiceEntry {
|
||||
if serviceEntryPtr, ok := refo.(*networkingclient.ServiceEntry); ok {
|
||||
hosts = serviceEntryPtr.Spec.Hosts
|
||||
}
|
||||
}
|
||||
|
||||
for _, host := range hosts {
|
||||
res = append(res, BackendPolicy{
|
||||
Source: TypedNamespacedName{
|
||||
NamespacedName: config.NamespacedName(i),
|
||||
Kind: kind.BackendTLSPolicy,
|
||||
},
|
||||
Kind: gvk.MustToKind(schematypes.GvkFromObject(refo.(controllers.Object))),
|
||||
},
|
||||
TLS: tls,
|
||||
CreationTime: i.CreationTimestamp.Time,
|
||||
})
|
||||
TargetIndex: idx,
|
||||
Target: target,
|
||||
Host: host,
|
||||
SectionName: sectionName,
|
||||
TLS: tls,
|
||||
CreationTime: i.CreationTimestamp.Time,
|
||||
})
|
||||
ancestorBackends := krt.Fetch(ctx, ancestors, krt.FilterKey(target.String()))
|
||||
for _, gwl := range ancestorBackends {
|
||||
for _, i := range gwl.Objects {
|
||||
uniqueGateways.Insert(i.Gateway)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
// TODO: section name
|
||||
ancestors = append(ancestors, setAncestorStatus(t.LocalPolicyTargetReference, status, i.Generation, conds))
|
||||
// We add a status for Service (for mesh), and for each Gateway
|
||||
meshPR := gw.ParentReference{
|
||||
Group: &t.Group,
|
||||
Kind: &t.Kind,
|
||||
Name: t.Name,
|
||||
SectionName: t.SectionName,
|
||||
}
|
||||
ancestorStatus = append(ancestorStatus, setAncestorStatus(meshPR, status, i.Generation, conds, constants.ManagedGatewayMeshController))
|
||||
}
|
||||
status.Ancestors = mergeAncestors(status.Ancestors, ancestors)
|
||||
gwl := slices.SortBy(uniqueGateways.UnsortedList(), types.NamespacedName.String)
|
||||
for _, g := range gwl {
|
||||
pr := gw.ParentReference{
|
||||
Group: ptr.Of(gw.Group(gvk.KubernetesGateway.Group)),
|
||||
Kind: ptr.Of(gw.Kind(gvk.KubernetesGateway.Kind)),
|
||||
Name: gw.ObjectName(g.Name),
|
||||
}
|
||||
ancestorStatus = append(ancestorStatus, setAncestorStatus(pr, status, i.Generation, conds, gw.GatewayController(higressconstants.ManagedGatewayController)))
|
||||
}
|
||||
status.Ancestors = mergeAncestors(status.Ancestors, ancestorStatus)
|
||||
return status, res
|
||||
}, opts.WithName("BackendTLSPolicy")...)
|
||||
}
|
||||
|
||||
func getBackendTLSCredentialName(
|
||||
validation gatewayalpha3.BackendTLSPolicyValidation,
|
||||
validation gw.BackendTLSPolicyValidation,
|
||||
policyNamespace string,
|
||||
conds map[string]*condition,
|
||||
references *ReferenceSet,
|
||||
) string {
|
||||
if wk := validation.WellKnownCACertificates; wk != nil {
|
||||
switch *wk {
|
||||
case gatewayalpha3.WellKnownCACertificatesSystem:
|
||||
case gw.WellKnownCACertificatesSystem:
|
||||
// Already our default, no action needed
|
||||
default:
|
||||
conds[string(gatewayalpha2.PolicyConditionAccepted)].error = &ConfigError{
|
||||
Reason: string(gatewayalpha2.PolicyReasonInvalid),
|
||||
conds[string(gw.PolicyConditionAccepted)].error = &ConfigError{
|
||||
Reason: string(gw.PolicyReasonInvalid),
|
||||
Message: fmt.Sprintf("Unknown wellKnownCACertificates: %v", *wk),
|
||||
}
|
||||
}
|
||||
@@ -278,7 +458,7 @@ func getBackendTLSCredentialName(
|
||||
// We only support 1
|
||||
ref := validation.CACertificateRefs[0]
|
||||
if len(validation.CACertificateRefs) > 1 {
|
||||
conds[string(gatewayalpha2.PolicyConditionAccepted)].message += "; warning: only the first caCertificateRefs will be used"
|
||||
conds[string(gw.PolicyConditionAccepted)].message += "; warning: only the first caCertificateRefs will be used"
|
||||
}
|
||||
refo, err := references.LocalPolicyRef(ref, policyNamespace)
|
||||
if err == nil {
|
||||
@@ -286,6 +466,10 @@ func getBackendTLSCredentialName(
|
||||
case *v1.ConfigMap:
|
||||
if _, rerr := kubesecrets.ExtractRootFromString(to.Data); rerr != nil {
|
||||
err = rerr
|
||||
conds[string(gw.BackendTLSPolicyReasonResolvedRefs)].error = &ConfigError{
|
||||
Reason: string(gw.BackendTLSPolicyReasonInvalidCACertificateRef),
|
||||
Message: "Certificate invalid: " + err.Error(),
|
||||
}
|
||||
} else {
|
||||
return credentials.KubernetesConfigMapTypeURI + policyNamespace + "/" + string(ref.Name)
|
||||
}
|
||||
@@ -296,12 +480,28 @@ func getBackendTLSCredentialName(
|
||||
// Additionally, we will need to ensure we don't accidentally authorize them to access the private key, just the ca.crt
|
||||
default:
|
||||
err = fmt.Errorf("unsupported reference kind: %v", ref.Kind)
|
||||
conds[string(gw.BackendTLSPolicyReasonResolvedRefs)].error = &ConfigError{
|
||||
Reason: string(gw.BackendTLSPolicyReasonInvalidKind),
|
||||
Message: "Certificate reference invalid: " + err.Error(),
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if strings.Contains(err.Error(), "unsupported kind") {
|
||||
conds[string(gw.BackendTLSPolicyReasonResolvedRefs)].error = &ConfigError{
|
||||
Reason: string(gw.BackendTLSPolicyReasonInvalidKind),
|
||||
Message: "Certificate reference not supported: " + err.Error(),
|
||||
}
|
||||
} else {
|
||||
conds[string(gw.BackendTLSPolicyReasonResolvedRefs)].error = &ConfigError{
|
||||
Reason: string(gw.BackendTLSPolicyReasonInvalidCACertificateRef),
|
||||
Message: "Certificate reference not found: " + err.Error(),
|
||||
}
|
||||
}
|
||||
}
|
||||
if err != nil {
|
||||
conds[string(gatewayalpha2.PolicyConditionAccepted)].error = &ConfigError{
|
||||
Reason: string(gatewayalpha2.PolicyReasonInvalid),
|
||||
Message: fmt.Sprintf("Certificate reference invalid: %v", err),
|
||||
conds[string(gw.PolicyConditionAccepted)].error = &ConfigError{
|
||||
Reason: string(gw.BackendTLSPolicyReasonNoValidCACertificate),
|
||||
Message: "Certificate reference invalid: " + err.Error(),
|
||||
}
|
||||
// Generate an invalid reference. This ensures traffic is blocked.
|
||||
// See https://github.com/kubernetes-sigs/gateway-api/issues/3516 for upstream clarification on desired behavior here.
|
||||
@@ -313,6 +513,7 @@ func getBackendTLSCredentialName(
|
||||
func BackendTrafficPolicyCollection(
|
||||
trafficPolicies krt.Collection[*gatewayx.XBackendTrafficPolicy],
|
||||
references *ReferenceSet,
|
||||
domainSuffix string,
|
||||
opts krt.OptionsBuilder,
|
||||
) (krt.StatusCollection[*gatewayx.XBackendTrafficPolicy, gatewayx.PolicyStatus], krt.Collection[BackendPolicy]) {
|
||||
return krt.NewStatusManyCollection(trafficPolicies, func(ctx krt.HandlerContext, i *gatewayx.XBackendTrafficPolicy) (
|
||||
@@ -321,14 +522,14 @@ func BackendTrafficPolicyCollection(
|
||||
) {
|
||||
status := i.Status.DeepCopy()
|
||||
res := make([]BackendPolicy, 0, len(i.Spec.TargetRefs))
|
||||
ancestors := make([]gatewayalpha2.PolicyAncestorStatus, 0, len(i.Spec.TargetRefs))
|
||||
ancestors := make([]gw.PolicyAncestorStatus, 0, len(i.Spec.TargetRefs))
|
||||
|
||||
lb := &networking.LoadBalancerSettings{}
|
||||
var retryBudget *networking.TrafficPolicy_RetryBudget
|
||||
|
||||
conds := map[string]*condition{
|
||||
string(gatewayalpha2.PolicyConditionAccepted): {
|
||||
reason: string(gatewayalpha2.PolicyReasonAccepted),
|
||||
string(gw.PolicyConditionAccepted): {
|
||||
reason: string(gw.PolicyReasonAccepted),
|
||||
message: "Configuration is valid",
|
||||
},
|
||||
}
|
||||
@@ -351,12 +552,12 @@ func BackendTrafficPolicyCollection(
|
||||
}
|
||||
if len(unsupported) > 0 {
|
||||
msg := fmt.Sprintf("Configuration is valid, but Istio does not support the following fields: %v", humanReadableJoin(unsupported))
|
||||
conds[string(gatewayalpha2.PolicyConditionAccepted)].message = msg
|
||||
conds[string(gw.PolicyConditionAccepted)].message = msg
|
||||
}
|
||||
|
||||
for idx, t := range i.Spec.TargetRefs {
|
||||
conds = maps.Clone(conds)
|
||||
refo, err := references.LocalPolicyTargetRef(t, i.Namespace)
|
||||
refo, err := references.XLocalPolicyTargetRef(t, i.Namespace)
|
||||
if err == nil {
|
||||
switch refo.(type) {
|
||||
case *v1.Service:
|
||||
@@ -365,32 +566,39 @@ func BackendTrafficPolicyCollection(
|
||||
}
|
||||
}
|
||||
if err != nil {
|
||||
conds[string(gatewayalpha2.PolicyConditionAccepted)].error = &ConfigError{
|
||||
Reason: string(gatewayalpha2.PolicyReasonTargetNotFound),
|
||||
Message: fmt.Sprintf("targetRefs invalid: %v", err),
|
||||
conds[string(gw.PolicyConditionAccepted)].error = &ConfigError{
|
||||
Reason: string(gw.PolicyReasonTargetNotFound),
|
||||
Message: "targetRefs invalid: " + err.Error(),
|
||||
}
|
||||
} else {
|
||||
// Only create an object if we can resolve the target
|
||||
res = append(res, BackendPolicy{
|
||||
Source: TypedNamedspacedName{
|
||||
Source: TypedNamespacedName{
|
||||
NamespacedName: config.NamespacedName(i),
|
||||
Kind: kind.XBackendTrafficPolicy,
|
||||
},
|
||||
TargetIndex: idx,
|
||||
Target: TypedNamedspacedName{
|
||||
Target: TypedNamespacedName{
|
||||
NamespacedName: types.NamespacedName{
|
||||
Name: string(t.Name),
|
||||
Namespace: i.Namespace,
|
||||
},
|
||||
Kind: kind.Service,
|
||||
},
|
||||
Host: string(t.Name) + "." + i.Namespace + ".svc." + domainSuffix,
|
||||
TLS: nil,
|
||||
LoadBalancer: lb,
|
||||
RetryBudget: retryBudget,
|
||||
CreationTime: i.CreationTimestamp.Time,
|
||||
})
|
||||
}
|
||||
ancestors = append(ancestors, setAncestorStatus(t, status, i.Generation, conds))
|
||||
|
||||
pr := gw.ParentReference{
|
||||
Group: &t.Group,
|
||||
Kind: &t.Kind,
|
||||
Name: t.Name,
|
||||
}
|
||||
ancestors = append(ancestors, setAncestorStatus(pr, status, i.Generation, conds, constants.ManagedGatewayMeshController))
|
||||
}
|
||||
status.Ancestors = mergeAncestors(status.Ancestors, ancestors)
|
||||
return status, res
|
||||
@@ -398,31 +606,27 @@ func BackendTrafficPolicyCollection(
|
||||
}
|
||||
|
||||
func setAncestorStatus(
|
||||
t gatewayalpha2.LocalPolicyTargetReference,
|
||||
status *gatewayalpha2.PolicyStatus,
|
||||
pr gw.ParentReference,
|
||||
status *gw.PolicyStatus,
|
||||
generation int64,
|
||||
conds map[string]*condition,
|
||||
) gatewayalpha2.PolicyAncestorStatus {
|
||||
pr := gatewayalpha2.ParentReference{
|
||||
Group: &t.Group,
|
||||
Kind: &t.Kind,
|
||||
Name: t.Name,
|
||||
}
|
||||
currentAncestor := slices.FindFunc(status.Ancestors, func(ex gatewayalpha2.PolicyAncestorStatus) bool {
|
||||
controller gw.GatewayController,
|
||||
) gw.PolicyAncestorStatus {
|
||||
currentAncestor := slices.FindFunc(status.Ancestors, func(ex gw.PolicyAncestorStatus) bool {
|
||||
return parentRefEqual(ex.AncestorRef, pr)
|
||||
})
|
||||
var currentConds []metav1.Condition
|
||||
if currentAncestor != nil {
|
||||
currentConds = currentAncestor.Conditions
|
||||
}
|
||||
return gatewayalpha2.PolicyAncestorStatus{
|
||||
return gw.PolicyAncestorStatus{
|
||||
AncestorRef: pr,
|
||||
ControllerName: k8s.GatewayController(features.ManagedGatewayController),
|
||||
ControllerName: controller,
|
||||
Conditions: setConditions(generation, currentConds, conds),
|
||||
}
|
||||
}
|
||||
|
||||
func parentRefEqual(a, b gatewayalpha2.ParentReference) bool {
|
||||
func parentRefEqual(a, b gw.ParentReference) bool {
|
||||
return ptr.Equal(a.Group, b.Group) &&
|
||||
ptr.Equal(a.Kind, b.Kind) &&
|
||||
a.Name == b.Name &&
|
||||
@@ -431,19 +635,20 @@ func parentRefEqual(a, b gatewayalpha2.ParentReference) bool {
|
||||
ptr.Equal(a.Port, b.Port)
|
||||
}
|
||||
|
||||
var outControllers = sets.New(gw.GatewayController(higressconstants.ManagedGatewayController), constants.ManagedGatewayMeshController)
|
||||
|
||||
// mergeAncestors merges an existing ancestor with in incoming one. We preserve order, prune stale references set by our controller,
|
||||
// and add any new references from our controller.
|
||||
func mergeAncestors(existing []gatewayalpha2.PolicyAncestorStatus, incoming []gatewayalpha2.PolicyAncestorStatus) []gatewayalpha2.PolicyAncestorStatus {
|
||||
ourController := k8s.GatewayController(features.ManagedGatewayController)
|
||||
func mergeAncestors(existing []gw.PolicyAncestorStatus, incoming []gw.PolicyAncestorStatus) []gw.PolicyAncestorStatus {
|
||||
n := 0
|
||||
for _, x := range existing {
|
||||
if x.ControllerName != ourController {
|
||||
if !outControllers.Contains(x.ControllerName) {
|
||||
// Keep it as-is
|
||||
existing[n] = x
|
||||
n++
|
||||
continue
|
||||
}
|
||||
replacement := slices.IndexFunc(incoming, func(status gatewayalpha2.PolicyAncestorStatus) bool {
|
||||
replacement := slices.IndexFunc(incoming, func(status gw.PolicyAncestorStatus) bool {
|
||||
return parentRefEqual(status.AncestorRef, x.AncestorRef)
|
||||
})
|
||||
if replacement != -1 {
|
||||
@@ -457,5 +662,13 @@ func mergeAncestors(existing []gatewayalpha2.PolicyAncestorStatus, incoming []ga
|
||||
existing = existing[:n]
|
||||
// Add all remaining ones.
|
||||
existing = append(existing, incoming...)
|
||||
return existing
|
||||
// There is a max of 16
|
||||
return existing[:min(len(existing), 16)]
|
||||
}
|
||||
|
||||
func generateDRName(target TypedNamespacedName, host string) string {
|
||||
if target.Kind == kind.ServiceEntry {
|
||||
return target.Name + "~" + strings.ReplaceAll(host, ".", "-") + "~" + constants.KubernetesGatewayName
|
||||
}
|
||||
return target.Name + "~" + constants.KubernetesGatewayName
|
||||
}
|
||||
|
||||
@@ -21,6 +21,7 @@ import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
k8s "sigs.k8s.io/gateway-api/apis/v1"
|
||||
|
||||
higressconstants "github.com/alibaba/higress/v2/pkg/config/constants"
|
||||
"istio.io/istio/pilot/pkg/features"
|
||||
"istio.io/istio/pilot/pkg/model/kstatus"
|
||||
"istio.io/istio/pkg/config/schema/gvk"
|
||||
@@ -52,7 +53,7 @@ func createRouteStatus(
|
||||
parentIndexes := map[string]int{}
|
||||
for idx, p := range parents {
|
||||
// Only consider our own
|
||||
if p.ControllerName != k8s.GatewayController(features.ManagedGatewayController) {
|
||||
if p.ControllerName != k8s.GatewayController(higressconstants.ManagedGatewayController) {
|
||||
continue
|
||||
}
|
||||
rs := parentRefString(p.ParentRef, objectNamespace)
|
||||
@@ -185,14 +186,14 @@ func createRouteStatus(
|
||||
var currentConditions []metav1.Condition
|
||||
currentStatus := slices.FindFunc(currentParents, func(s k8s.RouteParentStatus) bool {
|
||||
return parentRefString(s.ParentRef, objectNamespace) == myRef &&
|
||||
s.ControllerName == k8s.GatewayController(features.ManagedGatewayController)
|
||||
s.ControllerName == k8s.GatewayController(higressconstants.ManagedGatewayController)
|
||||
})
|
||||
if currentStatus != nil {
|
||||
currentConditions = currentStatus.Conditions
|
||||
}
|
||||
ns := k8s.RouteParentStatus{
|
||||
ParentRef: gw.OriginalReference,
|
||||
ControllerName: k8s.GatewayController(features.ManagedGatewayController),
|
||||
ControllerName: k8s.GatewayController(higressconstants.ManagedGatewayController),
|
||||
Conditions: setConditions(generation, currentConditions, conds),
|
||||
}
|
||||
// Parent ref already exists, insert in the same place
|
||||
|
||||
@@ -21,7 +21,7 @@ import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
k8s "sigs.k8s.io/gateway-api/apis/v1beta1"
|
||||
|
||||
"istio.io/istio/pilot/pkg/features"
|
||||
higressconstants "github.com/alibaba/higress/v2/pkg/config/constants"
|
||||
"istio.io/istio/pkg/config"
|
||||
"istio.io/istio/pkg/config/schema/gvk"
|
||||
)
|
||||
@@ -39,7 +39,7 @@ func TestCreateRouteStatus(t *testing.T) {
|
||||
},
|
||||
{
|
||||
ParentRef: parentRef,
|
||||
ControllerName: k8s.GatewayController(features.ManagedGatewayController),
|
||||
ControllerName: k8s.GatewayController(higressconstants.ManagedGatewayController),
|
||||
Conditions: []metav1.Condition{
|
||||
{
|
||||
Type: string(k8s.RouteReasonAccepted),
|
||||
|
||||
@@ -16,15 +16,13 @@ package istio
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"go.uber.org/atomic"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
inferencev1alpha2 "sigs.k8s.io/gateway-api-inference-extension/api/v1alpha2"
|
||||
inferencev1 "sigs.k8s.io/gateway-api-inference-extension/api/v1"
|
||||
gatewayv1 "sigs.k8s.io/gateway-api/apis/v1"
|
||||
gatewayalpha "sigs.k8s.io/gateway-api/apis/v1alpha2"
|
||||
gatewayalpha3 "sigs.k8s.io/gateway-api/apis/v1alpha3"
|
||||
gateway "sigs.k8s.io/gateway-api/apis/v1beta1"
|
||||
gatewayx "sigs.k8s.io/gateway-api/apisx/v1alpha1"
|
||||
|
||||
@@ -153,9 +151,9 @@ type Inputs struct {
|
||||
ListenerSets krt.Collection[*gatewayx.XListenerSet]
|
||||
ReferenceGrants krt.Collection[*gateway.ReferenceGrant]
|
||||
BackendTrafficPolicy krt.Collection[*gatewayx.XBackendTrafficPolicy]
|
||||
BackendTLSPolicies krt.Collection[*gatewayalpha3.BackendTLSPolicy]
|
||||
BackendTLSPolicies krt.Collection[*gatewayv1.BackendTLSPolicy]
|
||||
ServiceEntries krt.Collection[*networkingclient.ServiceEntry]
|
||||
InferencePools krt.Collection[*inferencev1alpha2.InferencePool]
|
||||
InferencePools krt.Collection[*inferencev1.InferencePool]
|
||||
}
|
||||
|
||||
var _ model.GatewayController = &Controller{}
|
||||
@@ -201,11 +199,12 @@ func NewController(
|
||||
kclient.NewFiltered[*corev1.ConfigMap](kc, kubetypes.Filter{ObjectFilter: kc.ObjectFilter()}),
|
||||
opts.WithName("informer/ConfigMaps")...,
|
||||
),
|
||||
Services: krt.WrapClient[*corev1.Service](svcClient, opts.WithName("informer/Services")...),
|
||||
GatewayClasses: buildClient[*gateway.GatewayClass](c, kc, gvr.GatewayClass, opts, "informer/GatewayClasses"),
|
||||
Gateways: buildClient[*gateway.Gateway](c, kc, gvr.KubernetesGateway, opts, "informer/Gateways"),
|
||||
HTTPRoutes: buildClient[*gateway.HTTPRoute](c, kc, gvr.HTTPRoute, opts, "informer/HTTPRoutes"),
|
||||
GRPCRoutes: buildClient[*gatewayv1.GRPCRoute](c, kc, gvr.GRPCRoute, opts, "informer/GRPCRoutes"),
|
||||
Services: krt.WrapClient[*corev1.Service](svcClient, opts.WithName("informer/Services")...),
|
||||
GatewayClasses: buildClient[*gateway.GatewayClass](c, kc, gvr.GatewayClass, opts, "informer/GatewayClasses"),
|
||||
Gateways: buildClient[*gateway.Gateway](c, kc, gvr.KubernetesGateway, opts, "informer/Gateways"),
|
||||
HTTPRoutes: buildClient[*gateway.HTTPRoute](c, kc, gvr.HTTPRoute, opts, "informer/HTTPRoutes"),
|
||||
GRPCRoutes: buildClient[*gatewayv1.GRPCRoute](c, kc, gvr.GRPCRoute, opts, "informer/GRPCRoutes"),
|
||||
BackendTLSPolicies: buildClient[*gatewayv1.BackendTLSPolicy](c, kc, gvr.BackendTLSPolicy, opts, "informer/BackendTLSPolicies"),
|
||||
|
||||
ReferenceGrants: buildClient[*gateway.ReferenceGrant](c, kc, gvr.ReferenceGrant, opts, "informer/ReferenceGrants"),
|
||||
ServiceEntries: buildClient[*networkingclient.ServiceEntry](c, kc, gvr.ServiceEntry, opts, "informer/ServiceEntries"),
|
||||
@@ -213,27 +212,26 @@ func NewController(
|
||||
if features.EnableAlphaGatewayAPI {
|
||||
inputs.TCPRoutes = buildClient[*gatewayalpha.TCPRoute](c, kc, gvr.TCPRoute, opts, "informer/TCPRoutes")
|
||||
inputs.TLSRoutes = buildClient[*gatewayalpha.TLSRoute](c, kc, gvr.TLSRoute, opts, "informer/TLSRoutes")
|
||||
inputs.BackendTLSPolicies = buildClient[*gatewayalpha3.BackendTLSPolicy](c, kc, gvr.BackendTLSPolicy, opts, "informer/BackendTLSPolicies")
|
||||
inputs.BackendTrafficPolicy = buildClient[*gatewayx.XBackendTrafficPolicy](c, kc, gvr.XBackendTrafficPolicy, opts, "informer/XBackendTrafficPolicy")
|
||||
inputs.ListenerSets = buildClient[*gatewayx.XListenerSet](c, kc, gvr.XListenerSet, opts, "informer/XListenerSet")
|
||||
} else {
|
||||
// If disabled, still build a collection but make it always empty
|
||||
inputs.TCPRoutes = krt.NewStaticCollection[*gatewayalpha.TCPRoute](nil, nil, opts.WithName("disable/TCPRoutes")...)
|
||||
inputs.TLSRoutes = krt.NewStaticCollection[*gatewayalpha.TLSRoute](nil, nil, opts.WithName("disable/TLSRoutes")...)
|
||||
inputs.BackendTLSPolicies = krt.NewStaticCollection[*gatewayalpha3.BackendTLSPolicy](nil, nil, opts.WithName("disable/BackendTLSPolicies")...)
|
||||
inputs.BackendTrafficPolicy = krt.NewStaticCollection[*gatewayx.XBackendTrafficPolicy](nil, nil, opts.WithName("disable/XBackendTrafficPolicy")...)
|
||||
inputs.ListenerSets = krt.NewStaticCollection[*gatewayx.XListenerSet](nil, nil, opts.WithName("disable/XListenerSet")...)
|
||||
}
|
||||
|
||||
if features.EnableGatewayAPIInferenceExtension {
|
||||
inputs.InferencePools = buildClient[*inferencev1alpha2.InferencePool](c, kc, gvr.InferencePool, opts, "informer/InferencePools")
|
||||
inputs.InferencePools = buildClient[*inferencev1.InferencePool](c, kc, gvr.InferencePool, opts, "informer/InferencePools")
|
||||
} else {
|
||||
// If disabled, still build a collection but make it always empty
|
||||
inputs.InferencePools = krt.NewStaticCollection[*inferencev1alpha2.InferencePool](nil, nil, opts.WithName("disable/InferencePools")...)
|
||||
inputs.InferencePools = krt.NewStaticCollection[*inferencev1.InferencePool](nil, nil, opts.WithName("disable/InferencePools")...)
|
||||
}
|
||||
|
||||
references := NewReferenceSet(
|
||||
AddReference(inputs.Services),
|
||||
AddReference(inputs.ServiceEntries),
|
||||
AddReference(inputs.ConfigMaps),
|
||||
AddReference(inputs.Secrets),
|
||||
)
|
||||
@@ -252,6 +250,7 @@ func NewController(
|
||||
GatewayClasses,
|
||||
inputs.Namespaces,
|
||||
ReferenceGrants,
|
||||
inputs.ConfigMaps,
|
||||
inputs.Secrets,
|
||||
options.DomainSuffix,
|
||||
c.gatewayContext,
|
||||
@@ -261,15 +260,6 @@ func NewController(
|
||||
)
|
||||
status.RegisterStatus(c.status, ListenerSetStatus, GetStatus)
|
||||
|
||||
DestinationRules := DestinationRuleCollection(
|
||||
inputs.BackendTrafficPolicy,
|
||||
inputs.BackendTLSPolicies,
|
||||
references,
|
||||
c.domainSuffix,
|
||||
c,
|
||||
opts,
|
||||
)
|
||||
|
||||
// GatewaysStatus is not fully complete until its join with route attachments to report attachedRoutes.
|
||||
// Do not register yet.
|
||||
GatewaysStatus, Gateways := GatewayCollection(
|
||||
@@ -278,6 +268,7 @@ func NewController(
|
||||
GatewayClasses,
|
||||
inputs.Namespaces,
|
||||
ReferenceGrants,
|
||||
inputs.ConfigMaps,
|
||||
inputs.Secrets,
|
||||
c.domainSuffix,
|
||||
c.gatewayContext,
|
||||
@@ -352,6 +343,26 @@ func NewController(
|
||||
RouteAttachmentsIndex := krt.NewIndex(RouteAttachments, "to", func(o RouteAttachment) []types.NamespacedName {
|
||||
return []types.NamespacedName{o.To}
|
||||
})
|
||||
Ancestors := krt.JoinCollection([]krt.Collection[AncestorBackend]{
|
||||
tcpRoutes.Ancestors,
|
||||
tlsRoutes.Ancestors,
|
||||
httpRoutes.Ancestors,
|
||||
grpcRoutes.Ancestors,
|
||||
}, opts.WithName("Ancestors")...)
|
||||
AncestorsIndex := krt.NewIndex(Ancestors, "ancestors", func(o AncestorBackend) []TypedNamespacedName {
|
||||
return []TypedNamespacedName{o.Backend}
|
||||
})
|
||||
|
||||
DestinationRules := DestinationRuleCollection(
|
||||
inputs.BackendTrafficPolicy,
|
||||
inputs.BackendTLSPolicies,
|
||||
AncestorsIndex,
|
||||
references,
|
||||
c.domainSuffix,
|
||||
c,
|
||||
inputs.Services,
|
||||
opts,
|
||||
)
|
||||
|
||||
GatewayFinalStatus := FinalGatewayStatusCollection(GatewaysStatus, RouteAttachments, RouteAttachmentsIndex, opts)
|
||||
status.RegisterStatus(c.status, GatewayFinalStatus, GetStatus)
|
||||
|
||||
@@ -17,11 +17,14 @@ package istio
|
||||
import (
|
||||
"cmp"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"fmt"
|
||||
higressconfig "github.com/alibaba/higress/v2/pkg/config"
|
||||
"github.com/alibaba/higress/v2/pkg/ingress/kube/util"
|
||||
"istio.io/istio/pilot/pkg/credentials"
|
||||
"net"
|
||||
"path"
|
||||
inferencev1 "sigs.k8s.io/gateway-api-inference-extension/api/v1"
|
||||
"sort"
|
||||
"strconv"
|
||||
"strings"
|
||||
@@ -32,10 +35,8 @@ import (
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
klabels "k8s.io/apimachinery/pkg/labels"
|
||||
inferencev1alpha2 "sigs.k8s.io/gateway-api-inference-extension/api/v1alpha2"
|
||||
k8s "sigs.k8s.io/gateway-api/apis/v1"
|
||||
k8salpha "sigs.k8s.io/gateway-api/apis/v1alpha2"
|
||||
gatewayalpha3 "sigs.k8s.io/gateway-api/apis/v1alpha3"
|
||||
k8sbeta "sigs.k8s.io/gateway-api/apis/v1beta1"
|
||||
gatewayx "sigs.k8s.io/gateway-api/apisx/v1alpha1"
|
||||
|
||||
@@ -342,7 +343,7 @@ func parentTypes(rpi []routeParentReference) (mesh, gateway bool) {
|
||||
gateway = true
|
||||
}
|
||||
}
|
||||
return
|
||||
return mesh, gateway
|
||||
}
|
||||
|
||||
func augmentPortMatch(routes []*istio.HTTPRoute, port k8s.PortNumber) []*istio.HTTPRoute {
|
||||
@@ -1269,7 +1270,7 @@ func createCorsFilter(filter *k8s.HTTPCORSFilter) *istio.CorsPolicy {
|
||||
MatchType: &istio.StringMatch_Exact{Exact: string(r)},
|
||||
})
|
||||
}
|
||||
if filter.AllowCredentials {
|
||||
if ptr.OrEmpty(filter.AllowCredentials) {
|
||||
res.AllowCredentials = wrappers.Bool(true)
|
||||
}
|
||||
for _, r := range filter.AllowMethods {
|
||||
@@ -2013,11 +2014,13 @@ func extractGatewayServices(domainSuffix string, kgw *k8sbeta.Gateway, info clas
|
||||
|
||||
func buildListener(
|
||||
ctx krt.HandlerContext,
|
||||
configMaps krt.Collection[*corev1.ConfigMap],
|
||||
secrets krt.Collection[*corev1.Secret],
|
||||
grants ReferenceGrants,
|
||||
namespaces krt.Collection[*corev1.Namespace],
|
||||
obj controllers.Object,
|
||||
status []k8s.ListenerStatus,
|
||||
gw k8s.GatewaySpec,
|
||||
l k8s.Listener,
|
||||
listenerIndex int,
|
||||
controllerName k8s.GatewayController,
|
||||
@@ -2044,7 +2047,7 @@ func buildListener(
|
||||
}
|
||||
|
||||
ok := true
|
||||
tls, err := buildTLS(ctx, secrets, grants, l.TLS, obj, kube.IsAutoPassthrough(obj.GetLabels(), l))
|
||||
tls, err := buildTLS(ctx, configMaps, secrets, grants, resolveGatewayTLS(l.Port, gw.TLS), l.TLS, obj, kube.IsAutoPassthrough(obj.GetLabels(), l))
|
||||
if err != nil {
|
||||
listenerConditions[string(k8s.ListenerConditionResolvedRefs)].error = err
|
||||
listenerConditions[string(k8s.GatewayConditionProgrammed)].error = &ConfigError{
|
||||
@@ -2135,11 +2138,27 @@ func listenerProtocolToIstio(name k8s.GatewayController, p k8s.ProtocolType) (st
|
||||
return "", fmt.Errorf("protocol %q is unsupported", p)
|
||||
}
|
||||
|
||||
func resolveGatewayTLS(port k8s.PortNumber, gw *k8s.GatewayTLSConfig) *k8s.TLSConfig {
|
||||
if gw == nil || gw.Frontend == nil {
|
||||
return nil
|
||||
}
|
||||
f := gw.Frontend
|
||||
pp := slices.FindFunc(f.PerPort, func(portConfig k8s.TLSPortConfig) bool {
|
||||
return portConfig.Port == port
|
||||
})
|
||||
if pp != nil {
|
||||
return &pp.TLS
|
||||
}
|
||||
return &f.Default
|
||||
}
|
||||
|
||||
func buildTLS(
|
||||
ctx krt.HandlerContext,
|
||||
configMaps krt.Collection[*corev1.ConfigMap],
|
||||
secrets krt.Collection[*corev1.Secret],
|
||||
grants ReferenceGrants,
|
||||
tls *k8s.GatewayTLSConfig,
|
||||
gatewayTLS *k8s.TLSConfig,
|
||||
tls *k8s.ListenerTLSConfig,
|
||||
gw controllers.Object,
|
||||
isAutoPassthrough bool,
|
||||
) (*istio.ServerTLSSettings, *ConfigError) {
|
||||
@@ -2216,6 +2235,32 @@ func buildTLS(
|
||||
} else {
|
||||
out.CredentialNames = credNames
|
||||
}
|
||||
|
||||
if gatewayTLS != nil && gatewayTLS.Validation != nil && len(gatewayTLS.Validation.CACertificateRefs) > 0 {
|
||||
// TODO: add 'Mode'
|
||||
if len(gatewayTLS.Validation.CACertificateRefs) > 1 {
|
||||
return out, &ConfigError{
|
||||
Reason: InvalidTLS,
|
||||
Message: "only one caCertificateRef is supported",
|
||||
}
|
||||
}
|
||||
caCertRef := gatewayTLS.Validation.CACertificateRefs[0]
|
||||
cred, err := buildCaCertificateReference(ctx, caCertRef, gw, configMaps, secrets)
|
||||
if err != nil {
|
||||
return out, err
|
||||
}
|
||||
if cred.Namespace != namespace && !grants.SecretAllowed(ctx, schematypes.GvkFromObject(gw), cred.ResourceName, namespace) {
|
||||
return out, &ConfigError{
|
||||
Reason: InvalidListenerRefNotPermitted,
|
||||
Message: fmt.Sprintf(
|
||||
"caCertificateRef %v/%v not accessible to a Gateway in namespace %q (missing a ReferenceGrant?)",
|
||||
cred.Namespace, caCertRef.Name, namespace,
|
||||
),
|
||||
}
|
||||
}
|
||||
out.Mode = istio.ServerTLSSettings_MUTUAL
|
||||
//out.CaCertCredentialName = cred.ResourceName
|
||||
}
|
||||
case k8s.TLSModePassthrough:
|
||||
out.Mode = istio.ServerTLSSettings_PASSTHROUGH
|
||||
if isAutoPassthrough {
|
||||
@@ -2232,7 +2277,7 @@ func buildSecretReference(
|
||||
secrets krt.Collection[*corev1.Secret],
|
||||
) (string, *ConfigError) {
|
||||
if normalizeReference(ref.Group, ref.Kind, gvk.Secret) != gvk.Secret {
|
||||
return "", &ConfigError{Reason: InvalidTLS, Message: fmt.Sprintf("invalid certificate reference %v, only secret is allowed", objectReferenceString(ref))}
|
||||
return "", &ConfigError{Reason: InvalidTLS, Message: fmt.Sprintf("invalid certificate reference %v, only secret is allowed", secretObjectReferenceString(ref))}
|
||||
}
|
||||
|
||||
secret := model.ConfigKey{
|
||||
@@ -2246,26 +2291,101 @@ func buildSecretReference(
|
||||
if scrt == nil {
|
||||
return "", &ConfigError{
|
||||
Reason: InvalidTLS,
|
||||
Message: fmt.Sprintf("invalid certificate reference %v, secret %v not found", objectReferenceString(ref), key),
|
||||
Message: fmt.Sprintf("invalid certificate reference %v, secret %v not found", secretObjectReferenceString(ref), key),
|
||||
}
|
||||
}
|
||||
certInfo, err := kubecreds.ExtractCertInfo(scrt)
|
||||
if err != nil {
|
||||
return "", &ConfigError{
|
||||
Reason: InvalidTLS,
|
||||
Message: fmt.Sprintf("invalid certificate reference %v, %v", objectReferenceString(ref), err),
|
||||
Message: fmt.Sprintf("invalid certificate reference %v, %v", secretObjectReferenceString(ref), err),
|
||||
}
|
||||
}
|
||||
if _, err = tls.X509KeyPair(certInfo.Cert, certInfo.Key); err != nil {
|
||||
return "", &ConfigError{
|
||||
Reason: InvalidTLS,
|
||||
Message: fmt.Sprintf("invalid certificate reference %v, the certificate is malformed: %v", objectReferenceString(ref), err),
|
||||
Message: fmt.Sprintf("invalid certificate reference %v, the certificate is malformed: %v", secretObjectReferenceString(ref), err),
|
||||
}
|
||||
}
|
||||
return creds.ToKubernetesGatewayResource(secret.Namespace, secret.Name), nil
|
||||
}
|
||||
|
||||
func objectReferenceString(ref k8s.SecretObjectReference) string {
|
||||
func buildCaCertificateReference(
|
||||
ctx krt.HandlerContext,
|
||||
ref k8s.ObjectReference,
|
||||
gw controllers.Object,
|
||||
configMaps krt.Collection[*corev1.ConfigMap],
|
||||
secrets krt.Collection[*corev1.Secret],
|
||||
) (*creds.SecretResource, *ConfigError) {
|
||||
var resourceType string
|
||||
var resourceKind kind.Kind
|
||||
var certInfo *credentials.CertInfo
|
||||
var certInfoErr error
|
||||
|
||||
namespace := ptr.OrDefault((*string)(ref.Namespace), gw.GetNamespace())
|
||||
name := string(ref.Name)
|
||||
|
||||
switch normalizeReference(&ref.Group, &ref.Kind, config.GroupVersionKind{}) {
|
||||
case gvk.ConfigMap:
|
||||
resourceType = creds.KubernetesConfigMapType
|
||||
resourceKind = kind.ConfigMap
|
||||
|
||||
key := namespace + "/" + name
|
||||
cm := ptr.Flatten(krt.FetchOne(ctx, configMaps, krt.FilterKey(key)))
|
||||
if cm == nil {
|
||||
return nil, &ConfigError{
|
||||
Reason: InvalidTLS,
|
||||
Message: fmt.Sprintf("invalid CA certificate reference %v, configmap %v not found", objectReferenceString(ref), key),
|
||||
}
|
||||
}
|
||||
certInfo, certInfoErr = kubecreds.ExtractRootFromString(cm.Data)
|
||||
case gvk.Secret:
|
||||
resourceType = creds.KubernetesGatewaySecretType
|
||||
resourceKind = kind.Secret
|
||||
|
||||
key := namespace + "/" + name
|
||||
scrt := ptr.Flatten(krt.FetchOne(ctx, secrets, krt.FilterKey(key)))
|
||||
if scrt == nil {
|
||||
return nil, &ConfigError{
|
||||
Reason: InvalidTLS,
|
||||
Message: fmt.Sprintf("invalid CA certificate reference %v, secret %v not found", objectReferenceString(ref), key),
|
||||
}
|
||||
}
|
||||
certInfo, certInfoErr = kubecreds.ExtractRoot(scrt.Data)
|
||||
default:
|
||||
return nil, &ConfigError{
|
||||
Reason: InvalidTLS,
|
||||
Message: fmt.Sprintf("invalid CA certificate reference %v, only secret and configmap are allowed", objectReferenceString(ref)),
|
||||
}
|
||||
}
|
||||
if certInfoErr != nil {
|
||||
return nil, &ConfigError{
|
||||
Reason: InvalidTLS,
|
||||
Message: fmt.Sprintf("invalid CA certificate reference %v, %v", objectReferenceString(ref), certInfoErr),
|
||||
}
|
||||
}
|
||||
if !x509.NewCertPool().AppendCertsFromPEM(certInfo.Cert) {
|
||||
return nil, &ConfigError{
|
||||
Reason: InvalidTLS,
|
||||
Message: fmt.Sprintf("invalid CA certificate reference %v, the bundle is malformed", objectReferenceString(ref)),
|
||||
}
|
||||
}
|
||||
log.Warnf("buildCaCertificateReference %s://%s/%s%s", resourceType, namespace, ref.Name, creds.SdsCaSuffix)
|
||||
return &creds.SecretResource{
|
||||
ResourceType: resourceType,
|
||||
ResourceKind: resourceKind,
|
||||
Name: name + creds.SdsCaSuffix,
|
||||
Namespace: namespace,
|
||||
ResourceName: fmt.Sprintf("%s://%s/%s%s", resourceType, namespace, ref.Name, creds.SdsCaSuffix),
|
||||
Cluster: "",
|
||||
}, nil
|
||||
}
|
||||
|
||||
func objectReferenceString(ref k8s.ObjectReference) string {
|
||||
return fmt.Sprintf("%s/%s/%s.%s", ref.Group, ref.Kind, ref.Name, ptr.OrEmpty(ref.Namespace))
|
||||
}
|
||||
|
||||
func secretObjectReferenceString(ref k8s.SecretObjectReference) string {
|
||||
return fmt.Sprintf("%s/%s/%s.%s",
|
||||
ptr.OrEmpty(ref.Group),
|
||||
ptr.OrEmpty(ref.Kind),
|
||||
@@ -2500,11 +2620,11 @@ func GetStatus[I, IS any](spec I) IS {
|
||||
return any(t.Status).(IS)
|
||||
case *gatewayx.XBackendTrafficPolicy:
|
||||
return any(t.Status).(IS)
|
||||
case *gatewayalpha3.BackendTLSPolicy:
|
||||
case *k8s.BackendTLSPolicy:
|
||||
return any(t.Status).(IS)
|
||||
case *gatewayx.XListenerSet:
|
||||
return any(t.Status).(IS)
|
||||
case *inferencev1alpha2.InferencePool:
|
||||
case *inferencev1.InferencePool:
|
||||
return any(t.Status).(IS)
|
||||
default:
|
||||
log.Fatalf("unknown type %T", t)
|
||||
@@ -2512,6 +2632,20 @@ func GetStatus[I, IS any](spec I) IS {
|
||||
}
|
||||
}
|
||||
|
||||
func GetBackendRef[I any](spec I) (config.GroupVersionKind, *k8s.Namespace, k8s.ObjectName) {
|
||||
switch t := any(spec).(type) {
|
||||
case k8s.HTTPBackendRef:
|
||||
return normalizeReference(t.Group, t.Kind, gvk.Service), t.Namespace, t.Name
|
||||
case k8s.GRPCBackendRef:
|
||||
return normalizeReference(t.Group, t.Kind, gvk.Service), t.Namespace, t.Name
|
||||
case k8s.BackendRef:
|
||||
return normalizeReference(t.Group, t.Kind, gvk.Service), t.Namespace, t.Name
|
||||
default:
|
||||
log.Fatalf("unknown GetBackendRef type %T", t)
|
||||
return config.GroupVersionKind{}, nil, ""
|
||||
}
|
||||
}
|
||||
|
||||
// Start - Added by Higress
|
||||
// isCatchAll returns true if HTTPMatchRequest is a catchall match otherwise
|
||||
// false. Note - this may not be exactly "catch all" as we don't know the full
|
||||
|
||||
@@ -518,6 +518,33 @@ D2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g==
|
||||
"tls.key": []byte("SGVsbG8gd29ybGQK"),
|
||||
},
|
||||
},
|
||||
&corev1.ConfigMap{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "malformed",
|
||||
Namespace: "higress-system",
|
||||
},
|
||||
Data: map[string]string{
|
||||
"not-ca.crt": "hello",
|
||||
},
|
||||
},
|
||||
&corev1.ConfigMap{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "malformed-trustbundle",
|
||||
Namespace: "higress-system",
|
||||
},
|
||||
Data: map[string]string{
|
||||
"ca.crt": "hello",
|
||||
},
|
||||
},
|
||||
&corev1.ConfigMap{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "my-cert-http",
|
||||
Namespace: "higress-system",
|
||||
},
|
||||
Data: map[string]string{
|
||||
"ca.crt": rsaCertPEM,
|
||||
},
|
||||
},
|
||||
&corev1.ConfigMap{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "malformed",
|
||||
@@ -625,7 +652,7 @@ func TestConvertResources(t *testing.T) {
|
||||
}{
|
||||
{name: "http"},
|
||||
{name: "tcp"},
|
||||
//{name: "tls"}, // TODO: fix this case
|
||||
{name: "tls"},
|
||||
{name: "grpc"},
|
||||
{name: "mismatch"},
|
||||
{name: "weighted"},
|
||||
@@ -672,7 +699,14 @@ func TestConvertResources(t *testing.T) {
|
||||
//{name: "waypoint"},
|
||||
//{name: "isolation"},
|
||||
{name: "backend-lb-policy"},
|
||||
{name: "backend-tls-policy"},
|
||||
{
|
||||
name: "backend-tls-policy",
|
||||
validationIgnorer: crdvalidation.NewValidationIgnorer(
|
||||
"default/echo-https",
|
||||
"default/external-service",
|
||||
"default/multi-host-service",
|
||||
),
|
||||
},
|
||||
{name: "mix-backend-policy"},
|
||||
//{name: "listenerset"},
|
||||
//{name: "listenerset-cross-namespace"},
|
||||
@@ -749,7 +783,7 @@ func TestConvertResources(t *testing.T) {
|
||||
|
||||
goldenFile := fmt.Sprintf("testdata/%s.yaml.golden", tt.name)
|
||||
b := marshalYaml(t, res)
|
||||
t.Logf("marshaled yaml result : %s", string(b))
|
||||
//t.Logf("marshaled yaml result : %s", string(b))
|
||||
|
||||
util.CompareContent(t, b, goldenFile)
|
||||
|
||||
|
||||
@@ -16,6 +16,7 @@ package istio
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"istio.io/api/annotation"
|
||||
"strings"
|
||||
|
||||
"go.uber.org/atomic"
|
||||
@@ -77,6 +78,7 @@ func ListenerSetCollection(
|
||||
gatewayClasses krt.Collection[GatewayClass],
|
||||
namespaces krt.Collection[*corev1.Namespace],
|
||||
grants ReferenceGrants,
|
||||
configMaps krt.Collection[*corev1.ConfigMap],
|
||||
secrets krt.Collection[*corev1.Secret],
|
||||
domainSuffix string,
|
||||
gatewayContext krt.RecomputeProtected[*atomic.Pointer[GatewayContext]],
|
||||
@@ -151,7 +153,8 @@ func ListenerSetCollection(
|
||||
l.Port = port
|
||||
standardListener := convertListenerSetToListener(l)
|
||||
originalStatus := slices.Map(status.Listeners, convertListenerSetStatusToStandardStatus)
|
||||
server, updatedStatus, programmed := buildListener(ctx, secrets, grants, namespaces, obj, originalStatus, standardListener, i, controllerName, portErr)
|
||||
server, updatedStatus, programmed := buildListener(ctx, configMaps, secrets, grants, namespaces,
|
||||
obj, originalStatus, parentGwObj.Spec, standardListener, i, controllerName, portErr)
|
||||
status.Listeners = slices.Map(updatedStatus, convertStandardStatusToListenerSetStatus(l))
|
||||
|
||||
servers = append(servers, server)
|
||||
@@ -163,6 +166,11 @@ func ListenerSetCollection(
|
||||
meta[constants.InternalGatewaySemantics] = constants.GatewaySemanticsGateway
|
||||
//meta[model.InternalGatewayServiceAnnotation] = strings.Join(gatewayServices, ",")
|
||||
meta[constants.InternalParentNamespace] = parentGwObj.Namespace
|
||||
serviceAccountName := model.GetOrDefault(
|
||||
parentGwObj.GetAnnotations()[annotation.GatewayServiceAccount.Name],
|
||||
getDefaultName(parentGwObj.GetName(), &parentGwObj.Spec, classInfo.disableNameSuffix),
|
||||
)
|
||||
meta[constants.InternalServiceAccount] = serviceAccountName
|
||||
|
||||
// Start - Updated by Higress
|
||||
var selector map[string]string
|
||||
@@ -233,6 +241,7 @@ func GatewayCollection(
|
||||
gatewayClasses krt.Collection[GatewayClass],
|
||||
namespaces krt.Collection[*corev1.Namespace],
|
||||
grants ReferenceGrants,
|
||||
configMaps krt.Collection[*corev1.ConfigMap],
|
||||
secrets krt.Collection[*corev1.Secret],
|
||||
domainSuffix string,
|
||||
gatewayContext krt.RecomputeProtected[*atomic.Pointer[GatewayContext]],
|
||||
@@ -284,8 +293,19 @@ func GatewayCollection(
|
||||
}
|
||||
// End - Updated by Higress
|
||||
|
||||
// See: https://istio.io/latest/docs/tasks/traffic-management/ingress/gateway-api/#manual-deployment
|
||||
// If we set and address of type hostname, then we have no idea what service accounts the gateway workloads will use.
|
||||
// Thus, we don't enforce service account name restrictions (still look at namespaces though).
|
||||
serviceAccountName := ""
|
||||
if IsManaged(&obj.Spec) {
|
||||
serviceAccountName = model.GetOrDefault(
|
||||
obj.GetAnnotations()[annotation.GatewayServiceAccount.Name],
|
||||
getDefaultName(obj.GetName(), &kgw, classInfo.disableNameSuffix),
|
||||
)
|
||||
}
|
||||
|
||||
for i, l := range kgw.Listeners {
|
||||
server, updatedStatus, programmed := buildListener(ctx, secrets, grants, namespaces, obj, status.Listeners, l, i, controllerName, nil)
|
||||
server, updatedStatus, programmed := buildListener(ctx, configMaps, secrets, grants, namespaces, obj, status.Listeners, kgw, l, i, controllerName, nil)
|
||||
status.Listeners = updatedStatus
|
||||
|
||||
servers = append(servers, server)
|
||||
@@ -296,6 +316,7 @@ func GatewayCollection(
|
||||
}
|
||||
meta := parentMeta(obj, &l.Name)
|
||||
meta[constants.InternalGatewaySemantics] = constants.GatewaySemanticsGateway
|
||||
meta[constants.InternalServiceAccount] = serviceAccountName
|
||||
// Start - Updated by Higress
|
||||
var selector map[string]string
|
||||
if len(gatewayServices) != 0 {
|
||||
|
||||
@@ -23,7 +23,7 @@ import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
"k8s.io/apimachinery/pkg/util/intstr"
|
||||
inferencev1alpha2 "sigs.k8s.io/gateway-api-inference-extension/api/v1alpha2"
|
||||
inferencev1 "sigs.k8s.io/gateway-api-inference-extension/api/v1"
|
||||
gatewayv1 "sigs.k8s.io/gateway-api/apis/v1"
|
||||
gateway "sigs.k8s.io/gateway-api/apis/v1beta1"
|
||||
|
||||
@@ -63,11 +63,17 @@ func getSupportedControllers() sets.Set[gatewayv1.GatewayController] {
|
||||
}
|
||||
|
||||
type shadowServiceInfo struct {
|
||||
key types.NamespacedName
|
||||
selector map[string]string
|
||||
poolName string
|
||||
poolUID types.UID
|
||||
targetPort int32
|
||||
key types.NamespacedName
|
||||
selector map[string]string
|
||||
poolName string
|
||||
poolUID types.UID
|
||||
// targetPorts is the port number on the pods selected by the selector.
|
||||
// Currently, inference extension only supports a single target port.
|
||||
targetPorts []targetPort
|
||||
}
|
||||
|
||||
type targetPort struct {
|
||||
port int32
|
||||
}
|
||||
|
||||
type extRefInfo struct {
|
||||
@@ -87,19 +93,19 @@ func (i InferencePool) ResourceName() string {
|
||||
}
|
||||
|
||||
func InferencePoolCollection(
|
||||
pools krt.Collection[*inferencev1alpha2.InferencePool],
|
||||
pools krt.Collection[*inferencev1.InferencePool],
|
||||
services krt.Collection[*corev1.Service],
|
||||
httpRoutes krt.Collection[*gateway.HTTPRoute],
|
||||
gateways krt.Collection[*gateway.Gateway],
|
||||
routesByInferencePool krt.Index[string, *gateway.HTTPRoute],
|
||||
c *Controller,
|
||||
opts krt.OptionsBuilder,
|
||||
) (krt.StatusCollection[*inferencev1alpha2.InferencePool, inferencev1alpha2.InferencePoolStatus], krt.Collection[InferencePool]) {
|
||||
) (krt.StatusCollection[*inferencev1.InferencePool, inferencev1.InferencePoolStatus], krt.Collection[InferencePool]) {
|
||||
return krt.NewStatusCollection(pools,
|
||||
func(
|
||||
ctx krt.HandlerContext,
|
||||
pool *inferencev1alpha2.InferencePool,
|
||||
) (*inferencev1alpha2.InferencePoolStatus, *InferencePool) {
|
||||
pool *inferencev1.InferencePool,
|
||||
) (*inferencev1.InferencePoolStatus, *InferencePool) {
|
||||
// Fetch HTTPRoutes that reference this InferencePool once and reuse
|
||||
routeList := krt.Fetch(ctx, httpRoutes, krt.FilterIndex(routesByInferencePool, pool.Namespace+"/"+pool.Name))
|
||||
|
||||
@@ -107,7 +113,7 @@ func InferencePoolCollection(
|
||||
gatewayParents := findGatewayParents(pool, routeList)
|
||||
|
||||
// TODO: If no gateway parents, we should not do anything
|
||||
// note: we stil need to filter out our Status to clean up previous reconciliations
|
||||
// note: we still need to filter out our Status to clean up previous reconciliations
|
||||
|
||||
// Create the InferencePool only if there are Gateways connected
|
||||
var inferencePool *InferencePool
|
||||
@@ -124,20 +130,21 @@ func InferencePoolCollection(
|
||||
}
|
||||
|
||||
// createInferencePoolObject creates the InferencePool object with shadow service and extension ref info
|
||||
func createInferencePoolObject(pool *inferencev1alpha2.InferencePool, gatewayParents sets.Set[types.NamespacedName]) *InferencePool {
|
||||
func createInferencePoolObject(pool *inferencev1.InferencePool, gatewayParents sets.Set[types.NamespacedName]) *InferencePool {
|
||||
// Build extension reference info
|
||||
extRef := extRefInfo{
|
||||
name: string(pool.Spec.ExtensionRef.Name),
|
||||
name: string(pool.Spec.EndpointPickerRef.Name),
|
||||
}
|
||||
if pool.Spec.ExtensionRef.PortNumber != nil {
|
||||
extRef.port = int32(*pool.Spec.ExtensionRef.PortNumber)
|
||||
} else {
|
||||
extRef.port = 9002 // Default port for the inference extension
|
||||
|
||||
if pool.Spec.EndpointPickerRef.Port == nil {
|
||||
log.Errorf("invalid InferencePool %s/%s; endpointPickerRef port is required", pool.Namespace, pool.Name)
|
||||
return nil
|
||||
}
|
||||
if pool.Spec.ExtensionRef.FailureMode != nil {
|
||||
extRef.failureMode = string(*pool.Spec.ExtensionRef.FailureMode)
|
||||
} else {
|
||||
extRef.failureMode = string(inferencev1alpha2.FailClose)
|
||||
extRef.port = int32(pool.Spec.EndpointPickerRef.Port.Number)
|
||||
|
||||
extRef.failureMode = string(inferencev1.EndpointPickerFailClose) // Default failure mode
|
||||
if pool.Spec.EndpointPickerRef.FailureMode != inferencev1.EndpointPickerFailClose {
|
||||
extRef.failureMode = string(pool.Spec.EndpointPickerRef.FailureMode)
|
||||
}
|
||||
|
||||
svcName, err := InferencePoolServiceName(pool.Name)
|
||||
@@ -151,16 +158,20 @@ func createInferencePoolObject(pool *inferencev1alpha2.InferencePool, gatewayPar
|
||||
Name: svcName,
|
||||
Namespace: pool.GetNamespace(),
|
||||
},
|
||||
selector: make(map[string]string, len(pool.Spec.Selector)),
|
||||
poolName: pool.GetName(),
|
||||
targetPort: pool.Spec.TargetPortNumber,
|
||||
poolUID: pool.GetUID(),
|
||||
selector: make(map[string]string, len(pool.Spec.Selector.MatchLabels)),
|
||||
poolName: pool.GetName(),
|
||||
targetPorts: make([]targetPort, 0, len(pool.Spec.TargetPorts)),
|
||||
poolUID: pool.GetUID(),
|
||||
}
|
||||
|
||||
for k, v := range pool.Spec.Selector {
|
||||
for k, v := range pool.Spec.Selector.MatchLabels {
|
||||
shadowSvcInfo.selector[string(k)] = string(v)
|
||||
}
|
||||
|
||||
for _, port := range pool.Spec.TargetPorts {
|
||||
shadowSvcInfo.targetPorts = append(shadowSvcInfo.targetPorts, targetPort{port: int32(port.Number)})
|
||||
}
|
||||
|
||||
return &InferencePool{
|
||||
shadowService: shadowSvcInfo,
|
||||
extRef: extRef,
|
||||
@@ -170,22 +181,22 @@ func createInferencePoolObject(pool *inferencev1alpha2.InferencePool, gatewayPar
|
||||
|
||||
// calculateInferencePoolStatus calculates the complete status for an InferencePool
|
||||
func calculateInferencePoolStatus(
|
||||
pool *inferencev1alpha2.InferencePool,
|
||||
pool *inferencev1.InferencePool,
|
||||
gatewayParents sets.Set[types.NamespacedName],
|
||||
services krt.Collection[*corev1.Service],
|
||||
gateways krt.Collection[*gateway.Gateway],
|
||||
routeList []*gateway.HTTPRoute,
|
||||
) *inferencev1alpha2.InferencePoolStatus {
|
||||
) *inferencev1.InferencePoolStatus {
|
||||
// Calculate status for each gateway parent
|
||||
existingParents := pool.Status.DeepCopy().Parents
|
||||
finalParents := []inferencev1alpha2.PoolStatus{}
|
||||
finalParents := []inferencev1.ParentStatus{}
|
||||
|
||||
// Add existing parents from other controllers (not managed by us)
|
||||
for _, existingParent := range existingParents {
|
||||
gtwName := string(existingParent.GatewayRef.Name)
|
||||
gtwName := string(existingParent.ParentRef.Name)
|
||||
gtwNamespace := pool.Namespace
|
||||
if existingParent.GatewayRef.Namespace != nil {
|
||||
gtwNamespace = string(*existingParent.GatewayRef.Namespace)
|
||||
if existingParent.ParentRef.Namespace != "" {
|
||||
gtwNamespace = string(existingParent.ParentRef.Namespace)
|
||||
}
|
||||
parentKey := types.NamespacedName{
|
||||
Name: gtwName,
|
||||
@@ -208,14 +219,14 @@ func calculateInferencePoolStatus(
|
||||
finalParents = append(finalParents, parentStatus)
|
||||
}
|
||||
|
||||
return &inferencev1alpha2.InferencePoolStatus{
|
||||
return &inferencev1.InferencePoolStatus{
|
||||
Parents: finalParents,
|
||||
}
|
||||
}
|
||||
|
||||
// findGatewayParents finds all Gateway parents that reference this InferencePool through HTTPRoutes
|
||||
func findGatewayParents(
|
||||
pool *inferencev1alpha2.InferencePool,
|
||||
pool *inferencev1.InferencePool,
|
||||
routeList []*gateway.HTTPRoute,
|
||||
) sets.Set[types.NamespacedName] {
|
||||
gatewayParents := sets.New[types.NamespacedName]()
|
||||
@@ -251,7 +262,7 @@ func findGatewayParents(
|
||||
}
|
||||
|
||||
// routeReferencesInferencePool checks if an HTTPRoute references the given InferencePool
|
||||
func routeReferencesInferencePool(route *gateway.HTTPRoute, pool *inferencev1alpha2.InferencePool) bool {
|
||||
func routeReferencesInferencePool(route *gateway.HTTPRoute, pool *inferencev1.InferencePool) bool {
|
||||
for _, rule := range route.Spec.Rules {
|
||||
for _, backendRef := range rule.BackendRefs {
|
||||
if !isInferencePoolBackendRef(backendRef.BackendRef) {
|
||||
@@ -285,17 +296,17 @@ func isInferencePoolBackendRef(backendRef gatewayv1.BackendRef) bool {
|
||||
|
||||
// calculateSingleParentStatus calculates the status for a single gateway parent
|
||||
func calculateSingleParentStatus(
|
||||
pool *inferencev1alpha2.InferencePool,
|
||||
pool *inferencev1.InferencePool,
|
||||
gatewayParent types.NamespacedName,
|
||||
services krt.Collection[*corev1.Service],
|
||||
existingParents []inferencev1alpha2.PoolStatus,
|
||||
existingParents []inferencev1.ParentStatus,
|
||||
routeList []*gateway.HTTPRoute,
|
||||
) inferencev1alpha2.PoolStatus {
|
||||
) inferencev1.ParentStatus {
|
||||
// Find existing status for this parent to preserve some conditions
|
||||
var existingConditions []metav1.Condition
|
||||
for _, existingParent := range existingParents {
|
||||
if string(existingParent.GatewayRef.Name) == gatewayParent.Name &&
|
||||
string(ptr.OrEmpty(existingParent.GatewayRef.Namespace)) == gatewayParent.Namespace {
|
||||
if string(existingParent.ParentRef.Name) == gatewayParent.Name &&
|
||||
string(existingParent.ParentRef.Namespace) == gatewayParent.Namespace {
|
||||
existingConditions = existingParent.Conditions
|
||||
break
|
||||
}
|
||||
@@ -303,8 +314,8 @@ func calculateSingleParentStatus(
|
||||
|
||||
// Filter to only keep conditions we manage
|
||||
filteredConditions := filterUsedConditions(existingConditions,
|
||||
inferencev1alpha2.InferencePoolConditionAccepted,
|
||||
inferencev1alpha2.InferencePoolConditionResolvedRefs)
|
||||
inferencev1.InferencePoolConditionAccepted,
|
||||
inferencev1.InferencePoolConditionResolvedRefs)
|
||||
|
||||
// Calculate Accepted status by checking HTTPRoute parent status
|
||||
acceptedStatus := calculateAcceptedStatus(pool, gatewayParent, routeList)
|
||||
@@ -313,23 +324,23 @@ func calculateSingleParentStatus(
|
||||
resolvedRefsStatus := calculateResolvedRefsStatus(pool, services)
|
||||
|
||||
// Build the final status
|
||||
return inferencev1alpha2.PoolStatus{
|
||||
GatewayRef: inferencev1alpha2.ParentGatewayReference{
|
||||
Group: (*inferencev1alpha2.Group)(&gvk.Gateway.Group),
|
||||
Kind: (*inferencev1alpha2.Kind)(&gvk.Gateway.Kind),
|
||||
Namespace: (*inferencev1alpha2.Namespace)(&gatewayParent.Namespace),
|
||||
Name: inferencev1alpha2.ObjectName(gatewayParent.Name),
|
||||
return inferencev1.ParentStatus{
|
||||
ParentRef: inferencev1.ParentReference{
|
||||
Group: (*inferencev1.Group)(&gvk.Gateway.Group),
|
||||
Kind: inferencev1.Kind(gvk.Gateway.Kind),
|
||||
Namespace: inferencev1.Namespace(gatewayParent.Namespace),
|
||||
Name: inferencev1.ObjectName(gatewayParent.Name),
|
||||
},
|
||||
Conditions: setConditions(pool.Generation, filteredConditions, map[string]*condition{
|
||||
string(inferencev1alpha2.InferencePoolConditionAccepted): acceptedStatus,
|
||||
string(inferencev1alpha2.InferencePoolConditionResolvedRefs): resolvedRefsStatus,
|
||||
string(inferencev1.InferencePoolConditionAccepted): acceptedStatus,
|
||||
string(inferencev1.InferencePoolConditionResolvedRefs): resolvedRefsStatus,
|
||||
}),
|
||||
}
|
||||
}
|
||||
|
||||
// calculateAcceptedStatus determines if the InferencePool is accepted by checking HTTPRoute parent status
|
||||
func calculateAcceptedStatus(
|
||||
pool *inferencev1alpha2.InferencePool,
|
||||
pool *inferencev1.InferencePool,
|
||||
gatewayParent types.NamespacedName,
|
||||
routeList []*gateway.HTTPRoute,
|
||||
) *condition {
|
||||
@@ -359,13 +370,13 @@ func calculateAcceptedStatus(
|
||||
if parentCondition.Type == string(gatewayv1.RouteConditionAccepted) {
|
||||
if parentCondition.Status == metav1.ConditionTrue {
|
||||
return &condition{
|
||||
reason: string(inferencev1alpha2.InferencePoolReasonAccepted),
|
||||
reason: string(inferencev1.InferencePoolReasonAccepted),
|
||||
status: metav1.ConditionTrue,
|
||||
message: "Referenced by an HTTPRoute accepted by the parentRef Gateway",
|
||||
}
|
||||
}
|
||||
return &condition{
|
||||
reason: string(inferencev1alpha2.InferencePoolReasonHTTPRouteNotAccepted),
|
||||
reason: string(inferencev1.InferencePoolReasonHTTPRouteNotAccepted),
|
||||
status: metav1.ConditionFalse,
|
||||
message: fmt.Sprintf("Referenced HTTPRoute %s/%s not accepted by Gateway %s/%s: %s",
|
||||
route.Namespace, route.Name, gatewayParent.Namespace, gatewayParent.Name, parentCondition.Message),
|
||||
@@ -375,7 +386,7 @@ func calculateAcceptedStatus(
|
||||
|
||||
// If no Accepted condition found, treat as unknown (parent is listed in status)
|
||||
return &condition{
|
||||
reason: string(inferencev1alpha2.InferencePoolReasonAccepted),
|
||||
reason: string(inferencev1.InferencePoolReasonAccepted),
|
||||
status: metav1.ConditionUnknown,
|
||||
message: "Referenced by an HTTPRoute unknown parentRef Gateway status",
|
||||
}
|
||||
@@ -386,7 +397,7 @@ func calculateAcceptedStatus(
|
||||
// If we get here, no HTTPRoute was found that references this InferencePool with this gateway as parent
|
||||
// This shouldn't happen in normal operation since we only call this for known gateway parents
|
||||
return &condition{
|
||||
reason: string(inferencev1alpha2.InferencePoolReasonHTTPRouteNotAccepted),
|
||||
reason: string(inferencev1.InferencePoolReasonHTTPRouteNotAccepted),
|
||||
status: metav1.ConditionFalse,
|
||||
message: fmt.Sprintf("No HTTPRoute found referencing this InferencePool with Gateway %s/%s as parent",
|
||||
gatewayParent.Namespace, gatewayParent.Name),
|
||||
@@ -398,42 +409,51 @@ func calculateAcceptedStatus(
|
||||
// * if the extensionRef is defined
|
||||
// * if the service exists in the same namespace as the InferencePool
|
||||
func calculateResolvedRefsStatus(
|
||||
pool *inferencev1alpha2.InferencePool,
|
||||
pool *inferencev1.InferencePool,
|
||||
services krt.Collection[*corev1.Service],
|
||||
) *condition {
|
||||
// defaults to service
|
||||
if pool.Spec.ExtensionRef.Kind != nil && string(*pool.Spec.ExtensionRef.Kind) != gvk.Service.Kind {
|
||||
// Default Kind to Service if unset
|
||||
kind := string(pool.Spec.EndpointPickerRef.Kind)
|
||||
if kind == "" {
|
||||
kind = gvk.Service.Kind
|
||||
}
|
||||
|
||||
if kind != gvk.Service.Kind {
|
||||
return &condition{
|
||||
reason: string(inferencev1alpha2.InferencePoolReasonInvalidExtensionRef),
|
||||
reason: string(inferencev1.InferencePoolReasonInvalidExtensionRef),
|
||||
status: metav1.ConditionFalse,
|
||||
message: "Unsupported ExtensionRef kind " + string(*pool.Spec.ExtensionRef.Kind),
|
||||
message: "Unsupported ExtensionRef kind " + kind,
|
||||
}
|
||||
}
|
||||
if string(pool.Spec.ExtensionRef.Name) == "" {
|
||||
|
||||
name := string(pool.Spec.EndpointPickerRef.Name)
|
||||
if name == "" {
|
||||
return &condition{
|
||||
reason: string(inferencev1alpha2.InferencePoolReasonInvalidExtensionRef),
|
||||
reason: string(inferencev1.InferencePoolReasonInvalidExtensionRef),
|
||||
status: metav1.ConditionFalse,
|
||||
message: "ExtensionRef not defined",
|
||||
}
|
||||
}
|
||||
svc := ptr.Flatten(services.GetKey(fmt.Sprintf("%s/%s", pool.Namespace, pool.Spec.ExtensionRef.Name)))
|
||||
|
||||
svc := ptr.Flatten(services.GetKey(fmt.Sprintf("%s/%s", pool.Namespace, name)))
|
||||
if svc == nil {
|
||||
return &condition{
|
||||
reason: string(inferencev1alpha2.InferencePoolReasonInvalidExtensionRef),
|
||||
reason: string(inferencev1.InferencePoolReasonInvalidExtensionRef),
|
||||
status: metav1.ConditionFalse,
|
||||
message: "Referenced ExtensionRef not found " + string(pool.Spec.ExtensionRef.Name),
|
||||
message: "Referenced ExtensionRef not found " + name,
|
||||
}
|
||||
}
|
||||
|
||||
return &condition{
|
||||
reason: string(inferencev1alpha2.InferencePoolConditionResolvedRefs),
|
||||
reason: string(inferencev1.InferencePoolReasonResolvedRefs),
|
||||
status: metav1.ConditionTrue,
|
||||
message: "Referenced ExtensionRef resolved successfully",
|
||||
}
|
||||
}
|
||||
|
||||
// isDefaultStatusParent checks if this is a default status parent entry
|
||||
func isDefaultStatusParent(parent inferencev1alpha2.PoolStatus) bool {
|
||||
return string(ptr.OrEmpty(parent.GatewayRef.Kind)) == "Status" && parent.GatewayRef.Name == "default"
|
||||
func isDefaultStatusParent(parent inferencev1.ParentStatus) bool {
|
||||
return string(parent.ParentRef.Kind) == "Status" && parent.ParentRef.Name == "default"
|
||||
}
|
||||
|
||||
// isOurManagedGateway checks if a Gateway is managed by one of our supported controllers
|
||||
@@ -447,10 +467,10 @@ func isOurManagedGateway(gateways krt.Collection[*gateway.Gateway], namespace, n
|
||||
return ok
|
||||
}
|
||||
|
||||
func filterUsedConditions(conditions []metav1.Condition, usedConditions ...inferencev1alpha2.InferencePoolConditionType) []metav1.Condition {
|
||||
func filterUsedConditions(conditions []metav1.Condition, usedConditions ...inferencev1.InferencePoolConditionType) []metav1.Condition {
|
||||
var result []metav1.Condition
|
||||
for _, condition := range conditions {
|
||||
if slices.Contains(usedConditions, inferencev1alpha2.InferencePoolConditionType(condition.Type)) {
|
||||
if slices.Contains(usedConditions, inferencev1.InferencePoolConditionType(condition.Type)) {
|
||||
result = append(result, condition)
|
||||
}
|
||||
}
|
||||
@@ -484,6 +504,18 @@ func InferencePoolServiceName(poolName string) (string, error) {
|
||||
}
|
||||
|
||||
func translateShadowServiceToService(existingLabels map[string]string, shadow shadowServiceInfo, extRef extRefInfo) *corev1.Service {
|
||||
// Create the ports used by the shadow service
|
||||
ports := make([]corev1.ServicePort, 0, len(shadow.targetPorts))
|
||||
dummyPort := int32(54321) // Dummy port, not used for anything
|
||||
for i, port := range shadow.targetPorts {
|
||||
ports = append(ports, corev1.ServicePort{
|
||||
Name: "port" + strconv.Itoa(i),
|
||||
Protocol: corev1.ProtocolTCP,
|
||||
Port: dummyPort + int32(i),
|
||||
TargetPort: intstr.FromInt(int(port.port)),
|
||||
})
|
||||
}
|
||||
|
||||
// Create a new service object based on the shadow service info
|
||||
svc := &corev1.Service{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
@@ -501,13 +533,7 @@ func translateShadowServiceToService(existingLabels map[string]string, shadow sh
|
||||
Selector: shadow.selector,
|
||||
Type: corev1.ServiceTypeClusterIP,
|
||||
ClusterIP: corev1.ClusterIPNone, // Headless service
|
||||
Ports: []corev1.ServicePort{ // adding dummy port, not used for anything
|
||||
{
|
||||
Protocol: "TCP",
|
||||
Port: int32(54321),
|
||||
TargetPort: intstr.FromInt(int(shadow.targetPort)),
|
||||
},
|
||||
},
|
||||
Ports: ports,
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
@@ -16,7 +16,6 @@ package istio
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"github.com/alibaba/higress/v2/pkg/config/constants"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
@@ -28,7 +27,7 @@ import (
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/util/intstr"
|
||||
"sigs.k8s.io/controller-runtime/pkg/client"
|
||||
inferencev1alpha2 "sigs.k8s.io/gateway-api-inference-extension/api/v1alpha2"
|
||||
inferencev1 "sigs.k8s.io/gateway-api-inference-extension/api/v1"
|
||||
gatewayv1 "sigs.k8s.io/gateway-api/apis/v1"
|
||||
gateway "sigs.k8s.io/gateway-api/apis/v1beta1"
|
||||
|
||||
@@ -40,20 +39,21 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
HigressController = constants.ManagedGatewayController
|
||||
DefaultTestNS = "default"
|
||||
GatewayTestNS = "gateway-ns"
|
||||
AppTestNS = "app-ns"
|
||||
EmptyTestNS = ""
|
||||
IstioController = "higress.io/gateway-controller"
|
||||
DefaultTestNS = "default"
|
||||
GatewayTestNS = "gateway-ns"
|
||||
AppTestNS = "app-ns"
|
||||
EmptyTestNS = ""
|
||||
infPoolPending = "Pending"
|
||||
)
|
||||
|
||||
func TestInferencePoolStatusReconciliation(t *testing.T) {
|
||||
test.SetForTest(t, &features.EnableGatewayAPIInferenceExtension, true)
|
||||
testCases := []struct {
|
||||
name string
|
||||
givens []runtime.Object // Objects to create before the test
|
||||
targetPool *inferencev1alpha2.InferencePool // The InferencePool to check
|
||||
expectations func(t *testing.T, pool *inferencev1alpha2.InferencePoolStatus)
|
||||
givens []runtime.Object // Objects to create before the test
|
||||
targetPool *inferencev1.InferencePool // The InferencePool to check
|
||||
expectations func(t *testing.T, pool *inferencev1.InferencePoolStatus)
|
||||
}{
|
||||
//
|
||||
// Positive Test Scenarios
|
||||
@@ -61,21 +61,21 @@ func TestInferencePoolStatusReconciliation(t *testing.T) {
|
||||
{
|
||||
name: "should add gateway parentRef to inferencepool status",
|
||||
givens: []runtime.Object{
|
||||
NewGateway("main-gateway", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)),
|
||||
NewGateway("main-gateway", InNamespace(DefaultTestNS), WithGatewayClass("higress")),
|
||||
NewHTTPRoute("test-route", InNamespace(DefaultTestNS),
|
||||
WithParentRefAndStatus("main-gateway", DefaultTestNS, HigressController),
|
||||
WithParentRefAndStatus("main-gateway", DefaultTestNS, IstioController),
|
||||
WithRouteParentCondition(string(gatewayv1.RouteConditionAccepted), metav1.ConditionTrue, "Accepted", "Accepted"),
|
||||
WithBackendRef("test-pool", DefaultTestNS)),
|
||||
},
|
||||
targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS)),
|
||||
expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) {
|
||||
expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) {
|
||||
require.Len(t, status.Parents, 1, "Expected one parent reference")
|
||||
assert.Equal(t, "main-gateway", string(status.Parents[0].GatewayRef.Name))
|
||||
assert.Equal(t, DefaultTestNS, string(*status.Parents[0].GatewayRef.Namespace))
|
||||
assert.Equal(t, "main-gateway", string(status.Parents[0].ParentRef.Name))
|
||||
assert.Equal(t, DefaultTestNS, string(status.Parents[0].ParentRef.Namespace))
|
||||
assertConditionContains(t, status.Parents[0].Conditions, metav1.Condition{
|
||||
Type: string(inferencev1alpha2.InferencePoolConditionAccepted),
|
||||
Type: string(inferencev1.InferencePoolConditionAccepted),
|
||||
Status: metav1.ConditionTrue,
|
||||
Reason: string(inferencev1alpha2.InferencePoolReasonAccepted),
|
||||
Reason: string(inferencev1.InferencePoolReasonAccepted),
|
||||
Message: "Referenced by an HTTPRoute",
|
||||
}, "Expected condition with Accepted")
|
||||
},
|
||||
@@ -83,136 +83,136 @@ func TestInferencePoolStatusReconciliation(t *testing.T) {
|
||||
{
|
||||
name: "should add only 1 gateway parentRef to status for multiple routes on different gateways with different controllers",
|
||||
givens: []runtime.Object{
|
||||
NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)),
|
||||
NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass("higress")),
|
||||
NewGateway("gateway-2", InNamespace(DefaultTestNS), WithGatewayClass("other")),
|
||||
NewHTTPRoute("route-1", InNamespace(DefaultTestNS),
|
||||
WithParentRefAndStatus("gateway-1", DefaultTestNS, HigressController),
|
||||
WithParentRefAndStatus("gateway-1", DefaultTestNS, IstioController),
|
||||
WithParentRefAndStatus("gateway-2", DefaultTestNS, "other-controller"),
|
||||
WithBackendRef("test-pool", DefaultTestNS)),
|
||||
},
|
||||
targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS)),
|
||||
expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) {
|
||||
expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) {
|
||||
require.Len(t, status.Parents, 1, "Expected one parent reference")
|
||||
assert.Equal(t, "gateway-1", string(status.Parents[0].GatewayRef.Name))
|
||||
assert.Equal(t, DefaultTestNS, string(*status.Parents[0].GatewayRef.Namespace))
|
||||
assert.Equal(t, "gateway-1", string(status.Parents[0].ParentRef.Name))
|
||||
assert.Equal(t, DefaultTestNS, string(status.Parents[0].ParentRef.Namespace))
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "should keep the status of the gateway parentRefs from antoher controller",
|
||||
name: "should keep the status of the gateway parentRefs from another controller",
|
||||
givens: []runtime.Object{
|
||||
NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)),
|
||||
NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass("higress")),
|
||||
NewGateway("gateway-2", InNamespace(DefaultTestNS), WithGatewayClass("other-class")),
|
||||
NewHTTPRoute("route-1", InNamespace(DefaultTestNS),
|
||||
WithParentRefAndStatus("gateway-1", DefaultTestNS, HigressController),
|
||||
WithParentRefAndStatus("gateway-1", DefaultTestNS, IstioController),
|
||||
WithBackendRef("test-pool", DefaultTestNS)),
|
||||
NewHTTPRoute("route-2", InNamespace(DefaultTestNS),
|
||||
WithParentRefAndStatus("gateway-2", DefaultTestNS, "other-class"),
|
||||
WithBackendRef("test-pool", DefaultTestNS)),
|
||||
},
|
||||
targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS), WithParentStatus("gateway-2", DefaultTestNS, WithAcceptedConditions())),
|
||||
expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) {
|
||||
expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) {
|
||||
require.Len(t, status.Parents, 2, "Expected two parent references")
|
||||
assert.ElementsMatch(t,
|
||||
[]string{"gateway-1", "gateway-2"},
|
||||
[]string{string(status.Parents[0].GatewayRef.Name), string(status.Parents[1].GatewayRef.Name)},
|
||||
[]string{string(status.Parents[0].ParentRef.Name), string(status.Parents[1].ParentRef.Name)},
|
||||
)
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "should add multiple gateway parentRefs to status for multiple routes",
|
||||
givens: []runtime.Object{
|
||||
NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)),
|
||||
NewGateway("gateway-2", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)),
|
||||
NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass("higress")),
|
||||
NewGateway("gateway-2", InNamespace(DefaultTestNS), WithGatewayClass("higress")),
|
||||
NewHTTPRoute("route-1", InNamespace(DefaultTestNS),
|
||||
WithParentRefAndStatus("gateway-1", DefaultTestNS, HigressController),
|
||||
WithParentRefAndStatus("gateway-1", DefaultTestNS, IstioController),
|
||||
WithBackendRef("test-pool", DefaultTestNS)),
|
||||
NewHTTPRoute("route-2", InNamespace(DefaultTestNS),
|
||||
WithParentRefAndStatus("gateway-2", DefaultTestNS, HigressController),
|
||||
WithParentRefAndStatus("gateway-2", DefaultTestNS, IstioController),
|
||||
WithBackendRef("test-pool", DefaultTestNS)),
|
||||
},
|
||||
targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS)),
|
||||
expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) {
|
||||
expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) {
|
||||
require.Len(t, status.Parents, 2, "Expected two parent references")
|
||||
assert.ElementsMatch(t,
|
||||
[]string{"gateway-1", "gateway-2"},
|
||||
[]string{string(status.Parents[0].GatewayRef.Name), string(status.Parents[1].GatewayRef.Name)},
|
||||
[]string{string(status.Parents[0].ParentRef.Name), string(status.Parents[1].ParentRef.Name)},
|
||||
)
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "should remove our status from previous reconciliation that is no longer referenced by any HTTPRoute",
|
||||
givens: []runtime.Object{
|
||||
NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)),
|
||||
NewGateway("gateway-2", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)),
|
||||
NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass("higress")),
|
||||
NewGateway("gateway-2", InNamespace(DefaultTestNS), WithGatewayClass("higress")),
|
||||
NewHTTPRoute("route-1", InNamespace(DefaultTestNS),
|
||||
WithParentRefAndStatus("gateway-1", DefaultTestNS, HigressController),
|
||||
WithParentRefAndStatus("gateway-1", DefaultTestNS, IstioController),
|
||||
WithBackendRef("test-pool", DefaultTestNS)),
|
||||
},
|
||||
targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS),
|
||||
WithParentStatus("gateway-2", DefaultTestNS,
|
||||
WithAcceptedConditions(),
|
||||
)),
|
||||
expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) {
|
||||
expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) {
|
||||
require.Len(t, status.Parents, 1, "Expected one parent reference")
|
||||
assert.Equal(t, "gateway-1", string(status.Parents[0].GatewayRef.Name))
|
||||
assert.Equal(t, "gateway-1", string(status.Parents[0].ParentRef.Name))
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "should update/recreate our status from previous reconciliation",
|
||||
givens: []runtime.Object{
|
||||
NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)),
|
||||
NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass("higress")),
|
||||
NewHTTPRoute("route-1", InNamespace(DefaultTestNS),
|
||||
WithParentRefAndStatus("gateway-1", DefaultTestNS, HigressController),
|
||||
WithParentRefAndStatus("gateway-1", DefaultTestNS, IstioController),
|
||||
WithBackendRef("test-pool", DefaultTestNS)),
|
||||
},
|
||||
targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS),
|
||||
WithParentStatus("gateway-1", DefaultTestNS,
|
||||
WithAcceptedConditions(),
|
||||
)),
|
||||
expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) {
|
||||
expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) {
|
||||
require.Len(t, status.Parents, 1, "Expected one parent reference")
|
||||
assert.Equal(t, "gateway-1", string(status.Parents[0].GatewayRef.Name))
|
||||
assert.Equal(t, "gateway-1", string(status.Parents[0].ParentRef.Name))
|
||||
require.Len(t, status.Parents[0].Conditions, 2, "Expected two conditions")
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "should keep others status from previous reconciliation",
|
||||
givens: []runtime.Object{
|
||||
NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)),
|
||||
NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass("higress")),
|
||||
NewGateway("gateway-2", InNamespace(DefaultTestNS), WithGatewayClass("other-class")),
|
||||
NewHTTPRoute("route-1", InNamespace(DefaultTestNS),
|
||||
WithParentRefAndStatus("gateway-1", DefaultTestNS, HigressController),
|
||||
WithParentRefAndStatus("gateway-1", DefaultTestNS, IstioController),
|
||||
WithBackendRef("test-pool", DefaultTestNS)),
|
||||
},
|
||||
targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS), WithParentStatus("gateway-2", DefaultTestNS, WithAcceptedConditions())),
|
||||
expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) {
|
||||
expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) {
|
||||
require.Len(t, status.Parents, 2, "Expected two parent references")
|
||||
assert.ElementsMatch(t,
|
||||
[]string{"gateway-1", "gateway-2"},
|
||||
[]string{string(status.Parents[0].GatewayRef.Name), string(status.Parents[1].GatewayRef.Name)},
|
||||
[]string{string(status.Parents[0].ParentRef.Name), string(status.Parents[1].ParentRef.Name)},
|
||||
)
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "should remove default parent 'waiting for controller' status",
|
||||
givens: []runtime.Object{
|
||||
NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)),
|
||||
NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass("higress")),
|
||||
NewHTTPRoute("route-1", InNamespace(DefaultTestNS),
|
||||
WithParentRefAndStatus("gateway-1", DefaultTestNS, HigressController),
|
||||
WithParentRefAndStatus("gateway-1", DefaultTestNS, IstioController),
|
||||
WithBackendRef("test-pool", DefaultTestNS)),
|
||||
},
|
||||
targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS), WithParentStatus("default", DefaultTestNS, AsDefaultStatus())),
|
||||
expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) {
|
||||
expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) {
|
||||
require.Len(t, status.Parents, 1, "Expected two parent references")
|
||||
assert.Equal(t, "gateway-1", string(status.Parents[0].GatewayRef.Name))
|
||||
assert.Equal(t, "gateway-1", string(status.Parents[0].ParentRef.Name))
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "should remove unknown condition types from controlled parents",
|
||||
givens: []runtime.Object{
|
||||
NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)),
|
||||
NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass("higress")),
|
||||
NewHTTPRoute("route-1", InNamespace(DefaultTestNS),
|
||||
WithParentRefAndStatus("gateway-1", DefaultTestNS, HigressController),
|
||||
WithParentRefAndStatus("gateway-1", DefaultTestNS, IstioController),
|
||||
WithBackendRef("test-pool", DefaultTestNS)),
|
||||
},
|
||||
targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS),
|
||||
@@ -220,12 +220,12 @@ func TestInferencePoolStatusReconciliation(t *testing.T) {
|
||||
WithAcceptedConditions(),
|
||||
WithConditions(metav1.ConditionUnknown, "X", "Y", "Dummy"),
|
||||
)),
|
||||
expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) {
|
||||
expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) {
|
||||
require.Len(t, status.Parents, 1, "Expected two parent references")
|
||||
assert.Equal(t, "gateway-1", string(status.Parents[0].GatewayRef.Name))
|
||||
assert.Equal(t, "gateway-1", string(status.Parents[0].ParentRef.Name))
|
||||
require.Len(t, status.Parents[0].Conditions, 2, "Expected two conditions")
|
||||
assert.ElementsMatch(t,
|
||||
[]string{string(inferencev1alpha2.InferencePoolConditionAccepted), string(inferencev1alpha2.InferencePoolConditionResolvedRefs)},
|
||||
[]string{string(inferencev1.InferencePoolConditionAccepted), string(inferencev1.InferencePoolConditionResolvedRefs)},
|
||||
[]string{status.Parents[0].Conditions[0].Type, status.Parents[0].Conditions[1].Type},
|
||||
)
|
||||
},
|
||||
@@ -233,97 +233,97 @@ func TestInferencePoolStatusReconciliation(t *testing.T) {
|
||||
{
|
||||
name: "should handle cross-namespace gateway references correctly",
|
||||
givens: []runtime.Object{
|
||||
NewGateway("main-gateway", InNamespace(GatewayTestNS), WithGatewayClass(constants.DefaultGatewayClass)),
|
||||
NewGateway("main-gateway", InNamespace(GatewayTestNS), WithGatewayClass("higress")),
|
||||
NewHTTPRoute("test-route", InNamespace(AppTestNS),
|
||||
WithParentRefAndStatus("main-gateway", GatewayTestNS, HigressController),
|
||||
WithParentRefAndStatus("main-gateway", GatewayTestNS, IstioController),
|
||||
WithBackendRef("test-pool", AppTestNS)),
|
||||
},
|
||||
targetPool: NewInferencePool("test-pool", InNamespace(AppTestNS)),
|
||||
expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) {
|
||||
expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) {
|
||||
require.Len(t, status.Parents, 1, "Expected one parent reference")
|
||||
assert.Equal(t, "main-gateway", string(status.Parents[0].GatewayRef.Name))
|
||||
assert.Equal(t, GatewayTestNS, string(*status.Parents[0].GatewayRef.Namespace))
|
||||
assert.Equal(t, "main-gateway", string(status.Parents[0].ParentRef.Name))
|
||||
assert.Equal(t, GatewayTestNS, string(status.Parents[0].ParentRef.Namespace))
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "should handle cross-namespace httproute references correctly",
|
||||
givens: []runtime.Object{
|
||||
NewGateway("main-gateway", InNamespace(GatewayTestNS), WithGatewayClass(constants.DefaultGatewayClass)),
|
||||
NewGateway("main-gateway", InNamespace(GatewayTestNS), WithGatewayClass("higress")),
|
||||
NewHTTPRoute("test-route", InNamespace(AppTestNS),
|
||||
WithParentRefAndStatus("main-gateway", GatewayTestNS, HigressController),
|
||||
WithParentRefAndStatus("main-gateway", GatewayTestNS, IstioController),
|
||||
WithBackendRef("test-pool", DefaultTestNS)),
|
||||
},
|
||||
targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS)),
|
||||
expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) {
|
||||
expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) {
|
||||
require.Len(t, status.Parents, 1, "Expected one parent reference")
|
||||
assert.Equal(t, "main-gateway", string(status.Parents[0].GatewayRef.Name))
|
||||
assert.Equal(t, GatewayTestNS, string(*status.Parents[0].GatewayRef.Namespace))
|
||||
assert.Equal(t, "main-gateway", string(status.Parents[0].ParentRef.Name))
|
||||
assert.Equal(t, GatewayTestNS, string(status.Parents[0].ParentRef.Namespace))
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "should handle HTTPRoute in same namespace (empty)",
|
||||
givens: []runtime.Object{
|
||||
NewGateway("main-gateway", InNamespace(GatewayTestNS), WithGatewayClass(constants.DefaultGatewayClass)),
|
||||
NewGateway("main-gateway", InNamespace(GatewayTestNS), WithGatewayClass("higress")),
|
||||
NewHTTPRoute("test-route", InNamespace(AppTestNS),
|
||||
WithParentRefAndStatus("main-gateway", GatewayTestNS, HigressController),
|
||||
WithParentRefAndStatus("main-gateway", GatewayTestNS, IstioController),
|
||||
WithBackendRef("test-pool", EmptyTestNS)),
|
||||
},
|
||||
targetPool: NewInferencePool("test-pool", InNamespace(AppTestNS)),
|
||||
expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) {
|
||||
expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) {
|
||||
require.Len(t, status.Parents, 1, "Expected one parent reference")
|
||||
assert.Equal(t, "main-gateway", string(status.Parents[0].GatewayRef.Name))
|
||||
assert.Equal(t, GatewayTestNS, string(*status.Parents[0].GatewayRef.Namespace))
|
||||
assert.Equal(t, "main-gateway", string(status.Parents[0].ParentRef.Name))
|
||||
assert.Equal(t, GatewayTestNS, string(status.Parents[0].ParentRef.Namespace))
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "should handle Gateway in same namespace (empty)",
|
||||
givens: []runtime.Object{
|
||||
NewGateway("main-gateway", InNamespace(AppTestNS), WithGatewayClass(constants.DefaultGatewayClass)),
|
||||
NewGateway("main-gateway", InNamespace(AppTestNS), WithGatewayClass("higress")),
|
||||
NewHTTPRoute("test-route", InNamespace(AppTestNS),
|
||||
WithParentRefAndStatus("main-gateway", EmptyTestNS, HigressController),
|
||||
WithParentRefAndStatus("main-gateway", EmptyTestNS, IstioController),
|
||||
WithBackendRef("test-pool", AppTestNS)),
|
||||
},
|
||||
targetPool: NewInferencePool("test-pool", InNamespace(AppTestNS)),
|
||||
expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) {
|
||||
expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) {
|
||||
require.Len(t, status.Parents, 1, "Expected one parent reference")
|
||||
assert.Equal(t, "main-gateway", string(status.Parents[0].GatewayRef.Name))
|
||||
assert.Equal(t, AppTestNS, string(*status.Parents[0].GatewayRef.Namespace))
|
||||
assert.Equal(t, "main-gateway", string(status.Parents[0].ParentRef.Name))
|
||||
assert.Equal(t, AppTestNS, string(status.Parents[0].ParentRef.Namespace))
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "should add only one parentRef for multiple routes on same gateway",
|
||||
givens: []runtime.Object{
|
||||
NewGateway("main-gateway", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)),
|
||||
NewGateway("main-gateway", InNamespace(DefaultTestNS), WithGatewayClass("higress")),
|
||||
NewHTTPRoute("route-a", InNamespace(DefaultTestNS),
|
||||
WithParentRefAndStatus("main-gateway", DefaultTestNS, HigressController),
|
||||
WithParentRefAndStatus("main-gateway", DefaultTestNS, IstioController),
|
||||
WithBackendRef("test-pool", DefaultTestNS)),
|
||||
NewHTTPRoute("route-b", InNamespace(DefaultTestNS),
|
||||
WithParentRefAndStatus("main-gateway", DefaultTestNS, HigressController),
|
||||
WithParentRefAndStatus("main-gateway", DefaultTestNS, IstioController),
|
||||
WithBackendRef("test-pool", DefaultTestNS)),
|
||||
},
|
||||
targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS)),
|
||||
expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) {
|
||||
expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) {
|
||||
require.Len(t, status.Parents, 1, "Expected only one parent reference for the same gateway")
|
||||
assert.Equal(t, "main-gateway", string(status.Parents[0].GatewayRef.Name))
|
||||
assert.Equal(t, "main-gateway", string(status.Parents[0].ParentRef.Name))
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "should report ResolvedRef true when ExtensioNRef found",
|
||||
givens: []runtime.Object{
|
||||
NewService("test-epp", InNamespace(DefaultTestNS)),
|
||||
NewGateway("main-gateway", InNamespace(GatewayTestNS), WithGatewayClass(constants.DefaultGatewayClass)),
|
||||
NewGateway("main-gateway", InNamespace(GatewayTestNS), WithGatewayClass("higress")),
|
||||
NewHTTPRoute("test-route", InNamespace(DefaultTestNS),
|
||||
WithParentRefAndStatus("main-gateway", DefaultTestNS, HigressController),
|
||||
WithParentRefAndStatus("main-gateway", DefaultTestNS, IstioController),
|
||||
WithBackendRef("test-pool", DefaultTestNS)),
|
||||
},
|
||||
targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS), WithExtensionRef("Service", "test-epp")),
|
||||
expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) {
|
||||
expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) {
|
||||
require.Len(t, status.Parents, 1, "Expected one parent reference")
|
||||
require.Len(t, status.Parents[0].Conditions, 2, "Expected two condition")
|
||||
assertConditionContains(t, status.Parents[0].Conditions, metav1.Condition{
|
||||
Type: string(inferencev1alpha2.InferencePoolConditionResolvedRefs),
|
||||
Type: string(inferencev1.InferencePoolConditionResolvedRefs),
|
||||
Status: metav1.ConditionTrue,
|
||||
Reason: string(inferencev1alpha2.InferencePoolReasonResolvedRefs),
|
||||
Reason: string(inferencev1.InferencePoolReasonResolvedRefs),
|
||||
Message: "Referenced ExtensionRef resolved",
|
||||
}, "Expected condition with InvalidExtensionRef")
|
||||
},
|
||||
@@ -331,21 +331,21 @@ func TestInferencePoolStatusReconciliation(t *testing.T) {
|
||||
{
|
||||
name: "should report HTTPRoute not accepted when parent gateway rejects HTTPRoute",
|
||||
givens: []runtime.Object{
|
||||
NewGateway("main-gateway", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)),
|
||||
NewGateway("main-gateway", InNamespace(DefaultTestNS), WithGatewayClass("higress")),
|
||||
NewHTTPRoute("test-route", InNamespace(DefaultTestNS),
|
||||
WithParentRefAndStatus("main-gateway", DefaultTestNS, HigressController),
|
||||
WithParentRefAndStatus("main-gateway", DefaultTestNS, IstioController),
|
||||
WithRouteParentCondition(string(gatewayv1.RouteConditionAccepted), metav1.ConditionFalse, "GatewayNotReady", "Gateway not ready"),
|
||||
WithBackendRef("test-pool", DefaultTestNS)),
|
||||
},
|
||||
targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS)),
|
||||
expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) {
|
||||
expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) {
|
||||
require.Len(t, status.Parents, 1, "Expected one parent reference")
|
||||
assert.Equal(t, "main-gateway", string(status.Parents[0].GatewayRef.Name))
|
||||
assert.Equal(t, DefaultTestNS, string(*status.Parents[0].GatewayRef.Namespace))
|
||||
assert.Equal(t, "main-gateway", string(status.Parents[0].ParentRef.Name))
|
||||
assert.Equal(t, DefaultTestNS, string(status.Parents[0].ParentRef.Namespace))
|
||||
assertConditionContains(t, status.Parents[0].Conditions, metav1.Condition{
|
||||
Type: string(inferencev1alpha2.InferencePoolConditionAccepted),
|
||||
Type: string(inferencev1.InferencePoolConditionAccepted),
|
||||
Status: metav1.ConditionFalse,
|
||||
Reason: string(inferencev1alpha2.InferencePoolReasonHTTPRouteNotAccepted),
|
||||
Reason: string(inferencev1.InferencePoolReasonHTTPRouteNotAccepted),
|
||||
Message: "Referenced HTTPRoute default/test-route not accepted by Gateway default/main-gateway",
|
||||
}, "Expected condition with HTTPRouteNotAccepted")
|
||||
},
|
||||
@@ -353,21 +353,21 @@ func TestInferencePoolStatusReconciliation(t *testing.T) {
|
||||
{
|
||||
name: "should report unknown status when HTTPRoute parent status has no Accepted condition",
|
||||
givens: []runtime.Object{
|
||||
NewGateway("main-gateway", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)),
|
||||
NewGateway("main-gateway", InNamespace(DefaultTestNS), WithGatewayClass("higress")),
|
||||
NewHTTPRoute("test-route", InNamespace(DefaultTestNS),
|
||||
WithParentRefAndStatus("main-gateway", DefaultTestNS, HigressController),
|
||||
WithParentRefAndStatus("main-gateway", DefaultTestNS, IstioController),
|
||||
// Note: No WithRouteParentCondition for Accepted - parent is listed but has no conditions
|
||||
WithBackendRef("test-pool", DefaultTestNS)),
|
||||
},
|
||||
targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS)),
|
||||
expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) {
|
||||
expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) {
|
||||
require.Len(t, status.Parents, 1, "Expected one parent reference")
|
||||
assert.Equal(t, "main-gateway", string(status.Parents[0].GatewayRef.Name))
|
||||
assert.Equal(t, DefaultTestNS, string(*status.Parents[0].GatewayRef.Namespace))
|
||||
assert.Equal(t, "main-gateway", string(status.Parents[0].ParentRef.Name))
|
||||
assert.Equal(t, DefaultTestNS, string(status.Parents[0].ParentRef.Namespace))
|
||||
assertConditionContains(t, status.Parents[0].Conditions, metav1.Condition{
|
||||
Type: string(inferencev1alpha2.InferencePoolConditionAccepted),
|
||||
Type: string(inferencev1.InferencePoolConditionAccepted),
|
||||
Status: metav1.ConditionUnknown,
|
||||
Reason: string(inferencev1alpha2.InferencePoolReasonAccepted),
|
||||
Reason: string(inferencev1.InferencePoolReasonAccepted),
|
||||
Message: "Referenced by an HTTPRoute unknown parentRef Gateway status",
|
||||
}, "Expected condition with ConditionUnknown")
|
||||
},
|
||||
@@ -385,19 +385,19 @@ func TestInferencePoolStatusReconciliation(t *testing.T) {
|
||||
WithBackendRef("test-pool", DefaultTestNS)),
|
||||
},
|
||||
targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS)),
|
||||
expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) {
|
||||
expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) {
|
||||
assert.Empty(t, status.Parents, "ParentRefs should be empty")
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "should not add parentRef if httproute has no backendref",
|
||||
givens: []runtime.Object{
|
||||
NewGateway("main-gateway", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)),
|
||||
NewGateway("main-gateway", InNamespace(DefaultTestNS), WithGatewayClass("higress")),
|
||||
NewHTTPRoute("test-route", InNamespace(DefaultTestNS),
|
||||
WithParentRefAndStatus("main-gateway", DefaultTestNS, HigressController)), // No BackendRef
|
||||
WithParentRefAndStatus("main-gateway", DefaultTestNS, IstioController)), // No BackendRef
|
||||
},
|
||||
targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS)),
|
||||
expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) {
|
||||
expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) {
|
||||
assert.Empty(t, status.Parents, "ParentRefs should be empty")
|
||||
},
|
||||
},
|
||||
@@ -408,26 +408,26 @@ func TestInferencePoolStatusReconciliation(t *testing.T) {
|
||||
WithBackendRef("test-pool", DefaultTestNS)), // No ParentRef
|
||||
},
|
||||
targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS)),
|
||||
expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) {
|
||||
expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) {
|
||||
assert.Empty(t, status.Parents, "ParentRefs should be empty")
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "should report ExtensionRef not found if no matching service found",
|
||||
givens: []runtime.Object{
|
||||
NewGateway("main-gateway", InNamespace(GatewayTestNS), WithGatewayClass(constants.DefaultGatewayClass)),
|
||||
NewGateway("main-gateway", InNamespace(GatewayTestNS), WithGatewayClass("higress")),
|
||||
NewHTTPRoute("test-route", InNamespace(DefaultTestNS),
|
||||
WithParentRefAndStatus("main-gateway", DefaultTestNS, HigressController),
|
||||
WithParentRefAndStatus("main-gateway", DefaultTestNS, IstioController),
|
||||
WithBackendRef("test-pool", DefaultTestNS)),
|
||||
},
|
||||
targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS)),
|
||||
expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) {
|
||||
expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) {
|
||||
require.Len(t, status.Parents, 1, "Expected one parent reference")
|
||||
require.Len(t, status.Parents[0].Conditions, 2, "Expected two condition")
|
||||
assertConditionContains(t, status.Parents[0].Conditions, metav1.Condition{
|
||||
Type: string(inferencev1alpha2.InferencePoolConditionResolvedRefs),
|
||||
Type: string(inferencev1.InferencePoolConditionResolvedRefs),
|
||||
Status: metav1.ConditionFalse,
|
||||
Reason: string(inferencev1alpha2.InferencePoolReasonInvalidExtensionRef),
|
||||
Reason: string(inferencev1.InferencePoolReasonInvalidExtensionRef),
|
||||
Message: "Referenced ExtensionRef not found",
|
||||
}, "Expected condition with InvalidExtensionRef")
|
||||
},
|
||||
@@ -435,19 +435,19 @@ func TestInferencePoolStatusReconciliation(t *testing.T) {
|
||||
{
|
||||
name: "should report unsupported ExtensionRef if kind is not service",
|
||||
givens: []runtime.Object{
|
||||
NewGateway("main-gateway", InNamespace(GatewayTestNS), WithGatewayClass(constants.DefaultGatewayClass)),
|
||||
NewGateway("main-gateway", InNamespace(GatewayTestNS), WithGatewayClass("higress")),
|
||||
NewHTTPRoute("test-route", InNamespace(DefaultTestNS),
|
||||
WithParentRefAndStatus("main-gateway", DefaultTestNS, HigressController),
|
||||
WithParentRefAndStatus("main-gateway", DefaultTestNS, IstioController),
|
||||
WithBackendRef("test-pool", DefaultTestNS)),
|
||||
},
|
||||
targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS), WithExtensionRef("Gateway", "main-gateway")),
|
||||
expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) {
|
||||
expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) {
|
||||
require.Len(t, status.Parents, 1, "Expected one parent reference")
|
||||
require.Len(t, status.Parents[0].Conditions, 2, "Expected two condition")
|
||||
assertConditionContains(t, status.Parents[0].Conditions, metav1.Condition{
|
||||
Type: string(inferencev1alpha2.InferencePoolConditionResolvedRefs),
|
||||
Type: string(inferencev1.InferencePoolConditionResolvedRefs),
|
||||
Status: metav1.ConditionFalse,
|
||||
Reason: string(inferencev1alpha2.InferencePoolReasonInvalidExtensionRef),
|
||||
Reason: string(inferencev1.InferencePoolReasonInvalidExtensionRef),
|
||||
Message: "Unsupported ExtensionRef kind",
|
||||
}, "Expected condition with InvalidExtensionRef")
|
||||
},
|
||||
@@ -472,10 +472,10 @@ func TestInferencePoolStatusReconciliation(t *testing.T) {
|
||||
|
||||
dumpOnFailure(t, krt.GlobalDebugHandler)
|
||||
|
||||
getInferencePoolStatus := func() *inferencev1alpha2.InferencePoolStatus {
|
||||
getInferencePoolStatus := func() *inferencev1.InferencePoolStatus {
|
||||
statuses := sq.Statuses()
|
||||
for _, status := range statuses {
|
||||
if pool, ok := status.(*inferencev1alpha2.InferencePoolStatus); ok {
|
||||
if pool, ok := status.(*inferencev1.InferencePoolStatus); ok {
|
||||
return pool
|
||||
}
|
||||
}
|
||||
@@ -511,7 +511,7 @@ func assertConditionContains(t *testing.T, conditions []metav1.Condition, expect
|
||||
// Option is a function that mutates an object.
|
||||
type Option func(client.Object)
|
||||
|
||||
type ParentOption func(*inferencev1alpha2.PoolStatus)
|
||||
type ParentOption func(*inferencev1.ParentStatus)
|
||||
|
||||
// --- Helper functions to mutate objects ---
|
||||
|
||||
@@ -635,15 +635,15 @@ func WithBackendRef(name, namespace string) Option {
|
||||
|
||||
func WithParentStatus(gatewayName, namespace string, opt ...ParentOption) Option {
|
||||
return func(obj client.Object) {
|
||||
ip, ok := obj.(*inferencev1alpha2.InferencePool)
|
||||
ip, ok := obj.(*inferencev1.InferencePool)
|
||||
if ok {
|
||||
if ip.Status.Parents == nil {
|
||||
ip.Status.Parents = []inferencev1alpha2.PoolStatus{}
|
||||
ip.Status.Parents = []inferencev1.ParentStatus{}
|
||||
}
|
||||
poolStatus := inferencev1alpha2.PoolStatus{
|
||||
GatewayRef: inferencev1alpha2.ParentGatewayReference{
|
||||
Name: inferencev1alpha2.ObjectName(gatewayName),
|
||||
Namespace: (*inferencev1alpha2.Namespace)(&namespace),
|
||||
poolStatus := inferencev1.ParentStatus{
|
||||
ParentRef: inferencev1.ParentReference{
|
||||
Name: inferencev1.ObjectName(gatewayName),
|
||||
Namespace: inferencev1.Namespace(namespace),
|
||||
},
|
||||
}
|
||||
for _, opt := range opt {
|
||||
@@ -655,22 +655,22 @@ func WithParentStatus(gatewayName, namespace string, opt ...ParentOption) Option
|
||||
}
|
||||
|
||||
func AsDefaultStatus() ParentOption {
|
||||
return func(parentStatusRef *inferencev1alpha2.PoolStatus) {
|
||||
return func(parentStatusRef *inferencev1.ParentStatus) {
|
||||
dName := "default"
|
||||
dKind := "Status"
|
||||
parentStatusRef.GatewayRef.Name = inferencev1alpha2.ObjectName(dName)
|
||||
parentStatusRef.GatewayRef.Kind = (*inferencev1alpha2.Kind)(&dKind)
|
||||
parentStatusRef.ParentRef.Name = inferencev1.ObjectName(dName)
|
||||
parentStatusRef.ParentRef.Kind = inferencev1.Kind(dKind)
|
||||
WithConditions(
|
||||
metav1.ConditionUnknown,
|
||||
string(inferencev1alpha2.InferencePoolConditionAccepted),
|
||||
string(inferencev1alpha2.InferencePoolReasonPending),
|
||||
string(inferencev1.InferencePoolConditionAccepted),
|
||||
infPoolPending,
|
||||
"Waiting for controller",
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
func WithConditions(status metav1.ConditionStatus, conType, reason, message string) ParentOption {
|
||||
return func(parentStatusRef *inferencev1alpha2.PoolStatus) {
|
||||
return func(parentStatusRef *inferencev1.ParentStatus) {
|
||||
if parentStatusRef.Conditions == nil {
|
||||
parentStatusRef.Conditions = []metav1.Condition{}
|
||||
}
|
||||
@@ -688,17 +688,17 @@ func WithConditions(status metav1.ConditionStatus, conType, reason, message stri
|
||||
}
|
||||
|
||||
func WithAcceptedConditions() ParentOption {
|
||||
return func(parentStatusRef *inferencev1alpha2.PoolStatus) {
|
||||
return func(parentStatusRef *inferencev1.ParentStatus) {
|
||||
WithConditions(
|
||||
metav1.ConditionTrue,
|
||||
string(inferencev1alpha2.InferencePoolConditionAccepted),
|
||||
string(inferencev1alpha2.InferencePoolReasonAccepted),
|
||||
string(inferencev1.InferencePoolConditionAccepted),
|
||||
string(inferencev1.InferencePoolReasonAccepted),
|
||||
"Accepted by the parentRef Gateway",
|
||||
)(parentStatusRef)
|
||||
WithConditions(
|
||||
metav1.ConditionTrue,
|
||||
string(inferencev1alpha2.InferencePoolConditionResolvedRefs),
|
||||
string(inferencev1alpha2.InferencePoolReasonResolvedRefs),
|
||||
string(inferencev1.InferencePoolConditionResolvedRefs),
|
||||
string(inferencev1.InferencePoolReasonResolvedRefs),
|
||||
"Resolved ExtensionRef",
|
||||
)(parentStatusRef)
|
||||
}
|
||||
@@ -706,14 +706,12 @@ func WithAcceptedConditions() ParentOption {
|
||||
|
||||
func WithExtensionRef(kind, name string) Option {
|
||||
return func(obj client.Object) {
|
||||
ip, ok := obj.(*inferencev1alpha2.InferencePool)
|
||||
ip, ok := obj.(*inferencev1.InferencePool)
|
||||
if ok {
|
||||
typedKind := inferencev1alpha2.Kind(kind)
|
||||
ip.Spec.EndpointPickerConfig.ExtensionRef = &inferencev1alpha2.Extension{
|
||||
ExtensionReference: inferencev1alpha2.ExtensionReference{
|
||||
Name: inferencev1alpha2.ObjectName(name),
|
||||
Kind: &typedKind,
|
||||
},
|
||||
typedKind := inferencev1.Kind(kind)
|
||||
ip.Spec.EndpointPickerRef = inferencev1.EndpointPickerRef{
|
||||
Name: inferencev1.ObjectName(name),
|
||||
Kind: typedKind,
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -728,7 +726,7 @@ func NewGateway(name string, opts ...Option) *gateway.Gateway {
|
||||
Namespace: DefaultTestNS,
|
||||
},
|
||||
Spec: gateway.GatewaySpec{
|
||||
GatewayClassName: "istio",
|
||||
GatewayClassName: "higress",
|
||||
},
|
||||
}
|
||||
for _, opt := range opts {
|
||||
@@ -750,23 +748,21 @@ func NewHTTPRoute(name string, opts ...Option) *gateway.HTTPRoute {
|
||||
return hr
|
||||
}
|
||||
|
||||
func NewInferencePool(name string, opts ...Option) *inferencev1alpha2.InferencePool {
|
||||
ip := &inferencev1alpha2.InferencePool{
|
||||
func NewInferencePool(name string, opts ...Option) *inferencev1.InferencePool {
|
||||
ip := &inferencev1.InferencePool{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: name,
|
||||
Namespace: DefaultTestNS,
|
||||
},
|
||||
Spec: inferencev1alpha2.InferencePoolSpec{
|
||||
Selector: map[inferencev1alpha2.LabelKey]inferencev1alpha2.LabelValue{
|
||||
"app": "test",
|
||||
},
|
||||
EndpointPickerConfig: inferencev1alpha2.EndpointPickerConfig{
|
||||
ExtensionRef: &inferencev1alpha2.Extension{
|
||||
ExtensionReference: inferencev1alpha2.ExtensionReference{
|
||||
Name: "endpoint-picker",
|
||||
},
|
||||
Spec: inferencev1.InferencePoolSpec{
|
||||
Selector: inferencev1.LabelSelector{
|
||||
MatchLabels: map[inferencev1.LabelKey]inferencev1.LabelValue{
|
||||
"app": "test",
|
||||
},
|
||||
},
|
||||
EndpointPickerRef: inferencev1.EndpointPickerRef{
|
||||
Name: "endpoint-picker",
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, opt := range opts {
|
||||
|
||||
@@ -19,45 +19,46 @@ import (
|
||||
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
inferencev1alpha2 "sigs.k8s.io/gateway-api-inference-extension/api/v1alpha2"
|
||||
inferencev1 "sigs.k8s.io/gateway-api-inference-extension/api/v1"
|
||||
|
||||
higressconstants "github.com/alibaba/higress/v2/pkg/config/constants"
|
||||
"istio.io/istio/pilot/pkg/features"
|
||||
"istio.io/istio/pkg/config/constants"
|
||||
"istio.io/istio/pkg/kube/krt"
|
||||
"istio.io/istio/pkg/ptr"
|
||||
"istio.io/istio/pkg/test"
|
||||
"istio.io/istio/pkg/test/util/assert"
|
||||
)
|
||||
|
||||
func TestReconcileInferencePool(t *testing.T) {
|
||||
test.SetForTest(t, &features.EnableGatewayAPIInferenceExtension, true)
|
||||
pool := &inferencev1alpha2.InferencePool{
|
||||
pool := &inferencev1.InferencePool{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "test-pool",
|
||||
Namespace: "default",
|
||||
},
|
||||
Spec: inferencev1alpha2.InferencePoolSpec{
|
||||
TargetPortNumber: 8080,
|
||||
Selector: map[inferencev1alpha2.LabelKey]inferencev1alpha2.LabelValue{
|
||||
"app": "test",
|
||||
Spec: inferencev1.InferencePoolSpec{
|
||||
TargetPorts: []inferencev1.Port{
|
||||
{
|
||||
Number: inferencev1.PortNumber(8080),
|
||||
},
|
||||
},
|
||||
EndpointPickerConfig: inferencev1alpha2.EndpointPickerConfig{
|
||||
ExtensionRef: &inferencev1alpha2.Extension{
|
||||
ExtensionReference: inferencev1alpha2.ExtensionReference{
|
||||
Name: "dummy",
|
||||
// Kind: &inferencev1alpha2.Kind(),
|
||||
PortNumber: ptr.Of(inferencev1alpha2.PortNumber(5421)),
|
||||
},
|
||||
Selector: inferencev1.LabelSelector{
|
||||
MatchLabels: map[inferencev1.LabelKey]inferencev1.LabelValue{
|
||||
"app": "test",
|
||||
},
|
||||
},
|
||||
EndpointPickerRef: inferencev1.EndpointPickerRef{
|
||||
Name: "dummy",
|
||||
Port: &inferencev1.Port{
|
||||
Number: inferencev1.PortNumber(5421),
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
controller := setupController(t,
|
||||
&corev1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: "default"}},
|
||||
NewGateway("test-gw", InNamespace(DefaultTestNS), WithGatewayClass(higressconstants.DefaultGatewayClass)),
|
||||
NewGateway("test-gw", InNamespace(DefaultTestNS), WithGatewayClass("istio")),
|
||||
NewHTTPRoute("test-route", InNamespace(DefaultTestNS),
|
||||
WithParentRefAndStatus("test-gw", DefaultTestNS, HigressController),
|
||||
WithParentRefAndStatus("test-gw", DefaultTestNS, IstioController),
|
||||
WithBackendRef("test-pool", DefaultTestNS),
|
||||
),
|
||||
pool,
|
||||
@@ -82,4 +83,5 @@ func TestReconcileInferencePool(t *testing.T) {
|
||||
assert.Equal(t, service.ObjectMeta.Labels[InferencePoolRefLabel], pool.Name)
|
||||
assert.Equal(t, service.OwnerReferences[0].Name, pool.Name)
|
||||
assert.Equal(t, service.Spec.Ports[0].TargetPort.IntVal, int32(8080))
|
||||
assert.Equal(t, service.Spec.Ports[0].Port, int32(54321)) // dummyPort + i
|
||||
}
|
||||
|
||||
@@ -19,7 +19,7 @@ import (
|
||||
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
gatewayv1 "sigs.k8s.io/gateway-api/apis/v1"
|
||||
gatewayalpha "sigs.k8s.io/gateway-api/apis/v1alpha2"
|
||||
gatewayx "sigs.k8s.io/gateway-api/apisx/v1alpha1"
|
||||
|
||||
"istio.io/istio/pkg/config"
|
||||
schematypes "istio.io/istio/pkg/config/schema/kubetypes"
|
||||
@@ -32,7 +32,11 @@ type ReferenceSet struct {
|
||||
erasedCollections map[config.GroupVersionKind]func(name, namespace string) (any, bool)
|
||||
}
|
||||
|
||||
func (s ReferenceSet) LocalPolicyTargetRef(ref gatewayalpha.LocalPolicyTargetReference, localNamespace string) (any, error) {
|
||||
func (s ReferenceSet) LocalPolicyTargetRef(ref gatewayv1.LocalPolicyTargetReference, localNamespace string) (any, error) {
|
||||
return s.internal(string(ref.Name), string(ref.Group), string(ref.Kind), localNamespace)
|
||||
}
|
||||
|
||||
func (s ReferenceSet) XLocalPolicyTargetRef(ref gatewayx.LocalPolicyTargetReference, localNamespace string) (any, error) {
|
||||
return s.internal(string(ref.Name), string(ref.Group), string(ref.Kind), localNamespace)
|
||||
}
|
||||
|
||||
|
||||
@@ -22,6 +22,7 @@ import (
|
||||
|
||||
creds "istio.io/istio/pilot/pkg/model/credentials"
|
||||
"istio.io/istio/pkg/config"
|
||||
"istio.io/istio/pkg/config/schema/collections"
|
||||
"istio.io/istio/pkg/config/schema/gvk"
|
||||
"istio.io/istio/pkg/kube/krt"
|
||||
)
|
||||
@@ -72,7 +73,7 @@ func ReferenceGrantsCollection(referenceGrants krt.Collection[*gateway.Reference
|
||||
|
||||
ref := normalizeReference(&to.Group, &to.Kind, config.GroupVersionKind{})
|
||||
switch ref {
|
||||
case gvk.Secret, gvk.Service, gvk.InferencePool:
|
||||
case gvk.ConfigMap, gvk.Secret, gvk.Service, gvk.InferencePool:
|
||||
toKey.Kind = ref
|
||||
default:
|
||||
continue
|
||||
@@ -127,8 +128,13 @@ func (refs ReferenceGrants) SecretAllowed(ctx krt.HandlerContext, kind config.Gr
|
||||
log.Warnf("failed to parse resource name %q: %v", resourceName, err)
|
||||
return false
|
||||
}
|
||||
resourceKind := config.GroupVersionKind{Kind: p.ResourceKind.String()}
|
||||
resourceSchema, resourceSchemaFound := collections.All.FindByGroupKind(resourceKind)
|
||||
if resourceSchemaFound {
|
||||
resourceKind = resourceSchema.GroupVersionKind()
|
||||
}
|
||||
from := Reference{Kind: kind, Namespace: gateway.Namespace(namespace)}
|
||||
to := Reference{Kind: gvk.Secret, Namespace: gateway.Namespace(p.Namespace)}
|
||||
to := Reference{Kind: resourceKind, Namespace: gateway.Namespace(p.Namespace)}
|
||||
pair := ReferencePair{From: from, To: to}
|
||||
grants := krt.FetchOrList(ctx, refs.collection, krt.FilterIndex(refs.index, pair))
|
||||
for _, g := range grants {
|
||||
|
||||
@@ -22,7 +22,7 @@ import (
|
||||
"go.uber.org/atomic"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
inferencev1alpha2 "sigs.k8s.io/gateway-api-inference-extension/api/v1alpha2"
|
||||
inferencev1 "sigs.k8s.io/gateway-api-inference-extension/api/v1"
|
||||
gatewayv1 "sigs.k8s.io/gateway-api/apis/v1"
|
||||
gatewayalpha "sigs.k8s.io/gateway-api/apis/v1alpha2"
|
||||
gateway "sigs.k8s.io/gateway-api/apis/v1beta1"
|
||||
@@ -38,14 +38,33 @@ import (
|
||||
"istio.io/istio/pkg/kube/krt"
|
||||
"istio.io/istio/pkg/ptr"
|
||||
"istio.io/istio/pkg/slices"
|
||||
"istio.io/istio/pkg/util/sets"
|
||||
)
|
||||
|
||||
type AncestorBackend struct {
|
||||
Gateway types.NamespacedName
|
||||
Backend TypedNamespacedName
|
||||
}
|
||||
|
||||
func (a AncestorBackend) Equals(other AncestorBackend) bool {
|
||||
return a.Gateway == other.Gateway && a.Backend == other.Backend
|
||||
}
|
||||
|
||||
func (a AncestorBackend) ResourceName() string {
|
||||
return a.Gateway.String() + "/" + a.Backend.String()
|
||||
}
|
||||
|
||||
func HTTPRouteCollection(
|
||||
httpRoutes krt.Collection[*gateway.HTTPRoute],
|
||||
inputs RouteContextInputs,
|
||||
opts krt.OptionsBuilder,
|
||||
) RouteResult[*gateway.HTTPRoute, gateway.HTTPRouteStatus] {
|
||||
routeCount := gatewayRouteAttachmentCountCollection(inputs, httpRoutes, gvk.HTTPRoute, opts)
|
||||
ancestorBackends := krt.NewManyCollection(httpRoutes, func(krtctx krt.HandlerContext, obj *gateway.HTTPRoute) []AncestorBackend {
|
||||
return extractAncestorBackends(obj.Namespace, obj.Spec.ParentRefs, obj.Spec.Rules, func(r gateway.HTTPRouteRule) []gateway.HTTPBackendRef {
|
||||
return r.BackendRefs
|
||||
})
|
||||
}, opts.WithName("HTTPAncestors")...)
|
||||
status, baseVirtualServices := krt.NewStatusManyCollection(httpRoutes, func(krtctx krt.HandlerContext, obj *gateway.HTTPRoute) (
|
||||
*gateway.HTTPRouteStatus,
|
||||
[]RouteWithKey,
|
||||
@@ -145,7 +164,7 @@ func HTTPRouteCollection(
|
||||
currentRouteInferenceConfigs[httpRule.Name] = kube.InferencePoolRouteRuleConfig{
|
||||
FQDN: ipCfg.endpointPickerDst,
|
||||
Port: ipCfg.endpointPickerPort,
|
||||
FailureModeAllow: ipCfg.endpointPickerFailureMode == string(inferencev1alpha2.FailOpen),
|
||||
FailureModeAllow: ipCfg.endpointPickerFailureMode == string(inferencev1.EndpointPickerFailOpen),
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -184,9 +203,54 @@ func HTTPRouteCollection(
|
||||
VirtualServices: finalVirtualServices,
|
||||
RouteAttachments: routeCount,
|
||||
Status: status,
|
||||
Ancestors: ancestorBackends,
|
||||
}
|
||||
}
|
||||
|
||||
func extractAncestorBackends[RT, BT any](ns string, prefs []gateway.ParentReference, rules []RT, extract func(RT) []BT) []AncestorBackend {
|
||||
gateways := sets.Set[types.NamespacedName]{}
|
||||
for _, r := range prefs {
|
||||
ref := normalizeReference(r.Group, r.Kind, gvk.KubernetesGateway)
|
||||
if ref != gvk.KubernetesGateway {
|
||||
continue
|
||||
}
|
||||
gateways.Insert(types.NamespacedName{
|
||||
Namespace: defaultString(r.Namespace, ns),
|
||||
Name: string(r.Name),
|
||||
})
|
||||
}
|
||||
backends := sets.Set[TypedNamespacedName]{}
|
||||
for _, r := range rules {
|
||||
for _, b := range extract(r) {
|
||||
ref, refNs, refName := GetBackendRef(b)
|
||||
k, ok := gvk.ToKind(ref)
|
||||
if !ok {
|
||||
continue
|
||||
}
|
||||
be := TypedNamespacedName{
|
||||
NamespacedName: types.NamespacedName{
|
||||
Namespace: defaultString(refNs, ns),
|
||||
Name: string(refName),
|
||||
},
|
||||
Kind: k,
|
||||
}
|
||||
backends.Insert(be)
|
||||
}
|
||||
}
|
||||
gtw := slices.SortBy(gateways.UnsortedList(), types.NamespacedName.String)
|
||||
bes := slices.SortBy(backends.UnsortedList(), TypedNamespacedName.String)
|
||||
res := make([]AncestorBackend, 0, len(gtw)*len(bes))
|
||||
for _, gw := range gtw {
|
||||
for _, be := range bes {
|
||||
res = append(res, AncestorBackend{
|
||||
Gateway: gw,
|
||||
Backend: be,
|
||||
})
|
||||
}
|
||||
}
|
||||
return res
|
||||
}
|
||||
|
||||
type conversionResult[O any] struct {
|
||||
error *ConfigError
|
||||
routes []O
|
||||
@@ -198,6 +262,11 @@ func GRPCRouteCollection(
|
||||
opts krt.OptionsBuilder,
|
||||
) RouteResult[*gatewayv1.GRPCRoute, gatewayv1.GRPCRouteStatus] {
|
||||
routeCount := gatewayRouteAttachmentCountCollection(inputs, grpcRoutes, gvk.GRPCRoute, opts)
|
||||
ancestorBackends := krt.NewManyCollection(grpcRoutes, func(krtctx krt.HandlerContext, obj *gatewayv1.GRPCRoute) []AncestorBackend {
|
||||
return extractAncestorBackends(obj.Namespace, obj.Spec.ParentRefs, obj.Spec.Rules, func(r gatewayv1.GRPCRouteRule) []gatewayv1.GRPCBackendRef {
|
||||
return r.BackendRefs
|
||||
})
|
||||
}, opts.WithName("GRPCAncestors")...)
|
||||
status, baseVirtualServices := krt.NewStatusManyCollection(grpcRoutes, func(krtctx krt.HandlerContext, obj *gatewayv1.GRPCRoute) (
|
||||
*gatewayv1.GRPCRouteStatus,
|
||||
[]RouteWithKey,
|
||||
@@ -288,7 +357,7 @@ func GRPCRouteCollection(
|
||||
currentRouteInferenceConfigs[httpRule.Name] = kube.InferencePoolRouteRuleConfig{
|
||||
FQDN: ipCfg.endpointPickerDst,
|
||||
Port: ipCfg.endpointPickerPort,
|
||||
FailureModeAllow: ipCfg.endpointPickerFailureMode == string(inferencev1alpha2.FailOpen),
|
||||
FailureModeAllow: ipCfg.endpointPickerFailureMode == string(inferencev1.EndpointPickerFailOpen),
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -327,6 +396,7 @@ func GRPCRouteCollection(
|
||||
VirtualServices: finalVirtualServices,
|
||||
RouteAttachments: routeCount,
|
||||
Status: status,
|
||||
Ancestors: ancestorBackends,
|
||||
}
|
||||
}
|
||||
|
||||
@@ -336,6 +406,11 @@ func TCPRouteCollection(
|
||||
opts krt.OptionsBuilder,
|
||||
) RouteResult[*gatewayalpha.TCPRoute, gatewayalpha.TCPRouteStatus] {
|
||||
routeCount := gatewayRouteAttachmentCountCollection(inputs, tcpRoutes, gvk.TCPRoute, opts)
|
||||
ancestorBackends := krt.NewManyCollection(tcpRoutes, func(krtctx krt.HandlerContext, obj *gatewayalpha.TCPRoute) []AncestorBackend {
|
||||
return extractAncestorBackends(obj.Namespace, obj.Spec.ParentRefs, obj.Spec.Rules, func(r gatewayalpha.TCPRouteRule) []gateway.BackendRef {
|
||||
return r.BackendRefs
|
||||
})
|
||||
}, opts.WithName("TCPAncestors")...)
|
||||
status, virtualServices := krt.NewStatusManyCollection(tcpRoutes, func(krtctx krt.HandlerContext, obj *gatewayalpha.TCPRoute) (
|
||||
*gatewayalpha.TCPRouteStatus,
|
||||
[]*config.Config,
|
||||
@@ -412,6 +487,7 @@ func TCPRouteCollection(
|
||||
VirtualServices: virtualServices,
|
||||
RouteAttachments: routeCount,
|
||||
Status: status,
|
||||
Ancestors: ancestorBackends,
|
||||
}
|
||||
}
|
||||
|
||||
@@ -421,6 +497,11 @@ func TLSRouteCollection(
|
||||
opts krt.OptionsBuilder,
|
||||
) RouteResult[*gatewayalpha.TLSRoute, gatewayalpha.TLSRouteStatus] {
|
||||
routeCount := gatewayRouteAttachmentCountCollection(inputs, tlsRoutes, gvk.TLSRoute, opts)
|
||||
ancestorBackends := krt.NewManyCollection(tlsRoutes, func(krtctx krt.HandlerContext, obj *gatewayalpha.TLSRoute) []AncestorBackend {
|
||||
return extractAncestorBackends(obj.Namespace, obj.Spec.ParentRefs, obj.Spec.Rules, func(r gatewayalpha.TLSRouteRule) []gateway.BackendRef {
|
||||
return r.BackendRefs
|
||||
})
|
||||
}, opts.WithName("TLSAncestors")...)
|
||||
status, virtualServices := krt.NewStatusManyCollection(tlsRoutes, func(krtctx krt.HandlerContext, obj *gatewayalpha.TLSRoute) (
|
||||
*gatewayalpha.TLSRouteStatus,
|
||||
[]*config.Config,
|
||||
@@ -496,6 +577,7 @@ func TLSRouteCollection(
|
||||
VirtualServices: virtualServices,
|
||||
RouteAttachments: routeCount,
|
||||
Status: status,
|
||||
Ancestors: ancestorBackends,
|
||||
}
|
||||
}
|
||||
|
||||
@@ -563,7 +645,7 @@ type RouteContextInputs struct {
|
||||
Services krt.Collection[*corev1.Service]
|
||||
Namespaces krt.Collection[*corev1.Namespace]
|
||||
ServiceEntries krt.Collection[*networkingclient.ServiceEntry]
|
||||
InferencePools krt.Collection[*inferencev1alpha2.InferencePool]
|
||||
InferencePools krt.Collection[*inferencev1.InferencePool]
|
||||
internalContext krt.RecomputeProtected[*atomic.Pointer[GatewayContext]]
|
||||
}
|
||||
|
||||
@@ -608,6 +690,8 @@ type RouteResult[I controllers.Object, IStatus any] struct {
|
||||
RouteAttachments krt.Collection[RouteAttachment]
|
||||
// Status stores the status reports for the incoming object
|
||||
Status krt.StatusCollection[I, IStatus]
|
||||
// Ancestors stores information about Gateway --> Backend references
|
||||
Ancestors krt.Collection[AncestorBackend]
|
||||
}
|
||||
|
||||
type RouteAttachment struct {
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: gateway.networking.x-k8s.io/v1alpha1
|
||||
kind: XBackendTrafficPolicy
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: lb-policy
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -18,5 +17,5 @@ status:
|
||||
reason: Accepted
|
||||
status: "True"
|
||||
type: Accepted
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: istio.io/mesh-controller
|
||||
---
|
||||
|
||||
@@ -3,8 +3,7 @@ kind: DestinationRule
|
||||
metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: XBackendTrafficPolicy/default.lb-policy
|
||||
creationTimestamp: null
|
||||
name: echo-istio-autogenerated-k8s-gateway
|
||||
name: echo~istio-autogenerated-k8s-gateway
|
||||
namespace: default
|
||||
spec:
|
||||
host: echo.default.svc.domain.suffix
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha3
|
||||
kind: BackendTLSPolicy
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: bad-configmap-type
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -14,15 +13,19 @@ status:
|
||||
conditions:
|
||||
- lastTransitionTime: fake
|
||||
message: 'Certificate reference invalid: unsupported kind UnknownKind'
|
||||
reason: Invalid
|
||||
reason: NoValidCACertificate
|
||||
status: "False"
|
||||
type: Accepted
|
||||
controllerName: istio.io/gateway-controller
|
||||
- lastTransitionTime: fake
|
||||
message: 'Certificate reference not supported: unsupported kind UnknownKind'
|
||||
reason: InvalidKind
|
||||
status: "False"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/mesh-controller
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha3
|
||||
kind: BackendTLSPolicy
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: bad-service
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -39,12 +42,16 @@ status:
|
||||
reason: TargetNotFound
|
||||
status: "False"
|
||||
type: Accepted
|
||||
controllerName: istio.io/gateway-controller
|
||||
- lastTransitionTime: fake
|
||||
message: Configuration is valid
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/mesh-controller
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha3
|
||||
kind: BackendTLSPolicy
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: existing-status
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -71,12 +78,16 @@ status:
|
||||
reason: Accepted
|
||||
status: "True"
|
||||
type: Accepted
|
||||
controllerName: istio.io/gateway-controller
|
||||
- lastTransitionTime: fake
|
||||
message: Configuration is valid
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/mesh-controller
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha3
|
||||
kind: BackendTLSPolicy
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: malformed-configmap
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -90,15 +101,115 @@ status:
|
||||
- lastTransitionTime: fake
|
||||
message: 'Certificate reference invalid: found secret, but didn''t have expected
|
||||
keys cacert or ca.crt; found: not-ca.crt'
|
||||
reason: Invalid
|
||||
reason: NoValidCACertificate
|
||||
status: "False"
|
||||
type: Accepted
|
||||
controllerName: istio.io/gateway-controller
|
||||
- lastTransitionTime: fake
|
||||
message: 'Certificate invalid: found secret, but didn''t have expected keys
|
||||
cacert or ca.crt; found: not-ca.crt'
|
||||
reason: InvalidCACertificateRef
|
||||
status: "False"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/mesh-controller
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha3
|
||||
kind: BackendTLSPolicy
|
||||
metadata:
|
||||
name: multi-host-service-entry
|
||||
namespace: default
|
||||
spec: null
|
||||
status:
|
||||
ancestors:
|
||||
- ancestorRef:
|
||||
group: networking.istio.io
|
||||
kind: ServiceEntry
|
||||
name: multi-host-service
|
||||
conditions:
|
||||
- lastTransitionTime: fake
|
||||
message: Configuration is valid
|
||||
reason: Accepted
|
||||
status: "True"
|
||||
type: Accepted
|
||||
- lastTransitionTime: fake
|
||||
message: Configuration is valid
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/mesh-controller
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha3
|
||||
kind: BackendTLSPolicy
|
||||
metadata:
|
||||
name: multi-host-service-entry-section-name
|
||||
namespace: default
|
||||
spec: null
|
||||
status:
|
||||
ancestors:
|
||||
- ancestorRef:
|
||||
group: networking.istio.io
|
||||
kind: ServiceEntry
|
||||
name: multi-host-service
|
||||
sectionName: tls
|
||||
conditions:
|
||||
- lastTransitionTime: fake
|
||||
message: Configuration is valid
|
||||
reason: Accepted
|
||||
status: "True"
|
||||
type: Accepted
|
||||
- lastTransitionTime: fake
|
||||
message: Configuration is valid
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/mesh-controller
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha3
|
||||
kind: BackendTLSPolicy
|
||||
metadata:
|
||||
name: tls-external-service-https
|
||||
namespace: default
|
||||
spec: null
|
||||
status:
|
||||
ancestors:
|
||||
- ancestorRef:
|
||||
group: networking.istio.io
|
||||
kind: ServiceEntry
|
||||
name: external-service
|
||||
sectionName: https
|
||||
conditions:
|
||||
- lastTransitionTime: fake
|
||||
message: Configuration is valid
|
||||
reason: Accepted
|
||||
status: "True"
|
||||
type: Accepted
|
||||
- lastTransitionTime: fake
|
||||
message: Configuration is valid
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/mesh-controller
|
||||
- ancestorRef:
|
||||
group: networking.istio.io
|
||||
kind: ServiceEntry
|
||||
name: external-service
|
||||
sectionName: non-existing-port-name
|
||||
conditions:
|
||||
- lastTransitionTime: fake
|
||||
message: 'targetRefs invalid: sectionName "non-existing-port-name" does not
|
||||
exist in ServiceEntry default/external-service'
|
||||
reason: TargetNotFound
|
||||
status: "False"
|
||||
type: Accepted
|
||||
- lastTransitionTime: fake
|
||||
message: Configuration is valid
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/mesh-controller
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha3
|
||||
kind: BackendTLSPolicy
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: tls-upstream-echo
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -114,12 +225,93 @@ status:
|
||||
reason: Accepted
|
||||
status: "True"
|
||||
type: Accepted
|
||||
controllerName: istio.io/gateway-controller
|
||||
- lastTransitionTime: fake
|
||||
message: Configuration is valid
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/mesh-controller
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha3
|
||||
kind: BackendTLSPolicy
|
||||
metadata:
|
||||
name: tls-upstream-echo-https-merged-rules
|
||||
namespace: default
|
||||
spec: null
|
||||
status:
|
||||
ancestors:
|
||||
- ancestorRef:
|
||||
group: ""
|
||||
kind: Service
|
||||
name: echo-https
|
||||
conditions:
|
||||
- lastTransitionTime: fake
|
||||
message: Configuration is valid
|
||||
reason: Accepted
|
||||
status: "True"
|
||||
type: Accepted
|
||||
- lastTransitionTime: fake
|
||||
message: Configuration is valid
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/mesh-controller
|
||||
- ancestorRef:
|
||||
group: ""
|
||||
kind: Service
|
||||
name: echo-https
|
||||
sectionName: https
|
||||
conditions:
|
||||
- lastTransitionTime: fake
|
||||
message: Configuration is valid
|
||||
reason: Accepted
|
||||
status: "True"
|
||||
type: Accepted
|
||||
- lastTransitionTime: fake
|
||||
message: Configuration is valid
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/mesh-controller
|
||||
- ancestorRef:
|
||||
group: ""
|
||||
kind: Service
|
||||
name: echo-https
|
||||
sectionName: non-existing-port-name
|
||||
conditions:
|
||||
- lastTransitionTime: fake
|
||||
message: 'targetRefs invalid: sectionName "non-existing-port-name" does not
|
||||
exist in Service default/echo-https'
|
||||
reason: TargetNotFound
|
||||
status: "False"
|
||||
type: Accepted
|
||||
- lastTransitionTime: fake
|
||||
message: Configuration is valid
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/mesh-controller
|
||||
- ancestorRef:
|
||||
group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: gateway
|
||||
conditions:
|
||||
- lastTransitionTime: fake
|
||||
message: 'targetRefs invalid: sectionName "non-existing-port-name" does not
|
||||
exist in Service default/echo-https'
|
||||
reason: TargetNotFound
|
||||
status: "False"
|
||||
type: Accepted
|
||||
- lastTransitionTime: fake
|
||||
message: Configuration is valid
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: higress.io/gateway-controller
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha3
|
||||
kind: BackendTLSPolicy
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: unknown-configmap
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -133,8 +325,102 @@ status:
|
||||
- lastTransitionTime: fake
|
||||
message: 'Certificate reference invalid: reference default/does-not-exist (of
|
||||
kind ConfigMap) not found'
|
||||
reason: Invalid
|
||||
reason: NoValidCACertificate
|
||||
status: "False"
|
||||
type: Accepted
|
||||
controllerName: istio.io/gateway-controller
|
||||
- lastTransitionTime: fake
|
||||
message: 'Certificate reference not found: reference default/does-not-exist
|
||||
(of kind ConfigMap) not found'
|
||||
reason: InvalidCACertificateRef
|
||||
status: "False"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/mesh-controller
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: GatewayClass
|
||||
metadata:
|
||||
name: higress
|
||||
spec: null
|
||||
status:
|
||||
conditions:
|
||||
- lastTransitionTime: fake
|
||||
message: Handled by Higress controller
|
||||
reason: Accepted
|
||||
status: "True"
|
||||
type: Accepted
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
spec: null
|
||||
status:
|
||||
addresses:
|
||||
- type: Hostname
|
||||
value: higress-gateway.higress-system.svc.domain.suffix
|
||||
conditions:
|
||||
- lastTransitionTime: fake
|
||||
message: Resource accepted
|
||||
reason: Accepted
|
||||
status: "True"
|
||||
type: Accepted
|
||||
- lastTransitionTime: fake
|
||||
message: Resource programmed, assigned to service(s) higress-gateway.higress-system.svc.domain.suffix:80
|
||||
reason: Programmed
|
||||
status: "True"
|
||||
type: Programmed
|
||||
listeners:
|
||||
- attachedRoutes: 1
|
||||
conditions:
|
||||
- lastTransitionTime: fake
|
||||
message: No errors found
|
||||
reason: Accepted
|
||||
status: "True"
|
||||
type: Accepted
|
||||
- lastTransitionTime: fake
|
||||
message: No errors found
|
||||
reason: NoConflicts
|
||||
status: "False"
|
||||
type: Conflicted
|
||||
- lastTransitionTime: fake
|
||||
message: No errors found
|
||||
reason: Programmed
|
||||
status: "True"
|
||||
type: Programmed
|
||||
- lastTransitionTime: fake
|
||||
message: No errors found
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
name: default
|
||||
supportedKinds:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: HTTPRoute
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: GRPCRoute
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: http
|
||||
namespace: higress-system
|
||||
spec: null
|
||||
status:
|
||||
parents:
|
||||
- conditions:
|
||||
- lastTransitionTime: fake
|
||||
message: Route was valid
|
||||
reason: Accepted
|
||||
status: "True"
|
||||
type: Accepted
|
||||
- lastTransitionTime: fake
|
||||
message: backendRef echo-https/default not accessible to a HTTPRoute in namespace
|
||||
"higress-system" (missing a ReferenceGrant?)
|
||||
reason: RefNotPermitted
|
||||
status: "False"
|
||||
type: ResolvedRefs
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
---
|
||||
|
||||
@@ -1,4 +1,58 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha3
|
||||
# echo-https must be created by the kube-client, because it's used in a test
|
||||
# that verifies `sectionName`, which is internally read from krt,
|
||||
# so it could be just a `model.ServiceInstance`
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: GatewayClass
|
||||
metadata:
|
||||
name: higress
|
||||
spec:
|
||||
controllerName: higress.io/gateway-controller
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
spec:
|
||||
addresses:
|
||||
- value: higress-gateway
|
||||
type: Hostname
|
||||
gatewayClassName: higress
|
||||
listeners:
|
||||
- name: default
|
||||
hostname: "*.domain.example"
|
||||
port: 80
|
||||
protocol: HTTP
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: http
|
||||
namespace: higress-system
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: gateway
|
||||
rules:
|
||||
- backendRefs:
|
||||
- name: echo-https
|
||||
namespace: default
|
||||
port: 80
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: echo-https
|
||||
namespace: default
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
protocol: TCP
|
||||
- name: https
|
||||
port: 443
|
||||
protocol: TCP
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: BackendTLSPolicy
|
||||
metadata:
|
||||
name: tls-upstream-echo
|
||||
@@ -15,7 +69,32 @@ spec:
|
||||
group: ""
|
||||
hostname: auth.example.com
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha3
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: BackendTLSPolicy
|
||||
metadata:
|
||||
name: tls-upstream-echo-https-merged-rules
|
||||
namespace: default
|
||||
spec:
|
||||
targetRefs:
|
||||
- kind: Service
|
||||
name: echo-https
|
||||
group: ""
|
||||
- kind: Service
|
||||
name: echo-https
|
||||
group: ""
|
||||
sectionName: https
|
||||
- kind: Service
|
||||
name: echo-https
|
||||
group: ""
|
||||
sectionName: non-existing-port-name
|
||||
validation:
|
||||
caCertificateRefs:
|
||||
- kind: ConfigMap
|
||||
name: auth-cert
|
||||
group: ""
|
||||
hostname: auth.example.com
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: BackendTLSPolicy
|
||||
metadata:
|
||||
name: existing-status
|
||||
@@ -33,19 +112,19 @@ spec:
|
||||
hostname: auth.example.com
|
||||
status:
|
||||
ancestors:
|
||||
- ancestorRef:
|
||||
group: ""
|
||||
kind: Service
|
||||
name: httpbin
|
||||
conditions:
|
||||
- lastTransitionTime: 2000-01-01T01:01:01Z
|
||||
message: hello
|
||||
reason: Accepted
|
||||
status: "True"
|
||||
type: Accepted
|
||||
controllerName: example.com/some-other-controller
|
||||
- ancestorRef:
|
||||
group: ""
|
||||
kind: Service
|
||||
name: httpbin
|
||||
conditions:
|
||||
- lastTransitionTime: 2000-01-01T01:01:01Z
|
||||
message: hello
|
||||
reason: Accepted
|
||||
status: "True"
|
||||
type: Accepted
|
||||
controllerName: example.com/some-other-controller
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha3
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: BackendTLSPolicy
|
||||
metadata:
|
||||
name: bad-service
|
||||
@@ -62,7 +141,7 @@ spec:
|
||||
group: ""
|
||||
hostname: auth.example.com
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha3
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: BackendTLSPolicy
|
||||
metadata:
|
||||
name: unknown-configmap
|
||||
@@ -79,7 +158,7 @@ spec:
|
||||
group: ""
|
||||
hostname: auth.example.com
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha3
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: BackendTLSPolicy
|
||||
metadata:
|
||||
name: malformed-configmap
|
||||
@@ -96,7 +175,7 @@ spec:
|
||||
group: ""
|
||||
hostname: auth.example.com
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha3
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: BackendTLSPolicy
|
||||
metadata:
|
||||
name: bad-configmap-type
|
||||
@@ -112,3 +191,91 @@ spec:
|
||||
name: blah
|
||||
group: ""
|
||||
hostname: auth.example.com
|
||||
---
|
||||
# ServiceEntry with multiple hosts for testing multiple DestinationRules
|
||||
apiVersion: networking.istio.io/v1
|
||||
kind: ServiceEntry
|
||||
metadata:
|
||||
name: multi-host-service
|
||||
namespace: default
|
||||
spec:
|
||||
hosts:
|
||||
- api.example.com
|
||||
- cdn.example.com
|
||||
ports:
|
||||
- number: 443
|
||||
name: https
|
||||
protocol: HTTPS
|
||||
- number: 8443
|
||||
name: tls
|
||||
protocol: TLS
|
||||
resolution: DNS
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: BackendTLSPolicy
|
||||
metadata:
|
||||
name: multi-host-service-entry
|
||||
namespace: default
|
||||
spec:
|
||||
targetRefs:
|
||||
- kind: ServiceEntry
|
||||
name: multi-host-service
|
||||
group: networking.istio.io
|
||||
validation:
|
||||
wellKnownCACertificates: System
|
||||
hostname: cdn.example.com
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: BackendTLSPolicy
|
||||
metadata:
|
||||
name: multi-host-service-entry-section-name
|
||||
namespace: default
|
||||
spec:
|
||||
targetRefs:
|
||||
- kind: ServiceEntry
|
||||
name: multi-host-service
|
||||
group: networking.istio.io
|
||||
sectionName: tls
|
||||
validation:
|
||||
caCertificateRefs:
|
||||
- kind: ConfigMap
|
||||
name: auth-cert
|
||||
group: ""
|
||||
hostname: api.example.com
|
||||
---
|
||||
# Simple ServiceEntry with 2 ports for testing sectionName
|
||||
apiVersion: networking.istio.io/v1
|
||||
kind: ServiceEntry
|
||||
metadata:
|
||||
name: external-service
|
||||
namespace: default
|
||||
spec:
|
||||
hosts:
|
||||
- external.example.com
|
||||
ports:
|
||||
- number: 80
|
||||
name: http
|
||||
protocol: HTTP
|
||||
- number: 443
|
||||
name: https
|
||||
protocol: HTTPS
|
||||
resolution: DNS
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: BackendTLSPolicy
|
||||
metadata:
|
||||
name: tls-external-service-https
|
||||
namespace: default
|
||||
spec:
|
||||
targetRefs:
|
||||
- kind: ServiceEntry
|
||||
name: external-service
|
||||
group: networking.istio.io
|
||||
sectionName: https
|
||||
- kind: ServiceEntry
|
||||
name: external-service
|
||||
group: networking.istio.io
|
||||
sectionName: non-existing-port-name
|
||||
validation:
|
||||
wellKnownCACertificates: System
|
||||
hostname: external.example.com
|
||||
|
||||
@@ -1,10 +1,68 @@
|
||||
apiVersion: networking.istio.io/v1alpha3
|
||||
kind: Gateway
|
||||
metadata:
|
||||
annotations:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/default.higress-system
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-default
|
||||
namespace: higress-system
|
||||
spec:
|
||||
servers:
|
||||
- hosts:
|
||||
- higress-system/*.domain.example
|
||||
port:
|
||||
name: default
|
||||
number: 80
|
||||
protocol: HTTP
|
||||
---
|
||||
apiVersion: networking.istio.io/v1alpha3
|
||||
kind: VirtualService
|
||||
metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/http.higress-system
|
||||
internal.istio.io/route-semantics: gateway
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~*
|
||||
namespace: higress-system
|
||||
spec:
|
||||
gateways:
|
||||
- higress-system/gateway-istio-autogenerated-k8s-gateway-default
|
||||
hosts:
|
||||
- '*'
|
||||
http:
|
||||
- name: http
|
||||
route:
|
||||
- destination: {}
|
||||
---
|
||||
apiVersion: networking.istio.io/v1alpha3
|
||||
kind: DestinationRule
|
||||
metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: BackendTLSPolicy/default.tls-upstream-echo-https-merged-rules
|
||||
name: echo-https~istio-autogenerated-k8s-gateway
|
||||
namespace: default
|
||||
spec:
|
||||
host: echo-https.default.svc.domain.suffix
|
||||
trafficPolicy:
|
||||
portLevelSettings:
|
||||
- port:
|
||||
number: 443
|
||||
tls:
|
||||
credentialName: configmap://default/auth-cert
|
||||
mode: SIMPLE
|
||||
sni: auth.example.com
|
||||
tls:
|
||||
credentialName: configmap://default/auth-cert
|
||||
mode: SIMPLE
|
||||
sni: auth.example.com
|
||||
---
|
||||
apiVersion: networking.istio.io/v1alpha3
|
||||
kind: DestinationRule
|
||||
metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: BackendTLSPolicy/default.tls-upstream-echo
|
||||
creationTimestamp: null
|
||||
name: echo-istio-autogenerated-k8s-gateway
|
||||
name: echo~istio-autogenerated-k8s-gateway
|
||||
namespace: default
|
||||
spec:
|
||||
host: echo.default.svc.domain.suffix
|
||||
@@ -16,11 +74,27 @@ spec:
|
||||
---
|
||||
apiVersion: networking.istio.io/v1alpha3
|
||||
kind: DestinationRule
|
||||
metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: BackendTLSPolicy/default.tls-external-service-https
|
||||
name: external-service~external-example-com~istio-autogenerated-k8s-gateway
|
||||
namespace: default
|
||||
spec:
|
||||
host: external.example.com
|
||||
trafficPolicy:
|
||||
portLevelSettings:
|
||||
- port:
|
||||
number: 443
|
||||
tls:
|
||||
mode: SIMPLE
|
||||
sni: external.example.com
|
||||
---
|
||||
apiVersion: networking.istio.io/v1alpha3
|
||||
kind: DestinationRule
|
||||
metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: BackendTLSPolicy/default.bad-configmap-type
|
||||
creationTimestamp: null
|
||||
name: foo-svc-istio-autogenerated-k8s-gateway
|
||||
name: foo-svc~istio-autogenerated-k8s-gateway
|
||||
namespace: default
|
||||
spec:
|
||||
host: foo-svc.default.svc.domain.suffix
|
||||
@@ -32,27 +106,10 @@ spec:
|
||||
---
|
||||
apiVersion: networking.istio.io/v1alpha3
|
||||
kind: DestinationRule
|
||||
metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: BackendTLSPolicy/default.existing-status
|
||||
creationTimestamp: null
|
||||
name: httpbin-istio-autogenerated-k8s-gateway
|
||||
namespace: default
|
||||
spec:
|
||||
host: httpbin.default.svc.domain.suffix
|
||||
trafficPolicy:
|
||||
tls:
|
||||
credentialName: configmap://default/auth-cert
|
||||
mode: SIMPLE
|
||||
sni: auth.example.com
|
||||
---
|
||||
apiVersion: networking.istio.io/v1alpha3
|
||||
kind: DestinationRule
|
||||
metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: BackendTLSPolicy/default.malformed-configmap
|
||||
creationTimestamp: null
|
||||
name: httpbin-other-istio-autogenerated-k8s-gateway
|
||||
name: httpbin-other~istio-autogenerated-k8s-gateway
|
||||
namespace: default
|
||||
spec:
|
||||
host: httpbin-other.default.svc.domain.suffix
|
||||
@@ -67,8 +124,7 @@ kind: DestinationRule
|
||||
metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: BackendTLSPolicy/default.unknown-configmap
|
||||
creationTimestamp: null
|
||||
name: httpbin-second-istio-autogenerated-k8s-gateway
|
||||
name: httpbin-second~istio-autogenerated-k8s-gateway
|
||||
namespace: default
|
||||
spec:
|
||||
host: httpbin-second.default.svc.domain.suffix
|
||||
@@ -78,3 +134,60 @@ spec:
|
||||
mode: SIMPLE
|
||||
sni: auth.example.com
|
||||
---
|
||||
apiVersion: networking.istio.io/v1alpha3
|
||||
kind: DestinationRule
|
||||
metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: BackendTLSPolicy/default.existing-status
|
||||
name: httpbin~istio-autogenerated-k8s-gateway
|
||||
namespace: default
|
||||
spec:
|
||||
host: httpbin.default.svc.domain.suffix
|
||||
trafficPolicy:
|
||||
tls:
|
||||
credentialName: configmap://default/auth-cert
|
||||
mode: SIMPLE
|
||||
sni: auth.example.com
|
||||
---
|
||||
apiVersion: networking.istio.io/v1alpha3
|
||||
kind: DestinationRule
|
||||
metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: BackendTLSPolicy/default.multi-host-service-entry,BackendTLSPolicy/default.multi-host-service-entry-section-name
|
||||
name: multi-host-service~api-example-com~istio-autogenerated-k8s-gateway
|
||||
namespace: default
|
||||
spec:
|
||||
host: api.example.com
|
||||
trafficPolicy:
|
||||
portLevelSettings:
|
||||
- port:
|
||||
number: 8443
|
||||
tls:
|
||||
credentialName: configmap://default/auth-cert
|
||||
mode: SIMPLE
|
||||
sni: api.example.com
|
||||
tls:
|
||||
mode: SIMPLE
|
||||
sni: cdn.example.com
|
||||
---
|
||||
apiVersion: networking.istio.io/v1alpha3
|
||||
kind: DestinationRule
|
||||
metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: BackendTLSPolicy/default.multi-host-service-entry,BackendTLSPolicy/default.multi-host-service-entry-section-name
|
||||
name: multi-host-service~cdn-example-com~istio-autogenerated-k8s-gateway
|
||||
namespace: default
|
||||
spec:
|
||||
host: cdn.example.com
|
||||
trafficPolicy:
|
||||
portLevelSettings:
|
||||
- port:
|
||||
number: 8443
|
||||
tls:
|
||||
credentialName: configmap://default/auth-cert
|
||||
mode: SIMPLE
|
||||
sni: api.example.com
|
||||
tls:
|
||||
mode: SIMPLE
|
||||
sni: cdn.example.com
|
||||
---
|
||||
|
||||
@@ -4,7 +4,7 @@ kind: GatewayClass
|
||||
metadata:
|
||||
name: istio
|
||||
spec:
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: GatewayClass
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: higress
|
||||
spec: null
|
||||
status:
|
||||
@@ -15,7 +14,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
spec: null
|
||||
@@ -95,7 +93,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: http
|
||||
namespace: apple
|
||||
spec: null
|
||||
@@ -112,7 +109,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -120,7 +117,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: http
|
||||
namespace: banana
|
||||
spec: null
|
||||
@@ -137,7 +133,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
|
||||
@@ -5,7 +5,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/apple.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-apple
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -24,7 +24,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/banana.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-banana
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -42,7 +42,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/http.apple
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-apple~*
|
||||
namespace: apple
|
||||
spec:
|
||||
@@ -64,7 +63,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/http.banana
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-banana~*
|
||||
namespace: banana
|
||||
spec:
|
||||
|
||||
@@ -1,253 +0,0 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
annotations:
|
||||
gateway.istio.io/controller-version: "5"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
annotations:
|
||||
networking.istio.io/service-type: ClusterIP
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
annotations:
|
||||
networking.istio.io/service-type: ClusterIP
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
name: default
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
istio.io/rev: default
|
||||
networking.istio.io/service-type: ClusterIP
|
||||
prometheus.io/path: /stats/prometheus
|
||||
prometheus.io/port: "15020"
|
||||
prometheus.io/scrape: "true"
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
service.istio.io/canonical-name: default
|
||||
service.istio.io/canonical-revision: latest
|
||||
sidecar.istio.io/inject: "false"
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- proxy
|
||||
- router
|
||||
- --domain
|
||||
- $(POD_NAMESPACE).svc.<no value>
|
||||
- --proxyLogLevel
|
||||
- <nil>
|
||||
- --proxyComponentLogLevel
|
||||
- <nil>
|
||||
- --log_output_level
|
||||
- <nil>
|
||||
env:
|
||||
- name: PILOT_CERT_PROVIDER
|
||||
value: <no value>
|
||||
- name: CA_ADDR
|
||||
value: istiod-<no value>.<no value>.svc:15012
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: INSTANCE_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.serviceAccountName
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.hostIP
|
||||
- name: ISTIO_CPU_LIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: PROXY_CONFIG
|
||||
value: |
|
||||
{}
|
||||
- name: ISTIO_META_POD_PORTS
|
||||
value: '[]'
|
||||
- name: ISTIO_META_APP_CONTAINERS
|
||||
value: ""
|
||||
- name: GOMEMLIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.memory
|
||||
- name: GOMAXPROCS
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: ISTIO_META_CLUSTER_ID
|
||||
value: Kubernetes
|
||||
- name: ISTIO_META_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: ISTIO_META_INTERCEPTION_MODE
|
||||
value: REDIRECT
|
||||
- name: ISTIO_META_WORKLOAD_NAME
|
||||
value: default
|
||||
- name: ISTIO_META_OWNER
|
||||
value: kubernetes://apis/apps/v1/namespaces/default/deployments/default
|
||||
- name: ISTIO_META_MESH_ID
|
||||
value: cluster.local
|
||||
- name: TRUST_DOMAIN
|
||||
value: cluster.local
|
||||
image: test/proxyv2:test
|
||||
name: istio-proxy
|
||||
ports:
|
||||
- containerPort: 15020
|
||||
name: metrics
|
||||
protocol: TCP
|
||||
- containerPort: 15021
|
||||
name: status-port
|
||||
protocol: TCP
|
||||
- containerPort: 15090
|
||||
name: http-envoy-prom
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 4
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 15
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1337
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1337
|
||||
startupProbe:
|
||||
failureThreshold: 30
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 1
|
||||
periodSeconds: 1
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/secrets/workload-spiffe-uds
|
||||
name: workload-socket
|
||||
- mountPath: /var/run/secrets/credential-uds
|
||||
name: credential-socket
|
||||
- mountPath: /var/run/secrets/workload-spiffe-credentials
|
||||
name: workload-certs
|
||||
- mountPath: /var/lib/istio/data
|
||||
name: istio-data
|
||||
- mountPath: /etc/istio/proxy
|
||||
name: istio-envoy
|
||||
- mountPath: /var/run/secrets/tokens
|
||||
name: istio-token
|
||||
- mountPath: /etc/istio/pod
|
||||
name: istio-podinfo
|
||||
securityContext:
|
||||
sysctls:
|
||||
- name: net.ipv4.ip_unprivileged_port_start
|
||||
value: "0"
|
||||
serviceAccountName: default-istio
|
||||
volumes:
|
||||
- emptyDir: {}
|
||||
name: workload-socket
|
||||
- emptyDir: {}
|
||||
name: credential-socket
|
||||
- emptyDir: {}
|
||||
name: workload-certs
|
||||
- emptyDir:
|
||||
medium: Memory
|
||||
name: istio-envoy
|
||||
- emptyDir: {}
|
||||
name: istio-data
|
||||
- downwardAPI:
|
||||
items:
|
||||
- fieldRef:
|
||||
fieldPath: metadata.labels
|
||||
path: labels
|
||||
- fieldRef:
|
||||
fieldPath: metadata.annotations
|
||||
path: annotations
|
||||
name: istio-podinfo
|
||||
- name: istio-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
audience: <no value>
|
||||
expirationSeconds: 43200
|
||||
path: istio-token
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
networking.istio.io/service-type: ClusterIP
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
name: default
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: null
|
||||
spec:
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
ports:
|
||||
- appProtocol: tcp
|
||||
name: status-port
|
||||
port: 15021
|
||||
protocol: TCP
|
||||
- appProtocol: http
|
||||
name: http
|
||||
port: 80
|
||||
protocol: TCP
|
||||
selector:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
type: ClusterIP
|
||||
---
|
||||
@@ -1,245 +0,0 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
annotations:
|
||||
gateway.istio.io/controller-version: "5"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
istio.io/rev: default
|
||||
prometheus.io/path: /stats/prometheus
|
||||
prometheus.io/port: "15020"
|
||||
prometheus.io/scrape: "true"
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
service.istio.io/canonical-name: default-istio
|
||||
service.istio.io/canonical-revision: latest
|
||||
sidecar.istio.io/inject: "false"
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- proxy
|
||||
- router
|
||||
- --domain
|
||||
- $(POD_NAMESPACE).svc.<no value>
|
||||
- --proxyLogLevel
|
||||
- <nil>
|
||||
- --proxyComponentLogLevel
|
||||
- <nil>
|
||||
- --log_output_level
|
||||
- <nil>
|
||||
env:
|
||||
- name: PILOT_CERT_PROVIDER
|
||||
value: <no value>
|
||||
- name: CA_ADDR
|
||||
value: istiod-<no value>.<no value>.svc:15012
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: INSTANCE_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.serviceAccountName
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.hostIP
|
||||
- name: ISTIO_CPU_LIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: PROXY_CONFIG
|
||||
value: |
|
||||
{}
|
||||
- name: ISTIO_META_POD_PORTS
|
||||
value: '[]'
|
||||
- name: ISTIO_META_APP_CONTAINERS
|
||||
value: ""
|
||||
- name: GOMEMLIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.memory
|
||||
- name: GOMAXPROCS
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: ISTIO_META_CLUSTER_ID
|
||||
value: Kubernetes
|
||||
- name: ISTIO_META_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: ISTIO_META_INTERCEPTION_MODE
|
||||
value: REDIRECT
|
||||
- name: ISTIO_META_WORKLOAD_NAME
|
||||
value: default-istio
|
||||
- name: ISTIO_META_OWNER
|
||||
value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-istio
|
||||
- name: ISTIO_META_MESH_ID
|
||||
value: cluster.local
|
||||
- name: TRUST_DOMAIN
|
||||
value: cluster.local
|
||||
image: test/proxyv2:test
|
||||
name: istio-proxy
|
||||
ports:
|
||||
- containerPort: 15020
|
||||
name: metrics
|
||||
protocol: TCP
|
||||
- containerPort: 15021
|
||||
name: status-port
|
||||
protocol: TCP
|
||||
- containerPort: 15090
|
||||
name: http-envoy-prom
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 4
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 15
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1337
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1337
|
||||
startupProbe:
|
||||
failureThreshold: 30
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 1
|
||||
periodSeconds: 1
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/secrets/workload-spiffe-uds
|
||||
name: workload-socket
|
||||
- mountPath: /var/run/secrets/credential-uds
|
||||
name: credential-socket
|
||||
- mountPath: /var/run/secrets/workload-spiffe-credentials
|
||||
name: workload-certs
|
||||
- mountPath: /var/lib/istio/data
|
||||
name: istio-data
|
||||
- mountPath: /etc/istio/proxy
|
||||
name: istio-envoy
|
||||
- mountPath: /var/run/secrets/tokens
|
||||
name: istio-token
|
||||
- mountPath: /etc/istio/pod
|
||||
name: istio-podinfo
|
||||
securityContext:
|
||||
sysctls:
|
||||
- name: net.ipv4.ip_unprivileged_port_start
|
||||
value: "0"
|
||||
serviceAccountName: default-istio
|
||||
volumes:
|
||||
- emptyDir: {}
|
||||
name: workload-socket
|
||||
- emptyDir: {}
|
||||
name: credential-socket
|
||||
- emptyDir: {}
|
||||
name: workload-certs
|
||||
- emptyDir:
|
||||
medium: Memory
|
||||
name: istio-envoy
|
||||
- emptyDir: {}
|
||||
name: istio-data
|
||||
- downwardAPI:
|
||||
items:
|
||||
- fieldRef:
|
||||
fieldPath: metadata.labels
|
||||
path: labels
|
||||
- fieldRef:
|
||||
fieldPath: metadata.annotations
|
||||
path: annotations
|
||||
name: istio-podinfo
|
||||
- name: istio-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
audience: <no value>
|
||||
expirationSeconds: 43200
|
||||
path: istio-token
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: null
|
||||
spec:
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
ports:
|
||||
- appProtocol: tcp
|
||||
name: status-port
|
||||
port: 15021
|
||||
protocol: TCP
|
||||
selector:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
type: LoadBalancer
|
||||
---
|
||||
@@ -1,253 +0,0 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
annotations:
|
||||
gateway.istio.io/controller-version: "5"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
annotations:
|
||||
should: see-infra-annotation
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
should: see-infra-label
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
annotations:
|
||||
should: see-infra-annotation
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
should: see-infra-label
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
istio.io/rev: default
|
||||
prometheus.io/path: /stats/prometheus
|
||||
prometheus.io/port: "15020"
|
||||
prometheus.io/scrape: "true"
|
||||
should: see-infra-annotation
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
service.istio.io/canonical-name: default-istio
|
||||
service.istio.io/canonical-revision: latest
|
||||
should: see-infra-label
|
||||
sidecar.istio.io/inject: "false"
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- proxy
|
||||
- router
|
||||
- --domain
|
||||
- $(POD_NAMESPACE).svc.<no value>
|
||||
- --proxyLogLevel
|
||||
- <nil>
|
||||
- --proxyComponentLogLevel
|
||||
- <nil>
|
||||
- --log_output_level
|
||||
- <nil>
|
||||
env:
|
||||
- name: PILOT_CERT_PROVIDER
|
||||
value: <no value>
|
||||
- name: CA_ADDR
|
||||
value: istiod-<no value>.<no value>.svc:15012
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: INSTANCE_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.serviceAccountName
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.hostIP
|
||||
- name: ISTIO_CPU_LIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: PROXY_CONFIG
|
||||
value: |
|
||||
{}
|
||||
- name: ISTIO_META_POD_PORTS
|
||||
value: '[]'
|
||||
- name: ISTIO_META_APP_CONTAINERS
|
||||
value: ""
|
||||
- name: GOMEMLIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.memory
|
||||
- name: GOMAXPROCS
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: ISTIO_META_CLUSTER_ID
|
||||
value: Kubernetes
|
||||
- name: ISTIO_META_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: ISTIO_META_INTERCEPTION_MODE
|
||||
value: REDIRECT
|
||||
- name: ISTIO_META_WORKLOAD_NAME
|
||||
value: default-istio
|
||||
- name: ISTIO_META_OWNER
|
||||
value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-istio
|
||||
- name: ISTIO_META_MESH_ID
|
||||
value: cluster.local
|
||||
- name: TRUST_DOMAIN
|
||||
value: cluster.local
|
||||
image: test/proxyv2:test
|
||||
name: istio-proxy
|
||||
ports:
|
||||
- containerPort: 15020
|
||||
name: metrics
|
||||
protocol: TCP
|
||||
- containerPort: 15021
|
||||
name: status-port
|
||||
protocol: TCP
|
||||
- containerPort: 15090
|
||||
name: http-envoy-prom
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 4
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 15
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1337
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1337
|
||||
startupProbe:
|
||||
failureThreshold: 30
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 1
|
||||
periodSeconds: 1
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/secrets/workload-spiffe-uds
|
||||
name: workload-socket
|
||||
- mountPath: /var/run/secrets/credential-uds
|
||||
name: credential-socket
|
||||
- mountPath: /var/run/secrets/workload-spiffe-credentials
|
||||
name: workload-certs
|
||||
- mountPath: /var/lib/istio/data
|
||||
name: istio-data
|
||||
- mountPath: /etc/istio/proxy
|
||||
name: istio-envoy
|
||||
- mountPath: /var/run/secrets/tokens
|
||||
name: istio-token
|
||||
- mountPath: /etc/istio/pod
|
||||
name: istio-podinfo
|
||||
securityContext:
|
||||
sysctls:
|
||||
- name: net.ipv4.ip_unprivileged_port_start
|
||||
value: "0"
|
||||
serviceAccountName: default-istio
|
||||
volumes:
|
||||
- emptyDir: {}
|
||||
name: workload-socket
|
||||
- emptyDir: {}
|
||||
name: credential-socket
|
||||
- emptyDir: {}
|
||||
name: workload-certs
|
||||
- emptyDir:
|
||||
medium: Memory
|
||||
name: istio-envoy
|
||||
- emptyDir: {}
|
||||
name: istio-data
|
||||
- downwardAPI:
|
||||
items:
|
||||
- fieldRef:
|
||||
fieldPath: metadata.labels
|
||||
path: labels
|
||||
- fieldRef:
|
||||
fieldPath: metadata.annotations
|
||||
path: annotations
|
||||
name: istio-podinfo
|
||||
- name: istio-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
audience: <no value>
|
||||
expirationSeconds: 43200
|
||||
path: istio-token
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
should: see-infra-annotation
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
should: see-infra-label
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: null
|
||||
spec:
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
ports:
|
||||
- appProtocol: tcp
|
||||
name: status-port
|
||||
port: 15021
|
||||
protocol: TCP
|
||||
selector:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
type: LoadBalancer
|
||||
---
|
||||
@@ -1,253 +0,0 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
annotations:
|
||||
gateway.istio.io/controller-version: "5"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
annotations:
|
||||
should: see
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
should: see
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
annotations:
|
||||
should: see
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
should: see
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
istio.io/rev: default
|
||||
prometheus.io/path: /stats/prometheus
|
||||
prometheus.io/port: "15020"
|
||||
prometheus.io/scrape: "true"
|
||||
should: see
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
service.istio.io/canonical-name: default-istio
|
||||
service.istio.io/canonical-revision: latest
|
||||
should: see
|
||||
sidecar.istio.io/inject: "false"
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- proxy
|
||||
- router
|
||||
- --domain
|
||||
- $(POD_NAMESPACE).svc.<no value>
|
||||
- --proxyLogLevel
|
||||
- <nil>
|
||||
- --proxyComponentLogLevel
|
||||
- <nil>
|
||||
- --log_output_level
|
||||
- <nil>
|
||||
env:
|
||||
- name: PILOT_CERT_PROVIDER
|
||||
value: <no value>
|
||||
- name: CA_ADDR
|
||||
value: istiod-<no value>.<no value>.svc:15012
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: INSTANCE_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.serviceAccountName
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.hostIP
|
||||
- name: ISTIO_CPU_LIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: PROXY_CONFIG
|
||||
value: |
|
||||
{}
|
||||
- name: ISTIO_META_POD_PORTS
|
||||
value: '[]'
|
||||
- name: ISTIO_META_APP_CONTAINERS
|
||||
value: ""
|
||||
- name: GOMEMLIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.memory
|
||||
- name: GOMAXPROCS
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: ISTIO_META_CLUSTER_ID
|
||||
value: Kubernetes
|
||||
- name: ISTIO_META_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: ISTIO_META_INTERCEPTION_MODE
|
||||
value: REDIRECT
|
||||
- name: ISTIO_META_WORKLOAD_NAME
|
||||
value: default-istio
|
||||
- name: ISTIO_META_OWNER
|
||||
value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-istio
|
||||
- name: ISTIO_META_MESH_ID
|
||||
value: cluster.local
|
||||
- name: TRUST_DOMAIN
|
||||
value: cluster.local
|
||||
image: test/proxyv2:test
|
||||
name: istio-proxy
|
||||
ports:
|
||||
- containerPort: 15020
|
||||
name: metrics
|
||||
protocol: TCP
|
||||
- containerPort: 15021
|
||||
name: status-port
|
||||
protocol: TCP
|
||||
- containerPort: 15090
|
||||
name: http-envoy-prom
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 4
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 15
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1337
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1337
|
||||
startupProbe:
|
||||
failureThreshold: 30
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 1
|
||||
periodSeconds: 1
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/secrets/workload-spiffe-uds
|
||||
name: workload-socket
|
||||
- mountPath: /var/run/secrets/credential-uds
|
||||
name: credential-socket
|
||||
- mountPath: /var/run/secrets/workload-spiffe-credentials
|
||||
name: workload-certs
|
||||
- mountPath: /var/lib/istio/data
|
||||
name: istio-data
|
||||
- mountPath: /etc/istio/proxy
|
||||
name: istio-envoy
|
||||
- mountPath: /var/run/secrets/tokens
|
||||
name: istio-token
|
||||
- mountPath: /etc/istio/pod
|
||||
name: istio-podinfo
|
||||
securityContext:
|
||||
sysctls:
|
||||
- name: net.ipv4.ip_unprivileged_port_start
|
||||
value: "0"
|
||||
serviceAccountName: default-istio
|
||||
volumes:
|
||||
- emptyDir: {}
|
||||
name: workload-socket
|
||||
- emptyDir: {}
|
||||
name: credential-socket
|
||||
- emptyDir: {}
|
||||
name: workload-certs
|
||||
- emptyDir:
|
||||
medium: Memory
|
||||
name: istio-envoy
|
||||
- emptyDir: {}
|
||||
name: istio-data
|
||||
- downwardAPI:
|
||||
items:
|
||||
- fieldRef:
|
||||
fieldPath: metadata.labels
|
||||
path: labels
|
||||
- fieldRef:
|
||||
fieldPath: metadata.annotations
|
||||
path: annotations
|
||||
name: istio-podinfo
|
||||
- name: istio-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
audience: <no value>
|
||||
expirationSeconds: 43200
|
||||
path: istio-token
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
should: see
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
should: see
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: null
|
||||
spec:
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
ports:
|
||||
- appProtocol: tcp
|
||||
name: status-port
|
||||
port: 15021
|
||||
protocol: TCP
|
||||
selector:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
type: LoadBalancer
|
||||
---
|
||||
@@ -1,245 +0,0 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
annotations:
|
||||
gateway.istio.io/controller-version: "5"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
name: default-custom
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
name: default-custom
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
istio.io/rev: default
|
||||
prometheus.io/path: /stats/prometheus
|
||||
prometheus.io/port: "15020"
|
||||
prometheus.io/scrape: "true"
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
service.istio.io/canonical-name: default-custom
|
||||
service.istio.io/canonical-revision: latest
|
||||
sidecar.istio.io/inject: "false"
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- proxy
|
||||
- router
|
||||
- --domain
|
||||
- $(POD_NAMESPACE).svc.<no value>
|
||||
- --proxyLogLevel
|
||||
- <nil>
|
||||
- --proxyComponentLogLevel
|
||||
- <nil>
|
||||
- --log_output_level
|
||||
- <nil>
|
||||
env:
|
||||
- name: PILOT_CERT_PROVIDER
|
||||
value: <no value>
|
||||
- name: CA_ADDR
|
||||
value: istiod-<no value>.<no value>.svc:15012
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: INSTANCE_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.serviceAccountName
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.hostIP
|
||||
- name: ISTIO_CPU_LIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: PROXY_CONFIG
|
||||
value: |
|
||||
{}
|
||||
- name: ISTIO_META_POD_PORTS
|
||||
value: '[]'
|
||||
- name: ISTIO_META_APP_CONTAINERS
|
||||
value: ""
|
||||
- name: GOMEMLIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.memory
|
||||
- name: GOMAXPROCS
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: ISTIO_META_CLUSTER_ID
|
||||
value: Kubernetes
|
||||
- name: ISTIO_META_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: ISTIO_META_INTERCEPTION_MODE
|
||||
value: REDIRECT
|
||||
- name: ISTIO_META_WORKLOAD_NAME
|
||||
value: default-custom
|
||||
- name: ISTIO_META_OWNER
|
||||
value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-custom
|
||||
- name: ISTIO_META_MESH_ID
|
||||
value: cluster.local
|
||||
- name: TRUST_DOMAIN
|
||||
value: cluster.local
|
||||
image: test/proxyv2:test
|
||||
name: istio-proxy
|
||||
ports:
|
||||
- containerPort: 15020
|
||||
name: metrics
|
||||
protocol: TCP
|
||||
- containerPort: 15021
|
||||
name: status-port
|
||||
protocol: TCP
|
||||
- containerPort: 15090
|
||||
name: http-envoy-prom
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 4
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 15
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1337
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1337
|
||||
startupProbe:
|
||||
failureThreshold: 30
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 1
|
||||
periodSeconds: 1
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/secrets/workload-spiffe-uds
|
||||
name: workload-socket
|
||||
- mountPath: /var/run/secrets/credential-uds
|
||||
name: credential-socket
|
||||
- mountPath: /var/run/secrets/workload-spiffe-credentials
|
||||
name: workload-certs
|
||||
- mountPath: /var/lib/istio/data
|
||||
name: istio-data
|
||||
- mountPath: /etc/istio/proxy
|
||||
name: istio-envoy
|
||||
- mountPath: /var/run/secrets/tokens
|
||||
name: istio-token
|
||||
- mountPath: /etc/istio/pod
|
||||
name: istio-podinfo
|
||||
securityContext:
|
||||
sysctls:
|
||||
- name: net.ipv4.ip_unprivileged_port_start
|
||||
value: "0"
|
||||
serviceAccountName: default-custom
|
||||
volumes:
|
||||
- emptyDir: {}
|
||||
name: workload-socket
|
||||
- emptyDir: {}
|
||||
name: credential-socket
|
||||
- emptyDir: {}
|
||||
name: workload-certs
|
||||
- emptyDir:
|
||||
medium: Memory
|
||||
name: istio-envoy
|
||||
- emptyDir: {}
|
||||
name: istio-data
|
||||
- downwardAPI:
|
||||
items:
|
||||
- fieldRef:
|
||||
fieldPath: metadata.labels
|
||||
path: labels
|
||||
- fieldRef:
|
||||
fieldPath: metadata.annotations
|
||||
path: annotations
|
||||
name: istio-podinfo
|
||||
- name: istio-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
audience: <no value>
|
||||
expirationSeconds: 43200
|
||||
path: istio-token
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
name: default-custom
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: null
|
||||
spec:
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
ports:
|
||||
- appProtocol: tcp
|
||||
name: status-port
|
||||
port: 15021
|
||||
protocol: TCP
|
||||
selector:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
type: LoadBalancer
|
||||
---
|
||||
@@ -1,300 +0,0 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
annotations:
|
||||
gateway.istio.io/controller-version: "5"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
foo: bar
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: namespace
|
||||
istio.io/dataplane-mode: none
|
||||
name: namespace-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: namespace
|
||||
uid: ""
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
annotations:
|
||||
cm-annotation: cm-annotation-value
|
||||
labels:
|
||||
foo: bar
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: namespace
|
||||
istio.io/dataplane-mode: none
|
||||
name: namespace-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: namespace
|
||||
uid: ""
|
||||
spec:
|
||||
replicas: 4
|
||||
selector:
|
||||
matchLabels:
|
||||
gateway.networking.k8s.io/gateway-name: namespace
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
istio.io/rev: default
|
||||
prometheus.io/path: /stats/prometheus
|
||||
prometheus.io/port: "15020"
|
||||
prometheus.io/scrape: "true"
|
||||
labels:
|
||||
foo: bar
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: namespace
|
||||
istio.io/dataplane-mode: none
|
||||
service.istio.io/canonical-name: namespace-istio
|
||||
service.istio.io/canonical-revision: latest
|
||||
sidecar.istio.io/inject: "false"
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- proxy
|
||||
- router
|
||||
- --domain
|
||||
- $(POD_NAMESPACE).svc.<no value>
|
||||
- --proxyLogLevel
|
||||
- <nil>
|
||||
- --proxyComponentLogLevel
|
||||
- <nil>
|
||||
- --log_output_level
|
||||
- <nil>
|
||||
env:
|
||||
- name: PILOT_CERT_PROVIDER
|
||||
value: <no value>
|
||||
- name: CA_ADDR
|
||||
value: istiod-<no value>.<no value>.svc:15012
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: INSTANCE_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.serviceAccountName
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.hostIP
|
||||
- name: ISTIO_CPU_LIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: PROXY_CONFIG
|
||||
value: |
|
||||
{}
|
||||
- name: ISTIO_META_POD_PORTS
|
||||
value: '[]'
|
||||
- name: ISTIO_META_APP_CONTAINERS
|
||||
value: ""
|
||||
- name: GOMEMLIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.memory
|
||||
- name: GOMAXPROCS
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: ISTIO_META_CLUSTER_ID
|
||||
value: Kubernetes
|
||||
- name: ISTIO_META_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: ISTIO_META_INTERCEPTION_MODE
|
||||
value: REDIRECT
|
||||
- name: ISTIO_META_WORKLOAD_NAME
|
||||
value: namespace-istio
|
||||
- name: ISTIO_META_OWNER
|
||||
value: kubernetes://apis/apps/v1/namespaces/default/deployments/namespace-istio
|
||||
- name: ISTIO_META_MESH_ID
|
||||
value: cluster.local
|
||||
- name: TRUST_DOMAIN
|
||||
value: cluster.local
|
||||
image: test/proxyv2:test
|
||||
name: istio-proxy
|
||||
ports:
|
||||
- containerPort: 15020
|
||||
name: metrics
|
||||
protocol: TCP
|
||||
- containerPort: 15021
|
||||
name: status-port
|
||||
protocol: TCP
|
||||
- containerPort: 15090
|
||||
name: http-envoy-prom
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 4
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 15
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
resources:
|
||||
requests:
|
||||
cpu: 222m
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1337
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1337
|
||||
startupProbe:
|
||||
failureThreshold: 30
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 1
|
||||
periodSeconds: 1
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/secrets/workload-spiffe-uds
|
||||
name: workload-socket
|
||||
- mountPath: /var/run/secrets/credential-uds
|
||||
name: credential-socket
|
||||
- mountPath: /var/run/secrets/workload-spiffe-credentials
|
||||
name: workload-certs
|
||||
- mountPath: /var/lib/istio/data
|
||||
name: istio-data
|
||||
- mountPath: /etc/istio/proxy
|
||||
name: istio-envoy
|
||||
- mountPath: /var/run/secrets/tokens
|
||||
name: istio-token
|
||||
- mountPath: /etc/istio/pod
|
||||
name: istio-podinfo
|
||||
securityContext:
|
||||
sysctls:
|
||||
- name: net.ipv4.ip_unprivileged_port_start
|
||||
value: "0"
|
||||
serviceAccountName: namespace-istio
|
||||
volumes:
|
||||
- emptyDir: {}
|
||||
name: workload-socket
|
||||
- emptyDir: {}
|
||||
name: credential-socket
|
||||
- emptyDir: {}
|
||||
name: workload-certs
|
||||
- emptyDir:
|
||||
medium: Memory
|
||||
name: istio-envoy
|
||||
- emptyDir: {}
|
||||
name: istio-data
|
||||
- downwardAPI:
|
||||
items:
|
||||
- fieldRef:
|
||||
fieldPath: metadata.labels
|
||||
path: labels
|
||||
- fieldRef:
|
||||
fieldPath: metadata.annotations
|
||||
path: annotations
|
||||
name: istio-podinfo
|
||||
- name: istio-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
audience: <no value>
|
||||
expirationSeconds: 43200
|
||||
path: istio-token
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
foo: bar
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: namespace
|
||||
istio.io/dataplane-mode: none
|
||||
name: namespace-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: namespace
|
||||
uid: null
|
||||
spec:
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
ports:
|
||||
- appProtocol: tcp
|
||||
name: status-port
|
||||
port: 15021
|
||||
protocol: TCP
|
||||
selector:
|
||||
gateway.networking.k8s.io/gateway-name: namespace
|
||||
type: LoadBalancer
|
||||
---
|
||||
apiVersion: autoscaling/v2
|
||||
kind: HorizontalPodAutoscaler
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
foo: bar
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: namespace
|
||||
istio.io/dataplane-mode: none
|
||||
name: namespace-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: namespace
|
||||
uid: ""
|
||||
spec:
|
||||
maxReplicas: 2
|
||||
minReplicas: 2
|
||||
scaleTargetRef:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: namespace-istio
|
||||
---
|
||||
apiVersion: policy/v1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
foo: bar
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: namespace
|
||||
istio.io/dataplane-mode: none
|
||||
name: namespace-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: namespace
|
||||
uid: ""
|
||||
spec:
|
||||
minAvailable: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
gateway.networking.k8s.io/gateway-name: namespace
|
||||
---
|
||||
@@ -1,257 +0,0 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
annotations:
|
||||
gateway.istio.io/controller-version: "5"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
annotations:
|
||||
fizz: buzz
|
||||
labels:
|
||||
foo: bar
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
istio.io/enable-inference-extproc: "true"
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
annotations:
|
||||
fizz: buzz
|
||||
labels:
|
||||
foo: bar
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
istio.io/enable-inference-extproc: "true"
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
fizz: buzz
|
||||
istio.io/rev: default
|
||||
prometheus.io/path: /stats/prometheus
|
||||
prometheus.io/port: "15020"
|
||||
prometheus.io/scrape: "true"
|
||||
labels:
|
||||
foo: bar
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
istio.io/enable-inference-extproc: "true"
|
||||
service.istio.io/canonical-name: default-istio
|
||||
service.istio.io/canonical-revision: latest
|
||||
sidecar.istio.io/inject: "false"
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- proxy
|
||||
- router
|
||||
- --domain
|
||||
- $(POD_NAMESPACE).svc.<no value>
|
||||
- --proxyLogLevel
|
||||
- <nil>
|
||||
- --proxyComponentLogLevel
|
||||
- <nil>
|
||||
- --log_output_level
|
||||
- <nil>
|
||||
env:
|
||||
- name: PILOT_CERT_PROVIDER
|
||||
value: <no value>
|
||||
- name: CA_ADDR
|
||||
value: istiod-<no value>.<no value>.svc:15012
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: INSTANCE_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.serviceAccountName
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.hostIP
|
||||
- name: ISTIO_CPU_LIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: PROXY_CONFIG
|
||||
value: |
|
||||
{}
|
||||
- name: ISTIO_META_POD_PORTS
|
||||
value: '[]'
|
||||
- name: ISTIO_META_APP_CONTAINERS
|
||||
value: ""
|
||||
- name: GOMEMLIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.memory
|
||||
- name: GOMAXPROCS
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: ISTIO_META_CLUSTER_ID
|
||||
value: Kubernetes
|
||||
- name: ISTIO_META_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: ISTIO_META_INTERCEPTION_MODE
|
||||
value: REDIRECT
|
||||
- name: ISTIO_META_WORKLOAD_NAME
|
||||
value: default-istio
|
||||
- name: ISTIO_META_OWNER
|
||||
value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-istio
|
||||
- name: ISTIO_META_MESH_ID
|
||||
value: cluster.local
|
||||
- name: TRUST_DOMAIN
|
||||
value: cluster.local
|
||||
image: test/proxyv2:test
|
||||
name: istio-proxy
|
||||
ports:
|
||||
- containerPort: 15020
|
||||
name: metrics
|
||||
protocol: TCP
|
||||
- containerPort: 15021
|
||||
name: status-port
|
||||
protocol: TCP
|
||||
- containerPort: 15090
|
||||
name: http-envoy-prom
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 4
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 15
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1337
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1337
|
||||
startupProbe:
|
||||
failureThreshold: 30
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 1
|
||||
periodSeconds: 1
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/secrets/workload-spiffe-uds
|
||||
name: workload-socket
|
||||
- mountPath: /var/run/secrets/credential-uds
|
||||
name: credential-socket
|
||||
- mountPath: /var/run/secrets/workload-spiffe-credentials
|
||||
name: workload-certs
|
||||
- mountPath: /var/lib/istio/data
|
||||
name: istio-data
|
||||
- mountPath: /etc/istio/proxy
|
||||
name: istio-envoy
|
||||
- mountPath: /var/run/secrets/tokens
|
||||
name: istio-token
|
||||
- mountPath: /etc/istio/pod
|
||||
name: istio-podinfo
|
||||
securityContext:
|
||||
sysctls:
|
||||
- name: net.ipv4.ip_unprivileged_port_start
|
||||
value: "0"
|
||||
serviceAccountName: default-istio
|
||||
volumes:
|
||||
- emptyDir: {}
|
||||
name: workload-socket
|
||||
- emptyDir: {}
|
||||
name: credential-socket
|
||||
- emptyDir: {}
|
||||
name: workload-certs
|
||||
- emptyDir:
|
||||
medium: Memory
|
||||
name: istio-envoy
|
||||
- emptyDir: {}
|
||||
name: istio-data
|
||||
- downwardAPI:
|
||||
items:
|
||||
- fieldRef:
|
||||
fieldPath: metadata.labels
|
||||
path: labels
|
||||
- fieldRef:
|
||||
fieldPath: metadata.annotations
|
||||
path: annotations
|
||||
name: istio-podinfo
|
||||
- name: istio-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
audience: <no value>
|
||||
expirationSeconds: 43200
|
||||
path: istio-token
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
fizz: buzz
|
||||
labels:
|
||||
foo: bar
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
istio.io/enable-inference-extproc: "true"
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: null
|
||||
spec:
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
ports:
|
||||
- appProtocol: tcp
|
||||
name: status-port
|
||||
port: 15021
|
||||
protocol: TCP
|
||||
selector:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
type: LoadBalancer
|
||||
---
|
||||
@@ -1,6 +0,0 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
annotations:
|
||||
gateway.istio.io/controller-version: "5"
|
||||
---
|
||||
@@ -1,253 +0,0 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
annotations:
|
||||
gateway.istio.io/controller-version: "5"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
annotations:
|
||||
fizz: buzz
|
||||
labels:
|
||||
foo: bar
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
annotations:
|
||||
fizz: buzz
|
||||
labels:
|
||||
foo: bar
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
fizz: buzz
|
||||
istio.io/rev: default
|
||||
prometheus.io/path: /stats/prometheus
|
||||
prometheus.io/port: "15020"
|
||||
prometheus.io/scrape: "true"
|
||||
labels:
|
||||
foo: bar
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
service.istio.io/canonical-name: default-istio
|
||||
service.istio.io/canonical-revision: latest
|
||||
sidecar.istio.io/inject: "false"
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- proxy
|
||||
- router
|
||||
- --domain
|
||||
- $(POD_NAMESPACE).svc.<no value>
|
||||
- --proxyLogLevel
|
||||
- <nil>
|
||||
- --proxyComponentLogLevel
|
||||
- <nil>
|
||||
- --log_output_level
|
||||
- <nil>
|
||||
env:
|
||||
- name: PILOT_CERT_PROVIDER
|
||||
value: <no value>
|
||||
- name: CA_ADDR
|
||||
value: istiod-<no value>.<no value>.svc:15012
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: INSTANCE_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.serviceAccountName
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.hostIP
|
||||
- name: ISTIO_CPU_LIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: PROXY_CONFIG
|
||||
value: |
|
||||
{}
|
||||
- name: ISTIO_META_POD_PORTS
|
||||
value: '[]'
|
||||
- name: ISTIO_META_APP_CONTAINERS
|
||||
value: ""
|
||||
- name: GOMEMLIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.memory
|
||||
- name: GOMAXPROCS
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: ISTIO_META_CLUSTER_ID
|
||||
value: Kubernetes
|
||||
- name: ISTIO_META_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: ISTIO_META_INTERCEPTION_MODE
|
||||
value: REDIRECT
|
||||
- name: ISTIO_META_WORKLOAD_NAME
|
||||
value: default-istio
|
||||
- name: ISTIO_META_OWNER
|
||||
value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-istio
|
||||
- name: ISTIO_META_MESH_ID
|
||||
value: cluster.local
|
||||
- name: TRUST_DOMAIN
|
||||
value: cluster.local
|
||||
image: test/proxyv2:test
|
||||
name: istio-proxy
|
||||
ports:
|
||||
- containerPort: 15020
|
||||
name: metrics
|
||||
protocol: TCP
|
||||
- containerPort: 15021
|
||||
name: status-port
|
||||
protocol: TCP
|
||||
- containerPort: 15090
|
||||
name: http-envoy-prom
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 4
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 15
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1337
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1337
|
||||
startupProbe:
|
||||
failureThreshold: 30
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 1
|
||||
periodSeconds: 1
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/secrets/workload-spiffe-uds
|
||||
name: workload-socket
|
||||
- mountPath: /var/run/secrets/credential-uds
|
||||
name: credential-socket
|
||||
- mountPath: /var/run/secrets/workload-spiffe-credentials
|
||||
name: workload-certs
|
||||
- mountPath: /var/lib/istio/data
|
||||
name: istio-data
|
||||
- mountPath: /etc/istio/proxy
|
||||
name: istio-envoy
|
||||
- mountPath: /var/run/secrets/tokens
|
||||
name: istio-token
|
||||
- mountPath: /etc/istio/pod
|
||||
name: istio-podinfo
|
||||
securityContext:
|
||||
sysctls:
|
||||
- name: net.ipv4.ip_unprivileged_port_start
|
||||
value: "0"
|
||||
serviceAccountName: default-istio
|
||||
volumes:
|
||||
- emptyDir: {}
|
||||
name: workload-socket
|
||||
- emptyDir: {}
|
||||
name: credential-socket
|
||||
- emptyDir: {}
|
||||
name: workload-certs
|
||||
- emptyDir:
|
||||
medium: Memory
|
||||
name: istio-envoy
|
||||
- emptyDir: {}
|
||||
name: istio-data
|
||||
- downwardAPI:
|
||||
items:
|
||||
- fieldRef:
|
||||
fieldPath: metadata.labels
|
||||
path: labels
|
||||
- fieldRef:
|
||||
fieldPath: metadata.annotations
|
||||
path: annotations
|
||||
name: istio-podinfo
|
||||
- name: istio-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
audience: <no value>
|
||||
expirationSeconds: 43200
|
||||
path: istio-token
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
fizz: buzz
|
||||
labels:
|
||||
foo: bar
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: null
|
||||
spec:
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
ports:
|
||||
- appProtocol: tcp
|
||||
name: status-port
|
||||
port: 15021
|
||||
protocol: TCP
|
||||
selector:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
type: LoadBalancer
|
||||
---
|
||||
@@ -1,254 +0,0 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
annotations:
|
||||
gateway.istio.io/controller-version: "5"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-eastwest-controller
|
||||
gateway.networking.k8s.io/gateway-name: eastwestgateway
|
||||
topology.istio.io/network: network-1
|
||||
name: eastwestgateway
|
||||
namespace: istio-system
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: eastwestgateway
|
||||
uid: ""
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-eastwest-controller
|
||||
gateway.networking.k8s.io/gateway-name: eastwestgateway
|
||||
topology.istio.io/network: network-1
|
||||
name: eastwestgateway
|
||||
namespace: istio-system
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: eastwestgateway
|
||||
uid: ""
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
gateway.networking.k8s.io/gateway-name: eastwestgateway
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
istio.io/rev: default
|
||||
prometheus.io/path: /stats/prometheus
|
||||
prometheus.io/port: "15020"
|
||||
prometheus.io/scrape: "true"
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-eastwest-controller
|
||||
gateway.networking.k8s.io/gateway-name: eastwestgateway
|
||||
istio.io/dataplane-mode: none
|
||||
service.istio.io/canonical-name: eastwestgateway
|
||||
service.istio.io/canonical-revision: latest
|
||||
sidecar.istio.io/inject: "false"
|
||||
topology.istio.io/network: network-1
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- proxy
|
||||
- waypoint
|
||||
- --domain
|
||||
- $(POD_NAMESPACE).svc.<no value>
|
||||
- --serviceCluster
|
||||
- eastwestgateway.$(POD_NAMESPACE)
|
||||
- --proxyLogLevel
|
||||
- <nil>
|
||||
- --proxyComponentLogLevel
|
||||
- <nil>
|
||||
- --log_output_level
|
||||
- <nil>
|
||||
env:
|
||||
- name: ISTIO_META_SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.serviceAccountName
|
||||
- name: ISTIO_META_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: PILOT_CERT_PROVIDER
|
||||
value: <no value>
|
||||
- name: CA_ADDR
|
||||
value: istiod-<no value>.<no value>.svc:15012
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: INSTANCE_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.serviceAccountName
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.hostIP
|
||||
- name: ISTIO_CPU_LIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: PROXY_CONFIG
|
||||
value: |
|
||||
{}
|
||||
- name: GOMEMLIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.memory
|
||||
- name: GOMAXPROCS
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: ISTIO_META_CLUSTER_ID
|
||||
value: Kubernetes
|
||||
- name: ISTIO_META_NETWORK
|
||||
value: network-1
|
||||
- name: ISTIO_META_INTERCEPTION_MODE
|
||||
value: REDIRECT
|
||||
- name: ISTIO_META_WORKLOAD_NAME
|
||||
value: eastwestgateway
|
||||
- name: ISTIO_META_OWNER
|
||||
value: kubernetes://apis/apps/v1/namespaces/istio-system/deployments/eastwestgateway
|
||||
- name: ISTIO_META_MESH_ID
|
||||
value: cluster.local
|
||||
- name: TRUST_DOMAIN
|
||||
value: cluster.local
|
||||
image: test/proxyv2:test
|
||||
name: istio-proxy
|
||||
ports:
|
||||
- containerPort: 15020
|
||||
name: metrics
|
||||
protocol: TCP
|
||||
- containerPort: 15021
|
||||
name: status-port
|
||||
protocol: TCP
|
||||
- containerPort: 15090
|
||||
name: http-envoy-prom
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 4
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 15
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1337
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1337
|
||||
startupProbe:
|
||||
failureThreshold: 30
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 1
|
||||
periodSeconds: 1
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/secrets/workload-spiffe-uds
|
||||
name: workload-socket
|
||||
- mountPath: /var/run/secrets/istio
|
||||
name: istiod-ca-cert
|
||||
- mountPath: /var/lib/istio/data
|
||||
name: istio-data
|
||||
- mountPath: /etc/istio/proxy
|
||||
name: istio-envoy
|
||||
- mountPath: /var/run/secrets/tokens
|
||||
name: istio-token
|
||||
- mountPath: /etc/istio/pod
|
||||
name: istio-podinfo
|
||||
serviceAccountName: eastwestgateway
|
||||
terminationGracePeriodSeconds: 2
|
||||
volumes:
|
||||
- emptyDir: {}
|
||||
name: workload-socket
|
||||
- emptyDir:
|
||||
medium: Memory
|
||||
name: istio-envoy
|
||||
- emptyDir:
|
||||
medium: Memory
|
||||
name: go-proxy-envoy
|
||||
- emptyDir: {}
|
||||
name: istio-data
|
||||
- emptyDir: {}
|
||||
name: go-proxy-data
|
||||
- downwardAPI:
|
||||
items:
|
||||
- fieldRef:
|
||||
fieldPath: metadata.labels
|
||||
path: labels
|
||||
- fieldRef:
|
||||
fieldPath: metadata.annotations
|
||||
path: annotations
|
||||
name: istio-podinfo
|
||||
- name: istio-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
audience: istio-ca
|
||||
expirationSeconds: 43200
|
||||
path: istio-token
|
||||
- configMap:
|
||||
name: istio-ca-root-cert
|
||||
name: istiod-ca-cert
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
networking.istio.io/traffic-distribution: PreferClose
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-eastwest-controller
|
||||
gateway.networking.k8s.io/gateway-name: eastwestgateway
|
||||
topology.istio.io/network: network-1
|
||||
name: eastwestgateway
|
||||
namespace: istio-system
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: eastwestgateway
|
||||
uid: ""
|
||||
spec:
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
ports:
|
||||
- appProtocol: tcp
|
||||
name: status-port
|
||||
port: 15021
|
||||
protocol: TCP
|
||||
- appProtocol: all
|
||||
name: mesh
|
||||
port: 15008
|
||||
protocol: TCP
|
||||
selector:
|
||||
gateway.networking.k8s.io/gateway-name: eastwestgateway
|
||||
type: LoadBalancer
|
||||
---
|
||||
@@ -1,256 +0,0 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
annotations:
|
||||
gateway.istio.io/controller-version: "5"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-mesh-controller
|
||||
gateway.networking.k8s.io/gateway-name: test-upgrade
|
||||
topology.istio.io/network: network-1
|
||||
name: test-upgrade
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: test-upgrade
|
||||
uid: ""
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-mesh-controller
|
||||
gateway.networking.k8s.io/gateway-name: test-upgrade
|
||||
topology.istio.io/network: network-1
|
||||
name: test-upgrade
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: test-upgrade
|
||||
uid: ""
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
gateway.networking.k8s.io/gateway-name: test-upgrade
|
||||
istio.io/gateway-name: test-upgrade
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
istio.io/rev: default
|
||||
prometheus.io/path: /stats/prometheus
|
||||
prometheus.io/port: "15020"
|
||||
prometheus.io/scrape: "true"
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-mesh-controller
|
||||
gateway.networking.k8s.io/gateway-name: test-upgrade
|
||||
istio.io/dataplane-mode: none
|
||||
istio.io/gateway-name: test-upgrade
|
||||
service.istio.io/canonical-name: test-upgrade
|
||||
service.istio.io/canonical-revision: latest
|
||||
sidecar.istio.io/inject: "false"
|
||||
topology.istio.io/network: network-1
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- proxy
|
||||
- waypoint
|
||||
- --domain
|
||||
- $(POD_NAMESPACE).svc.<no value>
|
||||
- --serviceCluster
|
||||
- test-upgrade.$(POD_NAMESPACE)
|
||||
- --proxyLogLevel
|
||||
- <nil>
|
||||
- --proxyComponentLogLevel
|
||||
- <nil>
|
||||
- --log_output_level
|
||||
- <nil>
|
||||
env:
|
||||
- name: ISTIO_META_SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.serviceAccountName
|
||||
- name: ISTIO_META_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: PILOT_CERT_PROVIDER
|
||||
value: <no value>
|
||||
- name: CA_ADDR
|
||||
value: istiod-<no value>.<no value>.svc:15012
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: INSTANCE_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.serviceAccountName
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.hostIP
|
||||
- name: ISTIO_CPU_LIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: PROXY_CONFIG
|
||||
value: |
|
||||
{}
|
||||
- name: GOMEMLIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.memory
|
||||
- name: GOMAXPROCS
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: ISTIO_META_CLUSTER_ID
|
||||
value: Kubernetes
|
||||
- name: ISTIO_META_NETWORK
|
||||
value: network-1
|
||||
- name: ISTIO_META_INTERCEPTION_MODE
|
||||
value: REDIRECT
|
||||
- name: ISTIO_META_WORKLOAD_NAME
|
||||
value: test-upgrade
|
||||
- name: ISTIO_META_OWNER
|
||||
value: kubernetes://apis/apps/v1/namespaces/default/deployments/test-upgrade
|
||||
- name: ISTIO_META_MESH_ID
|
||||
value: cluster.local
|
||||
- name: TRUST_DOMAIN
|
||||
value: cluster.local
|
||||
image: test/proxyv2:test
|
||||
name: istio-proxy
|
||||
ports:
|
||||
- containerPort: 15020
|
||||
name: metrics
|
||||
protocol: TCP
|
||||
- containerPort: 15021
|
||||
name: status-port
|
||||
protocol: TCP
|
||||
- containerPort: 15090
|
||||
name: http-envoy-prom
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 4
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 15
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1337
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1337
|
||||
startupProbe:
|
||||
failureThreshold: 30
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 1
|
||||
periodSeconds: 1
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/secrets/workload-spiffe-uds
|
||||
name: workload-socket
|
||||
- mountPath: /var/run/secrets/istio
|
||||
name: istiod-ca-cert
|
||||
- mountPath: /var/lib/istio/data
|
||||
name: istio-data
|
||||
- mountPath: /etc/istio/proxy
|
||||
name: istio-envoy
|
||||
- mountPath: /var/run/secrets/tokens
|
||||
name: istio-token
|
||||
- mountPath: /etc/istio/pod
|
||||
name: istio-podinfo
|
||||
serviceAccountName: test-upgrade
|
||||
terminationGracePeriodSeconds: 2
|
||||
volumes:
|
||||
- emptyDir: {}
|
||||
name: workload-socket
|
||||
- emptyDir:
|
||||
medium: Memory
|
||||
name: istio-envoy
|
||||
- emptyDir:
|
||||
medium: Memory
|
||||
name: go-proxy-envoy
|
||||
- emptyDir: {}
|
||||
name: istio-data
|
||||
- emptyDir: {}
|
||||
name: go-proxy-data
|
||||
- downwardAPI:
|
||||
items:
|
||||
- fieldRef:
|
||||
fieldPath: metadata.labels
|
||||
path: labels
|
||||
- fieldRef:
|
||||
fieldPath: metadata.annotations
|
||||
path: annotations
|
||||
name: istio-podinfo
|
||||
- name: istio-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
audience: istio-ca
|
||||
expirationSeconds: 43200
|
||||
path: istio-token
|
||||
- configMap:
|
||||
name: istio-ca-root-cert
|
||||
name: istiod-ca-cert
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
networking.istio.io/traffic-distribution: PreferClose
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-mesh-controller
|
||||
gateway.networking.k8s.io/gateway-name: test-upgrade
|
||||
topology.istio.io/network: network-1
|
||||
name: test-upgrade
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: test-upgrade
|
||||
uid: ""
|
||||
spec:
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
ports:
|
||||
- appProtocol: tcp
|
||||
name: status-port
|
||||
port: 15021
|
||||
protocol: TCP
|
||||
- appProtocol: all
|
||||
name: mesh
|
||||
port: 15008
|
||||
protocol: TCP
|
||||
selector:
|
||||
gateway.networking.k8s.io/gateway-name: test-upgrade
|
||||
type: ClusterIP
|
||||
---
|
||||
@@ -1,245 +0,0 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
annotations:
|
||||
gateway.istio.io/controller-version: "5"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: ambient
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: ambient
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
istio.io/rev: default
|
||||
prometheus.io/path: /stats/prometheus
|
||||
prometheus.io/port: "15020"
|
||||
prometheus.io/scrape: "true"
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: ambient
|
||||
service.istio.io/canonical-name: default-istio
|
||||
service.istio.io/canonical-revision: latest
|
||||
sidecar.istio.io/inject: "false"
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- proxy
|
||||
- router
|
||||
- --domain
|
||||
- $(POD_NAMESPACE).svc.<no value>
|
||||
- --proxyLogLevel
|
||||
- <nil>
|
||||
- --proxyComponentLogLevel
|
||||
- <nil>
|
||||
- --log_output_level
|
||||
- <nil>
|
||||
env:
|
||||
- name: PILOT_CERT_PROVIDER
|
||||
value: <no value>
|
||||
- name: CA_ADDR
|
||||
value: istiod-<no value>.<no value>.svc:15012
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: INSTANCE_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.serviceAccountName
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.hostIP
|
||||
- name: ISTIO_CPU_LIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: PROXY_CONFIG
|
||||
value: |
|
||||
{}
|
||||
- name: ISTIO_META_POD_PORTS
|
||||
value: '[]'
|
||||
- name: ISTIO_META_APP_CONTAINERS
|
||||
value: ""
|
||||
- name: GOMEMLIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.memory
|
||||
- name: GOMAXPROCS
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: ISTIO_META_CLUSTER_ID
|
||||
value: Kubernetes
|
||||
- name: ISTIO_META_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: ISTIO_META_INTERCEPTION_MODE
|
||||
value: REDIRECT
|
||||
- name: ISTIO_META_WORKLOAD_NAME
|
||||
value: default-istio
|
||||
- name: ISTIO_META_OWNER
|
||||
value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-istio
|
||||
- name: ISTIO_META_MESH_ID
|
||||
value: cluster.local
|
||||
- name: TRUST_DOMAIN
|
||||
value: cluster.local
|
||||
image: test/proxyv2:test
|
||||
name: istio-proxy
|
||||
ports:
|
||||
- containerPort: 15020
|
||||
name: metrics
|
||||
protocol: TCP
|
||||
- containerPort: 15021
|
||||
name: status-port
|
||||
protocol: TCP
|
||||
- containerPort: 15090
|
||||
name: http-envoy-prom
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 4
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 15
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1337
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1337
|
||||
startupProbe:
|
||||
failureThreshold: 30
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 1
|
||||
periodSeconds: 1
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/secrets/workload-spiffe-uds
|
||||
name: workload-socket
|
||||
- mountPath: /var/run/secrets/credential-uds
|
||||
name: credential-socket
|
||||
- mountPath: /var/run/secrets/workload-spiffe-credentials
|
||||
name: workload-certs
|
||||
- mountPath: /var/lib/istio/data
|
||||
name: istio-data
|
||||
- mountPath: /etc/istio/proxy
|
||||
name: istio-envoy
|
||||
- mountPath: /var/run/secrets/tokens
|
||||
name: istio-token
|
||||
- mountPath: /etc/istio/pod
|
||||
name: istio-podinfo
|
||||
securityContext:
|
||||
sysctls:
|
||||
- name: net.ipv4.ip_unprivileged_port_start
|
||||
value: "0"
|
||||
serviceAccountName: default-istio
|
||||
volumes:
|
||||
- emptyDir: {}
|
||||
name: workload-socket
|
||||
- emptyDir: {}
|
||||
name: credential-socket
|
||||
- emptyDir: {}
|
||||
name: workload-certs
|
||||
- emptyDir:
|
||||
medium: Memory
|
||||
name: istio-envoy
|
||||
- emptyDir: {}
|
||||
name: istio-data
|
||||
- downwardAPI:
|
||||
items:
|
||||
- fieldRef:
|
||||
fieldPath: metadata.labels
|
||||
path: labels
|
||||
- fieldRef:
|
||||
fieldPath: metadata.annotations
|
||||
path: annotations
|
||||
name: istio-podinfo
|
||||
- name: istio-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
audience: <no value>
|
||||
expirationSeconds: 43200
|
||||
path: istio-token
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: ambient
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: null
|
||||
spec:
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
ports:
|
||||
- appProtocol: tcp
|
||||
name: status-port
|
||||
port: 15021
|
||||
protocol: TCP
|
||||
selector:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
type: LoadBalancer
|
||||
---
|
||||
@@ -1,245 +0,0 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
annotations:
|
||||
gateway.istio.io/controller-version: "5"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: ambient
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: ambient
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
istio.io/rev: default
|
||||
prometheus.io/path: /stats/prometheus
|
||||
prometheus.io/port: "15020"
|
||||
prometheus.io/scrape: "true"
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: ambient
|
||||
service.istio.io/canonical-name: default-istio
|
||||
service.istio.io/canonical-revision: latest
|
||||
sidecar.istio.io/inject: "false"
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- proxy
|
||||
- router
|
||||
- --domain
|
||||
- $(POD_NAMESPACE).svc.<no value>
|
||||
- --proxyLogLevel
|
||||
- <nil>
|
||||
- --proxyComponentLogLevel
|
||||
- <nil>
|
||||
- --log_output_level
|
||||
- <nil>
|
||||
env:
|
||||
- name: PILOT_CERT_PROVIDER
|
||||
value: <no value>
|
||||
- name: CA_ADDR
|
||||
value: istiod-<no value>.<no value>.svc:15012
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: INSTANCE_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.serviceAccountName
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.hostIP
|
||||
- name: ISTIO_CPU_LIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: PROXY_CONFIG
|
||||
value: |
|
||||
{}
|
||||
- name: ISTIO_META_POD_PORTS
|
||||
value: '[]'
|
||||
- name: ISTIO_META_APP_CONTAINERS
|
||||
value: ""
|
||||
- name: GOMEMLIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.memory
|
||||
- name: GOMAXPROCS
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: ISTIO_META_CLUSTER_ID
|
||||
value: Kubernetes
|
||||
- name: ISTIO_META_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: ISTIO_META_INTERCEPTION_MODE
|
||||
value: REDIRECT
|
||||
- name: ISTIO_META_WORKLOAD_NAME
|
||||
value: default-istio
|
||||
- name: ISTIO_META_OWNER
|
||||
value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-istio
|
||||
- name: ISTIO_META_MESH_ID
|
||||
value: cluster.local
|
||||
- name: TRUST_DOMAIN
|
||||
value: cluster.local
|
||||
image: test/proxyv2:test
|
||||
name: istio-proxy
|
||||
ports:
|
||||
- containerPort: 15020
|
||||
name: metrics
|
||||
protocol: TCP
|
||||
- containerPort: 15021
|
||||
name: status-port
|
||||
protocol: TCP
|
||||
- containerPort: 15090
|
||||
name: http-envoy-prom
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 4
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 15
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1337
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1337
|
||||
startupProbe:
|
||||
failureThreshold: 30
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 1
|
||||
periodSeconds: 1
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/secrets/workload-spiffe-uds
|
||||
name: workload-socket
|
||||
- mountPath: /var/run/secrets/credential-uds
|
||||
name: credential-socket
|
||||
- mountPath: /var/run/secrets/workload-spiffe-credentials
|
||||
name: workload-certs
|
||||
- mountPath: /var/lib/istio/data
|
||||
name: istio-data
|
||||
- mountPath: /etc/istio/proxy
|
||||
name: istio-envoy
|
||||
- mountPath: /var/run/secrets/tokens
|
||||
name: istio-token
|
||||
- mountPath: /etc/istio/pod
|
||||
name: istio-podinfo
|
||||
securityContext:
|
||||
sysctls:
|
||||
- name: net.ipv4.ip_unprivileged_port_start
|
||||
value: "0"
|
||||
serviceAccountName: default-istio
|
||||
volumes:
|
||||
- emptyDir: {}
|
||||
name: workload-socket
|
||||
- emptyDir: {}
|
||||
name: credential-socket
|
||||
- emptyDir: {}
|
||||
name: workload-certs
|
||||
- emptyDir:
|
||||
medium: Memory
|
||||
name: istio-envoy
|
||||
- emptyDir: {}
|
||||
name: istio-data
|
||||
- downwardAPI:
|
||||
items:
|
||||
- fieldRef:
|
||||
fieldPath: metadata.labels
|
||||
path: labels
|
||||
- fieldRef:
|
||||
fieldPath: metadata.annotations
|
||||
path: annotations
|
||||
name: istio-podinfo
|
||||
- name: istio-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
audience: <no value>
|
||||
expirationSeconds: 43200
|
||||
path: istio-token
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: ambient
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: null
|
||||
spec:
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
ports:
|
||||
- appProtocol: tcp
|
||||
name: status-port
|
||||
port: 15021
|
||||
protocol: TCP
|
||||
selector:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
type: LoadBalancer
|
||||
---
|
||||
@@ -1,246 +0,0 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
annotations:
|
||||
gateway.istio.io/controller-version: "5"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
name: default
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
istio.io/rev: default
|
||||
prometheus.io/path: /stats/prometheus
|
||||
prometheus.io/port: "15020"
|
||||
prometheus.io/scrape: "true"
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
service.istio.io/canonical-name: default
|
||||
service.istio.io/canonical-revision: latest
|
||||
sidecar.istio.io/inject: "false"
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- proxy
|
||||
- router
|
||||
- --domain
|
||||
- $(POD_NAMESPACE).svc.<no value>
|
||||
- --proxyLogLevel
|
||||
- <nil>
|
||||
- --proxyComponentLogLevel
|
||||
- <nil>
|
||||
- --log_output_level
|
||||
- <nil>
|
||||
env:
|
||||
- name: PILOT_CERT_PROVIDER
|
||||
value: <no value>
|
||||
- name: CA_ADDR
|
||||
value: istiod-<no value>.<no value>.svc:15012
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: INSTANCE_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.serviceAccountName
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.hostIP
|
||||
- name: ISTIO_CPU_LIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: PROXY_CONFIG
|
||||
value: |
|
||||
{}
|
||||
- name: ISTIO_META_POD_PORTS
|
||||
value: '[]'
|
||||
- name: ISTIO_META_APP_CONTAINERS
|
||||
value: ""
|
||||
- name: GOMEMLIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.memory
|
||||
- name: GOMAXPROCS
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: ISTIO_META_CLUSTER_ID
|
||||
value: Kubernetes
|
||||
- name: ISTIO_META_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: ISTIO_META_INTERCEPTION_MODE
|
||||
value: REDIRECT
|
||||
- name: ISTIO_META_WORKLOAD_NAME
|
||||
value: default
|
||||
- name: ISTIO_META_OWNER
|
||||
value: kubernetes://apis/apps/v1/namespaces/default/deployments/default
|
||||
- name: ISTIO_META_MESH_ID
|
||||
value: cluster.local
|
||||
- name: TRUST_DOMAIN
|
||||
value: cluster.local
|
||||
image: test/proxyv2:test
|
||||
name: istio-proxy
|
||||
ports:
|
||||
- containerPort: 15020
|
||||
name: metrics
|
||||
protocol: TCP
|
||||
- containerPort: 15021
|
||||
name: status-port
|
||||
protocol: TCP
|
||||
- containerPort: 15090
|
||||
name: http-envoy-prom
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 4
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 15
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1337
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1337
|
||||
startupProbe:
|
||||
failureThreshold: 30
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 1
|
||||
periodSeconds: 1
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/secrets/workload-spiffe-uds
|
||||
name: workload-socket
|
||||
- mountPath: /var/run/secrets/credential-uds
|
||||
name: credential-socket
|
||||
- mountPath: /var/run/secrets/workload-spiffe-credentials
|
||||
name: workload-certs
|
||||
- mountPath: /var/lib/istio/data
|
||||
name: istio-data
|
||||
- mountPath: /etc/istio/proxy
|
||||
name: istio-envoy
|
||||
- mountPath: /var/run/secrets/tokens
|
||||
name: istio-token
|
||||
- mountPath: /etc/istio/pod
|
||||
name: istio-podinfo
|
||||
securityContext:
|
||||
sysctls:
|
||||
- name: net.ipv4.ip_unprivileged_port_start
|
||||
value: "0"
|
||||
serviceAccountName: default-istio
|
||||
volumes:
|
||||
- emptyDir: {}
|
||||
name: workload-socket
|
||||
- emptyDir: {}
|
||||
name: credential-socket
|
||||
- emptyDir: {}
|
||||
name: workload-certs
|
||||
- emptyDir:
|
||||
medium: Memory
|
||||
name: istio-envoy
|
||||
- emptyDir: {}
|
||||
name: istio-data
|
||||
- downwardAPI:
|
||||
items:
|
||||
- fieldRef:
|
||||
fieldPath: metadata.labels
|
||||
path: labels
|
||||
- fieldRef:
|
||||
fieldPath: metadata.annotations
|
||||
path: annotations
|
||||
name: istio-podinfo
|
||||
- name: istio-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
audience: <no value>
|
||||
expirationSeconds: 43200
|
||||
path: istio-token
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
name: default
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: null
|
||||
spec:
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
loadBalancerIP: 1.2.3.4
|
||||
ports:
|
||||
- appProtocol: tcp
|
||||
name: status-port
|
||||
port: 15021
|
||||
protocol: TCP
|
||||
selector:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
type: LoadBalancer
|
||||
---
|
||||
@@ -1,245 +0,0 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
annotations:
|
||||
gateway.istio.io/controller-version: "5"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
name: custom-sa
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
istio.io/rev: default
|
||||
prometheus.io/path: /stats/prometheus
|
||||
prometheus.io/port: "15020"
|
||||
prometheus.io/scrape: "true"
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
service.istio.io/canonical-name: default-istio
|
||||
service.istio.io/canonical-revision: latest
|
||||
sidecar.istio.io/inject: "false"
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- proxy
|
||||
- router
|
||||
- --domain
|
||||
- $(POD_NAMESPACE).svc.<no value>
|
||||
- --proxyLogLevel
|
||||
- <nil>
|
||||
- --proxyComponentLogLevel
|
||||
- <nil>
|
||||
- --log_output_level
|
||||
- <nil>
|
||||
env:
|
||||
- name: PILOT_CERT_PROVIDER
|
||||
value: <no value>
|
||||
- name: CA_ADDR
|
||||
value: istiod-<no value>.<no value>.svc:15012
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: INSTANCE_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.serviceAccountName
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.hostIP
|
||||
- name: ISTIO_CPU_LIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: PROXY_CONFIG
|
||||
value: |
|
||||
{}
|
||||
- name: ISTIO_META_POD_PORTS
|
||||
value: '[]'
|
||||
- name: ISTIO_META_APP_CONTAINERS
|
||||
value: ""
|
||||
- name: GOMEMLIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.memory
|
||||
- name: GOMAXPROCS
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: ISTIO_META_CLUSTER_ID
|
||||
value: Kubernetes
|
||||
- name: ISTIO_META_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: ISTIO_META_INTERCEPTION_MODE
|
||||
value: REDIRECT
|
||||
- name: ISTIO_META_WORKLOAD_NAME
|
||||
value: default-istio
|
||||
- name: ISTIO_META_OWNER
|
||||
value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-istio
|
||||
- name: ISTIO_META_MESH_ID
|
||||
value: cluster.local
|
||||
- name: TRUST_DOMAIN
|
||||
value: cluster.local
|
||||
image: test/proxyv2:test
|
||||
name: istio-proxy
|
||||
ports:
|
||||
- containerPort: 15020
|
||||
name: metrics
|
||||
protocol: TCP
|
||||
- containerPort: 15021
|
||||
name: status-port
|
||||
protocol: TCP
|
||||
- containerPort: 15090
|
||||
name: http-envoy-prom
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 4
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 15
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1337
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1337
|
||||
startupProbe:
|
||||
failureThreshold: 30
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 1
|
||||
periodSeconds: 1
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/secrets/workload-spiffe-uds
|
||||
name: workload-socket
|
||||
- mountPath: /var/run/secrets/credential-uds
|
||||
name: credential-socket
|
||||
- mountPath: /var/run/secrets/workload-spiffe-credentials
|
||||
name: workload-certs
|
||||
- mountPath: /var/lib/istio/data
|
||||
name: istio-data
|
||||
- mountPath: /etc/istio/proxy
|
||||
name: istio-envoy
|
||||
- mountPath: /var/run/secrets/tokens
|
||||
name: istio-token
|
||||
- mountPath: /etc/istio/pod
|
||||
name: istio-podinfo
|
||||
securityContext:
|
||||
sysctls:
|
||||
- name: net.ipv4.ip_unprivileged_port_start
|
||||
value: "0"
|
||||
serviceAccountName: custom-sa
|
||||
volumes:
|
||||
- emptyDir: {}
|
||||
name: workload-socket
|
||||
- emptyDir: {}
|
||||
name: credential-socket
|
||||
- emptyDir: {}
|
||||
name: workload-certs
|
||||
- emptyDir:
|
||||
medium: Memory
|
||||
name: istio-envoy
|
||||
- emptyDir: {}
|
||||
name: istio-data
|
||||
- downwardAPI:
|
||||
items:
|
||||
- fieldRef:
|
||||
fieldPath: metadata.labels
|
||||
path: labels
|
||||
- fieldRef:
|
||||
fieldPath: metadata.annotations
|
||||
path: annotations
|
||||
name: istio-podinfo
|
||||
- name: istio-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
audience: <no value>
|
||||
expirationSeconds: 43200
|
||||
path: istio-token
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: null
|
||||
spec:
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
ports:
|
||||
- appProtocol: tcp
|
||||
name: status-port
|
||||
port: 15021
|
||||
protocol: TCP
|
||||
selector:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
type: LoadBalancer
|
||||
---
|
||||
@@ -1,257 +0,0 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
annotations:
|
||||
gateway.istio.io/controller-version: "5"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
topology.istio.io/network: network-1
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
topology.istio.io/network: network-1
|
||||
name: default
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
istio.io/rev: default
|
||||
prometheus.io/path: /stats/prometheus
|
||||
prometheus.io/port: "15020"
|
||||
prometheus.io/scrape: "true"
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
service.istio.io/canonical-name: default
|
||||
service.istio.io/canonical-revision: latest
|
||||
sidecar.istio.io/inject: "false"
|
||||
topology.istio.io/network: network-1
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- proxy
|
||||
- router
|
||||
- --domain
|
||||
- $(POD_NAMESPACE).svc.<no value>
|
||||
- --proxyLogLevel
|
||||
- <nil>
|
||||
- --proxyComponentLogLevel
|
||||
- <nil>
|
||||
- --log_output_level
|
||||
- <nil>
|
||||
env:
|
||||
- name: PILOT_CERT_PROVIDER
|
||||
value: <no value>
|
||||
- name: CA_ADDR
|
||||
value: istiod-<no value>.<no value>.svc:15012
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: INSTANCE_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.serviceAccountName
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.hostIP
|
||||
- name: ISTIO_CPU_LIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: PROXY_CONFIG
|
||||
value: |
|
||||
{}
|
||||
- name: ISTIO_META_POD_PORTS
|
||||
value: '[]'
|
||||
- name: ISTIO_META_APP_CONTAINERS
|
||||
value: ""
|
||||
- name: GOMEMLIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.memory
|
||||
- name: GOMAXPROCS
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: ISTIO_META_CLUSTER_ID
|
||||
value: Kubernetes
|
||||
- name: ISTIO_META_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: ISTIO_META_INTERCEPTION_MODE
|
||||
value: REDIRECT
|
||||
- name: ISTIO_META_NETWORK
|
||||
value: network-1
|
||||
- name: ISTIO_META_WORKLOAD_NAME
|
||||
value: default
|
||||
- name: ISTIO_META_OWNER
|
||||
value: kubernetes://apis/apps/v1/namespaces/default/deployments/default
|
||||
- name: ISTIO_META_MESH_ID
|
||||
value: cluster.local
|
||||
- name: TRUST_DOMAIN
|
||||
value: cluster.local
|
||||
- name: ISTIO_META_REQUESTED_NETWORK_VIEW
|
||||
value: network-1
|
||||
image: test/proxyv2:test
|
||||
name: istio-proxy
|
||||
ports:
|
||||
- containerPort: 15020
|
||||
name: metrics
|
||||
protocol: TCP
|
||||
- containerPort: 15021
|
||||
name: status-port
|
||||
protocol: TCP
|
||||
- containerPort: 15090
|
||||
name: http-envoy-prom
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 4
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 15
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1337
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1337
|
||||
startupProbe:
|
||||
failureThreshold: 30
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 1
|
||||
periodSeconds: 1
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/secrets/workload-spiffe-uds
|
||||
name: workload-socket
|
||||
- mountPath: /var/run/secrets/credential-uds
|
||||
name: credential-socket
|
||||
- mountPath: /var/run/secrets/workload-spiffe-credentials
|
||||
name: workload-certs
|
||||
- mountPath: /var/lib/istio/data
|
||||
name: istio-data
|
||||
- mountPath: /etc/istio/proxy
|
||||
name: istio-envoy
|
||||
- mountPath: /var/run/secrets/tokens
|
||||
name: istio-token
|
||||
- mountPath: /etc/istio/pod
|
||||
name: istio-podinfo
|
||||
securityContext:
|
||||
sysctls:
|
||||
- name: net.ipv4.ip_unprivileged_port_start
|
||||
value: "0"
|
||||
serviceAccountName: default-istio
|
||||
volumes:
|
||||
- emptyDir: {}
|
||||
name: workload-socket
|
||||
- emptyDir: {}
|
||||
name: credential-socket
|
||||
- emptyDir: {}
|
||||
name: workload-certs
|
||||
- emptyDir:
|
||||
medium: Memory
|
||||
name: istio-envoy
|
||||
- emptyDir: {}
|
||||
name: istio-data
|
||||
- downwardAPI:
|
||||
items:
|
||||
- fieldRef:
|
||||
fieldPath: metadata.labels
|
||||
path: labels
|
||||
- fieldRef:
|
||||
fieldPath: metadata.annotations
|
||||
path: annotations
|
||||
name: istio-podinfo
|
||||
- name: istio-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
audience: <no value>
|
||||
expirationSeconds: 43200
|
||||
path: istio-token
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
topology.istio.io/network: network-1
|
||||
name: default
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: null
|
||||
spec:
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
ports:
|
||||
- appProtocol: tcp
|
||||
name: status-port
|
||||
port: 15021
|
||||
protocol: TCP
|
||||
- appProtocol: http
|
||||
name: http
|
||||
port: 80
|
||||
protocol: TCP
|
||||
selector:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
type: LoadBalancer
|
||||
---
|
||||
@@ -1,245 +0,0 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
annotations:
|
||||
gateway.istio.io/controller-version: "5"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
istio.io/rev: default
|
||||
prometheus.io/path: /stats/prometheus
|
||||
prometheus.io/port: "15020"
|
||||
prometheus.io/scrape: "true"
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
service.istio.io/canonical-name: default-istio
|
||||
service.istio.io/canonical-revision: latest
|
||||
sidecar.istio.io/inject: "false"
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- proxy
|
||||
- router
|
||||
- --domain
|
||||
- $(POD_NAMESPACE).svc.<no value>
|
||||
- --proxyLogLevel
|
||||
- <nil>
|
||||
- --proxyComponentLogLevel
|
||||
- <nil>
|
||||
- --log_output_level
|
||||
- <nil>
|
||||
env:
|
||||
- name: PILOT_CERT_PROVIDER
|
||||
value: <no value>
|
||||
- name: CA_ADDR
|
||||
value: istiod-<no value>.<no value>.svc:15012
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: INSTANCE_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.serviceAccountName
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.hostIP
|
||||
- name: ISTIO_CPU_LIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: PROXY_CONFIG
|
||||
value: |
|
||||
{"image":{"imageType":"distroless"}}
|
||||
- name: ISTIO_META_POD_PORTS
|
||||
value: '[]'
|
||||
- name: ISTIO_META_APP_CONTAINERS
|
||||
value: ""
|
||||
- name: GOMEMLIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.memory
|
||||
- name: GOMAXPROCS
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: ISTIO_META_CLUSTER_ID
|
||||
value: Kubernetes
|
||||
- name: ISTIO_META_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: ISTIO_META_INTERCEPTION_MODE
|
||||
value: REDIRECT
|
||||
- name: ISTIO_META_WORKLOAD_NAME
|
||||
value: default-istio
|
||||
- name: ISTIO_META_OWNER
|
||||
value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-istio
|
||||
- name: ISTIO_META_MESH_ID
|
||||
value: cluster.local
|
||||
- name: TRUST_DOMAIN
|
||||
value: cluster.local
|
||||
image: test/proxyv2:test-distroless
|
||||
name: istio-proxy
|
||||
ports:
|
||||
- containerPort: 15020
|
||||
name: metrics
|
||||
protocol: TCP
|
||||
- containerPort: 15021
|
||||
name: status-port
|
||||
protocol: TCP
|
||||
- containerPort: 15090
|
||||
name: http-envoy-prom
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 4
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 15
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1337
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1337
|
||||
startupProbe:
|
||||
failureThreshold: 30
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 1
|
||||
periodSeconds: 1
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/secrets/workload-spiffe-uds
|
||||
name: workload-socket
|
||||
- mountPath: /var/run/secrets/credential-uds
|
||||
name: credential-socket
|
||||
- mountPath: /var/run/secrets/workload-spiffe-credentials
|
||||
name: workload-certs
|
||||
- mountPath: /var/lib/istio/data
|
||||
name: istio-data
|
||||
- mountPath: /etc/istio/proxy
|
||||
name: istio-envoy
|
||||
- mountPath: /var/run/secrets/tokens
|
||||
name: istio-token
|
||||
- mountPath: /etc/istio/pod
|
||||
name: istio-podinfo
|
||||
securityContext:
|
||||
sysctls:
|
||||
- name: net.ipv4.ip_unprivileged_port_start
|
||||
value: "0"
|
||||
serviceAccountName: default-istio
|
||||
volumes:
|
||||
- emptyDir: {}
|
||||
name: workload-socket
|
||||
- emptyDir: {}
|
||||
name: credential-socket
|
||||
- emptyDir: {}
|
||||
name: workload-certs
|
||||
- emptyDir:
|
||||
medium: Memory
|
||||
name: istio-envoy
|
||||
- emptyDir: {}
|
||||
name: istio-data
|
||||
- downwardAPI:
|
||||
items:
|
||||
- fieldRef:
|
||||
fieldPath: metadata.labels
|
||||
path: labels
|
||||
- fieldRef:
|
||||
fieldPath: metadata.annotations
|
||||
path: annotations
|
||||
name: istio-podinfo
|
||||
- name: istio-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
audience: <no value>
|
||||
expirationSeconds: 43200
|
||||
path: istio-token
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: null
|
||||
spec:
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
ports:
|
||||
- appProtocol: tcp
|
||||
name: status-port
|
||||
port: 15021
|
||||
protocol: TCP
|
||||
selector:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
type: LoadBalancer
|
||||
---
|
||||
@@ -1,253 +0,0 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
annotations:
|
||||
gateway.istio.io/controller-version: "5"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
annotations:
|
||||
should: see
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
should: see
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
annotations:
|
||||
should: see
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
should: see
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: ""
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
istio.io/rev: default
|
||||
prometheus.io/path: /stats/prometheus
|
||||
prometheus.io/port: "15020"
|
||||
prometheus.io/scrape: "true"
|
||||
should: see
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
service.istio.io/canonical-name: default-istio
|
||||
service.istio.io/canonical-revision: latest
|
||||
should: see
|
||||
sidecar.istio.io/inject: "false"
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- proxy
|
||||
- router
|
||||
- --domain
|
||||
- $(POD_NAMESPACE).svc.<no value>
|
||||
- --proxyLogLevel
|
||||
- <nil>
|
||||
- --proxyComponentLogLevel
|
||||
- <nil>
|
||||
- --log_output_level
|
||||
- <nil>
|
||||
env:
|
||||
- name: PILOT_CERT_PROVIDER
|
||||
value: <no value>
|
||||
- name: CA_ADDR
|
||||
value: istiod-<no value>.<no value>.svc:15012
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: INSTANCE_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.serviceAccountName
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.hostIP
|
||||
- name: ISTIO_CPU_LIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: PROXY_CONFIG
|
||||
value: |
|
||||
{}
|
||||
- name: ISTIO_META_POD_PORTS
|
||||
value: '[]'
|
||||
- name: ISTIO_META_APP_CONTAINERS
|
||||
value: ""
|
||||
- name: GOMEMLIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.memory
|
||||
- name: GOMAXPROCS
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: ISTIO_META_CLUSTER_ID
|
||||
value: Kubernetes
|
||||
- name: ISTIO_META_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: ISTIO_META_INTERCEPTION_MODE
|
||||
value: REDIRECT
|
||||
- name: ISTIO_META_WORKLOAD_NAME
|
||||
value: default-istio
|
||||
- name: ISTIO_META_OWNER
|
||||
value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-istio
|
||||
- name: ISTIO_META_MESH_ID
|
||||
value: cluster.local
|
||||
- name: TRUST_DOMAIN
|
||||
value: cluster.local
|
||||
image: test/proxyv2:test
|
||||
name: istio-proxy
|
||||
ports:
|
||||
- containerPort: 15020
|
||||
name: metrics
|
||||
protocol: TCP
|
||||
- containerPort: 15021
|
||||
name: status-port
|
||||
protocol: TCP
|
||||
- containerPort: 15090
|
||||
name: http-envoy-prom
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 4
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 15
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1337
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1337
|
||||
startupProbe:
|
||||
failureThreshold: 30
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 1
|
||||
periodSeconds: 1
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/secrets/workload-spiffe-uds
|
||||
name: workload-socket
|
||||
- mountPath: /var/run/secrets/credential-uds
|
||||
name: credential-socket
|
||||
- mountPath: /var/run/secrets/workload-spiffe-credentials
|
||||
name: workload-certs
|
||||
- mountPath: /var/lib/istio/data
|
||||
name: istio-data
|
||||
- mountPath: /etc/istio/proxy
|
||||
name: istio-envoy
|
||||
- mountPath: /var/run/secrets/tokens
|
||||
name: istio-token
|
||||
- mountPath: /etc/istio/pod
|
||||
name: istio-podinfo
|
||||
securityContext:
|
||||
sysctls:
|
||||
- name: net.ipv4.ip_unprivileged_port_start
|
||||
value: "0"
|
||||
serviceAccountName: default-istio
|
||||
volumes:
|
||||
- emptyDir: {}
|
||||
name: workload-socket
|
||||
- emptyDir: {}
|
||||
name: credential-socket
|
||||
- emptyDir: {}
|
||||
name: workload-certs
|
||||
- emptyDir:
|
||||
medium: Memory
|
||||
name: istio-envoy
|
||||
- emptyDir: {}
|
||||
name: istio-data
|
||||
- downwardAPI:
|
||||
items:
|
||||
- fieldRef:
|
||||
fieldPath: metadata.labels
|
||||
path: labels
|
||||
- fieldRef:
|
||||
fieldPath: metadata.annotations
|
||||
path: annotations
|
||||
name: istio-podinfo
|
||||
- name: istio-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
audience: <no value>
|
||||
expirationSeconds: 43200
|
||||
path: istio-token
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
should: see
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-gateway-controller
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
istio.io/dataplane-mode: none
|
||||
should: see
|
||||
name: default-istio
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: default
|
||||
uid: null
|
||||
spec:
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
ports:
|
||||
- appProtocol: tcp
|
||||
name: status-port
|
||||
port: 15021
|
||||
protocol: TCP
|
||||
selector:
|
||||
gateway.networking.k8s.io/gateway-name: default
|
||||
type: LoadBalancer
|
||||
---
|
||||
@@ -1,254 +0,0 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
annotations:
|
||||
gateway.istio.io/controller-version: "5"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-mesh-controller
|
||||
gateway.networking.k8s.io/gateway-name: namespace
|
||||
topology.istio.io/network: network-1
|
||||
name: namespace
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: namespace
|
||||
uid: ""
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-mesh-controller
|
||||
gateway.networking.k8s.io/gateway-name: namespace
|
||||
topology.istio.io/network: network-1
|
||||
name: namespace
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: namespace
|
||||
uid: ""
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
gateway.networking.k8s.io/gateway-name: namespace
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
istio.io/rev: default
|
||||
prometheus.io/path: /stats/prometheus
|
||||
prometheus.io/port: "15020"
|
||||
prometheus.io/scrape: "true"
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-mesh-controller
|
||||
gateway.networking.k8s.io/gateway-name: namespace
|
||||
istio.io/dataplane-mode: none
|
||||
service.istio.io/canonical-name: namespace
|
||||
service.istio.io/canonical-revision: latest
|
||||
sidecar.istio.io/inject: "false"
|
||||
topology.istio.io/network: network-1
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- proxy
|
||||
- waypoint
|
||||
- --domain
|
||||
- $(POD_NAMESPACE).svc.<no value>
|
||||
- --serviceCluster
|
||||
- namespace.$(POD_NAMESPACE)
|
||||
- --proxyLogLevel
|
||||
- <nil>
|
||||
- --proxyComponentLogLevel
|
||||
- <nil>
|
||||
- --log_output_level
|
||||
- <nil>
|
||||
env:
|
||||
- name: ISTIO_META_SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.serviceAccountName
|
||||
- name: ISTIO_META_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: PILOT_CERT_PROVIDER
|
||||
value: <no value>
|
||||
- name: CA_ADDR
|
||||
value: istiod-<no value>.<no value>.svc:15012
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: INSTANCE_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.serviceAccountName
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.hostIP
|
||||
- name: ISTIO_CPU_LIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: PROXY_CONFIG
|
||||
value: |
|
||||
{}
|
||||
- name: GOMEMLIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.memory
|
||||
- name: GOMAXPROCS
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: ISTIO_META_CLUSTER_ID
|
||||
value: Kubernetes
|
||||
- name: ISTIO_META_NETWORK
|
||||
value: network-1
|
||||
- name: ISTIO_META_INTERCEPTION_MODE
|
||||
value: REDIRECT
|
||||
- name: ISTIO_META_WORKLOAD_NAME
|
||||
value: namespace
|
||||
- name: ISTIO_META_OWNER
|
||||
value: kubernetes://apis/apps/v1/namespaces/default/deployments/namespace
|
||||
- name: ISTIO_META_MESH_ID
|
||||
value: cluster.local
|
||||
- name: TRUST_DOMAIN
|
||||
value: cluster.local
|
||||
image: test/proxyv2:test
|
||||
name: istio-proxy
|
||||
ports:
|
||||
- containerPort: 15020
|
||||
name: metrics
|
||||
protocol: TCP
|
||||
- containerPort: 15021
|
||||
name: status-port
|
||||
protocol: TCP
|
||||
- containerPort: 15090
|
||||
name: http-envoy-prom
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 4
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 15
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1337
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1337
|
||||
startupProbe:
|
||||
failureThreshold: 30
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 1
|
||||
periodSeconds: 1
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/secrets/workload-spiffe-uds
|
||||
name: workload-socket
|
||||
- mountPath: /var/run/secrets/istio
|
||||
name: istiod-ca-cert
|
||||
- mountPath: /var/lib/istio/data
|
||||
name: istio-data
|
||||
- mountPath: /etc/istio/proxy
|
||||
name: istio-envoy
|
||||
- mountPath: /var/run/secrets/tokens
|
||||
name: istio-token
|
||||
- mountPath: /etc/istio/pod
|
||||
name: istio-podinfo
|
||||
serviceAccountName: namespace
|
||||
terminationGracePeriodSeconds: 2
|
||||
volumes:
|
||||
- emptyDir: {}
|
||||
name: workload-socket
|
||||
- emptyDir:
|
||||
medium: Memory
|
||||
name: istio-envoy
|
||||
- emptyDir:
|
||||
medium: Memory
|
||||
name: go-proxy-envoy
|
||||
- emptyDir: {}
|
||||
name: istio-data
|
||||
- emptyDir: {}
|
||||
name: go-proxy-data
|
||||
- downwardAPI:
|
||||
items:
|
||||
- fieldRef:
|
||||
fieldPath: metadata.labels
|
||||
path: labels
|
||||
- fieldRef:
|
||||
fieldPath: metadata.annotations
|
||||
path: annotations
|
||||
name: istio-podinfo
|
||||
- name: istio-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
audience: istio-ca
|
||||
expirationSeconds: 43200
|
||||
path: istio-token
|
||||
- configMap:
|
||||
name: istio-ca-root-cert
|
||||
name: istiod-ca-cert
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
networking.istio.io/traffic-distribution: PreferClose
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-mesh-controller
|
||||
gateway.networking.k8s.io/gateway-name: namespace
|
||||
topology.istio.io/network: network-1
|
||||
name: namespace
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: namespace
|
||||
uid: ""
|
||||
spec:
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
ports:
|
||||
- appProtocol: tcp
|
||||
name: status-port
|
||||
port: 15021
|
||||
protocol: TCP
|
||||
- appProtocol: all
|
||||
name: mesh
|
||||
port: 15008
|
||||
protocol: TCP
|
||||
selector:
|
||||
gateway.networking.k8s.io/gateway-name: namespace
|
||||
type: ClusterIP
|
||||
---
|
||||
@@ -1,254 +0,0 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
annotations:
|
||||
gateway.istio.io/controller-version: "5"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-mesh-controller
|
||||
gateway.networking.k8s.io/gateway-name: namespace
|
||||
topology.istio.io/network: network-1
|
||||
name: namespace
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: namespace
|
||||
uid: ""
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-mesh-controller
|
||||
gateway.networking.k8s.io/gateway-name: namespace
|
||||
topology.istio.io/network: network-1
|
||||
name: namespace
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: namespace
|
||||
uid: ""
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
gateway.networking.k8s.io/gateway-name: namespace
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
istio.io/rev: default
|
||||
prometheus.io/path: /stats/prometheus
|
||||
prometheus.io/port: "15020"
|
||||
prometheus.io/scrape: "true"
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-mesh-controller
|
||||
gateway.networking.k8s.io/gateway-name: namespace
|
||||
istio.io/dataplane-mode: none
|
||||
service.istio.io/canonical-name: namespace
|
||||
service.istio.io/canonical-revision: latest
|
||||
sidecar.istio.io/inject: "false"
|
||||
topology.istio.io/network: network-1
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- proxy
|
||||
- waypoint
|
||||
- --domain
|
||||
- $(POD_NAMESPACE).svc.<no value>
|
||||
- --serviceCluster
|
||||
- namespace.$(POD_NAMESPACE)
|
||||
- --proxyLogLevel
|
||||
- <nil>
|
||||
- --proxyComponentLogLevel
|
||||
- <nil>
|
||||
- --log_output_level
|
||||
- <nil>
|
||||
env:
|
||||
- name: ISTIO_META_SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.serviceAccountName
|
||||
- name: ISTIO_META_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: PILOT_CERT_PROVIDER
|
||||
value: <no value>
|
||||
- name: CA_ADDR
|
||||
value: istiod-<no value>.<no value>.svc:15012
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: INSTANCE_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.serviceAccountName
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.hostIP
|
||||
- name: ISTIO_CPU_LIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: PROXY_CONFIG
|
||||
value: |
|
||||
{}
|
||||
- name: GOMEMLIMIT
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.memory
|
||||
- name: GOMAXPROCS
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
resource: limits.cpu
|
||||
- name: ISTIO_META_CLUSTER_ID
|
||||
value: Kubernetes
|
||||
- name: ISTIO_META_NETWORK
|
||||
value: network-1
|
||||
- name: ISTIO_META_INTERCEPTION_MODE
|
||||
value: REDIRECT
|
||||
- name: ISTIO_META_WORKLOAD_NAME
|
||||
value: namespace
|
||||
- name: ISTIO_META_OWNER
|
||||
value: kubernetes://apis/apps/v1/namespaces/default/deployments/namespace
|
||||
- name: ISTIO_META_MESH_ID
|
||||
value: cluster.local
|
||||
- name: TRUST_DOMAIN
|
||||
value: cluster.local
|
||||
image: test/proxyv2:test
|
||||
name: istio-proxy
|
||||
ports:
|
||||
- containerPort: 15020
|
||||
name: metrics
|
||||
protocol: TCP
|
||||
- containerPort: 15021
|
||||
name: status-port
|
||||
protocol: TCP
|
||||
- containerPort: 15090
|
||||
name: http-envoy-prom
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 4
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 15
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1337
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1337
|
||||
startupProbe:
|
||||
failureThreshold: 30
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 15021
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 1
|
||||
periodSeconds: 1
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/secrets/workload-spiffe-uds
|
||||
name: workload-socket
|
||||
- mountPath: /var/run/secrets/istio
|
||||
name: istiod-ca-cert
|
||||
- mountPath: /var/lib/istio/data
|
||||
name: istio-data
|
||||
- mountPath: /etc/istio/proxy
|
||||
name: istio-envoy
|
||||
- mountPath: /var/run/secrets/tokens
|
||||
name: istio-token
|
||||
- mountPath: /etc/istio/pod
|
||||
name: istio-podinfo
|
||||
serviceAccountName: namespace
|
||||
terminationGracePeriodSeconds: 2
|
||||
volumes:
|
||||
- emptyDir: {}
|
||||
name: workload-socket
|
||||
- emptyDir:
|
||||
medium: Memory
|
||||
name: istio-envoy
|
||||
- emptyDir:
|
||||
medium: Memory
|
||||
name: go-proxy-envoy
|
||||
- emptyDir: {}
|
||||
name: istio-data
|
||||
- emptyDir: {}
|
||||
name: go-proxy-data
|
||||
- downwardAPI:
|
||||
items:
|
||||
- fieldRef:
|
||||
fieldPath: metadata.labels
|
||||
path: labels
|
||||
- fieldRef:
|
||||
fieldPath: metadata.annotations
|
||||
path: annotations
|
||||
name: istio-podinfo
|
||||
- name: istio-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
audience: istio-ca
|
||||
expirationSeconds: 43200
|
||||
path: istio-token
|
||||
- configMap:
|
||||
name: istio-ca-root-cert
|
||||
name: istiod-ca-cert
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
networking.istio.io/traffic-distribution: PreferClose
|
||||
labels:
|
||||
gateway.istio.io/managed: istio.io-mesh-controller
|
||||
gateway.networking.k8s.io/gateway-name: namespace
|
||||
topology.istio.io/network: network-1
|
||||
name: namespace
|
||||
namespace: default
|
||||
ownerReferences:
|
||||
- apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
name: namespace
|
||||
uid: ""
|
||||
spec:
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
ports:
|
||||
- appProtocol: tcp
|
||||
name: status-port
|
||||
port: 15021
|
||||
protocol: TCP
|
||||
- appProtocol: all
|
||||
name: mesh
|
||||
port: 15008
|
||||
protocol: TCP
|
||||
selector:
|
||||
gateway.networking.k8s.io/gateway-name: namespace
|
||||
type: ClusterIP
|
||||
---
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -47,7 +46,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: invalid
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -101,7 +100,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha2
|
||||
kind: TLSRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway-grpc
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -118,7 +116,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
kind: Gateway
|
||||
name: eastwestgateway
|
||||
@@ -127,7 +125,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha2
|
||||
kind: TLSRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway-webhook
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -144,7 +141,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
kind: Gateway
|
||||
name: eastwestgateway
|
||||
|
||||
@@ -5,7 +5,6 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: eastwestgateway-istio.istio-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/eastwestgateway/cross-network.istio-system
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway-istio-autogenerated-k8s-gateway-cross-network
|
||||
namespace: istio-system
|
||||
spec:
|
||||
@@ -26,7 +25,6 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: eastwestgateway-istio.istio-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/eastwestgateway/istiod-grpc.istio-system
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway-istio-autogenerated-k8s-gateway-istiod-grpc
|
||||
namespace: istio-system
|
||||
spec:
|
||||
@@ -46,7 +44,6 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: eastwestgateway-istio.istio-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/eastwestgateway/istiod-webhook.istio-system
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway-istio-autogenerated-k8s-gateway-istiod-webhook
|
||||
namespace: istio-system
|
||||
spec:
|
||||
@@ -65,7 +62,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: TLSRoute/eastwestgateway-grpc.istio-system
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway-grpc-tls-0-istio-autogenerated-k8s-gateway
|
||||
namespace: istio-system
|
||||
spec:
|
||||
@@ -89,7 +85,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: TLSRoute/eastwestgateway-webhook.istio-system
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway-webhook-tls-0-istio-autogenerated-k8s-gateway
|
||||
namespace: istio-system
|
||||
spec:
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -24,7 +23,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha2
|
||||
kind: TLSRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway-grpc
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -34,7 +32,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha2
|
||||
kind: TLSRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway-webhook
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -101,7 +100,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha2
|
||||
kind: TLSRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway-grpc
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -118,7 +116,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
kind: Gateway
|
||||
name: eastwestgateway
|
||||
@@ -127,7 +125,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha2
|
||||
kind: TLSRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway-webhook
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -144,7 +141,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
kind: Gateway
|
||||
name: eastwestgateway
|
||||
|
||||
@@ -5,7 +5,6 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: eastwestgateway-istio.istio-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/eastwestgateway/cross-network.istio-system
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway-istio-autogenerated-k8s-gateway-cross-network
|
||||
namespace: istio-system
|
||||
spec:
|
||||
@@ -26,7 +25,6 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: eastwestgateway-istio.istio-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/eastwestgateway/istiod-grpc.istio-system
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway-istio-autogenerated-k8s-gateway-istiod-grpc
|
||||
namespace: istio-system
|
||||
spec:
|
||||
@@ -46,7 +44,6 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: eastwestgateway-istio.istio-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/eastwestgateway/istiod-webhook.istio-system
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway-istio-autogenerated-k8s-gateway-istiod-webhook
|
||||
namespace: istio-system
|
||||
spec:
|
||||
@@ -65,7 +62,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: TLSRoute/eastwestgateway-grpc.istio-system
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway-grpc-tls-0-istio-autogenerated-k8s-gateway
|
||||
namespace: istio-system
|
||||
spec:
|
||||
@@ -89,7 +85,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: TLSRoute/eastwestgateway-webhook.istio-system
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway-webhook-tls-0-istio-autogenerated-k8s-gateway
|
||||
namespace: istio-system
|
||||
spec:
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -101,7 +100,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha2
|
||||
kind: TLSRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway-grpc
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -118,7 +116,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
kind: Gateway
|
||||
name: eastwestgateway
|
||||
@@ -127,7 +125,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha2
|
||||
kind: TLSRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway-webhook
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -144,7 +141,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
kind: Gateway
|
||||
name: eastwestgateway
|
||||
|
||||
@@ -5,7 +5,6 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: eastwestgateway-istio.istio-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/eastwestgateway/cross-network.istio-system
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway-istio-autogenerated-k8s-gateway-cross-network
|
||||
namespace: istio-system
|
||||
spec:
|
||||
@@ -26,7 +25,6 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: eastwestgateway-istio.istio-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/eastwestgateway/istiod-grpc.istio-system
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway-istio-autogenerated-k8s-gateway-istiod-grpc
|
||||
namespace: istio-system
|
||||
spec:
|
||||
@@ -46,7 +44,6 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: eastwestgateway-istio.istio-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/eastwestgateway/istiod-webhook.istio-system
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway-istio-autogenerated-k8s-gateway-istiod-webhook
|
||||
namespace: istio-system
|
||||
spec:
|
||||
@@ -65,7 +62,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: TLSRoute/eastwestgateway-grpc.istio-system
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway-grpc-tls-0-istio-autogenerated-k8s-gateway
|
||||
namespace: istio-system
|
||||
spec:
|
||||
@@ -89,7 +85,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: TLSRoute/eastwestgateway-webhook.istio-system
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: eastwestgateway-webhook-tls-0-istio-autogenerated-k8s-gateway
|
||||
namespace: istio-system
|
||||
spec:
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: GatewayClass
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: higress
|
||||
spec: null
|
||||
status:
|
||||
@@ -15,7 +14,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
spec: null
|
||||
@@ -65,7 +63,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: GRPCRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: grpc
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -82,7 +79,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
|
||||
@@ -5,7 +5,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/default.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-default
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -23,7 +23,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: GRPCRoute/grpc.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~another.domain.example
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -66,7 +65,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: GRPCRoute/grpc.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~first.domain.example
|
||||
namespace: default
|
||||
spec:
|
||||
|
||||
@@ -1,16 +1,14 @@
|
||||
apiVersion: inference.networking.x-k8s.io/v1alpha2
|
||||
apiVersion: inference.networking.k8s.io/v1
|
||||
kind: InferencePool
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: infpool-gen
|
||||
namespace: default
|
||||
spec: null
|
||||
status: {}
|
||||
---
|
||||
apiVersion: inference.networking.x-k8s.io/v1alpha2
|
||||
apiVersion: inference.networking.k8s.io/v1
|
||||
kind: InferencePool
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: infpool-gen2
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -19,7 +17,6 @@ status: {}
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: GatewayClass
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: higress
|
||||
spec: null
|
||||
status:
|
||||
@@ -33,7 +30,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
spec: null
|
||||
@@ -85,7 +81,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: http
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -102,7 +97,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -110,7 +105,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: http-not-selected
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -127,7 +121,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -135,7 +129,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: http-retry-request
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -152,7 +145,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -160,7 +153,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: http-route-cors
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -177,7 +169,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -185,7 +177,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: http-timeout-backend-request
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -202,7 +193,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -210,7 +201,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: http-timeout-request
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -227,7 +217,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -235,7 +225,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: http2
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -252,7 +241,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -260,7 +249,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: mirror
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -277,7 +265,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -285,7 +273,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: multiple-inferencepool-backend-refs
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -302,7 +289,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -310,7 +297,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: redirect
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -327,7 +313,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -335,7 +321,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: redirect-prefix-replace
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -352,7 +337,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -360,7 +345,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: rewrite
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -377,7 +361,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
|
||||
394
pkg/ingress/kube/gateway/istio/testdata/http.yaml
vendored
394
pkg/ingress/kube/gateway/istio/testdata/http.yaml
vendored
@@ -12,17 +12,17 @@ metadata:
|
||||
namespace: higress-system
|
||||
spec:
|
||||
addresses:
|
||||
- value: higress-gateway
|
||||
type: Hostname
|
||||
- value: higress-gateway
|
||||
type: Hostname
|
||||
gatewayClassName: higress
|
||||
listeners:
|
||||
- name: default
|
||||
hostname: "*.domain.example"
|
||||
port: 80
|
||||
protocol: HTTP
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: All
|
||||
- name: default
|
||||
hostname: "*.domain.example"
|
||||
port: 80
|
||||
protocol: HTTP
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: All
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
@@ -31,34 +31,34 @@ metadata:
|
||||
namespace: default
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: gateway
|
||||
namespace: higress-system
|
||||
- name: gateway
|
||||
namespace: higress-system
|
||||
hostnames: ["first.domain.example", "another.domain.example"]
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /get
|
||||
headers:
|
||||
- name: my-header
|
||||
value: some-value
|
||||
type: Exact
|
||||
filters:
|
||||
- type: RequestHeaderModifier
|
||||
requestHeaderModifier:
|
||||
add:
|
||||
- name: my-added-header
|
||||
value: added-value
|
||||
remove: [my-removed-header]
|
||||
- type: ResponseHeaderModifier
|
||||
responseHeaderModifier:
|
||||
add:
|
||||
- name: my-added-resp-header
|
||||
value: added-resp-value
|
||||
remove: [my-removed-header]
|
||||
backendRefs:
|
||||
- name: httpbin
|
||||
port: 80
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /get
|
||||
headers:
|
||||
- name: my-header
|
||||
value: some-value
|
||||
type: Exact
|
||||
filters:
|
||||
- type: RequestHeaderModifier
|
||||
requestHeaderModifier:
|
||||
add:
|
||||
- name: my-added-header
|
||||
value: added-value
|
||||
remove: [my-removed-header]
|
||||
- type: ResponseHeaderModifier
|
||||
responseHeaderModifier:
|
||||
add:
|
||||
- name: my-added-resp-header
|
||||
value: added-resp-value
|
||||
remove: [my-removed-header]
|
||||
backendRefs:
|
||||
- name: httpbin
|
||||
port: 80
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
@@ -67,24 +67,24 @@ metadata:
|
||||
namespace: default
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: gateway
|
||||
namespace: higress-system
|
||||
- name: gateway
|
||||
namespace: higress-system
|
||||
hostnames: ["second.domain.example"]
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /second
|
||||
backendRefs:
|
||||
- name: httpbin-second
|
||||
port: 80
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- name: httpbin-wildcard
|
||||
port: 80
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /second
|
||||
backendRefs:
|
||||
- name: httpbin-second
|
||||
port: 80
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- name: httpbin-wildcard
|
||||
port: 80
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
@@ -93,18 +93,18 @@ metadata:
|
||||
namespace: default
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: gateway
|
||||
namespace: higress-system
|
||||
- name: gateway
|
||||
namespace: higress-system
|
||||
rules:
|
||||
- filters:
|
||||
- type: RequestRedirect
|
||||
requestRedirect:
|
||||
port: 8080
|
||||
statusCode: 302
|
||||
scheme: https
|
||||
path:
|
||||
type: ReplaceFullPath
|
||||
replaceFullPath: /replace-full
|
||||
- filters:
|
||||
- type: RequestRedirect
|
||||
requestRedirect:
|
||||
port: 8080
|
||||
statusCode: 302
|
||||
scheme: https
|
||||
path:
|
||||
type: ReplaceFullPath
|
||||
replaceFullPath: /replace-full
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
@@ -113,23 +113,23 @@ metadata:
|
||||
namespace: default
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: gateway
|
||||
namespace: higress-system
|
||||
- name: gateway
|
||||
namespace: higress-system
|
||||
hostnames: ["redirect.domain.example"]
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /original
|
||||
filters:
|
||||
- type: RequestRedirect
|
||||
requestRedirect:
|
||||
port: 8080
|
||||
statusCode: 302
|
||||
scheme: https
|
||||
path:
|
||||
type: ReplacePrefixMatch
|
||||
replacePrefixMatch: /replacement
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /original
|
||||
filters:
|
||||
- type: RequestRedirect
|
||||
requestRedirect:
|
||||
port: 8080
|
||||
statusCode: 302
|
||||
scheme: https
|
||||
path:
|
||||
type: ReplacePrefixMatch
|
||||
replacePrefixMatch: /replacement
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
@@ -138,51 +138,51 @@ metadata:
|
||||
namespace: default
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: gateway
|
||||
namespace: higress-system
|
||||
- name: gateway
|
||||
namespace: higress-system
|
||||
rules:
|
||||
- name: route1
|
||||
matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /prefix-original
|
||||
filters:
|
||||
- type: URLRewrite
|
||||
urlRewrite:
|
||||
hostname: "new.example.com"
|
||||
path:
|
||||
type: ReplacePrefixMatch
|
||||
replacePrefixMatch: "/replacement"
|
||||
backendRefs:
|
||||
- name: httpbin
|
||||
port: 80
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /prefix-to-be-removed
|
||||
filters:
|
||||
- type: URLRewrite
|
||||
urlRewrite:
|
||||
path:
|
||||
type: ReplacePrefixMatch
|
||||
replacePrefixMatch: ""
|
||||
backendRefs:
|
||||
- name: httpbin
|
||||
port: 80
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /full-original
|
||||
filters:
|
||||
- type: URLRewrite
|
||||
urlRewrite:
|
||||
hostname: "new.example.com"
|
||||
path:
|
||||
type: ReplaceFullPath
|
||||
replaceFullPath: "/replacement"
|
||||
backendRefs:
|
||||
- name: httpbin
|
||||
port: 80
|
||||
- name: route1
|
||||
matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /prefix-original
|
||||
filters:
|
||||
- type: URLRewrite
|
||||
urlRewrite:
|
||||
hostname: "new.example.com"
|
||||
path:
|
||||
type: ReplacePrefixMatch
|
||||
replacePrefixMatch: "/replacement"
|
||||
backendRefs:
|
||||
- name: httpbin
|
||||
port: 80
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /prefix-to-be-removed
|
||||
filters:
|
||||
- type: URLRewrite
|
||||
urlRewrite:
|
||||
path:
|
||||
type: ReplacePrefixMatch
|
||||
replacePrefixMatch: ""
|
||||
backendRefs:
|
||||
- name: httpbin
|
||||
port: 80
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /full-original
|
||||
filters:
|
||||
- type: URLRewrite
|
||||
urlRewrite:
|
||||
hostname: "new.example.com"
|
||||
path:
|
||||
type: ReplaceFullPath
|
||||
replaceFullPath: "/replacement"
|
||||
backendRefs:
|
||||
- name: httpbin
|
||||
port: 80
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
@@ -191,27 +191,27 @@ metadata:
|
||||
namespace: default
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: gateway
|
||||
namespace: higress-system
|
||||
- name: gateway
|
||||
namespace: higress-system
|
||||
rules:
|
||||
- filters:
|
||||
- type: RequestMirror
|
||||
requestMirror:
|
||||
fraction:
|
||||
numerator: 4
|
||||
denominator: 8
|
||||
backendRef:
|
||||
name: httpbin-mirror
|
||||
- filters:
|
||||
- type: RequestMirror
|
||||
requestMirror:
|
||||
fraction:
|
||||
numerator: 4
|
||||
denominator: 8
|
||||
backendRef:
|
||||
name: httpbin-mirror
|
||||
port: 80
|
||||
- type: RequestMirror
|
||||
requestMirror:
|
||||
percent: 80
|
||||
backendRef:
|
||||
name: httpbin-second
|
||||
port: 80
|
||||
backendRefs:
|
||||
- name: httpbin
|
||||
port: 80
|
||||
- type: RequestMirror
|
||||
requestMirror:
|
||||
percent: 80
|
||||
backendRef:
|
||||
name: httpbin-second
|
||||
port: 80
|
||||
backendRefs:
|
||||
- name: httpbin
|
||||
port: 80
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
@@ -220,17 +220,17 @@ metadata:
|
||||
namespace: default
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: gateway
|
||||
namespace: higress-system
|
||||
- name: gateway
|
||||
namespace: higress-system
|
||||
hostnames: ["should.not.select"]
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /get
|
||||
backendRefs:
|
||||
- name: httpbin-bad
|
||||
port: 80
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /get
|
||||
backendRefs:
|
||||
- name: httpbin-bad
|
||||
port: 80
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
@@ -239,19 +239,19 @@ metadata:
|
||||
namespace: default
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: gateway
|
||||
namespace: higress-system
|
||||
- name: gateway
|
||||
namespace: higress-system
|
||||
hostnames: ["timeout.domain.example"]
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /get
|
||||
backendRefs:
|
||||
- name: httpbin
|
||||
port: 80
|
||||
timeouts:
|
||||
request: 1ms
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /get
|
||||
backendRefs:
|
||||
- name: httpbin
|
||||
port: 80
|
||||
timeouts:
|
||||
request: 1ms
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
@@ -260,20 +260,20 @@ metadata:
|
||||
namespace: default
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: gateway
|
||||
namespace: higress-system
|
||||
- name: gateway
|
||||
namespace: higress-system
|
||||
hostnames: ["timeout-backend.domain.example"]
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /get
|
||||
backendRefs:
|
||||
- name: httpbin
|
||||
port: 80
|
||||
timeouts:
|
||||
request: 2ms
|
||||
backendRequest: 1ms
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /get
|
||||
backendRefs:
|
||||
- name: httpbin
|
||||
port: 80
|
||||
timeouts:
|
||||
request: 2ms
|
||||
backendRequest: 1ms
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
@@ -297,8 +297,8 @@ spec:
|
||||
attempts: 3
|
||||
backoff: 3ms
|
||||
codes:
|
||||
- 503
|
||||
- 429
|
||||
- 503
|
||||
- 429
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
@@ -324,7 +324,7 @@ metadata:
|
||||
namespace: default
|
||||
spec:
|
||||
hostnames:
|
||||
- "cors.domain.example"
|
||||
- "cors.domain.example"
|
||||
parentRefs:
|
||||
- name: gateway
|
||||
namespace: higress-system
|
||||
@@ -337,8 +337,8 @@ spec:
|
||||
- cors:
|
||||
allowCredentials: true
|
||||
allowOrigins:
|
||||
# - '*' # This will be allowed in the future, probably https://github.com/kubernetes-sigs/gateway-api/issues/3648#issuecomment-2735208553
|
||||
# - '*.com'
|
||||
# - '*' # This will be allowed in the future, probably https://github.com/kubernetes-sigs/gateway-api/issues/3648#issuecomment-2735208553
|
||||
# - '*.com'
|
||||
- "https://example.com"
|
||||
allowMethods:
|
||||
- GET
|
||||
@@ -368,12 +368,12 @@ spec:
|
||||
type: PathPrefix
|
||||
value: /infpool
|
||||
headers:
|
||||
- name: my-header
|
||||
value: some-value
|
||||
type: Exact
|
||||
- name: my-header
|
||||
value: some-value
|
||||
type: Exact
|
||||
backendRefs:
|
||||
- name: infpool-gen
|
||||
group: inference.networking.x-k8s.io
|
||||
group: inference.networking.k8s.io
|
||||
kind: InferencePool
|
||||
port: 80
|
||||
- matches:
|
||||
@@ -381,35 +381,43 @@ spec:
|
||||
type: PathPrefix
|
||||
value: /infpool
|
||||
headers:
|
||||
- name: my-header
|
||||
value: some-value-2
|
||||
type: Exact
|
||||
- name: my-header
|
||||
value: some-value-2
|
||||
type: Exact
|
||||
backendRefs:
|
||||
- name: infpool-gen2
|
||||
group: inference.networking.x-k8s.io
|
||||
group: inference.networking.k8s.io
|
||||
kind: InferencePool
|
||||
port: 80
|
||||
---
|
||||
apiVersion: inference.networking.x-k8s.io/v1alpha2
|
||||
apiVersion: inference.networking.k8s.io/v1
|
||||
kind: InferencePool
|
||||
metadata:
|
||||
name: infpool-gen
|
||||
namespace: default
|
||||
spec:
|
||||
targetPortNumber: 8000
|
||||
targetPorts:
|
||||
- number: 8000
|
||||
selector:
|
||||
app: vllm-llama3-8b-instruct
|
||||
extensionRef:
|
||||
matchLabels:
|
||||
app: vllm-llama3-8b-instruct
|
||||
endpointPickerRef:
|
||||
name: vllm-llama3-8b-instruct-epp
|
||||
port:
|
||||
number: 9002
|
||||
---
|
||||
apiVersion: inference.networking.x-k8s.io/v1alpha2
|
||||
apiVersion: inference.networking.k8s.io/v1
|
||||
kind: InferencePool
|
||||
metadata:
|
||||
name: infpool-gen2
|
||||
namespace: default
|
||||
spec:
|
||||
targetPortNumber: 8000
|
||||
targetPorts:
|
||||
- number: 8000
|
||||
selector:
|
||||
app: vllm-llama3-8b-instruct
|
||||
extensionRef:
|
||||
matchLabels:
|
||||
app: vllm-llama3-8b-instruct
|
||||
endpointPickerRef:
|
||||
name: vllm-llama3-8b-instruct-epp
|
||||
port:
|
||||
number: 9002
|
||||
|
||||
@@ -5,7 +5,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/default.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-default
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -23,7 +23,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/mirror.default,HTTPRoute/redirect.default,HTTPRoute/rewrite.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~*
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -101,7 +100,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/http.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~another.domain.example
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -140,7 +138,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/http-route-cors.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~cors.domain.example
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -176,7 +173,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/http.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~first.domain.example
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -215,7 +211,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/multiple-inferencepool-backend-refs.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~infpool-multi.domain.example
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -251,7 +246,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/redirect-prefix-replace.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~redirect.domain.example
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -276,7 +270,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/http-retry-request.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~retry.domain.example
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -327,7 +320,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/http2.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~second.domain.example
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -361,7 +353,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/http-timeout-backend-request.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~timeout-backend.domain.example
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -387,7 +378,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/http-timeout-request.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~timeout.domain.example
|
||||
namespace: default
|
||||
spec:
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: GatewayClass
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: higress
|
||||
spec: null
|
||||
status:
|
||||
@@ -15,7 +14,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
spec: null
|
||||
@@ -67,7 +65,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: invalid-cert-kind
|
||||
namespace: higress-system
|
||||
spec: null
|
||||
@@ -120,7 +117,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: invalid-cert-malformed
|
||||
namespace: higress-system
|
||||
spec: null
|
||||
@@ -171,7 +167,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: invalid-cert-notfound
|
||||
namespace: higress-system
|
||||
spec: null
|
||||
@@ -224,7 +219,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: invalid-service
|
||||
namespace: higress-system
|
||||
spec: null
|
||||
@@ -274,7 +268,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: protocol-lower-case
|
||||
namespace: higress-system
|
||||
spec: null
|
||||
@@ -320,7 +313,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: target-port-reference
|
||||
namespace: higress-system
|
||||
spec: null
|
||||
@@ -370,7 +362,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: udp-protocol
|
||||
namespace: higress-system
|
||||
spec: null
|
||||
@@ -416,7 +407,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: unknown-protocol
|
||||
namespace: higress-system
|
||||
spec: null
|
||||
@@ -462,7 +452,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: invalid-gateway-address
|
||||
namespace: invalid-gateway-address
|
||||
spec: null
|
||||
@@ -512,7 +501,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: invalid-backendRef-hostname
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -529,7 +517,7 @@ status:
|
||||
reason: BackendNotFound
|
||||
status: "False"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
group: ""
|
||||
kind: Service
|
||||
@@ -538,7 +526,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: invalid-backendRef-kind
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -555,7 +542,7 @@ status:
|
||||
reason: InvalidKind
|
||||
status: "False"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -563,7 +550,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: invalid-backendRef-mirror
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -580,7 +566,7 @@ status:
|
||||
reason: BackendNotFound
|
||||
status: "False"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
group: ""
|
||||
kind: Service
|
||||
@@ -589,7 +575,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: invalid-backendRef-mixed
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -606,7 +591,7 @@ status:
|
||||
reason: InvalidKind
|
||||
status: "False"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -614,7 +599,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: invalid-backendRef-notfound
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -631,7 +615,7 @@ status:
|
||||
reason: BackendNotFound
|
||||
status: "False"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -639,7 +623,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: invalid-backendRef-serviceimport
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -656,7 +639,7 @@ status:
|
||||
reason: BackendNotFound
|
||||
status: "False"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
group: ""
|
||||
kind: Service
|
||||
@@ -665,7 +648,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: invalid-mirror
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -682,7 +664,7 @@ status:
|
||||
reason: InvalidKind
|
||||
status: "False"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -690,7 +672,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: invalid-parentRef-port
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -707,7 +688,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -716,7 +697,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: invalid-parentRef-service
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -733,7 +713,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
group: ""
|
||||
kind: Service
|
||||
@@ -742,7 +722,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: invalid-parentRef-service-entry
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -759,7 +738,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
group: networking.istio.io
|
||||
kind: ServiceEntry
|
||||
@@ -768,7 +747,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: invalid-sectionname-port
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -785,7 +763,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -794,7 +772,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: no-backend
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -811,7 +788,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
group: ""
|
||||
kind: Service
|
||||
|
||||
@@ -5,7 +5,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/default.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-default
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -24,7 +24,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: fake-service.com
|
||||
internal.istio.io/parents: Gateway/invalid-service/default.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: invalid-service-istio-autogenerated-k8s-gateway-default
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -43,7 +43,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/target-port-reference/default.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: target-port-reference-istio-autogenerated-k8s-gateway-default
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -62,7 +62,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.cluster.local
|
||||
internal.istio.io/parents: Gateway/invalid-gateway-address/default.invalid-gateway-address
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: invalid-gateway-address-istio-autogenerated-k8s-gateway-default
|
||||
namespace: invalid-gateway-address
|
||||
spec:
|
||||
@@ -80,7 +80,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/invalid-backendRef-hostname.default,HTTPRoute/invalid-backendRef-mirror.default,HTTPRoute/invalid-backendRef-serviceimport.default,HTTPRoute/no-backend.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: default~httpbin.default.svc.domain.suffix
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -122,7 +121,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/invalid-parentRef-service.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: default~not-found.default.svc.domain.suffix
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -144,7 +142,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/invalid-mirror.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~*
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -166,7 +163,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/invalid-backendRef-kind.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~first.domain.example
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -185,7 +181,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/invalid-backendRef-notfound.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~second.domain.example
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -207,7 +202,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/invalid-backendRef-mixed.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~third.domain.example
|
||||
namespace: default
|
||||
spec:
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: isolation
|
||||
namespace: gateway-conformance-infra
|
||||
spec: null
|
||||
@@ -135,7 +134,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: attaches-to-abc-foo-example-com-with-hostname-intersection
|
||||
namespace: gateway-conformance-infra
|
||||
spec: null
|
||||
@@ -153,7 +151,7 @@ status:
|
||||
reason: BackendNotFound
|
||||
status: "False"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: isolation
|
||||
namespace: gateway-conformance-infra
|
||||
@@ -162,7 +160,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: attaches-to-empty-hostname-with-hostname-intersection
|
||||
namespace: gateway-conformance-infra
|
||||
spec: null
|
||||
@@ -180,7 +177,7 @@ status:
|
||||
reason: BackendNotFound
|
||||
status: "False"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: isolation
|
||||
namespace: gateway-conformance-infra
|
||||
@@ -189,7 +186,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: attaches-to-wildcard-example-com-with-hostname-intersection
|
||||
namespace: gateway-conformance-infra
|
||||
spec: null
|
||||
@@ -207,7 +203,7 @@ status:
|
||||
reason: BackendNotFound
|
||||
status: "False"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: isolation
|
||||
namespace: gateway-conformance-infra
|
||||
@@ -216,7 +212,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: attaches-to-wildcard-foo-example-com-with-hostname-intersection
|
||||
namespace: gateway-conformance-infra
|
||||
spec: null
|
||||
@@ -234,7 +229,7 @@ status:
|
||||
reason: BackendNotFound
|
||||
status: "False"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: isolation
|
||||
namespace: gateway-conformance-infra
|
||||
|
||||
@@ -5,7 +5,6 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: isolation-istio.gateway-conformance-infra.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/isolation/abc-foo-example-com.gateway-conformance-infra
|
||||
creationTimestamp: null
|
||||
name: isolation-istio-autogenerated-k8s-gateway-abc-foo-example-com
|
||||
namespace: gateway-conformance-infra
|
||||
spec:
|
||||
@@ -24,7 +23,6 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: isolation-istio.gateway-conformance-infra.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/isolation/empty-hostname.gateway-conformance-infra
|
||||
creationTimestamp: null
|
||||
name: isolation-istio-autogenerated-k8s-gateway-empty-hostname
|
||||
namespace: gateway-conformance-infra
|
||||
spec:
|
||||
@@ -43,7 +41,6 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: isolation-istio.gateway-conformance-infra.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/isolation/wildcard-example-com.gateway-conformance-infra
|
||||
creationTimestamp: null
|
||||
name: isolation-istio-autogenerated-k8s-gateway-wildcard-example-com
|
||||
namespace: gateway-conformance-infra
|
||||
spec:
|
||||
@@ -62,7 +59,6 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: isolation-istio.gateway-conformance-infra.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/isolation/wildcard-foo-example-com.gateway-conformance-infra
|
||||
creationTimestamp: null
|
||||
name: isolation-istio-autogenerated-k8s-gateway-wildcard-foo-example-com
|
||||
namespace: gateway-conformance-infra
|
||||
spec:
|
||||
@@ -80,7 +76,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/attaches-to-abc-foo-example-com-with-hostname-intersection.gateway-conformance-infra
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: gateway-conformance-infra~isolation-istio-autogenerated-k8s-gateway-abc-foo-example-com~*.example.com
|
||||
namespace: gateway-conformance-infra
|
||||
spec:
|
||||
@@ -105,7 +100,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/attaches-to-abc-foo-example-com-with-hostname-intersection.gateway-conformance-infra
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: gateway-conformance-infra~isolation-istio-autogenerated-k8s-gateway-abc-foo-example-com~*.foo.example.com
|
||||
namespace: gateway-conformance-infra
|
||||
spec:
|
||||
@@ -130,7 +124,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/attaches-to-abc-foo-example-com-with-hostname-intersection.gateway-conformance-infra
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: gateway-conformance-infra~isolation-istio-autogenerated-k8s-gateway-abc-foo-example-com~abc.foo.example.com
|
||||
namespace: gateway-conformance-infra
|
||||
spec:
|
||||
@@ -155,7 +148,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/attaches-to-abc-foo-example-com-with-hostname-intersection.gateway-conformance-infra
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: gateway-conformance-infra~isolation-istio-autogenerated-k8s-gateway-abc-foo-example-com~bar.com
|
||||
namespace: gateway-conformance-infra
|
||||
spec:
|
||||
@@ -180,7 +172,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/attaches-to-empty-hostname-with-hostname-intersection.gateway-conformance-infra
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: gateway-conformance-infra~isolation-istio-autogenerated-k8s-gateway-empty-hostname~bar.com
|
||||
namespace: gateway-conformance-infra
|
||||
spec:
|
||||
@@ -205,7 +196,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/attaches-to-wildcard-example-com-with-hostname-intersection.gateway-conformance-infra
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: gateway-conformance-infra~isolation-istio-autogenerated-k8s-gateway-wildcard-example-com~*.example.com
|
||||
namespace: gateway-conformance-infra
|
||||
spec:
|
||||
@@ -230,7 +220,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/attaches-to-wildcard-foo-example-com-with-hostname-intersection.gateway-conformance-infra
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: gateway-conformance-infra~isolation-istio-autogenerated-k8s-gateway-wildcard-foo-example-com~*.example.com
|
||||
namespace: gateway-conformance-infra
|
||||
spec:
|
||||
@@ -255,7 +244,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/attaches-to-wildcard-foo-example-com-with-hostname-intersection.gateway-conformance-infra
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: gateway-conformance-infra~isolation-istio-autogenerated-k8s-gateway-wildcard-foo-example-com~*.foo.example.com
|
||||
namespace: gateway-conformance-infra
|
||||
spec:
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: gateway.networking.x-k8s.io/v1alpha1
|
||||
kind: XListenerSet
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: single-entry-http
|
||||
namespace: ns1
|
||||
spec: null
|
||||
@@ -51,7 +50,6 @@ status:
|
||||
apiVersion: gateway.networking.x-k8s.io/v1alpha1
|
||||
kind: XListenerSet
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: cross-ns-cert
|
||||
namespace: ns2
|
||||
spec: null
|
||||
@@ -131,7 +129,6 @@ status:
|
||||
apiVersion: gateway.networking.x-k8s.io/v1alpha1
|
||||
kind: XListenerSet
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: same-ns-cert
|
||||
namespace: ns2
|
||||
spec: null
|
||||
@@ -181,7 +178,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: GatewayClass
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: istio
|
||||
spec: null
|
||||
status:
|
||||
@@ -195,7 +191,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: parent-gateway
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
|
||||
@@ -3,7 +3,7 @@ kind: GatewayClass
|
||||
metadata:
|
||||
name: istio
|
||||
spec:
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
|
||||
@@ -5,7 +5,6 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/parent-gateway/foo.istio-system
|
||||
creationTimestamp: null
|
||||
name: parent-gateway-istio-autogenerated-k8s-gateway-foo
|
||||
namespace: istio-system
|
||||
spec:
|
||||
@@ -25,7 +24,6 @@ metadata:
|
||||
internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix
|
||||
internal.istio.io/parent-namespace: istio-system
|
||||
internal.istio.io/parents: XListenerSet/single-entry-http/first.ns1
|
||||
creationTimestamp: null
|
||||
name: single-entry-http-istio-autogenerated-k8s-gateway-first
|
||||
namespace: ns1
|
||||
spec:
|
||||
@@ -45,7 +43,6 @@ metadata:
|
||||
internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix
|
||||
internal.istio.io/parent-namespace: istio-system
|
||||
internal.istio.io/parents: XListenerSet/cross-ns-cert/allowed.ns2
|
||||
creationTimestamp: null
|
||||
name: cross-ns-cert-istio-autogenerated-k8s-gateway-allowed
|
||||
namespace: ns2
|
||||
spec:
|
||||
@@ -68,7 +65,6 @@ metadata:
|
||||
internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix
|
||||
internal.istio.io/parent-namespace: istio-system
|
||||
internal.istio.io/parents: XListenerSet/same-ns-cert/second.ns2
|
||||
creationTimestamp: null
|
||||
name: same-ns-cert-istio-autogenerated-k8s-gateway-second
|
||||
namespace: ns2
|
||||
spec:
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: gateway.networking.x-k8s.io/v1alpha1
|
||||
kind: XListenerSet
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: single-entry-http
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -51,7 +50,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: GatewayClass
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: istio
|
||||
spec: null
|
||||
status:
|
||||
@@ -65,7 +63,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: parent-gateway
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
|
||||
@@ -3,7 +3,7 @@ kind: GatewayClass
|
||||
metadata:
|
||||
name: istio
|
||||
spec:
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
|
||||
@@ -6,7 +6,6 @@ metadata:
|
||||
internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix
|
||||
internal.istio.io/parent-namespace: istio-system
|
||||
internal.istio.io/parents: XListenerSet/single-entry-http/first.istio-system
|
||||
creationTimestamp: null
|
||||
name: single-entry-http-istio-autogenerated-k8s-gateway-first
|
||||
namespace: istio-system
|
||||
spec:
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: gateway.networking.x-k8s.io/v1alpha1
|
||||
kind: XListenerSet
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: invalid-class
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -21,7 +20,6 @@ status:
|
||||
apiVersion: gateway.networking.x-k8s.io/v1alpha1
|
||||
kind: XListenerSet
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: not-accepted-parent
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -41,7 +39,6 @@ status:
|
||||
apiVersion: gateway.networking.x-k8s.io/v1alpha1
|
||||
kind: XListenerSet
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: not-allowed
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -61,7 +58,6 @@ status:
|
||||
apiVersion: gateway.networking.x-k8s.io/v1alpha1
|
||||
kind: XListenerSet
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: port-not-in-service
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -112,7 +108,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: GatewayClass
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: istio
|
||||
spec: null
|
||||
status:
|
||||
@@ -126,7 +121,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: not-accepted-parent
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -151,7 +145,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: parent-gateway
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -210,7 +203,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: parent-no-allowed-listeners
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -262,7 +254,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: parent-with-no-children
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -319,7 +310,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: waypoint
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
|
||||
@@ -3,7 +3,7 @@ kind: GatewayClass
|
||||
metadata:
|
||||
name: istio
|
||||
spec:
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
|
||||
@@ -5,7 +5,6 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/parent-gateway/foo.istio-system
|
||||
creationTimestamp: null
|
||||
name: parent-gateway-istio-autogenerated-k8s-gateway-foo
|
||||
namespace: istio-system
|
||||
spec:
|
||||
@@ -24,7 +23,6 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/parent-no-allowed-listeners/foo.istio-system
|
||||
creationTimestamp: null
|
||||
name: parent-no-allowed-listeners-istio-autogenerated-k8s-gateway-foo
|
||||
namespace: istio-system
|
||||
spec:
|
||||
@@ -43,7 +41,6 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/parent-with-no-children/foo.istio-system
|
||||
creationTimestamp: null
|
||||
name: parent-with-no-children-istio-autogenerated-k8s-gateway-foo
|
||||
namespace: istio-system
|
||||
spec:
|
||||
@@ -63,7 +60,6 @@ metadata:
|
||||
internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix
|
||||
internal.istio.io/parent-namespace: istio-system
|
||||
internal.istio.io/parents: XListenerSet/port-not-in-service/first.istio-system
|
||||
creationTimestamp: null
|
||||
name: port-not-in-service-istio-autogenerated-k8s-gateway-first
|
||||
namespace: istio-system
|
||||
spec:
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: gateway.networking.x-k8s.io/v1alpha1
|
||||
kind: XListenerSet
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: multi-entry
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -81,7 +80,6 @@ status:
|
||||
apiVersion: gateway.networking.x-k8s.io/v1alpha1
|
||||
kind: XListenerSet
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: single-entry-http
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -131,7 +129,6 @@ status:
|
||||
apiVersion: gateway.networking.x-k8s.io/v1alpha1
|
||||
kind: XListenerSet
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: single-entry-tls
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -181,7 +178,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: GatewayClass
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: istio
|
||||
spec: null
|
||||
status:
|
||||
@@ -195,7 +191,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: parent-gateway
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -253,7 +248,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: bind-both
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -270,7 +264,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
group: gateway.networking.x-k8s.io
|
||||
kind: XListenerSet
|
||||
@@ -287,14 +281,13 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: parent-gateway
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: bind-parent
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -311,14 +304,13 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: parent-gateway
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: bind-set
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -335,7 +327,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
group: gateway.networking.x-k8s.io
|
||||
kind: XListenerSet
|
||||
|
||||
@@ -3,7 +3,7 @@ kind: GatewayClass
|
||||
metadata:
|
||||
name: istio
|
||||
spec:
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
|
||||
@@ -6,7 +6,6 @@ metadata:
|
||||
internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix
|
||||
internal.istio.io/parent-namespace: istio-system
|
||||
internal.istio.io/parents: XListenerSet/multi-entry/forth.istio-system
|
||||
creationTimestamp: null
|
||||
name: multi-entry-istio-autogenerated-k8s-gateway-forth
|
||||
namespace: istio-system
|
||||
spec:
|
||||
@@ -29,7 +28,6 @@ metadata:
|
||||
internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix
|
||||
internal.istio.io/parent-namespace: istio-system
|
||||
internal.istio.io/parents: XListenerSet/multi-entry/third.istio-system
|
||||
creationTimestamp: null
|
||||
name: multi-entry-istio-autogenerated-k8s-gateway-third
|
||||
namespace: istio-system
|
||||
spec:
|
||||
@@ -48,7 +46,6 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/parent-gateway/foo.istio-system
|
||||
creationTimestamp: null
|
||||
name: parent-gateway-istio-autogenerated-k8s-gateway-foo
|
||||
namespace: istio-system
|
||||
spec:
|
||||
@@ -68,7 +65,6 @@ metadata:
|
||||
internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix
|
||||
internal.istio.io/parent-namespace: istio-system
|
||||
internal.istio.io/parents: XListenerSet/single-entry-http/first.istio-system
|
||||
creationTimestamp: null
|
||||
name: single-entry-http-istio-autogenerated-k8s-gateway-first
|
||||
namespace: istio-system
|
||||
spec:
|
||||
@@ -88,7 +84,6 @@ metadata:
|
||||
internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix
|
||||
internal.istio.io/parent-namespace: istio-system
|
||||
internal.istio.io/parents: XListenerSet/single-entry-tls/second.istio-system
|
||||
creationTimestamp: null
|
||||
name: single-entry-tls-istio-autogenerated-k8s-gateway-second
|
||||
namespace: istio-system
|
||||
spec:
|
||||
@@ -109,7 +104,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/bind-both.istio-system,HTTPRoute/bind-parent.istio-system
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: istio-system~parent-gateway-istio-autogenerated-k8s-gateway-foo~*
|
||||
namespace: istio-system
|
||||
spec:
|
||||
@@ -143,7 +137,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/bind-both.istio-system,HTTPRoute/bind-set.istio-system
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: istio-system~single-entry-http-istio-autogenerated-k8s-gateway-first~*
|
||||
namespace: istio-system
|
||||
spec:
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: gateway
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -51,7 +50,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha2
|
||||
kind: TCPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: tcp
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -68,7 +66,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: istio-system
|
||||
|
||||
@@ -5,7 +5,6 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/default.istio-system
|
||||
creationTimestamp: null
|
||||
name: gateway-istio-autogenerated-k8s-gateway-default
|
||||
namespace: istio-system
|
||||
spec:
|
||||
@@ -23,7 +22,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: TCPRoute/tcp.istio-system
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: tcp-tcp-0-istio-autogenerated-k8s-gateway
|
||||
namespace: istio-system
|
||||
spec:
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: GatewayClass
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: istio
|
||||
spec: null
|
||||
status:
|
||||
@@ -15,7 +14,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: gateway
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -67,7 +65,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: consumer-override
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -84,7 +81,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
group: ""
|
||||
kind: Service
|
||||
@@ -95,7 +92,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: dual
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -112,7 +108,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: istio-system
|
||||
@@ -127,7 +123,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
group: ""
|
||||
kind: Service
|
||||
@@ -136,7 +132,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: echo
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -153,7 +148,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
group: ""
|
||||
kind: Service
|
||||
@@ -162,7 +157,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: echo-port
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -179,7 +173,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
group: ""
|
||||
kind: Service
|
||||
@@ -189,7 +183,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: header
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -206,7 +199,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
group: ""
|
||||
kind: Service
|
||||
@@ -215,7 +208,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: multi-service
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -232,7 +224,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
group: ""
|
||||
kind: Service
|
||||
@@ -248,7 +240,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
group: ""
|
||||
kind: Service
|
||||
@@ -265,7 +257,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
group: ""
|
||||
kind: Service
|
||||
@@ -275,7 +267,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha2
|
||||
kind: TLSRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: tls
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -292,7 +283,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
group: ""
|
||||
kind: Service
|
||||
@@ -301,7 +292,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha2
|
||||
kind: TCPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: tcp
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -318,7 +308,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
group: ""
|
||||
kind: Service
|
||||
|
||||
@@ -3,7 +3,7 @@ kind: GatewayClass
|
||||
metadata:
|
||||
name: istio
|
||||
spec:
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
|
||||
@@ -5,7 +5,6 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/default.istio-system
|
||||
creationTimestamp: null
|
||||
name: gateway-istio-autogenerated-k8s-gateway-default
|
||||
namespace: istio-system
|
||||
spec:
|
||||
@@ -23,7 +22,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/multi-service.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: default~8080~echo-1.default.svc.domain.suffix
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -47,7 +45,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/multi-service.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: default~80~echo-1.default.svc.domain.suffix
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -71,7 +68,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/echo-port.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: default~80~echo-port.default.svc.domain.suffix
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -95,7 +91,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/consumer-override.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: default~80~httpbin-apple.apple.svc.domain.suffix
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -119,7 +114,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/multi-service.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: default~echo-2.default.svc.domain.suffix
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -141,7 +135,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/echo.default,HTTPRoute/header.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: default~echo.default.svc.domain.suffix
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -176,7 +169,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/dual.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: default~example.default.svc.domain.suffix
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -198,7 +190,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/dual.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: istio-system~gateway-istio-autogenerated-k8s-gateway-default~foo.example.com
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -220,7 +211,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: TCPRoute/tcp.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: tcp-tcp-0-istio-autogenerated-k8s-gateway
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -241,7 +231,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: TLSRoute/tls.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: tls-tls-0-istio-autogenerated-k8s-gateway
|
||||
namespace: default
|
||||
spec:
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: GatewayClass
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: higress
|
||||
spec: null
|
||||
status:
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: gateway.networking.x-k8s.io/v1alpha1
|
||||
kind: XBackendTrafficPolicy
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: lb-policy
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -18,12 +17,11 @@ status:
|
||||
reason: Accepted
|
||||
status: "True"
|
||||
type: Accepted
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: istio.io/mesh-controller
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha3
|
||||
kind: BackendTLSPolicy
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: tls-upstream-echo
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -39,12 +37,16 @@ status:
|
||||
reason: Accepted
|
||||
status: "True"
|
||||
type: Accepted
|
||||
controllerName: istio.io/gateway-controller
|
||||
- lastTransitionTime: fake
|
||||
message: Configuration is valid
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/mesh-controller
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha3
|
||||
kind: BackendTLSPolicy
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: tls-upstream-echo-extra
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -60,5 +62,10 @@ status:
|
||||
reason: Accepted
|
||||
status: "True"
|
||||
type: Accepted
|
||||
controllerName: istio.io/gateway-controller
|
||||
- lastTransitionTime: fake
|
||||
message: Configuration is valid
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/mesh-controller
|
||||
---
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha3
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: BackendTLSPolicy
|
||||
metadata:
|
||||
name: tls-upstream-echo
|
||||
@@ -16,7 +16,7 @@ spec:
|
||||
hostname: auth.example.com
|
||||
---
|
||||
# A redundant policy for the same service
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha3
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: BackendTLSPolicy
|
||||
metadata:
|
||||
name: tls-upstream-echo-extra
|
||||
|
||||
@@ -3,8 +3,7 @@ kind: DestinationRule
|
||||
metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: XBackendTrafficPolicy/default.lb-policy,BackendTLSPolicy/default.tls-upstream-echo
|
||||
creationTimestamp: null
|
||||
name: echo-istio-autogenerated-k8s-gateway
|
||||
name: echo~istio-autogenerated-k8s-gateway
|
||||
namespace: default
|
||||
spec:
|
||||
host: echo.default.svc.domain.suffix
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: GatewayClass
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: istio
|
||||
spec: null
|
||||
status:
|
||||
@@ -15,7 +14,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: gateway
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
|
||||
@@ -3,7 +3,7 @@ kind: GatewayClass
|
||||
metadata:
|
||||
name: istio
|
||||
spec:
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
|
||||
@@ -5,7 +5,6 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix,istio-ingressgateway.not-default.svc.domain.suffix,example.com
|
||||
internal.istio.io/parents: Gateway/gateway/http.istio-system
|
||||
creationTimestamp: null
|
||||
name: gateway-istio-autogenerated-k8s-gateway-http
|
||||
namespace: istio-system
|
||||
spec:
|
||||
@@ -24,7 +23,6 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix,istio-ingressgateway.not-default.svc.domain.suffix,example.com
|
||||
internal.istio.io/parents: Gateway/gateway/tcp.istio-system
|
||||
creationTimestamp: null
|
||||
name: gateway-istio-autogenerated-k8s-gateway-tcp
|
||||
namespace: istio-system
|
||||
spec:
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: inference.networking.x-k8s.io/v1alpha2
|
||||
apiVersion: inference.networking.k8s.io/v1
|
||||
kind: InferencePool
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: my-ip
|
||||
namespace: inferencepool
|
||||
spec: null
|
||||
@@ -10,7 +9,6 @@ status: {}
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
spec: null
|
||||
@@ -62,7 +60,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: backend-allowed-ip
|
||||
namespace: higress-system
|
||||
spec: null
|
||||
@@ -79,7 +76,7 @@ status:
|
||||
reason: BackendNotFound
|
||||
status: "False"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -87,7 +84,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: backend-not-allowed-ip
|
||||
namespace: higress-system
|
||||
spec: null
|
||||
@@ -105,7 +101,7 @@ status:
|
||||
reason: RefNotPermitted
|
||||
status: "False"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
|
||||
@@ -17,20 +17,24 @@ spec:
|
||||
namespaces:
|
||||
from: All
|
||||
---
|
||||
apiVersion: inference.networking.x-k8s.io/v1alpha2
|
||||
apiVersion: inference.networking.k8s.io/v1
|
||||
kind: InferencePool
|
||||
metadata:
|
||||
name: my-ip
|
||||
namespace: inferencepool
|
||||
spec:
|
||||
extensionRef:
|
||||
endpointPickerRef:
|
||||
failureMode: FailOpen
|
||||
group: ""
|
||||
kind: Service
|
||||
name: endpoint-picker-svc
|
||||
port:
|
||||
number: 9002
|
||||
selector:
|
||||
app: model-server
|
||||
targetPortNumber: 3000
|
||||
matchLabels:
|
||||
app: model-server
|
||||
targetPorts:
|
||||
- number: 3000
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: ReferenceGrant
|
||||
@@ -43,7 +47,7 @@ spec:
|
||||
kind: HTTPRoute
|
||||
namespace: higress-system
|
||||
to:
|
||||
- group: inference.networking.x-k8s.io
|
||||
- group: inference.networking.k8s.io
|
||||
kind: InferencePool
|
||||
name: my-ip
|
||||
---
|
||||
@@ -61,7 +65,7 @@ spec:
|
||||
- backendRefs:
|
||||
- name: my-ip
|
||||
kind: InferencePool
|
||||
group: inference.networking.x-k8s.io
|
||||
group: inference.networking.k8s.io
|
||||
namespace: inferencepool
|
||||
port: 80
|
||||
---
|
||||
@@ -79,7 +83,7 @@ spec:
|
||||
- backendRefs:
|
||||
- name: my-ip
|
||||
kind: InferencePool
|
||||
group: inference.networking.x-k8s.io
|
||||
group: inference.networking.k8s.io
|
||||
namespace: inferencepool
|
||||
port: 80
|
||||
weight: 1
|
||||
|
||||
@@ -5,7 +5,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/simple.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-simple
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -23,7 +23,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/backend-allowed-ip.higress-system
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-simple~simple.domain.example
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -42,7 +41,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/backend-not-allowed-ip.higress-system
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-simple~simple2.domain.example
|
||||
namespace: higress-system
|
||||
spec:
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
spec: null
|
||||
@@ -53,7 +52,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: backend-not-allowed
|
||||
namespace: higress-system
|
||||
spec: null
|
||||
@@ -71,7 +69,7 @@ status:
|
||||
reason: RefNotPermitted
|
||||
status: "False"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -79,7 +77,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: http
|
||||
namespace: higress-system
|
||||
spec: null
|
||||
@@ -96,7 +93,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
|
||||
@@ -5,7 +5,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/simple.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-simple
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -23,7 +23,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/http.higress-system
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-simple~simple.domain.example
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -45,7 +44,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/backend-not-allowed.higress-system
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-simple~simple2.domain.example
|
||||
namespace: higress-system
|
||||
spec:
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
spec: null
|
||||
@@ -78,7 +77,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha2
|
||||
kind: TCPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: allowed-my-svc
|
||||
namespace: higress-system
|
||||
spec: null
|
||||
@@ -95,7 +93,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -104,7 +102,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha2
|
||||
kind: TCPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: not-allowed-echo
|
||||
namespace: higress-system
|
||||
spec: null
|
||||
@@ -122,7 +119,7 @@ status:
|
||||
reason: RefNotPermitted
|
||||
status: "False"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
|
||||
@@ -5,7 +5,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/echo.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-echo
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -24,7 +24,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/my-svc.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-my-svc
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -42,7 +42,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: TCPRoute/allowed-my-svc.higress-system
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: allowed-my-svc-tcp-0-istio-autogenerated-k8s-gateway
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -63,7 +62,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: TCPRoute/not-allowed-echo.higress-system
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: not-allowed-echo-tcp-0-istio-autogenerated-k8s-gateway
|
||||
namespace: higress-system
|
||||
spec:
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: GatewayClass
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: higress
|
||||
spec: null
|
||||
status:
|
||||
@@ -15,7 +14,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
spec: null
|
||||
@@ -67,7 +65,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: http
|
||||
namespace: cert
|
||||
spec: null
|
||||
@@ -84,7 +81,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
|
||||
@@ -5,7 +5,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/cross.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-cross
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -26,7 +26,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/http.cert
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-cross~cert1.domain.example
|
||||
namespace: cert
|
||||
spec:
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: GatewayClass
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: higress
|
||||
spec: null
|
||||
status:
|
||||
@@ -15,7 +14,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
spec: null
|
||||
@@ -453,7 +451,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: bind-all
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -470,7 +467,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -478,7 +475,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: host-mismatch
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -495,7 +491,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -504,7 +500,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: invalid-bind-cross-namespace
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -522,7 +517,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -531,7 +526,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: same-namespace-invalid
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -548,7 +542,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
kind: Gateway
|
||||
name: gateway
|
||||
@@ -558,7 +552,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: section-name-cross-namespace
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -575,7 +568,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -584,7 +577,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: bind-cross-namespace
|
||||
namespace: group-namespace1
|
||||
spec: null
|
||||
@@ -602,7 +594,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -618,7 +610,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -634,7 +626,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -651,7 +643,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -668,7 +660,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -685,7 +677,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -702,7 +694,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -718,7 +710,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -734,7 +726,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -751,7 +743,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -768,7 +760,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -777,7 +769,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: bind-cross-namespace
|
||||
namespace: group-namespace2
|
||||
spec: null
|
||||
@@ -795,7 +786,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -804,7 +795,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: same-namespace-valid
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -822,7 +812,7 @@ status:
|
||||
reason: BackendNotFound
|
||||
status: "False"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -838,7 +828,7 @@ status:
|
||||
reason: BackendNotFound
|
||||
status: "False"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
@@ -847,7 +837,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha2
|
||||
kind: TCPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: wrong-protocol
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -864,7 +853,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: higress-system
|
||||
|
||||
@@ -5,7 +5,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/default.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-default
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -24,7 +24,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/foobar.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-foobar
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -43,7 +43,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/same-namespace.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-same-namespace
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -62,7 +62,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/scope-route.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-scope-route
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -81,7 +81,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/slctr-combined-no.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-slctr-combined-no
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -100,7 +100,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/slctr-combined-yes.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-slctr-combined-yes
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -119,7 +119,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/slctr-expr-dne-no.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-slctr-expr-dne-no
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -142,7 +142,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/slctr-expr-dne-yes.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-slctr-expr-dne-yes
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -165,7 +165,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/slctr-expr-exists-no.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-slctr-expr-exists-no
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -184,7 +184,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/slctr-expr-exists-yes.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-slctr-expr-exists-yes
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -203,7 +203,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/slctr-expr-in-no.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-slctr-expr-in-no
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -222,7 +222,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/slctr-expr-in-yes.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-slctr-expr-in-yes
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -241,7 +241,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/slctr-expr-notin-no.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-slctr-expr-notin-no
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -264,7 +264,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/slctr-expr-notin-yes.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-slctr-expr-notin-yes
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -287,7 +287,7 @@ metadata:
|
||||
internal.istio.io/gateway-semantics: gateway
|
||||
internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix
|
||||
internal.istio.io/parents: Gateway/gateway/slctr-labels.higress-system
|
||||
creationTimestamp: null
|
||||
internal.istio.io/service-account-name: ""
|
||||
name: gateway-istio-autogenerated-k8s-gateway-slctr-labels
|
||||
namespace: higress-system
|
||||
spec:
|
||||
@@ -305,7 +305,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/bind-all.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~*
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -327,7 +326,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/bind-all.default,HTTPRoute/same-namespace-valid.istio-system
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-foobar~*
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -355,7 +353,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/section-name-cross-namespace.default
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-foobar~alpha.foobar.example
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -377,7 +374,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/bind-all.default,HTTPRoute/bind-cross-namespace.group-namespace1
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-slctr-expr-dne-no~*
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -405,7 +401,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/bind-all.default,HTTPRoute/bind-cross-namespace.group-namespace1
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-slctr-expr-dne-yes~*
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -433,7 +428,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/bind-all.default,HTTPRoute/bind-cross-namespace.group-namespace1
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-slctr-expr-notin-no~*
|
||||
namespace: default
|
||||
spec:
|
||||
@@ -461,7 +455,6 @@ metadata:
|
||||
annotations:
|
||||
internal.istio.io/parents: HTTPRoute/bind-all.default,HTTPRoute/bind-cross-namespace.group-namespace1
|
||||
internal.istio.io/route-semantics: gateway
|
||||
creationTimestamp: null
|
||||
name: higress-system~gateway-istio-autogenerated-k8s-gateway-slctr-expr-notin-yes~*
|
||||
namespace: default
|
||||
spec:
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: GatewayClass
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: istio
|
||||
spec: null
|
||||
status:
|
||||
@@ -15,7 +14,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: gateway
|
||||
namespace: istio-system
|
||||
spec: null
|
||||
@@ -67,7 +65,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: http
|
||||
namespace: allowed-1
|
||||
spec: null
|
||||
@@ -84,7 +81,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: istio-system
|
||||
@@ -99,7 +96,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
group: ""
|
||||
kind: Service
|
||||
@@ -115,7 +112,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
group: ""
|
||||
kind: Service
|
||||
@@ -124,7 +121,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: http
|
||||
namespace: allowed-2
|
||||
spec: null
|
||||
@@ -141,7 +137,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: istio-system
|
||||
@@ -156,7 +152,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
group: ""
|
||||
kind: Service
|
||||
@@ -165,7 +161,6 @@ status:
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: http
|
||||
namespace: default
|
||||
spec: null
|
||||
@@ -183,7 +178,7 @@ status:
|
||||
reason: ResolvedRefs
|
||||
status: "True"
|
||||
type: ResolvedRefs
|
||||
controllerName: istio.io/gateway-controller
|
||||
controllerName: higress.io/gateway-controller
|
||||
parentRef:
|
||||
name: gateway
|
||||
namespace: istio-system
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user