From ccb1539f433d3e07eed20d29ebb4a5204c47c369 Mon Sep 17 00:00:00 2001 From: EndlessSeeker <153817598+EndlessSeeker@users.noreply.github.com> Date: Wed, 26 Nov 2025 10:15:00 +0800 Subject: [PATCH] Feat: upgrade gateway api to latest (#3160) --- Makefile.core.mk | 2 +- go.mod | 138 +++--- go.sum | 298 ++++++------ .../templates/controller-clusterrole.yaml | 8 + helm/core/values.yaml | 2 +- helm/higress/README.md | 2 +- .../kube/gateway/istio/backend_policies.go | 427 +++++++++++++----- pkg/ingress/kube/gateway/istio/conditions.go | 7 +- .../kube/gateway/istio/conditions_test.go | 4 +- pkg/ingress/kube/gateway/istio/controller.go | 57 ++- pkg/ingress/kube/gateway/istio/conversion.go | 160 ++++++- .../kube/gateway/istio/conversion_test.go | 40 +- .../kube/gateway/istio/gateway_collection.go | 25 +- .../gateway/istio/inferencepool_collection.go | 180 ++++---- .../istio/inferencepool_status_test.go | 302 ++++++------- .../kube/gateway/istio/inferencepool_test.go | 36 +- pkg/ingress/kube/gateway/istio/references.go | 8 +- .../gateway/istio/references_collection.go | 10 +- .../kube/gateway/istio/route_collections.go | 92 +++- .../backend-lb-policy.status.yaml.golden | 3 +- .../testdata/backend-lb-policy.yaml.golden | 3 +- .../backend-tls-policy.status.yaml.golden | 316 ++++++++++++- .../istio/testdata/backend-tls-policy.yaml | 201 ++++++++- .../testdata/backend-tls-policy.yaml.golden | 161 ++++++- .../istio/testdata/benchmark-httproute.yaml | 2 +- .../testdata/delegated.status.yaml.golden | 8 +- .../istio/testdata/delegated.yaml.golden | 6 +- .../istio/testdata/deployment/cluster-ip.yaml | 253 ----------- ...labels-annotations-disabled-infra-nil.yaml | 245 ---------- ...labels-annotations-disabled-infra-set.yaml | 253 ----------- ...-labels-annotations-enabled-infra-nil.yaml | 253 ----------- .../testdata/deployment/custom-class.yaml | 245 ---------- .../testdata/deployment/customizations.yaml | 300 ------------ ...th-infrerencepool-extproc-infra-label.yaml | 257 ----------- .../deployment/illegal_customizations.yaml | 6 - .../infrastructure-labels-annotations.yaml | 253 ----------- .../testdata/deployment/istio-east-west.yaml | 254 ----------- .../deployment/istio-upgrade-to-1.24.yaml | 256 ----------- .../kube-gateway-ambient-redirect-infra.yaml | 245 ---------- .../kube-gateway-ambient-redirect.yaml | 245 ---------- .../istio/testdata/deployment/manual-ip.yaml | 246 ---------- .../istio/testdata/deployment/manual-sa.yaml | 245 ---------- .../testdata/deployment/multinetwork.yaml | 257 ----------- .../testdata/deployment/proxy-config-crd.yaml | 245 ---------- .../istio/testdata/deployment/simple.yaml | 253 ----------- .../deployment/waypoint-no-network-label.yaml | 254 ----------- .../istio/testdata/deployment/waypoint.yaml | 254 ----------- .../east-west-ambient.status.yaml.golden | 2 - .../eastwest-labelport.status.yaml.golden | 7 +- .../testdata/eastwest-labelport.yaml.golden | 5 - .../eastwest-remote.status.yaml.golden | 3 - .../eastwest-tlsoption.status.yaml.golden | 7 +- .../testdata/eastwest-tlsoption.yaml.golden | 5 - .../testdata/eastwest.status.yaml.golden | 7 +- .../istio/testdata/eastwest.yaml.golden | 5 - .../istio/testdata/grpc.status.yaml.golden | 5 +- .../gateway/istio/testdata/grpc.yaml.golden | 4 +- .../istio/testdata/http.status.yaml.golden | 44 +- .../kube/gateway/istio/testdata/http.yaml | 394 ++++++++-------- .../gateway/istio/testdata/http.yaml.golden | 12 +- .../istio/testdata/invalid.status.yaml.golden | 47 +- .../istio/testdata/invalid.yaml.golden | 14 +- .../testdata/isolation.status.yaml.golden | 13 +- .../istio/testdata/isolation.yaml.golden | 12 - ...enerset-cross-namespace.status.yaml.golden | 5 - .../testdata/listenerset-cross-namespace.yaml | 2 +- .../listenerset-cross-namespace.yaml.golden | 4 - ...enerset-empty-listeners.status.yaml.golden | 3 - .../testdata/listenerset-empty-listeners.yaml | 2 +- .../listenerset-empty-listeners.yaml.golden | 1 - .../listenerset-invalid.status.yaml.golden | 10 - .../istio/testdata/listenerset-invalid.yaml | 2 +- .../testdata/listenerset-invalid.yaml.golden | 4 - .../testdata/listenerset.status.yaml.golden | 16 +- .../gateway/istio/testdata/listenerset.yaml | 2 +- .../istio/testdata/listenerset.yaml.golden | 7 - .../istio/testdata/mcs.status.yaml.golden | 4 +- .../gateway/istio/testdata/mcs.yaml.golden | 2 - .../istio/testdata/mesh.status.yaml.golden | 32 +- .../kube/gateway/istio/testdata/mesh.yaml | 2 +- .../gateway/istio/testdata/mesh.yaml.golden | 11 - .../testdata/mismatch.status.yaml.golden | 1 - .../mix-backend-policy.status.yaml.golden | 19 +- .../istio/testdata/mix-backend-policy.yaml | 4 +- .../testdata/mix-backend-policy.yaml.golden | 3 +- .../testdata/multi-gateway.status.yaml.golden | 2 - .../gateway/istio/testdata/multi-gateway.yaml | 2 +- .../istio/testdata/multi-gateway.yaml.golden | 2 - ...ce-policy-inferencepool.status.yaml.golden | 10 +- .../reference-policy-inferencepool.yaml | 18 +- ...reference-policy-inferencepool.yaml.golden | 4 +- ...eference-policy-service.status.yaml.golden | 7 +- .../reference-policy-service.yaml.golden | 4 +- .../reference-policy-tcp.status.yaml.golden | 7 +- .../testdata/reference-policy-tcp.yaml.golden | 6 +- .../reference-policy-tls.status.yaml.golden | 5 +- .../testdata/reference-policy-tls.yaml.golden | 3 +- .../testdata/route-binding.status.yaml.golden | 51 +-- .../istio/testdata/route-binding.yaml.golden | 37 +- .../route-precedence.status.yaml.golden | 17 +- .../istio/testdata/route-precedence.yaml | 2 +- .../testdata/route-precedence.yaml.golden | 6 - .../testdata/serviceentry.status.yaml.golden | 13 +- .../istio/testdata/serviceentry.yaml.golden | 8 - .../istio/testdata/status.status.yaml.golden | 14 +- .../kube/gateway/istio/testdata/status.yaml | 10 +- .../gateway/istio/testdata/status.yaml.golden | 4 - .../istio/testdata/tcp.status.yaml.golden | 8 +- .../gateway/istio/testdata/tcp.yaml.golden | 6 +- .../istio/testdata/tls.status.yaml.golden | 66 ++- .../kube/gateway/istio/testdata/tls.yaml | 223 +++++---- .../gateway/istio/testdata/tls.yaml.golden | 68 ++- ...alid-invalid-parent-ref.status.yaml.golden | 11 +- .../testdata/valid-invalid-parent-ref.yaml | 2 +- .../valid-invalid-parent-ref.yaml.golden | 3 - .../testdata/waypoint.status.yaml.golden | 2 - .../testdata/weighted.status.yaml.golden | 8 +- .../istio/testdata/weighted.yaml.golden | 6 +- .../istio/testdata/zero.status.yaml.golden | 8 +- .../gateway/istio/testdata/zero.yaml.golden | 6 +- pkg/ingress/mcp/generator.go | 43 ++ 121 files changed, 2468 insertions(+), 6263 deletions(-) delete mode 100644 pkg/ingress/kube/gateway/istio/testdata/deployment/cluster-ip.yaml delete mode 100644 pkg/ingress/kube/gateway/istio/testdata/deployment/copy-labels-annotations-disabled-infra-nil.yaml delete mode 100644 pkg/ingress/kube/gateway/istio/testdata/deployment/copy-labels-annotations-disabled-infra-set.yaml delete mode 100644 pkg/ingress/kube/gateway/istio/testdata/deployment/copy-labels-annotations-enabled-infra-nil.yaml delete mode 100644 pkg/ingress/kube/gateway/istio/testdata/deployment/custom-class.yaml delete mode 100644 pkg/ingress/kube/gateway/istio/testdata/deployment/customizations.yaml delete mode 100644 pkg/ingress/kube/gateway/istio/testdata/deployment/gateway-with-infrerencepool-extproc-infra-label.yaml delete mode 100644 pkg/ingress/kube/gateway/istio/testdata/deployment/illegal_customizations.yaml delete mode 100644 pkg/ingress/kube/gateway/istio/testdata/deployment/infrastructure-labels-annotations.yaml delete mode 100644 pkg/ingress/kube/gateway/istio/testdata/deployment/istio-east-west.yaml delete mode 100644 pkg/ingress/kube/gateway/istio/testdata/deployment/istio-upgrade-to-1.24.yaml delete mode 100644 pkg/ingress/kube/gateway/istio/testdata/deployment/kube-gateway-ambient-redirect-infra.yaml delete mode 100644 pkg/ingress/kube/gateway/istio/testdata/deployment/kube-gateway-ambient-redirect.yaml delete mode 100644 pkg/ingress/kube/gateway/istio/testdata/deployment/manual-ip.yaml delete mode 100644 pkg/ingress/kube/gateway/istio/testdata/deployment/manual-sa.yaml delete mode 100644 pkg/ingress/kube/gateway/istio/testdata/deployment/multinetwork.yaml delete mode 100644 pkg/ingress/kube/gateway/istio/testdata/deployment/proxy-config-crd.yaml delete mode 100644 pkg/ingress/kube/gateway/istio/testdata/deployment/simple.yaml delete mode 100644 pkg/ingress/kube/gateway/istio/testdata/deployment/waypoint-no-network-label.yaml delete mode 100644 pkg/ingress/kube/gateway/istio/testdata/deployment/waypoint.yaml diff --git a/Makefile.core.mk b/Makefile.core.mk index 203c0ec74..f730b82d8 100644 --- a/Makefile.core.mk +++ b/Makefile.core.mk @@ -224,7 +224,7 @@ install: pre-install HIGRESS_LATEST_IMAGE_TAG ?= latest ENVOY_LATEST_IMAGE_TAG ?= cdf0f16bf622102f89a0d0257834f43f502e4b99 -ISTIO_LATEST_IMAGE_TAG ?= 2124b6819c805d16507d4bb0bb394160281169e7 +ISTIO_LATEST_IMAGE_TAG ?= a7525f292c38d7d3380f3ce7ee971ad6e3c46adf install-dev: pre-install helm install higress helm/core -n higress-system --create-namespace --set 'controller.tag=$(TAG)' --set 'gateway.replicas=1' --set 'pilot.tag=$(ISTIO_LATEST_IMAGE_TAG)' --set 'gateway.tag=$(ENVOY_LATEST_IMAGE_TAG)' --set 'global.local=true' diff --git a/go.mod b/go.mod index af6a69a9c..fd426c73c 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/golang/protobuf v1.5.4 github.com/google/go-cmp v0.7.0 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 - github.com/hashicorp/consul/api v1.31.2 + github.com/hashicorp/consul/api v1.32.0 github.com/hashicorp/go-multierror v1.1.1 github.com/hudl/fargo v1.4.0 github.com/mholt/acmez v1.2.0 @@ -34,44 +34,44 @@ require ( github.com/nacos-group/nacos-sdk-go/v2 v2.3.2 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.7 - github.com/stretchr/testify v1.10.0 + github.com/stretchr/testify v1.11.1 github.com/tidwall/gjson v1.17.0 go.uber.org/atomic v1.11.0 go.uber.org/zap v1.27.0 - golang.org/x/net v0.41.0 - google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822 - google.golang.org/grpc v1.73.0 - google.golang.org/protobuf v1.36.6 + golang.org/x/net v0.44.0 + google.golang.org/genproto/googleapis/api v0.0.0-20250929231259-57b25ae835d4 + google.golang.org/grpc v1.76.0 + google.golang.org/protobuf v1.36.10 istio.io/api v1.27.1-0.20250820125923-f5a5d3a605a9 istio.io/client-go v1.27.1-0.20250820130622-12f6d11feb40 istio.io/istio v0.0.0 istio.io/pkg v0.0.0-20250718200944-0aab346caa39 - k8s.io/api v0.33.3 - k8s.io/apiextensions-apiserver v0.33.3 - k8s.io/apimachinery v0.33.3 + k8s.io/api v0.34.1 + k8s.io/apiextensions-apiserver v0.34.1 + k8s.io/apimachinery v0.34.1 k8s.io/cli-runtime v0.33.3 - k8s.io/client-go v0.33.3 + k8s.io/client-go v0.34.1 knative.dev/networking v0.0.0-20220302134042-e8b2eb995165 knative.dev/pkg v0.0.0-20220301181942-2fdd5f232e77 - sigs.k8s.io/controller-runtime v0.21.0 - sigs.k8s.io/gateway-api v1.3.0 - sigs.k8s.io/gateway-api-inference-extension v0.5.0 + sigs.k8s.io/controller-runtime v0.22.3 + sigs.k8s.io/gateway-api v1.4.0 + sigs.k8s.io/gateway-api-inference-extension v1.1.0 sigs.k8s.io/structured-merge-diff/v4 v4.7.0 - sigs.k8s.io/yaml v1.5.0 + sigs.k8s.io/yaml v1.6.0 ) require ( cel.dev/expr v0.24.0 // indirect - cloud.google.com/go v0.115.1 // indirect - cloud.google.com/go/auth v0.15.0 // indirect - cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect - cloud.google.com/go/compute/metadata v0.6.0 // indirect - cloud.google.com/go/logging v1.11.0 // indirect - cloud.google.com/go/longrunning v0.6.0 // indirect + cloud.google.com/go v0.120.0 // indirect + cloud.google.com/go/auth v0.16.5 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect + cloud.google.com/go/compute/metadata v0.8.4 // indirect + cloud.google.com/go/logging v1.13.0 // indirect + cloud.google.com/go/longrunning v0.6.7 // indirect dario.cat/mergo v1.0.2 // indirect github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect github.com/Masterminds/goutils v1.1.1 // indirect - github.com/Masterminds/semver/v3 v3.3.1 // indirect + github.com/Masterminds/semver/v3 v3.4.0 // indirect github.com/Masterminds/sprig/v3 v3.3.0 // indirect github.com/alecholmes/xfccparser v0.4.0 // indirect github.com/alecthomas/participle/v2 v2.1.4 // indirect @@ -102,6 +102,7 @@ require ( github.com/blang/semver/v4 v4.0.0 // indirect github.com/buger/jsonparser v1.1.1 // indirect github.com/cenkalti/backoff/v4 v4.3.0 // indirect + github.com/cenkalti/backoff/v5 v5.0.3 // indirect github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/clbanning/mxj v1.8.4 // indirect @@ -115,7 +116,7 @@ require ( github.com/docker/cli v28.1.1+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect github.com/docker/docker-credential-helpers v0.9.3 // indirect - github.com/emicklei/go-restful/v3 v3.12.2 // indirect + github.com/emicklei/go-restful/v3 v3.13.0 // indirect github.com/envoyproxy/go-control-plane v0.13.4 // indirect github.com/envoyproxy/go-control-plane/contrib v0.0.0-20251016030003-90eca0228178 // indirect github.com/envoyproxy/protoc-gen-validate v1.2.1 // indirect @@ -124,30 +125,30 @@ require ( github.com/felixge/httpsnoop v1.0.4 // indirect github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8 // indirect github.com/fsnotify/fsnotify v1.9.0 // indirect - github.com/fxamacker/cbor/v2 v2.8.0 // indirect - github.com/go-jose/go-jose/v4 v4.1.0 // indirect + github.com/fxamacker/cbor/v2 v2.9.0 // indirect + github.com/go-jose/go-jose/v4 v4.1.2 // indirect github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-openapi/jsonpointer v0.21.1 // indirect + github.com/go-openapi/jsonpointer v0.21.2 // indirect github.com/go-openapi/jsonreference v0.21.0 // indirect github.com/go-openapi/swag v0.23.1 // indirect github.com/goccy/go-json v0.10.5 // indirect github.com/golang/mock v1.6.0 // indirect github.com/google/btree v1.1.3 // indirect - github.com/google/cel-go v0.25.0 // indirect - github.com/google/gnostic-models v0.6.9 // indirect + github.com/google/cel-go v0.26.0 // indirect + github.com/google/gnostic-models v0.7.0 // indirect github.com/google/go-containerregistry v0.20.3 // indirect github.com/google/s2a-go v0.1.9 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.6.0 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.3.5 // indirect - github.com/googleapis/gax-go/v2 v2.14.1 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect + github.com/googleapis/gax-go/v2 v2.15.0 // indirect github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect - github.com/grafana/regexp v0.0.0-20240518133315-a468a5bfb3bc // indirect + github.com/grafana/regexp v0.0.0-20250905093917-f7b3be9d1853 // indirect github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.2 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-hclog v1.6.3 // indirect @@ -177,7 +178,7 @@ require ( github.com/mailru/easyjson v0.9.0 // indirect github.com/mattn/go-colorable v0.1.14 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/miekg/dns v1.1.66 // indirect + github.com/miekg/dns v1.1.68 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect @@ -185,7 +186,7 @@ require ( github.com/moby/spdystream v0.5.0 // indirect github.com/moby/term v0.5.2 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect - github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect @@ -198,11 +199,11 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/planetscale/vtprotobuf v0.6.1-0.20240409071808-615f978279ca // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/prometheus/client_golang v1.22.0 // indirect + github.com/prometheus/client_golang v1.23.2 // indirect github.com/prometheus/client_model v0.6.2 // indirect - github.com/prometheus/common v0.65.0 // indirect - github.com/prometheus/procfs v0.16.1 // indirect - github.com/prometheus/prometheus v0.303.1 // indirect + github.com/prometheus/common v0.67.1 // indirect + github.com/prometheus/procfs v0.17.0 // indirect + github.com/prometheus/prometheus v0.307.1 // indirect github.com/shopspring/decimal v1.4.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/spf13/cast v1.8.0 // indirect @@ -220,53 +221,54 @@ require ( github.com/zeebo/blake3 v0.2.3 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.59.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect - go.opentelemetry.io/otel v1.35.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 // indirect + go.opentelemetry.io/otel v1.38.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0 // indirect go.opentelemetry.io/otel/exporters/prometheus v0.57.0 // indirect - go.opentelemetry.io/otel/metric v1.35.0 // indirect - go.opentelemetry.io/otel/sdk v1.35.0 // indirect - go.opentelemetry.io/otel/sdk/metric v1.35.0 // indirect - go.opentelemetry.io/otel/trace v1.35.0 // indirect - go.opentelemetry.io/proto/otlp v1.7.0 // indirect + go.opentelemetry.io/otel/metric v1.38.0 // indirect + go.opentelemetry.io/otel/sdk v1.38.0 // indirect + go.opentelemetry.io/otel/sdk/metric v1.38.0 // indirect + go.opentelemetry.io/otel/trace v1.38.0 // indirect + go.opentelemetry.io/proto/otlp v1.7.1 // indirect go.uber.org/multierr v1.11.0 // indirect - go.yaml.in/yaml/v2 v2.4.2 // indirect - go.yaml.in/yaml/v3 v3.0.3 // indirect - golang.org/x/crypto v0.40.0 // indirect - golang.org/x/exp v0.0.0-20250717185816-542afb5b7346 // indirect - golang.org/x/mod v0.25.0 // indirect - golang.org/x/oauth2 v0.30.0 // indirect - golang.org/x/sync v0.16.0 // indirect - golang.org/x/sys v0.34.0 // indirect - golang.org/x/term v0.33.0 // indirect - golang.org/x/text v0.27.0 // indirect - golang.org/x/time v0.11.0 // indirect - golang.org/x/tools v0.34.0 // indirect + go.yaml.in/yaml/v2 v2.4.3 // indirect + go.yaml.in/yaml/v3 v3.0.4 // indirect + golang.org/x/crypto v0.42.0 // indirect + golang.org/x/exp v0.0.0-20250808145144-a408d31f581a // indirect + golang.org/x/mod v0.28.0 // indirect + golang.org/x/oauth2 v0.31.0 // indirect + golang.org/x/sync v0.17.0 // indirect + golang.org/x/sys v0.36.0 // indirect + golang.org/x/term v0.35.0 // indirect + golang.org/x/text v0.29.0 // indirect + golang.org/x/time v0.13.0 // indirect + golang.org/x/tools v0.37.0 // indirect gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect - google.golang.org/api v0.224.0 // indirect - google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 // indirect - gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect + google.golang.org/api v0.250.0 // indirect + google.golang.org/genproto v0.0.0-20250603155806-513f23925822 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250922171735-9219d122eba9 // indirect + gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect gopkg.in/gcfg.v1 v1.2.3 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiserver v0.33.3 // indirect - k8s.io/component-base v0.33.3 // indirect + k8s.io/apiserver v0.34.1 // indirect + k8s.io/component-base v0.34.1 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect + k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3 // indirect k8s.io/kubectl v0.33.3 // indirect - k8s.io/utils v0.0.0-20250502105355-0f33e8f1c979 // indirect + k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.32.1 // indirect - sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect + sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/kustomize/api v0.19.0 // indirect sigs.k8s.io/kustomize/kyaml v0.19.0 // indirect sigs.k8s.io/mcs-api v0.1.1-0.20240624222831-d7001fe1d21c // indirect sigs.k8s.io/randfill v1.0.0 // indirect + sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect ) replace istio.io/api => ./external/api diff --git a/go.sum b/go.sum index d5603214d..46465b18e 100644 --- a/go.sum +++ b/go.sum @@ -55,8 +55,8 @@ cloud.google.com/go v0.110.10/go.mod h1:v1OoFqYxiBkUrruItNM3eT4lLByNjxmJSV/xDKJN cloud.google.com/go v0.111.0/go.mod h1:0mibmpKP1TyOOFYQY5izo0LnT+ecvOQ0Sg3OdmMiNRU= cloud.google.com/go v0.112.0/go.mod h1:3jEEVwZ/MHU4djK5t5RHuKOA/GbLddgTdVubX1qnPD4= cloud.google.com/go v0.112.1/go.mod h1:+Vbu+Y1UU+I1rjmzeMOb/8RfkKJK2Gyxi1X6jJCZLo4= -cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ= -cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= +cloud.google.com/go v0.120.0 h1:wc6bgG9DHyKqF5/vQvX1CiZrtHnxJjBlKUyF9nP6meA= +cloud.google.com/go v0.120.0/go.mod h1:/beW32s8/pGRuj4IILWQNd4uuebeT4dkOhKmkfit64Q= cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4= cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw= cloud.google.com/go/accessapproval v1.6.0/go.mod h1:R0EiYnwV5fsRFiKZkPHr6mwyk2wxUJ30nL4j2pcFY2E= @@ -193,10 +193,10 @@ cloud.google.com/go/assuredworkloads v1.11.2/go.mod h1:O1dfr+oZJMlE6mw0Bp0P1KZSl cloud.google.com/go/assuredworkloads v1.11.3/go.mod h1:vEjfTKYyRUaIeA0bsGJceFV2JKpVRgyG2op3jfa59Zs= cloud.google.com/go/assuredworkloads v1.11.4/go.mod h1:4pwwGNwy1RP0m+y12ef3Q/8PaiWrIDQ6nD2E8kvWI9U= cloud.google.com/go/assuredworkloads v1.11.5/go.mod h1:FKJ3g3ZvkL2D7qtqIGnDufFkHxwIpNM9vtmhvt+6wqk= -cloud.google.com/go/auth v0.15.0 h1:Ly0u4aA5vG/fsSsxu98qCQBemXtAtJf+95z9HK+cxps= -cloud.google.com/go/auth v0.15.0/go.mod h1:WJDGqZ1o9E9wKIL+IwStfyn/+s59zl4Bi+1KQNVXLZ8= -cloud.google.com/go/auth/oauth2adapt v0.2.7 h1:/Lc7xODdqcEw8IrZ9SvwnlLX6j9FHQM74z6cBk9Rw6M= -cloud.google.com/go/auth/oauth2adapt v0.2.7/go.mod h1:NTbTTzfvPl1Y3V1nPpOgl2w6d/FjO7NNUQaWSox6ZMc= +cloud.google.com/go/auth v0.16.5 h1:mFWNQ2FEVWAliEQWpAdH80omXFokmrnbDhUS9cBywsI= +cloud.google.com/go/auth v0.16.5/go.mod h1:utzRfHMP+Vv0mpOkTRQoWD2q3BatTOoWbA7gCc2dUhQ= +cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc= +cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c= cloud.google.com/go/automl v1.5.0/go.mod h1:34EjfoFGMZ5sgJ9EoLsRtdPSNZLcfflJR39VbVNS2M0= cloud.google.com/go/automl v1.6.0/go.mod h1:ugf8a6Fx+zP0D59WLhqgTDsQI9w07o64uf/Is3Nh5p8= cloud.google.com/go/automl v1.7.0/go.mod h1:RL9MYCCsJEOmt0Wf3z9uzG0a7adTT1fe+aObgSpkCt8= @@ -368,8 +368,9 @@ cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2Aawl cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= -cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I= cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg= +cloud.google.com/go/compute/metadata v0.8.4 h1:oXMa1VMQBVCyewMIOm3WQsnVd9FbKBtm8reqWRaXnHQ= +cloud.google.com/go/compute/metadata v0.8.4/go.mod h1:E0bWwX5wTnLPedCKqk3pJmVgCBSM6qQI1yTBdEb3C10= cloud.google.com/go/contactcenterinsights v1.3.0/go.mod h1:Eu2oemoePuEFc/xKFPjbTuPSj0fYJcPls9TFlPNnHHY= cloud.google.com/go/contactcenterinsights v1.4.0/go.mod h1:L2YzkGbPsv+vMQMCADxJoT9YiTTnSEd6fEvCeHTYVck= cloud.google.com/go/contactcenterinsights v1.6.0/go.mod h1:IIDlT6CLcDoyv79kDv8iWxMSTZhLxSCofVV5W6YFM/w= @@ -705,8 +706,8 @@ cloud.google.com/go/iam v1.1.3/go.mod h1:3khUlaBXfPKKe7huYgEpDn6FtgRyMEqbkvBxrQy cloud.google.com/go/iam v1.1.4/go.mod h1:l/rg8l1AaA+VFMho/HYx2Vv6xinPSLMF8qfhRPIZ0L8= cloud.google.com/go/iam v1.1.5/go.mod h1:rB6P/Ic3mykPbFio+vo7403drjlgvoWfYpJhMXEbzv8= cloud.google.com/go/iam v1.1.6/go.mod h1:O0zxdPeGBoFdWW3HWmBxJsk0pfvNM/p/qa82rWOGTwI= -cloud.google.com/go/iam v1.2.0 h1:kZKMKVNk/IsSSc/udOb83K0hL/Yh/Gcqpz+oAkoIFN8= -cloud.google.com/go/iam v1.2.0/go.mod h1:zITGuWgsLZxd8OwAlX+eMFgZDXzBm7icj1PVTYG766Q= +cloud.google.com/go/iam v1.5.2 h1:qgFRAGEmd8z6dJ/qyEchAuL9jpswyODjA2lS+w234g8= +cloud.google.com/go/iam v1.5.2/go.mod h1:SE1vg0N81zQqLzQEwxL2WI6yhetBdbNQuTvIKCSkUHE= cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc= cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/Ix9A= cloud.google.com/go/iap v1.6.0/go.mod h1:NSuvI9C/j7UdjGjIde7t7HBz+QTwBcapPE07+sSRcLk= @@ -774,8 +775,8 @@ cloud.google.com/go/logging v1.6.1/go.mod h1:5ZO0mHHbvm8gEmeEUHrmDlTDSu5imF6MUP9 cloud.google.com/go/logging v1.7.0/go.mod h1:3xjP2CjkM3ZkO73aj4ASA5wRPGGCRrPIAeNqVNkzY8M= cloud.google.com/go/logging v1.8.1/go.mod h1:TJjR+SimHwuC8MZ9cjByQulAMgni+RkXeI3wwctHJEI= cloud.google.com/go/logging v1.9.0/go.mod h1:1Io0vnZv4onoUnsVUQY3HZ3Igb1nBchky0A0y7BBBhE= -cloud.google.com/go/logging v1.11.0 h1:v3ktVzXMV7CwHq1MBF65wcqLMA7i+z3YxbUsoK7mOKs= -cloud.google.com/go/logging v1.11.0/go.mod h1:5LDiJC/RxTt+fHc1LAt20R9TKiUTReDg6RuuFOZ67+A= +cloud.google.com/go/logging v1.13.0 h1:7j0HgAp0B94o1YRDqiqm26w4q1rDMH7XNRU34lJXHYc= +cloud.google.com/go/logging v1.13.0/go.mod h1:36CoKh6KA/M0PbhPKMq6/qety2DCAErbhXT62TuXALA= cloud.google.com/go/longrunning v0.1.1/go.mod h1:UUFxuDWkv22EuY93jjmDMFT5GPQKeFVJBIF6QlTqdsE= cloud.google.com/go/longrunning v0.3.0/go.mod h1:qth9Y41RRSUE69rDcOn6DdK3HfQfsUI0YSmW3iIlLJc= cloud.google.com/go/longrunning v0.4.1/go.mod h1:4iWDqhBZ70CvZ6BfETbvam3T8FMvLK+eFj0E6AaRQTo= @@ -786,8 +787,8 @@ cloud.google.com/go/longrunning v0.5.2/go.mod h1:nqo6DQbNV2pXhGDbDMoN2bWz68MjZUz cloud.google.com/go/longrunning v0.5.3/go.mod h1:y/0ga59EYu58J6SHmmQOvekvND2qODbu8ywBBW7EK7Y= cloud.google.com/go/longrunning v0.5.4/go.mod h1:zqNVncI0BOP8ST6XQD1+VcvuShMmq7+xFSzOL++V0dI= cloud.google.com/go/longrunning v0.5.5/go.mod h1:WV2LAxD8/rg5Z1cNW6FJ/ZpX4E4VnDnoTk0yawPBB7s= -cloud.google.com/go/longrunning v0.6.0 h1:mM1ZmaNsQsnb+5n1DNPeL0KwQd9jQRqSqSDEkBZr+aI= -cloud.google.com/go/longrunning v0.6.0/go.mod h1:uHzSZqW89h7/pasCWNYdUpwGz3PcVWhrWupreVPYLts= +cloud.google.com/go/longrunning v0.6.7 h1:IGtfDWHhQCgCjwQjV9iiLnUta9LBCo8R9QmAFsS/PrE= +cloud.google.com/go/longrunning v0.6.7/go.mod h1:EAFV3IZAKmM56TyiE6VAP3VoTzhZzySwI/YI1s/nRsY= cloud.google.com/go/managedidentities v1.3.0/go.mod h1:UzlW3cBOiPrzucO5qWkNkh0w33KFtBJU281hacNvsdE= cloud.google.com/go/managedidentities v1.4.0/go.mod h1:NWSBYbEMgqmbZsLIyKvxrYbtqOsxY1ZrGM+9RgDqInM= cloud.google.com/go/managedidentities v1.5.0/go.mod h1:+dWcZ0JlUmpuxpIDfyP5pP5y0bLdRwOS4Lp7gMni/LA= @@ -1373,8 +1374,8 @@ github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0 github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= -github.com/Masterminds/semver/v3 v3.3.1 h1:QtNSWtVZ3nBfk8mAOu/B6v7FMJ+NHTIgUPi7rj+4nv4= -github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= +github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0= +github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs= github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= @@ -1539,6 +1540,8 @@ github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QH github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM= +github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g= @@ -1603,8 +1606,8 @@ github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7 h1:u9SHYsPQNyt5t github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= -github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= +github.com/coreos/go-systemd/v22 v22.6.0 h1:aGVa/v8B7hpb0TKl0MWoAavPDmHvobFe5R5zn0bCJWo= +github.com/coreos/go-systemd/v22 v22.6.0/go.mod h1:iG+pp635Fo7ZmV/j14KUcmEyWF+0X7Lua8rrTWzYgWU= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= @@ -1653,8 +1656,8 @@ github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaB github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU= -github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.13.0 h1:C4Bl2xDndpU6nJ4bc1jXd+uTmYPVUwkD6bFY/oTyCes= +github.com/emicklei/go-restful/v3 v3.13.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane/ratelimit v0.1.0/go.mod h1:Wk+tMFAFbCXaJPzVVHnPgRKdUdwW/KdbRt94AzgRee4= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w= @@ -1701,8 +1704,8 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k= github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= -github.com/fxamacker/cbor/v2 v2.8.0 h1:fFtUGXUzXPHTIUdne5+zzMPTfffl3RD5qYnkY40vtxU= -github.com/fxamacker/cbor/v2 v2.8.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= +github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= +github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY= github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= @@ -1717,8 +1720,8 @@ github.com/go-fonts/stix v0.1.0/go.mod h1:w/c1f0ldAUlJmLBvlbkvVXLAD+tAMqobIIQpmn github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA= -github.com/go-jose/go-jose/v4 v4.1.0 h1:cYSYxd3pw5zd2FSXk2vGdn9igQU2PS8MuxrCOCl0FdY= -github.com/go-jose/go-jose/v4 v4.1.0/go.mod h1:GG/vqmYm3Von2nYiB2vGTXzdoNKE5tix5tuc6iAd+sw= +github.com/go-jose/go-jose/v4 v4.1.2 h1:TK/7NqRQZfgAh+Td8AlsrvtPoUyiHh0LqVvokh+1vHI= +github.com/go-jose/go-jose/v4 v4.1.2/go.mod h1:22cg9HWM1pOlnRiY+9cQYJ9XHmya1bYW8OeDM6Ku6Oo= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= @@ -1746,8 +1749,8 @@ github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR github.com/go-ole/go-ole v1.2.4/go.mod h1:XCwSNxSkXRo4vlyPy93sltvi/qJq0jqQhjqQNIwKuxM= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonpointer v0.21.1 h1:whnzv/pNXtK2FbX/W9yJfRmE2gsmkfahjMKB0fZvcic= -github.com/go-openapi/jsonpointer v0.21.1/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk= +github.com/go-openapi/jsonpointer v0.21.2 h1:AqQaNADVwq/VnkCmQg6ogE+M3FOsKTytwges0JdwVuA= +github.com/go-openapi/jsonpointer v0.21.2/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk= github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg= github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= @@ -1850,12 +1853,12 @@ github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= -github.com/google/cel-go v0.25.0 h1:jsFw9Fhn+3y2kBbltZR4VEz5xKkcIFRPDnuEzAGv5GY= -github.com/google/cel-go v0.25.0/go.mod h1:hjEb6r5SuOSlhCHmFoLzu8HGCERvIsDAbxDAyNU/MmI= +github.com/google/cel-go v0.26.0 h1:DPGjXackMpJWH680oGY4lZhYjIameYmR+/6RBdDGmaI= +github.com/google/cel-go v0.26.0/go.mod h1:A9O8OU9rdvrK5MQyrqfIxo1a0u4g3sF8KB6PUIaryMM= github.com/google/flatbuffers v2.0.8+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= github.com/google/flatbuffers v23.5.26+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= -github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw= -github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw= +github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo= +github.com/google/gnostic-models v0.7.0/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -1906,8 +1909,8 @@ github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= -github.com/google/pprof v0.0.0-20250501235452-c0086092b71a h1:rDA3FfmxwXR+BVKKdz55WwMJ1pD2hJQNW31d+l3mPk4= -github.com/google/pprof v0.0.0-20250501235452-c0086092b71a/go.mod h1:5hDyRhoBCxViHszMt12TnOpEI4VVi+U8Gm9iphldiMA= +github.com/google/pprof v0.0.0-20250923004556-9e5a51aed1e8 h1:ZI8gCoCjGzPsum4L21jHdQs8shFBIQih1TM9Rd/c+EQ= +github.com/google/pprof v0.0.0-20250923004556-9e5a51aed1e8/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.0/go.mod h1:OJpEgntRZo8ugHpF9hkoLJbS5dSI20XZeXJ9JVywLlM= github.com/google/s2a-go v0.1.3/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= @@ -1934,8 +1937,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5 github.com/googleapis/enterprise-certificate-proxy v0.2.4/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= github.com/googleapis/enterprise-certificate-proxy v0.2.5/go.mod h1:RxW0N9901Cko1VOCW3SXCpWP+mlIEkk2tP7jnHy9a3w= github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= -github.com/googleapis/enterprise-certificate-proxy v0.3.5 h1:VgzTY2jogw3xt39CusEnFJWm7rlsq5yL5q9XdLOuP5g= -github.com/googleapis/enterprise-certificate-proxy v0.3.5/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA= +github.com/googleapis/enterprise-certificate-proxy v0.3.6 h1:GW/XbdyBFQ8Qe+YAmFU9uHLo7OnF5tL52HFAgMmyrf4= +github.com/googleapis/enterprise-certificate-proxy v0.3.6/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= @@ -1953,8 +1956,8 @@ github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5i github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= github.com/googleapis/gax-go/v2 v2.12.1/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc= github.com/googleapis/gax-go/v2 v2.12.2/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc= -github.com/googleapis/gax-go/v2 v2.14.1 h1:hb0FFeiPaQskmvakKu5EbCbpntQn48jyHuvrkurSS/Q= -github.com/googleapis/gax-go/v2 v2.14.1/go.mod h1:Hb/NubMaVM88SrNkvl8X/o8XWwDJEPqouaLeN2IUxoA= +github.com/googleapis/gax-go/v2 v2.15.0 h1:SyjDc1mGgZU5LncH8gimWo9lW1DtIfPibOG81vgd/bo= +github.com/googleapis/gax-go/v2 v2.15.0/go.mod h1:zVVkkxAQHa1RQpg9z2AUCMnKhi0Qld9rcmyfL1OZhoc= github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= @@ -1976,8 +1979,8 @@ github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo= github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA= -github.com/grafana/regexp v0.0.0-20240518133315-a468a5bfb3bc h1:GN2Lv3MGO7AS6PrRoT6yV5+wkrOpcszoIsO4+4ds248= -github.com/grafana/regexp v0.0.0-20240518133315-a468a5bfb3bc/go.mod h1:+JKpmjMGhpgPL+rXZ5nsZieVzvarn86asRlBg4uNGnk= +github.com/grafana/regexp v0.0.0-20250905093917-f7b3be9d1853 h1:cLN4IBkmkYZNnk7EAJ0BHIethd+J6LqxFNw5mSiI2bM= +github.com/grafana/regexp v0.0.0-20250905093917-f7b3be9d1853/go.mod h1:+JKpmjMGhpgPL+rXZ5nsZieVzvarn86asRlBg4uNGnk= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= @@ -1994,11 +1997,12 @@ github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t github.com/grpc-ecosystem/grpc-gateway v1.14.6/go.mod h1:zdiPV4Yse/1gnckTHtghG4GkDEdKCRJduHpTxT3/jcw= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 h1:5ZPtiqj0JL5oKWmcsq4VMaAW5ukBEgSGXEN89zeH1Jo= github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3/go.mod h1:ndYquD05frm2vACXE1nsccT4oJzjhw2arTS2cpUD1PI= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 h1:8Tjv8EJ+pM1xP8mK6egEbD1OgnVTyacbefKhmbLhIhU= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2/go.mod h1:pkJQ2tZHJ0aFOVEEot6oZmaVEZcRme73eIFmhiVuRWs= github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= -github.com/hashicorp/consul/api v1.31.2 h1:NicObVJHcCmyOIl7Z9iHPvvFrocgTYo9cITSGg0/7pw= -github.com/hashicorp/consul/api v1.31.2/go.mod h1:Z8YgY0eVPukT/17ejW+l+C7zJmKwgPHtjU1q16v/Y40= +github.com/hashicorp/consul/api v1.32.0 h1:5wp5u780Gri7c4OedGEPzmlUEzi0g2KyiPphSr6zjVg= +github.com/hashicorp/consul/api v1.32.0/go.mod h1:Z8YgY0eVPukT/17ejW+l+C7zJmKwgPHtjU1q16v/Y40= github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/consul/sdk v0.16.1 h1:V8TxTnImoPD5cj0U9Spl0TUxcytjcbbJeADFF07KdHg= github.com/hashicorp/consul/sdk v0.16.1/go.mod h1:fSXvwxB2hmh1FMZCNl6PwX0Q/1wdWtHJcZ7Ea5tns0s= @@ -2095,8 +2099,8 @@ github.com/johnlanni/gost v1.11.23-0.20220713132522-0967a24036c6 h1:i9IP6menkNYR github.com/johnlanni/gost v1.11.23-0.20220713132522-0967a24036c6/go.mod h1:PhJ8+qZJx+Txjx1KthNPuVkCvUca0jRLgKWj/noGgeI= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= -github.com/jonboulle/clockwork v0.4.0 h1:p4Cf1aMWXnXAUh8lVfewRBx1zaTSYKrKMF2g3ST4RZ4= -github.com/jonboulle/clockwork v0.4.0/go.mod h1:xgRqUGwRcjKCO1vbZUEtSLrqKoPSsUpK7fnezOII0kc= +github.com/jonboulle/clockwork v0.5.0 h1:Hyh9A8u51kptdkR+cqRpT1EebBwTn1oK9YfGYbdFz6I= +github.com/jonboulle/clockwork v0.5.0/go.mod h1:3mZlmanh0g2NDKO5TWZVJAfofYk64M7XN3SzBPjZF60= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= @@ -2227,8 +2231,8 @@ github.com/miekg/dns v1.1.17/go.mod h1:WgzbA6oji13JREwiNsRDNfl7jYdPnmz+VEuLrA+/4 github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4= -github.com/miekg/dns v1.1.66 h1:FeZXOS3VCVsKnEAd+wBkjMC3D2K+ww66Cq3VnCINuJE= -github.com/miekg/dns v1.1.66/go.mod h1:jGFzBsSNbJw6z1HYut1RKBKHA9PBdxeHrZG8J+gC2WE= +github.com/miekg/dns v1.1.68 h1:jsSRkNozw7G/mnmXULynzMNIsgY2dHC8LO6U6Ij2JEA= +github.com/miekg/dns v1.1.68/go.mod h1:fujopn7TB3Pu3JM69XaawiU0wqjpL9/8xGop5UrTPps= github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY= github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= @@ -2259,8 +2263,9 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFdJifH4BDsTlE89Zl93FEloxaWZfGcifgq8= +github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= @@ -2297,16 +2302,16 @@ github.com/onsi/ginkgo v1.16.2/go.mod h1:CObGmKUOKaSC0RjmoAK7tKyn4Azo5P2IWuoMnvw github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.23.4 h1:ktYTpKJAVZnDT4VjxSbiBenUjmlL/5QkBEocaWXiQus= -github.com/onsi/ginkgo/v2 v2.23.4/go.mod h1:Bt66ApGPBFzHyR+JO10Zbt0Gsp4uWxu5mIOTusL46e8= +github.com/onsi/ginkgo/v2 v2.26.0 h1:1J4Wut1IlYZNEAWIV3ALrT9NfiaGW2cDCJQSFQMs/gE= +github.com/onsi/ginkgo/v2 v2.26.0/go.mod h1:qhEywmzWTBUY88kfO0BRvX4py7scov9yR+Az2oavUzw= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.13.0/go.mod h1:lRk9szgn8TxENtWd0Tp4c3wjlRfMTMH27I+3Je41yGY= github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= -github.com/onsi/gomega v1.37.0 h1:CdEG8g0S133B4OswTDC/5XPSzE1OeP29QOioj2PID2Y= -github.com/onsi/gomega v1.37.0/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0= +github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A= +github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7 h1:lDH9UUVJtmYCjyT0CI4q8xvlXPxeZ0gYCVvWbmPlp88= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= @@ -2372,8 +2377,8 @@ github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3O github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.9.0/go.mod h1:FqZLKOZnGdFAhOK4nqGHa7D66IdsO+O441Eve7ptJDU= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= -github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q= -github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0= +github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o= +github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg= github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= @@ -2392,8 +2397,8 @@ github.com/prometheus/common v0.15.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.28.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.65.0 h1:QDwzd+G1twt//Kwj/Ww6E9FQq1iVMmODnILtW1t2VzE= -github.com/prometheus/common v0.65.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8= +github.com/prometheus/common v0.67.1 h1:OTSON1P4DNxzTg4hmKCc37o4ZAZDv0cfXLkOt0oEowI= +github.com/prometheus/common v0.67.1/go.mod h1:RpmT9v35q2Y+lsieQsdOh5sXZ6ajUGC8NjZAmr8vb0Q= github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= @@ -2402,10 +2407,10 @@ github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+Gx github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg= -github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is= -github.com/prometheus/prometheus v0.303.1 h1:He/2jRE6sB23Ew38AIoR1WRR3fCMgPlJA2E0obD2WSY= -github.com/prometheus/prometheus v0.303.1/go.mod h1:WEq2ogBPZoLjj9x5K67VEk7ECR0nRD9XCjaOt1lsYck= +github.com/prometheus/procfs v0.17.0 h1:FuLQ+05u4ZI+SS/w9+BWEM2TXiHKsUQ9TADiRH7DuK0= +github.com/prometheus/procfs v0.17.0/go.mod h1:oPQLaDAMRbA+u8H5Pbfq+dl3VDAvHxMUOVhe0wYB2zw= +github.com/prometheus/prometheus v0.307.1 h1:Hh3kRMFn+xpQGLe/bR6qpUfW4GXQO0spuYeY7f2JZs4= +github.com/prometheus/prometheus v0.307.1/go.mod h1:/7YQG/jOLg7ktxGritmdkZvezE1fa6aWDj0MGDIZvcY= github.com/prometheus/statsd_exporter v0.21.0/go.mod h1:rbT83sZq2V+p73lHhPZfMc3MLCHmSHelCh9hSGYNLTQ= github.com/rabbitmq/amqp091-go v1.1.0/go.mod h1:ogQDLSOACsLPsIq0NpbtiifNZi2YOz0VTJ0kHRghqbM= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= @@ -2508,8 +2513,9 @@ github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= +github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/substrait-io/substrait-go v0.4.2/go.mod h1:qhpnLmrcvAnlZsUyPXZRqldiHapPTXC3t7xFgDi3aQg= github.com/tebeka/strftime v0.1.3 h1:5HQXOqWKYRFfNyBMNVc9z5+QzuBtIXy03psIhtdJYto= github.com/tebeka/strftime v0.1.3/go.mod h1:7wJm3dZlpr4l/oVK0t1HYIc4rMzQ2XJlOMIUJUJH6XQ= @@ -2577,17 +2583,17 @@ go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738 h1:VcrIfasaLFkyjk6KNlXQSzO+B0 go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= go.etcd.io/etcd/api/v3 v3.5.0-alpha.0/go.mod h1:mPcW6aZJukV6Aa81LSKpBjQXTWlXB5r74ymPoSWa3Sw= go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= -go.etcd.io/etcd/api/v3 v3.5.21 h1:A6O2/JDb3tvHhiIz3xf9nJ7REHvtEFJJ3veW3FbCnS8= -go.etcd.io/etcd/api/v3 v3.5.21/go.mod h1:c3aH5wcvXv/9dqIw2Y810LDXJfhSYdHQ0vxmP3CCHVY= +go.etcd.io/etcd/api/v3 v3.6.4 h1:7F6N7toCKcV72QmoUKa23yYLiiljMrT4xCeBL9BmXdo= +go.etcd.io/etcd/api/v3 v3.6.4/go.mod h1:eFhhvfR8Px1P6SEuLT600v+vrhdDTdcfMzmnxVXXSbk= go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= -go.etcd.io/etcd/client/pkg/v3 v3.5.21 h1:lPBu71Y7osQmzlflM9OfeIV2JlmpBjqBNlLtcoBqUTc= -go.etcd.io/etcd/client/pkg/v3 v3.5.21/go.mod h1:BgqT/IXPjK9NkeSDjbzwsHySX3yIle2+ndz28nVsjUs= +go.etcd.io/etcd/client/pkg/v3 v3.6.4 h1:9HBYrjppeOfFjBjaMTRxT3R7xT0GLK8EJMVC4xg6ok0= +go.etcd.io/etcd/client/pkg/v3 v3.6.4/go.mod h1:sbdzr2cl3HzVmxNw//PH7aLGVtY4QySjQFuaCgcRFAI= go.etcd.io/etcd/client/v2 v2.305.0-alpha.0/go.mod h1:kdV+xzCJ3luEBSIeQyB/OEKkWKd8Zkux4sbDeANrosU= go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ= go.etcd.io/etcd/client/v3 v3.5.0-alpha.0/go.mod h1:wKt7jgDgf/OfKiYmCq5WFGxOFAkVMLxiiXgLDFhECr8= go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0= -go.etcd.io/etcd/client/v3 v3.5.21 h1:T6b1Ow6fNjOLOtM0xSoKNQt1ASPCLWrF9XMHcH9pEyY= -go.etcd.io/etcd/client/v3 v3.5.21/go.mod h1:mFYy67IOqmbRf/kRUvsHixzo3iG+1OF2W2+jVIQRAnU= +go.etcd.io/etcd/client/v3 v3.6.4 h1:YOMrCfMhRzY8NgtzUsHl8hC2EBSnuqbR3dh84Uryl7A= +go.etcd.io/etcd/client/v3 v3.6.4/go.mod h1:jaNNHCyg2FdALyKWnd7hxZXZxZANb0+KGY+YQaEMISo= go.etcd.io/etcd/pkg/v3 v3.5.0-alpha.0/go.mod h1:tV31atvwzcybuqejDoY3oaNRTtlD2l/Ot78Pc9w7DMY= go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE= go.etcd.io/etcd/raft/v3 v3.5.0-alpha.0/go.mod h1:FAwse6Zlm5v4tEWZaTjmNhe17Int4Oxbu7+2r0DiD3w= @@ -2616,15 +2622,15 @@ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.4 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0/go.mod h1:r9vWsPS/3AQItv3OSlEJ/E4mbrhUbbw18meOjArPtKQ= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.48.0/go.mod h1:tIKj3DbO8N9Y2xo52og3irLsPI4GW02DSMtrVgNMgxg= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0/go.mod h1:Mjt1i1INqiaoZOMGR1RIUJN+i3ChKoFRqzrRQhlkbs0= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.59.0 h1:rgMkmiGfix9vFJDcDi1PK8WEQP4FLQwLDfhp5ZLpFeE= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.59.0/go.mod h1:ijPqXp5P6IRRByFVVg9DY8P5HkxkHE5ARIa+86aXPf4= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 h1:q4XOmH/0opmeuJtPsbFNivyl7bCt7yRBbeEm2sC/XtQ= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0/go.mod h1:snMWehoOh2wsEwnvvwtDyFCxVeDAODenXHtn5vzrKjo= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:sEGXWArGqc3tVa+ekntsN65DmVbVeW+7lTKTjZF3/Fo= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0/go.mod h1:SK2UL73Zy1quvRPonmOmRDiWk1KBV3LyIeeIxcEApWw= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0/go.mod h1:rdENBZMT2OE6Ne/KLwpiXudnAsbdrdBaqBvTN8M8BgA= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 h1:sbiXRNDSWJOTobXh5HyQKjq6wUC5tNybqjIqDpAY4CU= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0/go.mod h1:69uWxva0WgAA/4bu2Yy70SLDBwZXuQ6PbBpbsa5iZrQ= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 h1:RbKq8BG0FI8OiXhBfcRtqqHcZcka+gU3cskNuf05R18= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0/go.mod h1:h06DGIukJOevXaj/xrNjhi/2098RZzcLTbc0jDAUbsg= go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY= go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo= @@ -2633,13 +2639,14 @@ go.opentelemetry.io/otel v1.23.0/go.mod h1:YCycw9ZeKhcJFrb34iVSkyT0iczq/zYDtZYFu go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo= go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg= go.opentelemetry.io/otel v1.34.0/go.mod h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI= -go.opentelemetry.io/otel v1.35.0 h1:xKWKPxrxB6OtMCbmMY021CqC45J+3Onta9MqjhnusiQ= go.opentelemetry.io/otel v1.35.0/go.mod h1:UEqy8Zp11hpkUrL73gSlELM0DupHoiq72dR+Zqel/+Y= +go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8= +go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM= go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 h1:1fTNlAIJZGWLP5FVu0fikVry1IsiUnXjf7QFvoNN3Xw= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0/go.mod h1:zjPK58DtkqQFn+YUMbx0M2XV3QgKU0gS9LeGohREyK4= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0 h1:m639+BofXTvcY1q8CGs4ItwQarYtJPOWmVobfM1HpVI= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0/go.mod h1:LjReUci/F4BUyv+y4dwnq3h/26iNOeC3wAIqgvTIZVo= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 h1:GqRJVj7UmLjCVyVJ3ZFLdPRmhDUp2zFmQe3RHIOsw24= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0/go.mod h1:ri3aaHSmCTVYu2AWv44YMauwAQc0aqI9gHKIcSbI1pU= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0 h1:lwI4Dc5leUqENgGuQImwLo4WnuXFPetmPpkLi2IrX54= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0/go.mod h1:Kz/oCE7z5wuyhPxsXDuaPteSWqjSBD5YaSdbxZYGbGk= go.opentelemetry.io/otel/exporters/prometheus v0.57.0 h1:AHh/lAP1BHrY5gBwk8ncc25FXWm/gmmY3BX258z5nuk= go.opentelemetry.io/otel/exporters/prometheus v0.57.0/go.mod h1:QpFWz1QxqevfjwzYdbMb4Y1NnlJvqSGwyuU0B4iuc9c= go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= @@ -2650,8 +2657,9 @@ go.opentelemetry.io/otel/metric v1.23.0/go.mod h1:MqUW2X2a6Q8RN96E2/nqNoT+z9BSms go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco= go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8= go.opentelemetry.io/otel/metric v1.34.0/go.mod h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE= -go.opentelemetry.io/otel/metric v1.35.0 h1:0znxYu2SNyuMSQT4Y9WDWej0VpcsxkuklLa4/siN90M= go.opentelemetry.io/otel/metric v1.35.0/go.mod h1:nKVFgxBZ2fReX6IlyW28MgZojkoAkJGaE8CpgeAU3oE= +go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA= +go.opentelemetry.io/otel/metric v1.38.0/go.mod h1:kB5n/QoRM8YwmUahxvI3bO34eVtQf2i4utNVLr9gEmI= go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= go.opentelemetry.io/otel/sdk v1.19.0/go.mod h1:NedEbbS4w3C6zElbLdPJKOpJQOrGUJ+GfzpjUvI0v1A= @@ -2659,14 +2667,16 @@ go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6 go.opentelemetry.io/otel/sdk v1.22.0/go.mod h1:iu7luyVGYovrRpe2fmj3CVKouQNdTOkxtLzPvPz1DOc= go.opentelemetry.io/otel/sdk v1.32.0/go.mod h1:LqgegDBjKMmb2GC6/PrTnteJG39I8/vJCAP9LlJXEjU= go.opentelemetry.io/otel/sdk v1.34.0/go.mod h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU= -go.opentelemetry.io/otel/sdk v1.35.0 h1:iPctf8iprVySXSKJffSS79eOjl9pvxV9ZqOWT0QejKY= go.opentelemetry.io/otel/sdk v1.35.0/go.mod h1:+ga1bZliga3DxJ3CQGg3updiaAJoNECOgJREo9KHGQg= +go.opentelemetry.io/otel/sdk v1.38.0 h1:l48sr5YbNf2hpCUj/FoGhW9yDkl+Ma+LrVl8qaM5b+E= +go.opentelemetry.io/otel/sdk v1.38.0/go.mod h1:ghmNdGlVemJI3+ZB5iDEuk4bWA3GkTpW+DOoZMYBVVg= go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= go.opentelemetry.io/otel/sdk/metric v1.32.0/go.mod h1:PWeZlq0zt9YkYAp3gjKZ0eicRYvOh1Gd+X99x6GHpCQ= go.opentelemetry.io/otel/sdk/metric v1.34.0/go.mod h1:jQ/r8Ze28zRKoNRdkjCZxfs6YvBTG1+YIqyFVFYec5w= -go.opentelemetry.io/otel/sdk/metric v1.35.0 h1:1RriWBmCKgkeHEhM7a2uMjMUfP7MsOF5JpUCaEqEI9o= go.opentelemetry.io/otel/sdk/metric v1.35.0/go.mod h1:is6XYCUMpcKi+ZsOvfluY5YstFnhW0BidkR+gL+qN+w= +go.opentelemetry.io/otel/sdk/metric v1.38.0 h1:aSH66iL0aZqo//xXzQLYozmWrXxyFkBJ6qT5wthqPoM= +go.opentelemetry.io/otel/sdk/metric v1.38.0/go.mod h1:dg9PBnW9XdQ1Hd6ZnRz689CbtrUp0wMMs9iPcgT9EZA= go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo= go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ= @@ -2675,11 +2685,13 @@ go.opentelemetry.io/otel/trace v1.23.0/go.mod h1:GSGTbIClEsuZrGIzoEHqsVfxgn5Ukgg go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU= go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8= go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE= -go.opentelemetry.io/otel/trace v1.35.0 h1:dPpEfJu1sDIqruz7BHFG3c7528f6ddfSWfFDVt/xgMs= go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc= +go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE= +go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.opentelemetry.io/proto/otlp v1.7.0 h1:jX1VolD6nHuFzOYso2E73H85i92Mv8JQYk0K9vz09os= go.opentelemetry.io/proto/otlp v1.7.0/go.mod h1:fSKjH6YJ7HDlwzltzyMj036AJ3ejJLCgCSHGj4efDDo= +go.opentelemetry.io/proto/otlp v1.7.1 h1:gTOMpGDb0WTBOP8JaO72iL3auEZhVmAQg4ipjOVAtj4= +go.opentelemetry.io/proto/otlp v1.7.1/go.mod h1:b2rVh6rfI/s2pHWNlB7ILJcRALpcNDzKhACevjI+ZnE= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= @@ -2711,10 +2723,10 @@ go.uber.org/zap v1.18.1/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI= go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= -go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI= -go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU= -go.yaml.in/yaml/v3 v3.0.3 h1:bXOww4E/J3f66rav3pX3m8w6jDE4knZjGOw8b5Y6iNE= -go.yaml.in/yaml/v3 v3.0.3/go.mod h1:tBHosrYAkRZjRAOREWbDnBXUf08JOwYq++0QNwQiWzI= +go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= +go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= +go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= +go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -2764,8 +2776,8 @@ golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ug golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc= golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw= -golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM= -golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY= +golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI= +golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8= golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1 h1:MGwJjxBy0HJshjDNfLsYO8xppfqWlA5ZT9OhtUUhTNw= golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc= golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= @@ -2811,8 +2823,8 @@ golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w= -golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww= +golang.org/x/mod v0.28.0 h1:gQBtGhjxykdjY9YhZpSlZIsbnaE2+PgjfLWUQTnoZ1U= +golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -2915,8 +2927,8 @@ golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk= golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds= -golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw= -golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA= +golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I= +golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2962,8 +2974,8 @@ golang.org/x/oauth2 v0.25.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbht golang.org/x/oauth2 v0.26.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= -golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= -golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= +golang.org/x/oauth2 v0.31.0 h1:8Fq0yVZLh4j4YA47vHKFTa9Ew5XIrCP8LC6UeNZnLxo= +golang.org/x/oauth2 v0.31.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -2991,8 +3003,8 @@ golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= -golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= -golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug= +golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -3133,8 +3145,8 @@ golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA= -golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k= +golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= @@ -3168,8 +3180,8 @@ golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek= golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s= golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g= golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ= -golang.org/x/term v0.33.0 h1:NuFncQrRcaRvVmgRkvM3j/F00gWIAlcmlB8ACEKmGIg= -golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0= +golang.org/x/term v0.35.0 h1:bZBVKBudEyhRcajGcNc3jIfWPqV4y/Kt2XcoigOWtDQ= +golang.org/x/term v0.35.0/go.mod h1:TPGtkTLesOwf2DE8CgVYiZinHAOuy5AYUYT1lENIZnA= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -3198,8 +3210,8 @@ golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA= -golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4= -golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU= +golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk= +golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -3213,8 +3225,8 @@ golang.org/x/time v0.0.0-20220922220347-f3bd1da661af/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.1.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= -golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0= -golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= +golang.org/x/time v0.13.0 h1:eUlYslOIt32DgYD6utsuUeHs4d7AsEYLuIAdg7FlYgI= +golang.org/x/time v0.13.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -3297,8 +3309,8 @@ golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58 golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= -golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo= -golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg= +golang.org/x/tools v0.37.0 h1:DVSRzp7FwePZW356yEAChSdNcQo6Nsp+fex1SUW09lE= +golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -3316,6 +3328,8 @@ gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0= gonum.org/v1/gonum v0.9.3/go.mod h1:TZumC3NeyVQskjXqmyWt4S3bINhy7B4eYwW69EbyX+0= gonum.org/v1/gonum v0.11.0/go.mod h1:fSG4YDCxxUZQJ7rKsQrj0gMOg00Il0Z96/qMA4bVQhA= gonum.org/v1/gonum v0.12.0/go.mod h1:73TDxJfAAHeA8Mk9mf8NlIppyhQNo5GLTcYeqgo2lvY= +gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= +gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc= gonum.org/v1/plot v0.9.0/go.mod h1:3Pcqqmp6RHvJI72kgb8fThyUnav364FOsdDo2aGW5lY= @@ -3397,8 +3411,8 @@ google.golang.org/api v0.162.0/go.mod h1:6SulDkfoBIg4NFmCuZ39XeeAgSHCPecfSUuDyYl google.golang.org/api v0.164.0/go.mod h1:2OatzO7ZDQsoS7IFf3rvsE17/TldiU3F/zxFHeqUB5o= google.golang.org/api v0.166.0/go.mod h1:4FcBc686KFi7QI/U51/2GKKevfZMpM17sCdibqe/bSA= google.golang.org/api v0.169.0/go.mod h1:gpNOiMA2tZ4mf5R9Iwf4rK/Dcz0fbdIgWYWVoxmsyLg= -google.golang.org/api v0.224.0 h1:Ir4UPtDsNiwIOHdExr3fAj4xZ42QjK7uQte3lORLJwU= -google.golang.org/api v0.224.0/go.mod h1:3V39my2xAGkodXy0vEqcEtkqgw2GtrFL5WuBZlCTCOQ= +google.golang.org/api v0.250.0 h1:qvkwrf/raASj82UegU2RSDGWi/89WkLckn4LuO4lVXM= +google.golang.org/api v0.250.0/go.mod h1:Y9Uup8bDLJJtMzJyQnu+rLRJLA0wn+wTtc6vTlOvfXo= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -3575,8 +3589,8 @@ google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqt google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro= google.golang.org/genproto v0.0.0-20240205150955-31a09d347014/go.mod h1:xEgQu1e4stdSSsxPDK8Azkrk/ECl5HvdPf6nbZrTS5M= google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s= -google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 h1:BulPr26Jqjnd4eYDVe+YvyR7Yc2vJGkO5/0UxD0/jZU= -google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:hL97c3SYopEHblzpxRL4lSs523++l8DYxGM1FQiYmb4= +google.golang.org/genproto v0.0.0-20250603155806-513f23925822 h1:rHWScKit0gvAPuOnu87KpaYtjK5zBMLcULh7gxkCXu4= +google.golang.org/genproto v0.0.0-20250603155806-513f23925822/go.mod h1:HubltRL7rMh0LfnQPkMH4NPDFEWp0jw3vixw7jEM53s= google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a/go.mod h1:ts19tUU+Z0ZShN1y3aPyq2+O3d5FUNNgT6FtOzmrNn8= google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= google.golang.org/genproto/googleapis/api v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= @@ -3613,8 +3627,8 @@ google.golang.org/genproto/googleapis/api v0.0.0-20250218202821-56aae31c358a/go. google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb/go.mod h1:jbe3Bkdp+Dh2IrslsFCklNhweNTBgSYanP1UXhJDhKg= google.golang.org/genproto/googleapis/api v0.0.0-20250324211829-b45e905df463/go.mod h1:U90ffi8eUL9MwPcrJylN5+Mk2v3vuPDptd5yyNUiRR8= google.golang.org/genproto/googleapis/api v0.0.0-20250528174236-200df99c418a/go.mod h1:a77HrdMjoeKbnd2jmgcWdaS++ZLZAEq3orIOAEIKiVw= -google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822 h1:oWVWY3NzT7KJppx2UKhKmzPq4SRe0LdCijVRwvGeikY= -google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822/go.mod h1:h3c4v36UTKzUiuaOKQ6gr3S+0hovBtUrXzTG/i3+XEc= +google.golang.org/genproto/googleapis/api v0.0.0-20250929231259-57b25ae835d4 h1:8XJ4pajGwOlasW+L13MnEGA8W4115jJySQtVfS2/IBU= +google.golang.org/genproto/googleapis/api v0.0.0-20250929231259-57b25ae835d4/go.mod h1:NnuHhy+bxcg30o7FnVAZbXsPHUDQ9qKWAQKCD7VxFtk= google.golang.org/genproto/googleapis/bytestream v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:ylj+BE99M198VPbBh6A8d9n3w8fChvyLK3wwBOjXBFA= google.golang.org/genproto/googleapis/bytestream v0.0.0-20230807174057-1744710a1577/go.mod h1:NjCQG/D8JandXxM57PZbAJL1DCNL6EypA0vPPwfsc7c= google.golang.org/genproto/googleapis/bytestream v0.0.0-20231030173426-d783a09b4405/go.mod h1:GRUCuLdzVqZte8+Dl/D4N25yLzcGqqWaYkeVOwulFqw= @@ -3672,8 +3686,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4/go. google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/genproto/googleapis/rpc v0.0.0-20250519155744-55703ea1f237/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/genproto/googleapis/rpc v0.0.0-20250528174236-200df99c418a/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 h1:fc6jSaCT0vBduLYZHYrBBNY4dsWuvgyff9noRNDdBeE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250922171735-9219d122eba9 h1:V1jCN2HBa8sySkR5vLcCSqJSTMv093Rw9EJefhQGP7M= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250922171735-9219d122eba9/go.mod h1:HSkG/KdJWusxU1F6CNrwNDjBMgisKxGnc5dAZfT0mjQ= google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= @@ -3739,8 +3753,9 @@ google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFN google.golang.org/grpc v1.70.0/go.mod h1:ofIJqVKDXx/JiXrwr2IG4/zwdH9txy3IlF40RmcJSQw= google.golang.org/grpc v1.71.0/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec= google.golang.org/grpc v1.72.2/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM= -google.golang.org/grpc v1.73.0 h1:VIWSmpI2MegBtTuFt5/JWy2oXxtjJ/e89Z70ImfD2ok= google.golang.org/grpc v1.73.0/go.mod h1:50sbHOUqWoCQGI8V2HQLJM0B+LMlIUjNSZmow7EVBQc= +google.golang.org/grpc v1.76.0 h1:UnVkv1+uMLYXoIz6o7chp59WfQUYA2ex/BXQ9rHZu7A= +google.golang.org/grpc v1.76.0/go.mod h1:Ju12QI8M6iQJtbcsV+awF5a4hfJMLi4X0JLo94ULZ6c= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/grpc/examples v0.0.0-20230224211313-3775f633ce20/go.mod h1:Nr5H8+MlGWr5+xX/STzdoEqJrO+YteqFbMyCsrb6mH0= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= @@ -3769,8 +3784,9 @@ google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojt google.golang.org/protobuf v1.36.3/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= google.golang.org/protobuf v1.36.4/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= -google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= +google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= +google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20141024133853-64131543e789/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -3781,8 +3797,8 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= -gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= +gopkg.in/evanphx/json-patch.v4 v4.13.0 h1:czT3CmqEaQ1aanPc5SdlgQrrEIb8w/wwCvWWnfEbYzo= +gopkg.in/evanphx/json-patch.v4 v4.13.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gcfg.v1 v1.2.3 h1:m8OOJ4ccYHnx2f4gQwpno8nAX5OGOh7RLaaz0pj3Ogs= gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= @@ -3832,26 +3848,26 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.1.3/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las= k8s.io/api v0.22.5/go.mod h1:mEhXyLaSD1qTOf40rRiKXkc+2iCem09rWLlFwhCEiAs= -k8s.io/api v0.33.3 h1:SRd5t//hhkI1buzxb288fy2xvjubstenEKL9K51KBI8= -k8s.io/api v0.33.3/go.mod h1:01Y/iLUjNBM3TAvypct7DIj0M0NIZc+PzAHCIo0CYGE= +k8s.io/api v0.34.1 h1:jC+153630BMdlFukegoEL8E/yT7aLyQkIVuwhmwDgJM= +k8s.io/api v0.34.1/go.mod h1:SB80FxFtXn5/gwzCoN6QCtPD7Vbu5w2n1S0J5gFfTYk= k8s.io/apiextensions-apiserver v0.22.5/go.mod h1:tIXeZ0BrDxUb1PoAz+tgOz43Zi1Bp4BEEqVtUccMJbE= -k8s.io/apiextensions-apiserver v0.33.3 h1:qmOcAHN6DjfD0v9kxL5udB27SRP6SG/MTopmge3MwEs= -k8s.io/apiextensions-apiserver v0.33.3/go.mod h1:oROuctgo27mUsyp9+Obahos6CWcMISSAPzQ77CAQGz8= +k8s.io/apiextensions-apiserver v0.34.1 h1:NNPBva8FNAPt1iSVwIE0FsdrVriRXMsaWFMqJbII2CI= +k8s.io/apiextensions-apiserver v0.34.1/go.mod h1:hP9Rld3zF5Ay2Of3BeEpLAToP+l4s5UlxiHfqRaRcMc= k8s.io/apimachinery v0.22.5/go.mod h1:xziclGKwuuJ2RM5/rSFQSYAj0zdbci3DH8kj+WvyN0U= -k8s.io/apimachinery v0.33.3 h1:4ZSrmNa0c/ZpZJhAgRdcsFcZOw1PQU1bALVQ0B3I5LA= -k8s.io/apimachinery v0.33.3/go.mod h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM= +k8s.io/apimachinery v0.34.1 h1:dTlxFls/eikpJxmAC7MVE8oOeP1zryV7iRyIjB0gky4= +k8s.io/apimachinery v0.34.1/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= k8s.io/apiserver v0.22.5/go.mod h1:s2WbtgZAkTKt679sYtSudEQrTGWUSQAPe6MupLnlmaQ= -k8s.io/apiserver v0.33.3 h1:Wv0hGc+QFdMJB4ZSiHrCgN3zL3QRatu56+rpccKC3J4= -k8s.io/apiserver v0.33.3/go.mod h1:05632ifFEe6TxwjdAIrwINHWE2hLwyADFk5mBsQa15E= +k8s.io/apiserver v0.34.1 h1:U3JBGdgANK3dfFcyknWde1G6X1F4bg7PXuvlqt8lITA= +k8s.io/apiserver v0.34.1/go.mod h1:eOOc9nrVqlBI1AFCvVzsob0OxtPZUCPiUJL45JOTBG0= k8s.io/cli-runtime v0.33.3 h1:Dgy4vPjNIu8LMJBSvs8W0LcdV0PX/8aGG1DA1W8lklA= k8s.io/cli-runtime v0.33.3/go.mod h1:yklhLklD4vLS8HNGgC9wGiuHWze4g7x6XQZ+8edsKEo= k8s.io/client-go v0.22.5/go.mod h1:cs6yf/61q2T1SdQL5Rdcjg9J1ElXSwbjSrW2vFImM4Y= -k8s.io/client-go v0.33.3 h1:M5AfDnKfYmVJif92ngN532gFqakcGi6RvaOF16efrpA= -k8s.io/client-go v0.33.3/go.mod h1:luqKBQggEf3shbxHY4uVENAxrDISLOarxpTKMiUuujg= +k8s.io/client-go v0.34.1 h1:ZUPJKgXsnKwVwmKKdPfw4tB58+7/Ik3CrjOEhsiZ7mY= +k8s.io/client-go v0.34.1/go.mod h1:kA8v0FP+tk6sZA0yKLRG67LWjqufAoSHA2xVGKw9Of8= k8s.io/code-generator v0.22.5/go.mod h1:sbdWCOVob+KaQ5O7xs8PNNaCTpbWVqNgA6EPwLOmRNk= k8s.io/component-base v0.22.5/go.mod h1:VK3I+TjuF9eaa+Ln67dKxhGar5ynVbwnGrUiNF4MqCI= -k8s.io/component-base v0.33.3 h1:mlAuyJqyPlKZM7FyaoM/LcunZaaY353RXiOd2+B5tGA= -k8s.io/component-base v0.33.3/go.mod h1:ktBVsBzkI3imDuxYXmVxZ2zxJnYTZ4HAsVj9iF09qp4= +k8s.io/component-base v0.34.1 h1:v7xFgG+ONhytZNFpIz5/kecwD+sUhVE6HU7qQUiRM4A= +k8s.io/component-base v0.34.1/go.mod h1:mknCpLlTSKHzAQJJnnHVKqjxR7gBeHRv0rPXA7gdtQ0= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= @@ -3862,13 +3878,13 @@ k8s.io/klog/v2 v2.40.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= -k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff h1:/usPimJzUKKu+m+TE36gUyGcf03XZEP0ZIKgKj35LS4= -k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8= +k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3 h1:liMHz39T5dJO1aOKHLvwaCjDbf07wVh6yaUlTpunnkE= +k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts= k8s.io/kubectl v0.33.3 h1:r/phHvH1iU7gO/l7tTjQk2K01ER7/OAJi8uFHHyWSac= k8s.io/kubectl v0.33.3/go.mod h1:euj2bG56L6kUGOE/ckZbCoudPwuj4Kud7BR0GzyNiT0= k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20250502105355-0f33e8f1c979 h1:jgJW5IePPXLGB8e/1wvd0Ich9QE97RvvF3a8J3fP/Lg= -k8s.io/utils v0.0.0-20250502105355-0f33e8f1c979/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d h1:wAhiDyZ4Tdtt7e46e9M5ZSAJ/MnPGPs+Ki1gHw4w1R0= +k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= knative.dev/hack v0.0.0-20220224013837-e1785985d364/go.mod h1:PHt8x8yX5Z9pPquBEfIj0X66f8iWkWfR0S/sarACJrI= knative.dev/networking v0.0.0-20220302134042-e8b2eb995165 h1:mkUDPTqfRPNhsUTVOH53IOx0Utzlfwl48t8lLc1bfL4= knative.dev/networking v0.0.0-20220302134042-e8b2eb995165/go.mod h1:EdQTSLl8BDeLLrC8pymGOiPMRAknFg+7oRO6MMUts94= @@ -3943,14 +3959,14 @@ rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.32.1 h1:Cf+ed5N8038zbsaXFO7mKQDi/+VcSRafb0jM84KX5so= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.32.1/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= -sigs.k8s.io/controller-runtime v0.21.0 h1:CYfjpEuicjUecRk+KAeyYh+ouUBn4llGyDYytIGcJS8= -sigs.k8s.io/controller-runtime v0.21.0/go.mod h1:OSg14+F65eWqIu4DceX7k/+QRAbTTvxeQSNSOQpukWM= -sigs.k8s.io/gateway-api v1.3.0 h1:q6okN+/UKDATola4JY7zXzx40WO4VISk7i9DIfOvr9M= -sigs.k8s.io/gateway-api v1.3.0/go.mod h1:d8NV8nJbaRbEKem+5IuxkL8gJGOZ+FJ+NvOIltV8gDk= -sigs.k8s.io/gateway-api-inference-extension v0.5.0 h1:bYtXffUF1WUUFT2gYXaQBXIEXxXq/ZZLP9gqQweTrBI= -sigs.k8s.io/gateway-api-inference-extension v0.5.0/go.mod h1:lki0jx1qysZSZT4Ai2BxuAcpx6G8g5oBgOGuuJzjy/k= -sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= -sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= +sigs.k8s.io/controller-runtime v0.22.3 h1:I7mfqz/a/WdmDCEnXmSPm8/b/yRTy6JsKKENTijTq8Y= +sigs.k8s.io/controller-runtime v0.22.3/go.mod h1:+QX1XUpTXN4mLoblf4tqr5CQcyHPAki2HLXqQMY6vh8= +sigs.k8s.io/gateway-api v1.4.0 h1:ZwlNM6zOHq0h3WUX2gfByPs2yAEsy/EenYJB78jpQfQ= +sigs.k8s.io/gateway-api v1.4.0/go.mod h1:AR5RSqciWP98OPckEjOjh2XJhAe2Na4LHyXD2FUY7Qk= +sigs.k8s.io/gateway-api-inference-extension v1.1.0 h1:MqRYk+3LNUWB0MbTgTZVhmJGNDTvm8l3ze4MOlzR7MU= +sigs.k8s.io/gateway-api-inference-extension v1.1.0/go.mod h1:BmJy8Hvc2EHl3Oa/Ka8/4RqwVHCCbX7BLndLdMNtugI= +sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= +sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/kustomize/api v0.19.0 h1:F+2HB2mU1MSiR9Hp1NEgoU2q9ItNOaBJl0I4Dlus5SQ= sigs.k8s.io/kustomize/api v0.19.0/go.mod h1:/BbwnivGVcBh1r+8m3tH1VNxJmHSk1PzP5fkP6lbL1o= sigs.k8s.io/kustomize/kyaml v0.19.0 h1:RFge5qsO1uHhwJsu3ipV7RNolC7Uozc0jUBC/61XSlA= @@ -3964,10 +3980,12 @@ sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= sigs.k8s.io/structured-merge-diff/v4 v4.7.0 h1:qPeWmscJcXP0snki5IYF79Z8xrl8ETFxgMd7wez1XkI= sigs.k8s.io/structured-merge-diff/v4 v4.7.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps= +sigs.k8s.io/structured-merge-diff/v6 v6.3.0 h1:jTijUJbW353oVOd9oTlifJqOGEkUw2jB/fXCbTiQEco= +sigs.k8s.io/structured-merge-diff/v6 v6.3.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= -sigs.k8s.io/yaml v1.5.0 h1:M10b2U7aEUY6hRtU870n2VTPgR5RZiL/I6Lcc2F4NUQ= -sigs.k8s.io/yaml v1.5.0/go.mod h1:wZs27Rbxoai4C0f8/9urLZtZtF3avA3gKvGyPdDqTO4= +sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= +sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= diff --git a/helm/core/templates/controller-clusterrole.yaml b/helm/core/templates/controller-clusterrole.yaml index 1f0f57455..f7f486711 100644 --- a/helm/core/templates/controller-clusterrole.yaml +++ b/helm/core/templates/controller-clusterrole.yaml @@ -38,6 +38,14 @@ rules: resources: ["*"] verbs: ["get", "watch", "list", "create", "update", "delete", "patch"] + # Gateway api inference extension + - apiGroups: ["inference.networking.k8s.io"] + resources: ["*"] + verbs: ["get", "watch", "list", "create", "update", "delete", "patch"] + - apiGroups: ["inference.networking.x-k8s.io"] + resources: ["*"] + verbs: ["get", "watch", "list", "create", "update", "delete", "patch"] + # Needed for multicluster secret reading, possibly ingress certs in the future - apiGroups: [""] resources: ["secrets"] diff --git a/helm/core/values.yaml b/helm/core/values.yaml index 7e37d7246..034026714 100644 --- a/helm/core/values.yaml +++ b/helm/core/values.yaml @@ -44,7 +44,7 @@ global: # -- If true, Higress Controller will monitor istio resources as well enableIstioAPI: true # -- If true, Higress Controller will monitor Gateway API resources as well - enableGatewayAPI: false + enableGatewayAPI: true # -- Used to locate istiod. istioNamespace: istio-system # -- enable pod disruption budget for the control plane, which is used to diff --git a/helm/higress/README.md b/helm/higress/README.md index b383efce5..33100e10e 100644 --- a/helm/higress/README.md +++ b/helm/higress/README.md @@ -160,7 +160,7 @@ The command removes all the Kubernetes components associated with the chart and | global.defaultResources | object | `{"requests":{"cpu":"10m"}}` | A minimal set of requested resources to applied to all deployments so that Horizontal Pod Autoscaler will be able to function (if set). Each component can overwrite these default values by adding its own resources block in the relevant section below and setting the desired resources values. | | global.defaultUpstreamConcurrencyThreshold | int | `10000` | | | global.disableAlpnH2 | bool | `false` | Whether to disable HTTP/2 in ALPN | -| global.enableGatewayAPI | bool | `false` | If true, Higress Controller will monitor Gateway API resources as well | +| global.enableGatewayAPI | bool | `true` | If true, Higress Controller will monitor Gateway API resources as well | | global.enableH3 | bool | `false` | | | global.enableIPv6 | bool | `false` | | | global.enableIstioAPI | bool | `true` | If true, Higress Controller will monitor istio resources as well | diff --git a/pkg/ingress/kube/gateway/istio/backend_policies.go b/pkg/ingress/kube/gateway/istio/backend_policies.go index 083c3dc3b..1dd6de04b 100644 --- a/pkg/ingress/kube/gateway/istio/backend_policies.go +++ b/pkg/ingress/kube/gateway/istio/backend_policies.go @@ -24,14 +24,13 @@ import ( v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" - gatewayalpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gatewayalpha3 "sigs.k8s.io/gateway-api/apis/v1alpha3" - k8s "sigs.k8s.io/gateway-api/apis/v1beta1" + gw "sigs.k8s.io/gateway-api/apis/v1" gatewayx "sigs.k8s.io/gateway-api/apisx/v1alpha1" + higressconstants "github.com/alibaba/higress/v2/pkg/config/constants" networking "istio.io/api/networking/v1alpha3" + networkingclient "istio.io/client-go/pkg/apis/networking/v1" kubesecrets "istio.io/istio/pilot/pkg/credentials/kube" - "istio.io/istio/pilot/pkg/features" "istio.io/istio/pilot/pkg/model/credentials" "istio.io/istio/pilot/pkg/status" "istio.io/istio/pilot/pkg/util/protoconv" @@ -45,21 +44,33 @@ import ( "istio.io/istio/pkg/maps" "istio.io/istio/pkg/ptr" "istio.io/istio/pkg/slices" + "istio.io/istio/pkg/util/sets" ) -type TypedNamedspacedName struct { +type TypedNamespacedName struct { types.NamespacedName Kind kind.Kind } -func (n TypedNamedspacedName) String() string { +func (n TypedNamespacedName) String() string { return n.Kind.String() + "/" + n.NamespacedName.String() } +type TypedNamespacedNamePerHost struct { + Target TypedNamespacedName + Host string +} + +func (t TypedNamespacedNamePerHost) String() string { + return t.Target.String() + "/" + t.Host +} + type BackendPolicy struct { - Source TypedNamedspacedName + Source TypedNamespacedName TargetIndex int - Target TypedNamedspacedName + Target TypedNamespacedName + Host string + SectionName *string TLS *networking.ClientTLSSettings LoadBalancer *networking.LoadBalancerSettings RetryBudget *networking.TrafficPolicy_RetryBudget @@ -67,11 +78,43 @@ type BackendPolicy struct { } func (b BackendPolicy) ResourceName() string { - return b.Source.String() + "/" + fmt.Sprint(b.TargetIndex) + return b.Source.String() + "/" + fmt.Sprint(b.TargetIndex) + "/" + b.Host } +var TypedNamespacedNameIndexCollectionFunc = krt.WithIndexCollectionFromString(func(s string) TypedNamespacedName { + parts := strings.Split(s, "/") + if len(parts) != 3 { + panic("invalid TypedNamespacedName: " + s) + } + return TypedNamespacedName{ + NamespacedName: types.NamespacedName{ + Namespace: parts[1], + Name: parts[2], + }, + Kind: kind.FromString(parts[0]), + } +}) + +var TypedNamespacedNamePerHostIndexCollectionFunc = krt.WithIndexCollectionFromString(func(s string) TypedNamespacedNamePerHost { + parts := strings.Split(s, "/") + if len(parts) != 4 { + panic("invalid TypedNamespacedNamePerHost: " + s) + } + return TypedNamespacedNamePerHost{ + Target: TypedNamespacedName{ + NamespacedName: types.NamespacedName{ + Namespace: parts[1], + Name: parts[2], + }, + Kind: kind.FromString(parts[0]), + }, + Host: parts[3], + } +}) + func (b BackendPolicy) Equals(other BackendPolicy) bool { return b.Source == other.Source && + ptr.Equal(b.SectionName, other.SectionName) && protoconv.Equals(b.TLS, other.TLS) && protoconv.Equals(b.LoadBalancer, other.LoadBalancer) && protoconv.Equals(b.RetryBudget, other.RetryBudget) @@ -81,40 +124,33 @@ func (b BackendPolicy) Equals(other BackendPolicy) bool { // policy types that are merged together. func DestinationRuleCollection( trafficPolicies krt.Collection[*gatewayx.XBackendTrafficPolicy], - tlsPolicies krt.Collection[*gatewayalpha3.BackendTLSPolicy], + tlsPolicies krt.Collection[*gw.BackendTLSPolicy], + ancestors krt.Index[TypedNamespacedName, AncestorBackend], references *ReferenceSet, domainSuffix string, c *Controller, + services krt.Collection[*v1.Service], opts krt.OptionsBuilder, ) krt.Collection[*config.Config] { - trafficPolicyStatus, backendTrafficPolicies := BackendTrafficPolicyCollection(trafficPolicies, references, opts) + trafficPolicyStatus, backendTrafficPolicies := BackendTrafficPolicyCollection(trafficPolicies, references, domainSuffix, opts) status.RegisterStatus(c.status, trafficPolicyStatus, GetStatus) - tlsPolicyStatus, backendTLSPolicies := BackendTLSPolicyCollection(tlsPolicies, references, opts) + // TODO: BackendTrafficPolicy should also probably use ancestorCollection. However, its still up for debate in the + // Gateway API community if having the Gateway as an ancestor ref is required or not; we would prefer it to not be if possible. + // Until conformance requires it, for now we skip it. + ancestorCollection := ancestors.AsCollection(append(opts.WithName("AncestorBackend"), TypedNamespacedNameIndexCollectionFunc)...) + tlsPolicyStatus, backendTLSPolicies := BackendTLSPolicyCollection(tlsPolicies, ancestorCollection, references, domainSuffix, opts) status.RegisterStatus(c.status, tlsPolicyStatus, GetStatus) // We need to merge these by hostname into a single DR allPolicies := krt.JoinCollection([]krt.Collection[BackendPolicy]{backendTrafficPolicies, backendTLSPolicies}) - byTarget := krt.NewIndex(allPolicies, "target", func(o BackendPolicy) []TypedNamedspacedName { - return []TypedNamedspacedName{o.Target} + byTargetAndHost := krt.NewIndex(allPolicies, "targetAndHost", func(o BackendPolicy) []TypedNamespacedNamePerHost { + return []TypedNamespacedNamePerHost{{Target: o.Target, Host: o.Host}} }) - indexOpts := append(opts.WithName("BackendPolicyByTarget"), krt.WithIndexCollectionFromString(func(s string) TypedNamedspacedName { - parts := strings.Split(s, "/") - if len(parts) != 3 { - panic("invalid TypedNamedspacedName: " + s) - } - return TypedNamedspacedName{ - NamespacedName: types.NamespacedName{ - Namespace: parts[1], - Name: parts[2], - }, - Kind: kind.FromString(parts[0]), - } - })) + indexOpts := append(opts.WithName("BackendPolicyByTarget"), TypedNamespacedNamePerHostIndexCollectionFunc) merged := krt.NewCollection( - byTarget.AsCollection(indexOpts...), - func(ctx krt.HandlerContext, i krt.IndexObject[TypedNamedspacedName, BackendPolicy]) **config.Config { - svc := i.Key + byTargetAndHost.AsCollection(indexOpts...), + func(ctx krt.HandlerContext, i krt.IndexObject[TypedNamespacedNamePerHost, BackendPolicy]) **config.Config { // Sort so we can pick the oldest, which will win. // Not yet standardized but likely will be (https://github.com/kubernetes-sigs/gateway-api/issues/3516#issuecomment-2684039692) pols := slices.SortFunc(i.Objects, func(a, b BackendPolicy) int { @@ -129,19 +165,35 @@ func DestinationRuleCollection( tlsSet := false lbSet := false rbSet := false + + targetWithHost := i.Key + host := targetWithHost.Host spec := &networking.DestinationRule{ - Host: fmt.Sprintf("%s.%s.svc.%v", svc.Name, svc.Namespace, domainSuffix), + Host: host, TrafficPolicy: &networking.TrafficPolicy{}, } + portLevelSettings := make(map[string]*networking.TrafficPolicy_PortTrafficPolicy) parents := make([]string, 0, len(pols)) for _, pol := range pols { if pol.TLS != nil { - if tlsSet { - // We only allow 1. TODO: report status if there are multiple - continue + if pol.SectionName != nil { + // Port-specific TLS setting + portName := *pol.SectionName + if _, exists := portLevelSettings[portName]; !exists { + portLevelSettings[portName] = &networking.TrafficPolicy_PortTrafficPolicy{ + Port: &networking.PortSelector{Number: 0}, // Will be resolved later + Tls: pol.TLS, + } + } + } else { + // Service-wide TLS setting + if tlsSet { + // We only allow 1. TODO: report status if there are multiple + continue + } + tlsSet = true + spec.TrafficPolicy.Tls = pol.TLS } - tlsSet = true - spec.TrafficPolicy.Tls = pol.TLS } if pol.LoadBalancer != nil { if lbSet { @@ -159,13 +211,64 @@ func DestinationRuleCollection( rbSet = true spec.TrafficPolicy.RetryBudget = pol.RetryBudget } - parents = append(parents, fmt.Sprintf("%s/%s.%s", pol.Source.Kind, pol.Source.Namespace, pol.Source.Name)) + parentName := pol.Source.Kind.String() + "/" + pol.Source.Namespace + "." + pol.Source.Name + if !slices.Contains(parents, parentName) { + parents = append(parents, parentName) + } } + + type servicePort struct { + Name string + Number uint32 + } + var servicePorts []servicePort + + target := targetWithHost.Target + switch target.Kind { + case kind.Service: + serviceKey := target.Namespace + "/" + target.Name + service := ptr.Flatten(krt.FetchOne(ctx, services, krt.FilterKey(serviceKey))) + if service != nil { + for _, port := range service.Spec.Ports { + servicePorts = append(servicePorts, servicePort{ + Name: port.Name, + Number: uint32(port.Port), + }) + } + } + case kind.ServiceEntry: + serviceEntryObj, err := references.LocalPolicyTargetRef(gw.LocalPolicyTargetReference{ + Group: "networking.istio.io", + Kind: "ServiceEntry", + Name: gw.ObjectName(target.Name), + }, target.Namespace) + if err == nil { + if serviceEntryPtr, ok := serviceEntryObj.(*networkingclient.ServiceEntry); ok { + for _, port := range serviceEntryPtr.Spec.Ports { + servicePorts = append(servicePorts, servicePort{ + Name: port.Name, + Number: port.Number, + }) + } + } + } + } + + for portName, portPolicy := range portLevelSettings { + for _, port := range servicePorts { + if port.Name == portName { + portPolicy.Port = &networking.PortSelector{Number: port.Number} + break + } + } + spec.TrafficPolicy.PortLevelSettings = append(spec.TrafficPolicy.PortLevelSettings, portPolicy) + } + cfg := &config.Config{ Meta: config.Meta{ GroupVersionKind: gvk.DestinationRule, - Name: fmt.Sprintf("%s-%s", svc.Name, constants.KubernetesGatewayName), - Namespace: svc.Namespace, + Name: generateDRName(target, host), + Namespace: target.Namespace, Annotations: map[string]string{ constants.InternalParentNames: strings.Join(parents, ","), }, @@ -178,93 +281,170 @@ func DestinationRuleCollection( } func BackendTLSPolicyCollection( - tlsPolicies krt.Collection[*gatewayalpha3.BackendTLSPolicy], + tlsPolicies krt.Collection[*gw.BackendTLSPolicy], + ancestors krt.IndexCollection[TypedNamespacedName, AncestorBackend], references *ReferenceSet, + domainSuffix string, opts krt.OptionsBuilder, -) (krt.StatusCollection[*gatewayalpha3.BackendTLSPolicy, gatewayalpha2.PolicyStatus], krt.Collection[BackendPolicy]) { - return krt.NewStatusManyCollection(tlsPolicies, func(ctx krt.HandlerContext, i *gatewayalpha3.BackendTLSPolicy) ( - *gatewayalpha2.PolicyStatus, +) (krt.StatusCollection[*gw.BackendTLSPolicy, gw.PolicyStatus], krt.Collection[BackendPolicy]) { + return krt.NewStatusManyCollection(tlsPolicies, func(ctx krt.HandlerContext, i *gw.BackendTLSPolicy) ( + *gw.PolicyStatus, []BackendPolicy, ) { status := i.Status.DeepCopy() res := make([]BackendPolicy, 0, len(i.Spec.TargetRefs)) - ancestors := make([]gatewayalpha2.PolicyAncestorStatus, 0, len(i.Spec.TargetRefs)) tls := &networking.ClientTLSSettings{Mode: networking.ClientTLSSettings_SIMPLE} s := i.Spec conds := map[string]*condition{ - string(gatewayalpha2.PolicyConditionAccepted): { - reason: string(gatewayalpha2.PolicyReasonAccepted), + string(gw.PolicyConditionAccepted): { + reason: string(gw.PolicyReasonAccepted), + message: "Configuration is valid", + }, + string(gw.BackendTLSPolicyConditionResolvedRefs): { + reason: string(gw.BackendTLSPolicyReasonResolvedRefs), message: "Configuration is valid", }, } tls.Sni = string(s.Validation.Hostname) - tls.SubjectAltNames = slices.MapFilter(s.Validation.SubjectAltNames, func(e gatewayalpha3.SubjectAltName) *string { + tls.SubjectAltNames = slices.MapFilter(s.Validation.SubjectAltNames, func(e gw.SubjectAltName) *string { switch e.Type { - case gatewayalpha3.HostnameSubjectAltNameType: + case gw.HostnameSubjectAltNameType: return ptr.Of(string(e.Hostname)) - case gatewayalpha3.URISubjectAltNameType: + case gw.URISubjectAltNameType: return ptr.Of(string(e.URI)) } return nil }) tls.CredentialName = getBackendTLSCredentialName(s.Validation, i.Namespace, conds, references) + + // In ancestor status, we need to report for Service (for mesh) and for each relevant Gateway. + // However, there is a max of 16 items we can report. + // Reporting per-Gateway has no value (perhaps for anyone, but certainly not for Istio), so we favor the Service attachments + // getting to take the 16 slots. + // The Gateway API spec says that if there are more than 16, the policy should not be applied. This is a terrible, anti-user, decision + // that Istio will not follow, even if it means failing conformance tests. + ancestorStatus := make([]gw.PolicyAncestorStatus, 0, len(i.Spec.TargetRefs)) + uniqueGateways := sets.New[types.NamespacedName]() for idx, t := range i.Spec.TargetRefs { conds = maps.Clone(conds) refo, err := references.LocalPolicyTargetRef(t.LocalPolicyTargetReference, i.Namespace) + var sectionName *string if err == nil { - switch refo.(type) { + switch refType := refo.(type) { case *v1.Service: + if t.SectionName != nil && *t.SectionName != "" { + sectionName = ptr.Of(string(*t.SectionName)) + portExists := false + for _, port := range refType.Spec.Ports { + if port.Name == *sectionName { + portExists = true + break + } + } + if !portExists { + err = fmt.Errorf("sectionName %q does not exist in Service %s/%s", *sectionName, refType.Namespace, refType.Name) + } + } + case *networkingclient.ServiceEntry: + if t.SectionName != nil && *t.SectionName != "" { + sectionName = ptr.Of(string(*t.SectionName)) + portExists := false + for _, port := range refType.Spec.Ports { + if port.Name == *sectionName { + portExists = true + break + } + } + if !portExists { + err = fmt.Errorf("sectionName %q does not exist in ServiceEntry %s/%s", *sectionName, refType.Namespace, refType.Name) + } + } default: err = fmt.Errorf("unsupported reference kind: %v", t.Kind) } } if err != nil { - conds[string(gatewayalpha2.PolicyConditionAccepted)].error = &ConfigError{ - Reason: string(gatewayalpha2.PolicyReasonTargetNotFound), - Message: fmt.Sprintf("targetRefs invalid: %v", err), + conds[string(gw.PolicyConditionAccepted)].error = &ConfigError{ + Reason: string(gw.PolicyReasonTargetNotFound), + Message: "targetRefs invalid: " + err.Error(), } } else { - // Only create an object if we can resolve the target - res = append(res, BackendPolicy{ - Source: TypedNamedspacedName{ - NamespacedName: config.NamespacedName(i), - Kind: kind.BackendTLSPolicy, + targetKind := gvk.MustToKind(schematypes.GvkFromObject(refo.(controllers.Object))) + target := TypedNamespacedName{ + NamespacedName: types.NamespacedName{ + Name: string(t.Name), + Namespace: i.Namespace, }, - TargetIndex: idx, - Target: TypedNamedspacedName{ - NamespacedName: types.NamespacedName{ - Name: string(t.Name), - Namespace: i.Namespace, + Kind: targetKind, + } + var hosts []string + if targetKind == kind.Service { + hosts = []string{string(t.Name) + "." + i.Namespace + ".svc." + domainSuffix} + } else if targetKind == kind.ServiceEntry { + if serviceEntryPtr, ok := refo.(*networkingclient.ServiceEntry); ok { + hosts = serviceEntryPtr.Spec.Hosts + } + } + + for _, host := range hosts { + res = append(res, BackendPolicy{ + Source: TypedNamespacedName{ + NamespacedName: config.NamespacedName(i), + Kind: kind.BackendTLSPolicy, }, - Kind: gvk.MustToKind(schematypes.GvkFromObject(refo.(controllers.Object))), - }, - TLS: tls, - CreationTime: i.CreationTimestamp.Time, - }) + TargetIndex: idx, + Target: target, + Host: host, + SectionName: sectionName, + TLS: tls, + CreationTime: i.CreationTimestamp.Time, + }) + ancestorBackends := krt.Fetch(ctx, ancestors, krt.FilterKey(target.String())) + for _, gwl := range ancestorBackends { + for _, i := range gwl.Objects { + uniqueGateways.Insert(i.Gateway) + } + } + } } - // TODO: section name - ancestors = append(ancestors, setAncestorStatus(t.LocalPolicyTargetReference, status, i.Generation, conds)) + // We add a status for Service (for mesh), and for each Gateway + meshPR := gw.ParentReference{ + Group: &t.Group, + Kind: &t.Kind, + Name: t.Name, + SectionName: t.SectionName, + } + ancestorStatus = append(ancestorStatus, setAncestorStatus(meshPR, status, i.Generation, conds, constants.ManagedGatewayMeshController)) } - status.Ancestors = mergeAncestors(status.Ancestors, ancestors) + gwl := slices.SortBy(uniqueGateways.UnsortedList(), types.NamespacedName.String) + for _, g := range gwl { + pr := gw.ParentReference{ + Group: ptr.Of(gw.Group(gvk.KubernetesGateway.Group)), + Kind: ptr.Of(gw.Kind(gvk.KubernetesGateway.Kind)), + Name: gw.ObjectName(g.Name), + } + ancestorStatus = append(ancestorStatus, setAncestorStatus(pr, status, i.Generation, conds, gw.GatewayController(higressconstants.ManagedGatewayController))) + } + status.Ancestors = mergeAncestors(status.Ancestors, ancestorStatus) return status, res }, opts.WithName("BackendTLSPolicy")...) } func getBackendTLSCredentialName( - validation gatewayalpha3.BackendTLSPolicyValidation, + validation gw.BackendTLSPolicyValidation, policyNamespace string, conds map[string]*condition, references *ReferenceSet, ) string { if wk := validation.WellKnownCACertificates; wk != nil { switch *wk { - case gatewayalpha3.WellKnownCACertificatesSystem: + case gw.WellKnownCACertificatesSystem: // Already our default, no action needed default: - conds[string(gatewayalpha2.PolicyConditionAccepted)].error = &ConfigError{ - Reason: string(gatewayalpha2.PolicyReasonInvalid), + conds[string(gw.PolicyConditionAccepted)].error = &ConfigError{ + Reason: string(gw.PolicyReasonInvalid), Message: fmt.Sprintf("Unknown wellKnownCACertificates: %v", *wk), } } @@ -278,7 +458,7 @@ func getBackendTLSCredentialName( // We only support 1 ref := validation.CACertificateRefs[0] if len(validation.CACertificateRefs) > 1 { - conds[string(gatewayalpha2.PolicyConditionAccepted)].message += "; warning: only the first caCertificateRefs will be used" + conds[string(gw.PolicyConditionAccepted)].message += "; warning: only the first caCertificateRefs will be used" } refo, err := references.LocalPolicyRef(ref, policyNamespace) if err == nil { @@ -286,6 +466,10 @@ func getBackendTLSCredentialName( case *v1.ConfigMap: if _, rerr := kubesecrets.ExtractRootFromString(to.Data); rerr != nil { err = rerr + conds[string(gw.BackendTLSPolicyReasonResolvedRefs)].error = &ConfigError{ + Reason: string(gw.BackendTLSPolicyReasonInvalidCACertificateRef), + Message: "Certificate invalid: " + err.Error(), + } } else { return credentials.KubernetesConfigMapTypeURI + policyNamespace + "/" + string(ref.Name) } @@ -296,12 +480,28 @@ func getBackendTLSCredentialName( // Additionally, we will need to ensure we don't accidentally authorize them to access the private key, just the ca.crt default: err = fmt.Errorf("unsupported reference kind: %v", ref.Kind) + conds[string(gw.BackendTLSPolicyReasonResolvedRefs)].error = &ConfigError{ + Reason: string(gw.BackendTLSPolicyReasonInvalidKind), + Message: "Certificate reference invalid: " + err.Error(), + } + } + } else { + if strings.Contains(err.Error(), "unsupported kind") { + conds[string(gw.BackendTLSPolicyReasonResolvedRefs)].error = &ConfigError{ + Reason: string(gw.BackendTLSPolicyReasonInvalidKind), + Message: "Certificate reference not supported: " + err.Error(), + } + } else { + conds[string(gw.BackendTLSPolicyReasonResolvedRefs)].error = &ConfigError{ + Reason: string(gw.BackendTLSPolicyReasonInvalidCACertificateRef), + Message: "Certificate reference not found: " + err.Error(), + } } } if err != nil { - conds[string(gatewayalpha2.PolicyConditionAccepted)].error = &ConfigError{ - Reason: string(gatewayalpha2.PolicyReasonInvalid), - Message: fmt.Sprintf("Certificate reference invalid: %v", err), + conds[string(gw.PolicyConditionAccepted)].error = &ConfigError{ + Reason: string(gw.BackendTLSPolicyReasonNoValidCACertificate), + Message: "Certificate reference invalid: " + err.Error(), } // Generate an invalid reference. This ensures traffic is blocked. // See https://github.com/kubernetes-sigs/gateway-api/issues/3516 for upstream clarification on desired behavior here. @@ -313,6 +513,7 @@ func getBackendTLSCredentialName( func BackendTrafficPolicyCollection( trafficPolicies krt.Collection[*gatewayx.XBackendTrafficPolicy], references *ReferenceSet, + domainSuffix string, opts krt.OptionsBuilder, ) (krt.StatusCollection[*gatewayx.XBackendTrafficPolicy, gatewayx.PolicyStatus], krt.Collection[BackendPolicy]) { return krt.NewStatusManyCollection(trafficPolicies, func(ctx krt.HandlerContext, i *gatewayx.XBackendTrafficPolicy) ( @@ -321,14 +522,14 @@ func BackendTrafficPolicyCollection( ) { status := i.Status.DeepCopy() res := make([]BackendPolicy, 0, len(i.Spec.TargetRefs)) - ancestors := make([]gatewayalpha2.PolicyAncestorStatus, 0, len(i.Spec.TargetRefs)) + ancestors := make([]gw.PolicyAncestorStatus, 0, len(i.Spec.TargetRefs)) lb := &networking.LoadBalancerSettings{} var retryBudget *networking.TrafficPolicy_RetryBudget conds := map[string]*condition{ - string(gatewayalpha2.PolicyConditionAccepted): { - reason: string(gatewayalpha2.PolicyReasonAccepted), + string(gw.PolicyConditionAccepted): { + reason: string(gw.PolicyReasonAccepted), message: "Configuration is valid", }, } @@ -351,12 +552,12 @@ func BackendTrafficPolicyCollection( } if len(unsupported) > 0 { msg := fmt.Sprintf("Configuration is valid, but Istio does not support the following fields: %v", humanReadableJoin(unsupported)) - conds[string(gatewayalpha2.PolicyConditionAccepted)].message = msg + conds[string(gw.PolicyConditionAccepted)].message = msg } for idx, t := range i.Spec.TargetRefs { conds = maps.Clone(conds) - refo, err := references.LocalPolicyTargetRef(t, i.Namespace) + refo, err := references.XLocalPolicyTargetRef(t, i.Namespace) if err == nil { switch refo.(type) { case *v1.Service: @@ -365,32 +566,39 @@ func BackendTrafficPolicyCollection( } } if err != nil { - conds[string(gatewayalpha2.PolicyConditionAccepted)].error = &ConfigError{ - Reason: string(gatewayalpha2.PolicyReasonTargetNotFound), - Message: fmt.Sprintf("targetRefs invalid: %v", err), + conds[string(gw.PolicyConditionAccepted)].error = &ConfigError{ + Reason: string(gw.PolicyReasonTargetNotFound), + Message: "targetRefs invalid: " + err.Error(), } } else { // Only create an object if we can resolve the target res = append(res, BackendPolicy{ - Source: TypedNamedspacedName{ + Source: TypedNamespacedName{ NamespacedName: config.NamespacedName(i), Kind: kind.XBackendTrafficPolicy, }, TargetIndex: idx, - Target: TypedNamedspacedName{ + Target: TypedNamespacedName{ NamespacedName: types.NamespacedName{ Name: string(t.Name), Namespace: i.Namespace, }, Kind: kind.Service, }, + Host: string(t.Name) + "." + i.Namespace + ".svc." + domainSuffix, TLS: nil, LoadBalancer: lb, RetryBudget: retryBudget, CreationTime: i.CreationTimestamp.Time, }) } - ancestors = append(ancestors, setAncestorStatus(t, status, i.Generation, conds)) + + pr := gw.ParentReference{ + Group: &t.Group, + Kind: &t.Kind, + Name: t.Name, + } + ancestors = append(ancestors, setAncestorStatus(pr, status, i.Generation, conds, constants.ManagedGatewayMeshController)) } status.Ancestors = mergeAncestors(status.Ancestors, ancestors) return status, res @@ -398,31 +606,27 @@ func BackendTrafficPolicyCollection( } func setAncestorStatus( - t gatewayalpha2.LocalPolicyTargetReference, - status *gatewayalpha2.PolicyStatus, + pr gw.ParentReference, + status *gw.PolicyStatus, generation int64, conds map[string]*condition, -) gatewayalpha2.PolicyAncestorStatus { - pr := gatewayalpha2.ParentReference{ - Group: &t.Group, - Kind: &t.Kind, - Name: t.Name, - } - currentAncestor := slices.FindFunc(status.Ancestors, func(ex gatewayalpha2.PolicyAncestorStatus) bool { + controller gw.GatewayController, +) gw.PolicyAncestorStatus { + currentAncestor := slices.FindFunc(status.Ancestors, func(ex gw.PolicyAncestorStatus) bool { return parentRefEqual(ex.AncestorRef, pr) }) var currentConds []metav1.Condition if currentAncestor != nil { currentConds = currentAncestor.Conditions } - return gatewayalpha2.PolicyAncestorStatus{ + return gw.PolicyAncestorStatus{ AncestorRef: pr, - ControllerName: k8s.GatewayController(features.ManagedGatewayController), + ControllerName: controller, Conditions: setConditions(generation, currentConds, conds), } } -func parentRefEqual(a, b gatewayalpha2.ParentReference) bool { +func parentRefEqual(a, b gw.ParentReference) bool { return ptr.Equal(a.Group, b.Group) && ptr.Equal(a.Kind, b.Kind) && a.Name == b.Name && @@ -431,19 +635,20 @@ func parentRefEqual(a, b gatewayalpha2.ParentReference) bool { ptr.Equal(a.Port, b.Port) } +var outControllers = sets.New(gw.GatewayController(higressconstants.ManagedGatewayController), constants.ManagedGatewayMeshController) + // mergeAncestors merges an existing ancestor with in incoming one. We preserve order, prune stale references set by our controller, // and add any new references from our controller. -func mergeAncestors(existing []gatewayalpha2.PolicyAncestorStatus, incoming []gatewayalpha2.PolicyAncestorStatus) []gatewayalpha2.PolicyAncestorStatus { - ourController := k8s.GatewayController(features.ManagedGatewayController) +func mergeAncestors(existing []gw.PolicyAncestorStatus, incoming []gw.PolicyAncestorStatus) []gw.PolicyAncestorStatus { n := 0 for _, x := range existing { - if x.ControllerName != ourController { + if !outControllers.Contains(x.ControllerName) { // Keep it as-is existing[n] = x n++ continue } - replacement := slices.IndexFunc(incoming, func(status gatewayalpha2.PolicyAncestorStatus) bool { + replacement := slices.IndexFunc(incoming, func(status gw.PolicyAncestorStatus) bool { return parentRefEqual(status.AncestorRef, x.AncestorRef) }) if replacement != -1 { @@ -457,5 +662,13 @@ func mergeAncestors(existing []gatewayalpha2.PolicyAncestorStatus, incoming []ga existing = existing[:n] // Add all remaining ones. existing = append(existing, incoming...) - return existing + // There is a max of 16 + return existing[:min(len(existing), 16)] +} + +func generateDRName(target TypedNamespacedName, host string) string { + if target.Kind == kind.ServiceEntry { + return target.Name + "~" + strings.ReplaceAll(host, ".", "-") + "~" + constants.KubernetesGatewayName + } + return target.Name + "~" + constants.KubernetesGatewayName } diff --git a/pkg/ingress/kube/gateway/istio/conditions.go b/pkg/ingress/kube/gateway/istio/conditions.go index 0df96b43b..fee0fe511 100644 --- a/pkg/ingress/kube/gateway/istio/conditions.go +++ b/pkg/ingress/kube/gateway/istio/conditions.go @@ -21,6 +21,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" k8s "sigs.k8s.io/gateway-api/apis/v1" + higressconstants "github.com/alibaba/higress/v2/pkg/config/constants" "istio.io/istio/pilot/pkg/features" "istio.io/istio/pilot/pkg/model/kstatus" "istio.io/istio/pkg/config/schema/gvk" @@ -52,7 +53,7 @@ func createRouteStatus( parentIndexes := map[string]int{} for idx, p := range parents { // Only consider our own - if p.ControllerName != k8s.GatewayController(features.ManagedGatewayController) { + if p.ControllerName != k8s.GatewayController(higressconstants.ManagedGatewayController) { continue } rs := parentRefString(p.ParentRef, objectNamespace) @@ -185,14 +186,14 @@ func createRouteStatus( var currentConditions []metav1.Condition currentStatus := slices.FindFunc(currentParents, func(s k8s.RouteParentStatus) bool { return parentRefString(s.ParentRef, objectNamespace) == myRef && - s.ControllerName == k8s.GatewayController(features.ManagedGatewayController) + s.ControllerName == k8s.GatewayController(higressconstants.ManagedGatewayController) }) if currentStatus != nil { currentConditions = currentStatus.Conditions } ns := k8s.RouteParentStatus{ ParentRef: gw.OriginalReference, - ControllerName: k8s.GatewayController(features.ManagedGatewayController), + ControllerName: k8s.GatewayController(higressconstants.ManagedGatewayController), Conditions: setConditions(generation, currentConditions, conds), } // Parent ref already exists, insert in the same place diff --git a/pkg/ingress/kube/gateway/istio/conditions_test.go b/pkg/ingress/kube/gateway/istio/conditions_test.go index 6da74b5de..b2df61030 100644 --- a/pkg/ingress/kube/gateway/istio/conditions_test.go +++ b/pkg/ingress/kube/gateway/istio/conditions_test.go @@ -21,7 +21,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" k8s "sigs.k8s.io/gateway-api/apis/v1beta1" - "istio.io/istio/pilot/pkg/features" + higressconstants "github.com/alibaba/higress/v2/pkg/config/constants" "istio.io/istio/pkg/config" "istio.io/istio/pkg/config/schema/gvk" ) @@ -39,7 +39,7 @@ func TestCreateRouteStatus(t *testing.T) { }, { ParentRef: parentRef, - ControllerName: k8s.GatewayController(features.ManagedGatewayController), + ControllerName: k8s.GatewayController(higressconstants.ManagedGatewayController), Conditions: []metav1.Condition{ { Type: string(k8s.RouteReasonAccepted), diff --git a/pkg/ingress/kube/gateway/istio/controller.go b/pkg/ingress/kube/gateway/istio/controller.go index 60986ef4d..05e2cd650 100644 --- a/pkg/ingress/kube/gateway/istio/controller.go +++ b/pkg/ingress/kube/gateway/istio/controller.go @@ -16,15 +16,13 @@ package istio import ( "fmt" - "go.uber.org/atomic" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" - inferencev1alpha2 "sigs.k8s.io/gateway-api-inference-extension/api/v1alpha2" + inferencev1 "sigs.k8s.io/gateway-api-inference-extension/api/v1" gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" gatewayalpha "sigs.k8s.io/gateway-api/apis/v1alpha2" - gatewayalpha3 "sigs.k8s.io/gateway-api/apis/v1alpha3" gateway "sigs.k8s.io/gateway-api/apis/v1beta1" gatewayx "sigs.k8s.io/gateway-api/apisx/v1alpha1" @@ -153,9 +151,9 @@ type Inputs struct { ListenerSets krt.Collection[*gatewayx.XListenerSet] ReferenceGrants krt.Collection[*gateway.ReferenceGrant] BackendTrafficPolicy krt.Collection[*gatewayx.XBackendTrafficPolicy] - BackendTLSPolicies krt.Collection[*gatewayalpha3.BackendTLSPolicy] + BackendTLSPolicies krt.Collection[*gatewayv1.BackendTLSPolicy] ServiceEntries krt.Collection[*networkingclient.ServiceEntry] - InferencePools krt.Collection[*inferencev1alpha2.InferencePool] + InferencePools krt.Collection[*inferencev1.InferencePool] } var _ model.GatewayController = &Controller{} @@ -201,11 +199,12 @@ func NewController( kclient.NewFiltered[*corev1.ConfigMap](kc, kubetypes.Filter{ObjectFilter: kc.ObjectFilter()}), opts.WithName("informer/ConfigMaps")..., ), - Services: krt.WrapClient[*corev1.Service](svcClient, opts.WithName("informer/Services")...), - GatewayClasses: buildClient[*gateway.GatewayClass](c, kc, gvr.GatewayClass, opts, "informer/GatewayClasses"), - Gateways: buildClient[*gateway.Gateway](c, kc, gvr.KubernetesGateway, opts, "informer/Gateways"), - HTTPRoutes: buildClient[*gateway.HTTPRoute](c, kc, gvr.HTTPRoute, opts, "informer/HTTPRoutes"), - GRPCRoutes: buildClient[*gatewayv1.GRPCRoute](c, kc, gvr.GRPCRoute, opts, "informer/GRPCRoutes"), + Services: krt.WrapClient[*corev1.Service](svcClient, opts.WithName("informer/Services")...), + GatewayClasses: buildClient[*gateway.GatewayClass](c, kc, gvr.GatewayClass, opts, "informer/GatewayClasses"), + Gateways: buildClient[*gateway.Gateway](c, kc, gvr.KubernetesGateway, opts, "informer/Gateways"), + HTTPRoutes: buildClient[*gateway.HTTPRoute](c, kc, gvr.HTTPRoute, opts, "informer/HTTPRoutes"), + GRPCRoutes: buildClient[*gatewayv1.GRPCRoute](c, kc, gvr.GRPCRoute, opts, "informer/GRPCRoutes"), + BackendTLSPolicies: buildClient[*gatewayv1.BackendTLSPolicy](c, kc, gvr.BackendTLSPolicy, opts, "informer/BackendTLSPolicies"), ReferenceGrants: buildClient[*gateway.ReferenceGrant](c, kc, gvr.ReferenceGrant, opts, "informer/ReferenceGrants"), ServiceEntries: buildClient[*networkingclient.ServiceEntry](c, kc, gvr.ServiceEntry, opts, "informer/ServiceEntries"), @@ -213,27 +212,26 @@ func NewController( if features.EnableAlphaGatewayAPI { inputs.TCPRoutes = buildClient[*gatewayalpha.TCPRoute](c, kc, gvr.TCPRoute, opts, "informer/TCPRoutes") inputs.TLSRoutes = buildClient[*gatewayalpha.TLSRoute](c, kc, gvr.TLSRoute, opts, "informer/TLSRoutes") - inputs.BackendTLSPolicies = buildClient[*gatewayalpha3.BackendTLSPolicy](c, kc, gvr.BackendTLSPolicy, opts, "informer/BackendTLSPolicies") inputs.BackendTrafficPolicy = buildClient[*gatewayx.XBackendTrafficPolicy](c, kc, gvr.XBackendTrafficPolicy, opts, "informer/XBackendTrafficPolicy") inputs.ListenerSets = buildClient[*gatewayx.XListenerSet](c, kc, gvr.XListenerSet, opts, "informer/XListenerSet") } else { // If disabled, still build a collection but make it always empty inputs.TCPRoutes = krt.NewStaticCollection[*gatewayalpha.TCPRoute](nil, nil, opts.WithName("disable/TCPRoutes")...) inputs.TLSRoutes = krt.NewStaticCollection[*gatewayalpha.TLSRoute](nil, nil, opts.WithName("disable/TLSRoutes")...) - inputs.BackendTLSPolicies = krt.NewStaticCollection[*gatewayalpha3.BackendTLSPolicy](nil, nil, opts.WithName("disable/BackendTLSPolicies")...) inputs.BackendTrafficPolicy = krt.NewStaticCollection[*gatewayx.XBackendTrafficPolicy](nil, nil, opts.WithName("disable/XBackendTrafficPolicy")...) inputs.ListenerSets = krt.NewStaticCollection[*gatewayx.XListenerSet](nil, nil, opts.WithName("disable/XListenerSet")...) } if features.EnableGatewayAPIInferenceExtension { - inputs.InferencePools = buildClient[*inferencev1alpha2.InferencePool](c, kc, gvr.InferencePool, opts, "informer/InferencePools") + inputs.InferencePools = buildClient[*inferencev1.InferencePool](c, kc, gvr.InferencePool, opts, "informer/InferencePools") } else { // If disabled, still build a collection but make it always empty - inputs.InferencePools = krt.NewStaticCollection[*inferencev1alpha2.InferencePool](nil, nil, opts.WithName("disable/InferencePools")...) + inputs.InferencePools = krt.NewStaticCollection[*inferencev1.InferencePool](nil, nil, opts.WithName("disable/InferencePools")...) } references := NewReferenceSet( AddReference(inputs.Services), + AddReference(inputs.ServiceEntries), AddReference(inputs.ConfigMaps), AddReference(inputs.Secrets), ) @@ -252,6 +250,7 @@ func NewController( GatewayClasses, inputs.Namespaces, ReferenceGrants, + inputs.ConfigMaps, inputs.Secrets, options.DomainSuffix, c.gatewayContext, @@ -261,15 +260,6 @@ func NewController( ) status.RegisterStatus(c.status, ListenerSetStatus, GetStatus) - DestinationRules := DestinationRuleCollection( - inputs.BackendTrafficPolicy, - inputs.BackendTLSPolicies, - references, - c.domainSuffix, - c, - opts, - ) - // GatewaysStatus is not fully complete until its join with route attachments to report attachedRoutes. // Do not register yet. GatewaysStatus, Gateways := GatewayCollection( @@ -278,6 +268,7 @@ func NewController( GatewayClasses, inputs.Namespaces, ReferenceGrants, + inputs.ConfigMaps, inputs.Secrets, c.domainSuffix, c.gatewayContext, @@ -352,6 +343,26 @@ func NewController( RouteAttachmentsIndex := krt.NewIndex(RouteAttachments, "to", func(o RouteAttachment) []types.NamespacedName { return []types.NamespacedName{o.To} }) + Ancestors := krt.JoinCollection([]krt.Collection[AncestorBackend]{ + tcpRoutes.Ancestors, + tlsRoutes.Ancestors, + httpRoutes.Ancestors, + grpcRoutes.Ancestors, + }, opts.WithName("Ancestors")...) + AncestorsIndex := krt.NewIndex(Ancestors, "ancestors", func(o AncestorBackend) []TypedNamespacedName { + return []TypedNamespacedName{o.Backend} + }) + + DestinationRules := DestinationRuleCollection( + inputs.BackendTrafficPolicy, + inputs.BackendTLSPolicies, + AncestorsIndex, + references, + c.domainSuffix, + c, + inputs.Services, + opts, + ) GatewayFinalStatus := FinalGatewayStatusCollection(GatewaysStatus, RouteAttachments, RouteAttachmentsIndex, opts) status.RegisterStatus(c.status, GatewayFinalStatus, GetStatus) diff --git a/pkg/ingress/kube/gateway/istio/conversion.go b/pkg/ingress/kube/gateway/istio/conversion.go index 449ffe720..8e9826e58 100644 --- a/pkg/ingress/kube/gateway/istio/conversion.go +++ b/pkg/ingress/kube/gateway/istio/conversion.go @@ -17,11 +17,14 @@ package istio import ( "cmp" "crypto/tls" + "crypto/x509" "fmt" higressconfig "github.com/alibaba/higress/v2/pkg/config" "github.com/alibaba/higress/v2/pkg/ingress/kube/util" + "istio.io/istio/pilot/pkg/credentials" "net" "path" + inferencev1 "sigs.k8s.io/gateway-api-inference-extension/api/v1" "sort" "strconv" "strings" @@ -32,10 +35,8 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" klabels "k8s.io/apimachinery/pkg/labels" - inferencev1alpha2 "sigs.k8s.io/gateway-api-inference-extension/api/v1alpha2" k8s "sigs.k8s.io/gateway-api/apis/v1" k8salpha "sigs.k8s.io/gateway-api/apis/v1alpha2" - gatewayalpha3 "sigs.k8s.io/gateway-api/apis/v1alpha3" k8sbeta "sigs.k8s.io/gateway-api/apis/v1beta1" gatewayx "sigs.k8s.io/gateway-api/apisx/v1alpha1" @@ -342,7 +343,7 @@ func parentTypes(rpi []routeParentReference) (mesh, gateway bool) { gateway = true } } - return + return mesh, gateway } func augmentPortMatch(routes []*istio.HTTPRoute, port k8s.PortNumber) []*istio.HTTPRoute { @@ -1269,7 +1270,7 @@ func createCorsFilter(filter *k8s.HTTPCORSFilter) *istio.CorsPolicy { MatchType: &istio.StringMatch_Exact{Exact: string(r)}, }) } - if filter.AllowCredentials { + if ptr.OrEmpty(filter.AllowCredentials) { res.AllowCredentials = wrappers.Bool(true) } for _, r := range filter.AllowMethods { @@ -2013,11 +2014,13 @@ func extractGatewayServices(domainSuffix string, kgw *k8sbeta.Gateway, info clas func buildListener( ctx krt.HandlerContext, + configMaps krt.Collection[*corev1.ConfigMap], secrets krt.Collection[*corev1.Secret], grants ReferenceGrants, namespaces krt.Collection[*corev1.Namespace], obj controllers.Object, status []k8s.ListenerStatus, + gw k8s.GatewaySpec, l k8s.Listener, listenerIndex int, controllerName k8s.GatewayController, @@ -2044,7 +2047,7 @@ func buildListener( } ok := true - tls, err := buildTLS(ctx, secrets, grants, l.TLS, obj, kube.IsAutoPassthrough(obj.GetLabels(), l)) + tls, err := buildTLS(ctx, configMaps, secrets, grants, resolveGatewayTLS(l.Port, gw.TLS), l.TLS, obj, kube.IsAutoPassthrough(obj.GetLabels(), l)) if err != nil { listenerConditions[string(k8s.ListenerConditionResolvedRefs)].error = err listenerConditions[string(k8s.GatewayConditionProgrammed)].error = &ConfigError{ @@ -2135,11 +2138,27 @@ func listenerProtocolToIstio(name k8s.GatewayController, p k8s.ProtocolType) (st return "", fmt.Errorf("protocol %q is unsupported", p) } +func resolveGatewayTLS(port k8s.PortNumber, gw *k8s.GatewayTLSConfig) *k8s.TLSConfig { + if gw == nil || gw.Frontend == nil { + return nil + } + f := gw.Frontend + pp := slices.FindFunc(f.PerPort, func(portConfig k8s.TLSPortConfig) bool { + return portConfig.Port == port + }) + if pp != nil { + return &pp.TLS + } + return &f.Default +} + func buildTLS( ctx krt.HandlerContext, + configMaps krt.Collection[*corev1.ConfigMap], secrets krt.Collection[*corev1.Secret], grants ReferenceGrants, - tls *k8s.GatewayTLSConfig, + gatewayTLS *k8s.TLSConfig, + tls *k8s.ListenerTLSConfig, gw controllers.Object, isAutoPassthrough bool, ) (*istio.ServerTLSSettings, *ConfigError) { @@ -2216,6 +2235,32 @@ func buildTLS( } else { out.CredentialNames = credNames } + + if gatewayTLS != nil && gatewayTLS.Validation != nil && len(gatewayTLS.Validation.CACertificateRefs) > 0 { + // TODO: add 'Mode' + if len(gatewayTLS.Validation.CACertificateRefs) > 1 { + return out, &ConfigError{ + Reason: InvalidTLS, + Message: "only one caCertificateRef is supported", + } + } + caCertRef := gatewayTLS.Validation.CACertificateRefs[0] + cred, err := buildCaCertificateReference(ctx, caCertRef, gw, configMaps, secrets) + if err != nil { + return out, err + } + if cred.Namespace != namespace && !grants.SecretAllowed(ctx, schematypes.GvkFromObject(gw), cred.ResourceName, namespace) { + return out, &ConfigError{ + Reason: InvalidListenerRefNotPermitted, + Message: fmt.Sprintf( + "caCertificateRef %v/%v not accessible to a Gateway in namespace %q (missing a ReferenceGrant?)", + cred.Namespace, caCertRef.Name, namespace, + ), + } + } + out.Mode = istio.ServerTLSSettings_MUTUAL + //out.CaCertCredentialName = cred.ResourceName + } case k8s.TLSModePassthrough: out.Mode = istio.ServerTLSSettings_PASSTHROUGH if isAutoPassthrough { @@ -2232,7 +2277,7 @@ func buildSecretReference( secrets krt.Collection[*corev1.Secret], ) (string, *ConfigError) { if normalizeReference(ref.Group, ref.Kind, gvk.Secret) != gvk.Secret { - return "", &ConfigError{Reason: InvalidTLS, Message: fmt.Sprintf("invalid certificate reference %v, only secret is allowed", objectReferenceString(ref))} + return "", &ConfigError{Reason: InvalidTLS, Message: fmt.Sprintf("invalid certificate reference %v, only secret is allowed", secretObjectReferenceString(ref))} } secret := model.ConfigKey{ @@ -2246,26 +2291,101 @@ func buildSecretReference( if scrt == nil { return "", &ConfigError{ Reason: InvalidTLS, - Message: fmt.Sprintf("invalid certificate reference %v, secret %v not found", objectReferenceString(ref), key), + Message: fmt.Sprintf("invalid certificate reference %v, secret %v not found", secretObjectReferenceString(ref), key), } } certInfo, err := kubecreds.ExtractCertInfo(scrt) if err != nil { return "", &ConfigError{ Reason: InvalidTLS, - Message: fmt.Sprintf("invalid certificate reference %v, %v", objectReferenceString(ref), err), + Message: fmt.Sprintf("invalid certificate reference %v, %v", secretObjectReferenceString(ref), err), } } if _, err = tls.X509KeyPair(certInfo.Cert, certInfo.Key); err != nil { return "", &ConfigError{ Reason: InvalidTLS, - Message: fmt.Sprintf("invalid certificate reference %v, the certificate is malformed: %v", objectReferenceString(ref), err), + Message: fmt.Sprintf("invalid certificate reference %v, the certificate is malformed: %v", secretObjectReferenceString(ref), err), } } return creds.ToKubernetesGatewayResource(secret.Namespace, secret.Name), nil } -func objectReferenceString(ref k8s.SecretObjectReference) string { +func buildCaCertificateReference( + ctx krt.HandlerContext, + ref k8s.ObjectReference, + gw controllers.Object, + configMaps krt.Collection[*corev1.ConfigMap], + secrets krt.Collection[*corev1.Secret], +) (*creds.SecretResource, *ConfigError) { + var resourceType string + var resourceKind kind.Kind + var certInfo *credentials.CertInfo + var certInfoErr error + + namespace := ptr.OrDefault((*string)(ref.Namespace), gw.GetNamespace()) + name := string(ref.Name) + + switch normalizeReference(&ref.Group, &ref.Kind, config.GroupVersionKind{}) { + case gvk.ConfigMap: + resourceType = creds.KubernetesConfigMapType + resourceKind = kind.ConfigMap + + key := namespace + "/" + name + cm := ptr.Flatten(krt.FetchOne(ctx, configMaps, krt.FilterKey(key))) + if cm == nil { + return nil, &ConfigError{ + Reason: InvalidTLS, + Message: fmt.Sprintf("invalid CA certificate reference %v, configmap %v not found", objectReferenceString(ref), key), + } + } + certInfo, certInfoErr = kubecreds.ExtractRootFromString(cm.Data) + case gvk.Secret: + resourceType = creds.KubernetesGatewaySecretType + resourceKind = kind.Secret + + key := namespace + "/" + name + scrt := ptr.Flatten(krt.FetchOne(ctx, secrets, krt.FilterKey(key))) + if scrt == nil { + return nil, &ConfigError{ + Reason: InvalidTLS, + Message: fmt.Sprintf("invalid CA certificate reference %v, secret %v not found", objectReferenceString(ref), key), + } + } + certInfo, certInfoErr = kubecreds.ExtractRoot(scrt.Data) + default: + return nil, &ConfigError{ + Reason: InvalidTLS, + Message: fmt.Sprintf("invalid CA certificate reference %v, only secret and configmap are allowed", objectReferenceString(ref)), + } + } + if certInfoErr != nil { + return nil, &ConfigError{ + Reason: InvalidTLS, + Message: fmt.Sprintf("invalid CA certificate reference %v, %v", objectReferenceString(ref), certInfoErr), + } + } + if !x509.NewCertPool().AppendCertsFromPEM(certInfo.Cert) { + return nil, &ConfigError{ + Reason: InvalidTLS, + Message: fmt.Sprintf("invalid CA certificate reference %v, the bundle is malformed", objectReferenceString(ref)), + } + } + log.Warnf("buildCaCertificateReference %s://%s/%s%s", resourceType, namespace, ref.Name, creds.SdsCaSuffix) + return &creds.SecretResource{ + ResourceType: resourceType, + ResourceKind: resourceKind, + Name: name + creds.SdsCaSuffix, + Namespace: namespace, + ResourceName: fmt.Sprintf("%s://%s/%s%s", resourceType, namespace, ref.Name, creds.SdsCaSuffix), + Cluster: "", + }, nil +} + +func objectReferenceString(ref k8s.ObjectReference) string { + return fmt.Sprintf("%s/%s/%s.%s", ref.Group, ref.Kind, ref.Name, ptr.OrEmpty(ref.Namespace)) +} + +func secretObjectReferenceString(ref k8s.SecretObjectReference) string { return fmt.Sprintf("%s/%s/%s.%s", ptr.OrEmpty(ref.Group), ptr.OrEmpty(ref.Kind), @@ -2500,11 +2620,11 @@ func GetStatus[I, IS any](spec I) IS { return any(t.Status).(IS) case *gatewayx.XBackendTrafficPolicy: return any(t.Status).(IS) - case *gatewayalpha3.BackendTLSPolicy: + case *k8s.BackendTLSPolicy: return any(t.Status).(IS) case *gatewayx.XListenerSet: return any(t.Status).(IS) - case *inferencev1alpha2.InferencePool: + case *inferencev1.InferencePool: return any(t.Status).(IS) default: log.Fatalf("unknown type %T", t) @@ -2512,6 +2632,20 @@ func GetStatus[I, IS any](spec I) IS { } } +func GetBackendRef[I any](spec I) (config.GroupVersionKind, *k8s.Namespace, k8s.ObjectName) { + switch t := any(spec).(type) { + case k8s.HTTPBackendRef: + return normalizeReference(t.Group, t.Kind, gvk.Service), t.Namespace, t.Name + case k8s.GRPCBackendRef: + return normalizeReference(t.Group, t.Kind, gvk.Service), t.Namespace, t.Name + case k8s.BackendRef: + return normalizeReference(t.Group, t.Kind, gvk.Service), t.Namespace, t.Name + default: + log.Fatalf("unknown GetBackendRef type %T", t) + return config.GroupVersionKind{}, nil, "" + } +} + // Start - Added by Higress // isCatchAll returns true if HTTPMatchRequest is a catchall match otherwise // false. Note - this may not be exactly "catch all" as we don't know the full diff --git a/pkg/ingress/kube/gateway/istio/conversion_test.go b/pkg/ingress/kube/gateway/istio/conversion_test.go index e31449d32..e77e9d446 100644 --- a/pkg/ingress/kube/gateway/istio/conversion_test.go +++ b/pkg/ingress/kube/gateway/istio/conversion_test.go @@ -518,6 +518,33 @@ D2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g== "tls.key": []byte("SGVsbG8gd29ybGQK"), }, }, + &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "malformed", + Namespace: "higress-system", + }, + Data: map[string]string{ + "not-ca.crt": "hello", + }, + }, + &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "malformed-trustbundle", + Namespace: "higress-system", + }, + Data: map[string]string{ + "ca.crt": "hello", + }, + }, + &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-cert-http", + Namespace: "higress-system", + }, + Data: map[string]string{ + "ca.crt": rsaCertPEM, + }, + }, &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: "malformed", @@ -625,7 +652,7 @@ func TestConvertResources(t *testing.T) { }{ {name: "http"}, {name: "tcp"}, - //{name: "tls"}, // TODO: fix this case + {name: "tls"}, {name: "grpc"}, {name: "mismatch"}, {name: "weighted"}, @@ -672,7 +699,14 @@ func TestConvertResources(t *testing.T) { //{name: "waypoint"}, //{name: "isolation"}, {name: "backend-lb-policy"}, - {name: "backend-tls-policy"}, + { + name: "backend-tls-policy", + validationIgnorer: crdvalidation.NewValidationIgnorer( + "default/echo-https", + "default/external-service", + "default/multi-host-service", + ), + }, {name: "mix-backend-policy"}, //{name: "listenerset"}, //{name: "listenerset-cross-namespace"}, @@ -749,7 +783,7 @@ func TestConvertResources(t *testing.T) { goldenFile := fmt.Sprintf("testdata/%s.yaml.golden", tt.name) b := marshalYaml(t, res) - t.Logf("marshaled yaml result : %s", string(b)) + //t.Logf("marshaled yaml result : %s", string(b)) util.CompareContent(t, b, goldenFile) diff --git a/pkg/ingress/kube/gateway/istio/gateway_collection.go b/pkg/ingress/kube/gateway/istio/gateway_collection.go index 25d5806d1..2526f41de 100644 --- a/pkg/ingress/kube/gateway/istio/gateway_collection.go +++ b/pkg/ingress/kube/gateway/istio/gateway_collection.go @@ -16,6 +16,7 @@ package istio import ( "fmt" + "istio.io/api/annotation" "strings" "go.uber.org/atomic" @@ -77,6 +78,7 @@ func ListenerSetCollection( gatewayClasses krt.Collection[GatewayClass], namespaces krt.Collection[*corev1.Namespace], grants ReferenceGrants, + configMaps krt.Collection[*corev1.ConfigMap], secrets krt.Collection[*corev1.Secret], domainSuffix string, gatewayContext krt.RecomputeProtected[*atomic.Pointer[GatewayContext]], @@ -151,7 +153,8 @@ func ListenerSetCollection( l.Port = port standardListener := convertListenerSetToListener(l) originalStatus := slices.Map(status.Listeners, convertListenerSetStatusToStandardStatus) - server, updatedStatus, programmed := buildListener(ctx, secrets, grants, namespaces, obj, originalStatus, standardListener, i, controllerName, portErr) + server, updatedStatus, programmed := buildListener(ctx, configMaps, secrets, grants, namespaces, + obj, originalStatus, parentGwObj.Spec, standardListener, i, controllerName, portErr) status.Listeners = slices.Map(updatedStatus, convertStandardStatusToListenerSetStatus(l)) servers = append(servers, server) @@ -163,6 +166,11 @@ func ListenerSetCollection( meta[constants.InternalGatewaySemantics] = constants.GatewaySemanticsGateway //meta[model.InternalGatewayServiceAnnotation] = strings.Join(gatewayServices, ",") meta[constants.InternalParentNamespace] = parentGwObj.Namespace + serviceAccountName := model.GetOrDefault( + parentGwObj.GetAnnotations()[annotation.GatewayServiceAccount.Name], + getDefaultName(parentGwObj.GetName(), &parentGwObj.Spec, classInfo.disableNameSuffix), + ) + meta[constants.InternalServiceAccount] = serviceAccountName // Start - Updated by Higress var selector map[string]string @@ -233,6 +241,7 @@ func GatewayCollection( gatewayClasses krt.Collection[GatewayClass], namespaces krt.Collection[*corev1.Namespace], grants ReferenceGrants, + configMaps krt.Collection[*corev1.ConfigMap], secrets krt.Collection[*corev1.Secret], domainSuffix string, gatewayContext krt.RecomputeProtected[*atomic.Pointer[GatewayContext]], @@ -284,8 +293,19 @@ func GatewayCollection( } // End - Updated by Higress + // See: https://istio.io/latest/docs/tasks/traffic-management/ingress/gateway-api/#manual-deployment + // If we set and address of type hostname, then we have no idea what service accounts the gateway workloads will use. + // Thus, we don't enforce service account name restrictions (still look at namespaces though). + serviceAccountName := "" + if IsManaged(&obj.Spec) { + serviceAccountName = model.GetOrDefault( + obj.GetAnnotations()[annotation.GatewayServiceAccount.Name], + getDefaultName(obj.GetName(), &kgw, classInfo.disableNameSuffix), + ) + } + for i, l := range kgw.Listeners { - server, updatedStatus, programmed := buildListener(ctx, secrets, grants, namespaces, obj, status.Listeners, l, i, controllerName, nil) + server, updatedStatus, programmed := buildListener(ctx, configMaps, secrets, grants, namespaces, obj, status.Listeners, kgw, l, i, controllerName, nil) status.Listeners = updatedStatus servers = append(servers, server) @@ -296,6 +316,7 @@ func GatewayCollection( } meta := parentMeta(obj, &l.Name) meta[constants.InternalGatewaySemantics] = constants.GatewaySemanticsGateway + meta[constants.InternalServiceAccount] = serviceAccountName // Start - Updated by Higress var selector map[string]string if len(gatewayServices) != 0 { diff --git a/pkg/ingress/kube/gateway/istio/inferencepool_collection.go b/pkg/ingress/kube/gateway/istio/inferencepool_collection.go index db1bc3a81..8fe527d04 100644 --- a/pkg/ingress/kube/gateway/istio/inferencepool_collection.go +++ b/pkg/ingress/kube/gateway/istio/inferencepool_collection.go @@ -23,7 +23,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" - inferencev1alpha2 "sigs.k8s.io/gateway-api-inference-extension/api/v1alpha2" + inferencev1 "sigs.k8s.io/gateway-api-inference-extension/api/v1" gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" gateway "sigs.k8s.io/gateway-api/apis/v1beta1" @@ -63,11 +63,17 @@ func getSupportedControllers() sets.Set[gatewayv1.GatewayController] { } type shadowServiceInfo struct { - key types.NamespacedName - selector map[string]string - poolName string - poolUID types.UID - targetPort int32 + key types.NamespacedName + selector map[string]string + poolName string + poolUID types.UID + // targetPorts is the port number on the pods selected by the selector. + // Currently, inference extension only supports a single target port. + targetPorts []targetPort +} + +type targetPort struct { + port int32 } type extRefInfo struct { @@ -87,19 +93,19 @@ func (i InferencePool) ResourceName() string { } func InferencePoolCollection( - pools krt.Collection[*inferencev1alpha2.InferencePool], + pools krt.Collection[*inferencev1.InferencePool], services krt.Collection[*corev1.Service], httpRoutes krt.Collection[*gateway.HTTPRoute], gateways krt.Collection[*gateway.Gateway], routesByInferencePool krt.Index[string, *gateway.HTTPRoute], c *Controller, opts krt.OptionsBuilder, -) (krt.StatusCollection[*inferencev1alpha2.InferencePool, inferencev1alpha2.InferencePoolStatus], krt.Collection[InferencePool]) { +) (krt.StatusCollection[*inferencev1.InferencePool, inferencev1.InferencePoolStatus], krt.Collection[InferencePool]) { return krt.NewStatusCollection(pools, func( ctx krt.HandlerContext, - pool *inferencev1alpha2.InferencePool, - ) (*inferencev1alpha2.InferencePoolStatus, *InferencePool) { + pool *inferencev1.InferencePool, + ) (*inferencev1.InferencePoolStatus, *InferencePool) { // Fetch HTTPRoutes that reference this InferencePool once and reuse routeList := krt.Fetch(ctx, httpRoutes, krt.FilterIndex(routesByInferencePool, pool.Namespace+"/"+pool.Name)) @@ -107,7 +113,7 @@ func InferencePoolCollection( gatewayParents := findGatewayParents(pool, routeList) // TODO: If no gateway parents, we should not do anything - // note: we stil need to filter out our Status to clean up previous reconciliations + // note: we still need to filter out our Status to clean up previous reconciliations // Create the InferencePool only if there are Gateways connected var inferencePool *InferencePool @@ -124,20 +130,21 @@ func InferencePoolCollection( } // createInferencePoolObject creates the InferencePool object with shadow service and extension ref info -func createInferencePoolObject(pool *inferencev1alpha2.InferencePool, gatewayParents sets.Set[types.NamespacedName]) *InferencePool { +func createInferencePoolObject(pool *inferencev1.InferencePool, gatewayParents sets.Set[types.NamespacedName]) *InferencePool { // Build extension reference info extRef := extRefInfo{ - name: string(pool.Spec.ExtensionRef.Name), + name: string(pool.Spec.EndpointPickerRef.Name), } - if pool.Spec.ExtensionRef.PortNumber != nil { - extRef.port = int32(*pool.Spec.ExtensionRef.PortNumber) - } else { - extRef.port = 9002 // Default port for the inference extension + + if pool.Spec.EndpointPickerRef.Port == nil { + log.Errorf("invalid InferencePool %s/%s; endpointPickerRef port is required", pool.Namespace, pool.Name) + return nil } - if pool.Spec.ExtensionRef.FailureMode != nil { - extRef.failureMode = string(*pool.Spec.ExtensionRef.FailureMode) - } else { - extRef.failureMode = string(inferencev1alpha2.FailClose) + extRef.port = int32(pool.Spec.EndpointPickerRef.Port.Number) + + extRef.failureMode = string(inferencev1.EndpointPickerFailClose) // Default failure mode + if pool.Spec.EndpointPickerRef.FailureMode != inferencev1.EndpointPickerFailClose { + extRef.failureMode = string(pool.Spec.EndpointPickerRef.FailureMode) } svcName, err := InferencePoolServiceName(pool.Name) @@ -151,16 +158,20 @@ func createInferencePoolObject(pool *inferencev1alpha2.InferencePool, gatewayPar Name: svcName, Namespace: pool.GetNamespace(), }, - selector: make(map[string]string, len(pool.Spec.Selector)), - poolName: pool.GetName(), - targetPort: pool.Spec.TargetPortNumber, - poolUID: pool.GetUID(), + selector: make(map[string]string, len(pool.Spec.Selector.MatchLabels)), + poolName: pool.GetName(), + targetPorts: make([]targetPort, 0, len(pool.Spec.TargetPorts)), + poolUID: pool.GetUID(), } - for k, v := range pool.Spec.Selector { + for k, v := range pool.Spec.Selector.MatchLabels { shadowSvcInfo.selector[string(k)] = string(v) } + for _, port := range pool.Spec.TargetPorts { + shadowSvcInfo.targetPorts = append(shadowSvcInfo.targetPorts, targetPort{port: int32(port.Number)}) + } + return &InferencePool{ shadowService: shadowSvcInfo, extRef: extRef, @@ -170,22 +181,22 @@ func createInferencePoolObject(pool *inferencev1alpha2.InferencePool, gatewayPar // calculateInferencePoolStatus calculates the complete status for an InferencePool func calculateInferencePoolStatus( - pool *inferencev1alpha2.InferencePool, + pool *inferencev1.InferencePool, gatewayParents sets.Set[types.NamespacedName], services krt.Collection[*corev1.Service], gateways krt.Collection[*gateway.Gateway], routeList []*gateway.HTTPRoute, -) *inferencev1alpha2.InferencePoolStatus { +) *inferencev1.InferencePoolStatus { // Calculate status for each gateway parent existingParents := pool.Status.DeepCopy().Parents - finalParents := []inferencev1alpha2.PoolStatus{} + finalParents := []inferencev1.ParentStatus{} // Add existing parents from other controllers (not managed by us) for _, existingParent := range existingParents { - gtwName := string(existingParent.GatewayRef.Name) + gtwName := string(existingParent.ParentRef.Name) gtwNamespace := pool.Namespace - if existingParent.GatewayRef.Namespace != nil { - gtwNamespace = string(*existingParent.GatewayRef.Namespace) + if existingParent.ParentRef.Namespace != "" { + gtwNamespace = string(existingParent.ParentRef.Namespace) } parentKey := types.NamespacedName{ Name: gtwName, @@ -208,14 +219,14 @@ func calculateInferencePoolStatus( finalParents = append(finalParents, parentStatus) } - return &inferencev1alpha2.InferencePoolStatus{ + return &inferencev1.InferencePoolStatus{ Parents: finalParents, } } // findGatewayParents finds all Gateway parents that reference this InferencePool through HTTPRoutes func findGatewayParents( - pool *inferencev1alpha2.InferencePool, + pool *inferencev1.InferencePool, routeList []*gateway.HTTPRoute, ) sets.Set[types.NamespacedName] { gatewayParents := sets.New[types.NamespacedName]() @@ -251,7 +262,7 @@ func findGatewayParents( } // routeReferencesInferencePool checks if an HTTPRoute references the given InferencePool -func routeReferencesInferencePool(route *gateway.HTTPRoute, pool *inferencev1alpha2.InferencePool) bool { +func routeReferencesInferencePool(route *gateway.HTTPRoute, pool *inferencev1.InferencePool) bool { for _, rule := range route.Spec.Rules { for _, backendRef := range rule.BackendRefs { if !isInferencePoolBackendRef(backendRef.BackendRef) { @@ -285,17 +296,17 @@ func isInferencePoolBackendRef(backendRef gatewayv1.BackendRef) bool { // calculateSingleParentStatus calculates the status for a single gateway parent func calculateSingleParentStatus( - pool *inferencev1alpha2.InferencePool, + pool *inferencev1.InferencePool, gatewayParent types.NamespacedName, services krt.Collection[*corev1.Service], - existingParents []inferencev1alpha2.PoolStatus, + existingParents []inferencev1.ParentStatus, routeList []*gateway.HTTPRoute, -) inferencev1alpha2.PoolStatus { +) inferencev1.ParentStatus { // Find existing status for this parent to preserve some conditions var existingConditions []metav1.Condition for _, existingParent := range existingParents { - if string(existingParent.GatewayRef.Name) == gatewayParent.Name && - string(ptr.OrEmpty(existingParent.GatewayRef.Namespace)) == gatewayParent.Namespace { + if string(existingParent.ParentRef.Name) == gatewayParent.Name && + string(existingParent.ParentRef.Namespace) == gatewayParent.Namespace { existingConditions = existingParent.Conditions break } @@ -303,8 +314,8 @@ func calculateSingleParentStatus( // Filter to only keep conditions we manage filteredConditions := filterUsedConditions(existingConditions, - inferencev1alpha2.InferencePoolConditionAccepted, - inferencev1alpha2.InferencePoolConditionResolvedRefs) + inferencev1.InferencePoolConditionAccepted, + inferencev1.InferencePoolConditionResolvedRefs) // Calculate Accepted status by checking HTTPRoute parent status acceptedStatus := calculateAcceptedStatus(pool, gatewayParent, routeList) @@ -313,23 +324,23 @@ func calculateSingleParentStatus( resolvedRefsStatus := calculateResolvedRefsStatus(pool, services) // Build the final status - return inferencev1alpha2.PoolStatus{ - GatewayRef: inferencev1alpha2.ParentGatewayReference{ - Group: (*inferencev1alpha2.Group)(&gvk.Gateway.Group), - Kind: (*inferencev1alpha2.Kind)(&gvk.Gateway.Kind), - Namespace: (*inferencev1alpha2.Namespace)(&gatewayParent.Namespace), - Name: inferencev1alpha2.ObjectName(gatewayParent.Name), + return inferencev1.ParentStatus{ + ParentRef: inferencev1.ParentReference{ + Group: (*inferencev1.Group)(&gvk.Gateway.Group), + Kind: inferencev1.Kind(gvk.Gateway.Kind), + Namespace: inferencev1.Namespace(gatewayParent.Namespace), + Name: inferencev1.ObjectName(gatewayParent.Name), }, Conditions: setConditions(pool.Generation, filteredConditions, map[string]*condition{ - string(inferencev1alpha2.InferencePoolConditionAccepted): acceptedStatus, - string(inferencev1alpha2.InferencePoolConditionResolvedRefs): resolvedRefsStatus, + string(inferencev1.InferencePoolConditionAccepted): acceptedStatus, + string(inferencev1.InferencePoolConditionResolvedRefs): resolvedRefsStatus, }), } } // calculateAcceptedStatus determines if the InferencePool is accepted by checking HTTPRoute parent status func calculateAcceptedStatus( - pool *inferencev1alpha2.InferencePool, + pool *inferencev1.InferencePool, gatewayParent types.NamespacedName, routeList []*gateway.HTTPRoute, ) *condition { @@ -359,13 +370,13 @@ func calculateAcceptedStatus( if parentCondition.Type == string(gatewayv1.RouteConditionAccepted) { if parentCondition.Status == metav1.ConditionTrue { return &condition{ - reason: string(inferencev1alpha2.InferencePoolReasonAccepted), + reason: string(inferencev1.InferencePoolReasonAccepted), status: metav1.ConditionTrue, message: "Referenced by an HTTPRoute accepted by the parentRef Gateway", } } return &condition{ - reason: string(inferencev1alpha2.InferencePoolReasonHTTPRouteNotAccepted), + reason: string(inferencev1.InferencePoolReasonHTTPRouteNotAccepted), status: metav1.ConditionFalse, message: fmt.Sprintf("Referenced HTTPRoute %s/%s not accepted by Gateway %s/%s: %s", route.Namespace, route.Name, gatewayParent.Namespace, gatewayParent.Name, parentCondition.Message), @@ -375,7 +386,7 @@ func calculateAcceptedStatus( // If no Accepted condition found, treat as unknown (parent is listed in status) return &condition{ - reason: string(inferencev1alpha2.InferencePoolReasonAccepted), + reason: string(inferencev1.InferencePoolReasonAccepted), status: metav1.ConditionUnknown, message: "Referenced by an HTTPRoute unknown parentRef Gateway status", } @@ -386,7 +397,7 @@ func calculateAcceptedStatus( // If we get here, no HTTPRoute was found that references this InferencePool with this gateway as parent // This shouldn't happen in normal operation since we only call this for known gateway parents return &condition{ - reason: string(inferencev1alpha2.InferencePoolReasonHTTPRouteNotAccepted), + reason: string(inferencev1.InferencePoolReasonHTTPRouteNotAccepted), status: metav1.ConditionFalse, message: fmt.Sprintf("No HTTPRoute found referencing this InferencePool with Gateway %s/%s as parent", gatewayParent.Namespace, gatewayParent.Name), @@ -398,42 +409,51 @@ func calculateAcceptedStatus( // * if the extensionRef is defined // * if the service exists in the same namespace as the InferencePool func calculateResolvedRefsStatus( - pool *inferencev1alpha2.InferencePool, + pool *inferencev1.InferencePool, services krt.Collection[*corev1.Service], ) *condition { - // defaults to service - if pool.Spec.ExtensionRef.Kind != nil && string(*pool.Spec.ExtensionRef.Kind) != gvk.Service.Kind { + // Default Kind to Service if unset + kind := string(pool.Spec.EndpointPickerRef.Kind) + if kind == "" { + kind = gvk.Service.Kind + } + + if kind != gvk.Service.Kind { return &condition{ - reason: string(inferencev1alpha2.InferencePoolReasonInvalidExtensionRef), + reason: string(inferencev1.InferencePoolReasonInvalidExtensionRef), status: metav1.ConditionFalse, - message: "Unsupported ExtensionRef kind " + string(*pool.Spec.ExtensionRef.Kind), + message: "Unsupported ExtensionRef kind " + kind, } } - if string(pool.Spec.ExtensionRef.Name) == "" { + + name := string(pool.Spec.EndpointPickerRef.Name) + if name == "" { return &condition{ - reason: string(inferencev1alpha2.InferencePoolReasonInvalidExtensionRef), + reason: string(inferencev1.InferencePoolReasonInvalidExtensionRef), status: metav1.ConditionFalse, message: "ExtensionRef not defined", } } - svc := ptr.Flatten(services.GetKey(fmt.Sprintf("%s/%s", pool.Namespace, pool.Spec.ExtensionRef.Name))) + + svc := ptr.Flatten(services.GetKey(fmt.Sprintf("%s/%s", pool.Namespace, name))) if svc == nil { return &condition{ - reason: string(inferencev1alpha2.InferencePoolReasonInvalidExtensionRef), + reason: string(inferencev1.InferencePoolReasonInvalidExtensionRef), status: metav1.ConditionFalse, - message: "Referenced ExtensionRef not found " + string(pool.Spec.ExtensionRef.Name), + message: "Referenced ExtensionRef not found " + name, } } + return &condition{ - reason: string(inferencev1alpha2.InferencePoolConditionResolvedRefs), + reason: string(inferencev1.InferencePoolReasonResolvedRefs), status: metav1.ConditionTrue, message: "Referenced ExtensionRef resolved successfully", } } // isDefaultStatusParent checks if this is a default status parent entry -func isDefaultStatusParent(parent inferencev1alpha2.PoolStatus) bool { - return string(ptr.OrEmpty(parent.GatewayRef.Kind)) == "Status" && parent.GatewayRef.Name == "default" +func isDefaultStatusParent(parent inferencev1.ParentStatus) bool { + return string(parent.ParentRef.Kind) == "Status" && parent.ParentRef.Name == "default" } // isOurManagedGateway checks if a Gateway is managed by one of our supported controllers @@ -447,10 +467,10 @@ func isOurManagedGateway(gateways krt.Collection[*gateway.Gateway], namespace, n return ok } -func filterUsedConditions(conditions []metav1.Condition, usedConditions ...inferencev1alpha2.InferencePoolConditionType) []metav1.Condition { +func filterUsedConditions(conditions []metav1.Condition, usedConditions ...inferencev1.InferencePoolConditionType) []metav1.Condition { var result []metav1.Condition for _, condition := range conditions { - if slices.Contains(usedConditions, inferencev1alpha2.InferencePoolConditionType(condition.Type)) { + if slices.Contains(usedConditions, inferencev1.InferencePoolConditionType(condition.Type)) { result = append(result, condition) } } @@ -484,6 +504,18 @@ func InferencePoolServiceName(poolName string) (string, error) { } func translateShadowServiceToService(existingLabels map[string]string, shadow shadowServiceInfo, extRef extRefInfo) *corev1.Service { + // Create the ports used by the shadow service + ports := make([]corev1.ServicePort, 0, len(shadow.targetPorts)) + dummyPort := int32(54321) // Dummy port, not used for anything + for i, port := range shadow.targetPorts { + ports = append(ports, corev1.ServicePort{ + Name: "port" + strconv.Itoa(i), + Protocol: corev1.ProtocolTCP, + Port: dummyPort + int32(i), + TargetPort: intstr.FromInt(int(port.port)), + }) + } + // Create a new service object based on the shadow service info svc := &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ @@ -501,13 +533,7 @@ func translateShadowServiceToService(existingLabels map[string]string, shadow sh Selector: shadow.selector, Type: corev1.ServiceTypeClusterIP, ClusterIP: corev1.ClusterIPNone, // Headless service - Ports: []corev1.ServicePort{ // adding dummy port, not used for anything - { - Protocol: "TCP", - Port: int32(54321), - TargetPort: intstr.FromInt(int(shadow.targetPort)), - }, - }, + Ports: ports, }, } diff --git a/pkg/ingress/kube/gateway/istio/inferencepool_status_test.go b/pkg/ingress/kube/gateway/istio/inferencepool_status_test.go index 3e946a0cf..69f38107f 100644 --- a/pkg/ingress/kube/gateway/istio/inferencepool_status_test.go +++ b/pkg/ingress/kube/gateway/istio/inferencepool_status_test.go @@ -16,7 +16,6 @@ package istio import ( "fmt" - "github.com/alibaba/higress/v2/pkg/config/constants" "strings" "testing" "time" @@ -28,7 +27,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/intstr" "sigs.k8s.io/controller-runtime/pkg/client" - inferencev1alpha2 "sigs.k8s.io/gateway-api-inference-extension/api/v1alpha2" + inferencev1 "sigs.k8s.io/gateway-api-inference-extension/api/v1" gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" gateway "sigs.k8s.io/gateway-api/apis/v1beta1" @@ -40,20 +39,21 @@ import ( ) const ( - HigressController = constants.ManagedGatewayController - DefaultTestNS = "default" - GatewayTestNS = "gateway-ns" - AppTestNS = "app-ns" - EmptyTestNS = "" + IstioController = "higress.io/gateway-controller" + DefaultTestNS = "default" + GatewayTestNS = "gateway-ns" + AppTestNS = "app-ns" + EmptyTestNS = "" + infPoolPending = "Pending" ) func TestInferencePoolStatusReconciliation(t *testing.T) { test.SetForTest(t, &features.EnableGatewayAPIInferenceExtension, true) testCases := []struct { name string - givens []runtime.Object // Objects to create before the test - targetPool *inferencev1alpha2.InferencePool // The InferencePool to check - expectations func(t *testing.T, pool *inferencev1alpha2.InferencePoolStatus) + givens []runtime.Object // Objects to create before the test + targetPool *inferencev1.InferencePool // The InferencePool to check + expectations func(t *testing.T, pool *inferencev1.InferencePoolStatus) }{ // // Positive Test Scenarios @@ -61,21 +61,21 @@ func TestInferencePoolStatusReconciliation(t *testing.T) { { name: "should add gateway parentRef to inferencepool status", givens: []runtime.Object{ - NewGateway("main-gateway", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)), + NewGateway("main-gateway", InNamespace(DefaultTestNS), WithGatewayClass("higress")), NewHTTPRoute("test-route", InNamespace(DefaultTestNS), - WithParentRefAndStatus("main-gateway", DefaultTestNS, HigressController), + WithParentRefAndStatus("main-gateway", DefaultTestNS, IstioController), WithRouteParentCondition(string(gatewayv1.RouteConditionAccepted), metav1.ConditionTrue, "Accepted", "Accepted"), WithBackendRef("test-pool", DefaultTestNS)), }, targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS)), - expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) { + expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) { require.Len(t, status.Parents, 1, "Expected one parent reference") - assert.Equal(t, "main-gateway", string(status.Parents[0].GatewayRef.Name)) - assert.Equal(t, DefaultTestNS, string(*status.Parents[0].GatewayRef.Namespace)) + assert.Equal(t, "main-gateway", string(status.Parents[0].ParentRef.Name)) + assert.Equal(t, DefaultTestNS, string(status.Parents[0].ParentRef.Namespace)) assertConditionContains(t, status.Parents[0].Conditions, metav1.Condition{ - Type: string(inferencev1alpha2.InferencePoolConditionAccepted), + Type: string(inferencev1.InferencePoolConditionAccepted), Status: metav1.ConditionTrue, - Reason: string(inferencev1alpha2.InferencePoolReasonAccepted), + Reason: string(inferencev1.InferencePoolReasonAccepted), Message: "Referenced by an HTTPRoute", }, "Expected condition with Accepted") }, @@ -83,136 +83,136 @@ func TestInferencePoolStatusReconciliation(t *testing.T) { { name: "should add only 1 gateway parentRef to status for multiple routes on different gateways with different controllers", givens: []runtime.Object{ - NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)), + NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass("higress")), NewGateway("gateway-2", InNamespace(DefaultTestNS), WithGatewayClass("other")), NewHTTPRoute("route-1", InNamespace(DefaultTestNS), - WithParentRefAndStatus("gateway-1", DefaultTestNS, HigressController), + WithParentRefAndStatus("gateway-1", DefaultTestNS, IstioController), WithParentRefAndStatus("gateway-2", DefaultTestNS, "other-controller"), WithBackendRef("test-pool", DefaultTestNS)), }, targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS)), - expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) { + expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) { require.Len(t, status.Parents, 1, "Expected one parent reference") - assert.Equal(t, "gateway-1", string(status.Parents[0].GatewayRef.Name)) - assert.Equal(t, DefaultTestNS, string(*status.Parents[0].GatewayRef.Namespace)) + assert.Equal(t, "gateway-1", string(status.Parents[0].ParentRef.Name)) + assert.Equal(t, DefaultTestNS, string(status.Parents[0].ParentRef.Namespace)) }, }, { - name: "should keep the status of the gateway parentRefs from antoher controller", + name: "should keep the status of the gateway parentRefs from another controller", givens: []runtime.Object{ - NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)), + NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass("higress")), NewGateway("gateway-2", InNamespace(DefaultTestNS), WithGatewayClass("other-class")), NewHTTPRoute("route-1", InNamespace(DefaultTestNS), - WithParentRefAndStatus("gateway-1", DefaultTestNS, HigressController), + WithParentRefAndStatus("gateway-1", DefaultTestNS, IstioController), WithBackendRef("test-pool", DefaultTestNS)), NewHTTPRoute("route-2", InNamespace(DefaultTestNS), WithParentRefAndStatus("gateway-2", DefaultTestNS, "other-class"), WithBackendRef("test-pool", DefaultTestNS)), }, targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS), WithParentStatus("gateway-2", DefaultTestNS, WithAcceptedConditions())), - expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) { + expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) { require.Len(t, status.Parents, 2, "Expected two parent references") assert.ElementsMatch(t, []string{"gateway-1", "gateway-2"}, - []string{string(status.Parents[0].GatewayRef.Name), string(status.Parents[1].GatewayRef.Name)}, + []string{string(status.Parents[0].ParentRef.Name), string(status.Parents[1].ParentRef.Name)}, ) }, }, { name: "should add multiple gateway parentRefs to status for multiple routes", givens: []runtime.Object{ - NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)), - NewGateway("gateway-2", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)), + NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass("higress")), + NewGateway("gateway-2", InNamespace(DefaultTestNS), WithGatewayClass("higress")), NewHTTPRoute("route-1", InNamespace(DefaultTestNS), - WithParentRefAndStatus("gateway-1", DefaultTestNS, HigressController), + WithParentRefAndStatus("gateway-1", DefaultTestNS, IstioController), WithBackendRef("test-pool", DefaultTestNS)), NewHTTPRoute("route-2", InNamespace(DefaultTestNS), - WithParentRefAndStatus("gateway-2", DefaultTestNS, HigressController), + WithParentRefAndStatus("gateway-2", DefaultTestNS, IstioController), WithBackendRef("test-pool", DefaultTestNS)), }, targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS)), - expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) { + expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) { require.Len(t, status.Parents, 2, "Expected two parent references") assert.ElementsMatch(t, []string{"gateway-1", "gateway-2"}, - []string{string(status.Parents[0].GatewayRef.Name), string(status.Parents[1].GatewayRef.Name)}, + []string{string(status.Parents[0].ParentRef.Name), string(status.Parents[1].ParentRef.Name)}, ) }, }, { name: "should remove our status from previous reconciliation that is no longer referenced by any HTTPRoute", givens: []runtime.Object{ - NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)), - NewGateway("gateway-2", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)), + NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass("higress")), + NewGateway("gateway-2", InNamespace(DefaultTestNS), WithGatewayClass("higress")), NewHTTPRoute("route-1", InNamespace(DefaultTestNS), - WithParentRefAndStatus("gateway-1", DefaultTestNS, HigressController), + WithParentRefAndStatus("gateway-1", DefaultTestNS, IstioController), WithBackendRef("test-pool", DefaultTestNS)), }, targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS), WithParentStatus("gateway-2", DefaultTestNS, WithAcceptedConditions(), )), - expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) { + expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) { require.Len(t, status.Parents, 1, "Expected one parent reference") - assert.Equal(t, "gateway-1", string(status.Parents[0].GatewayRef.Name)) + assert.Equal(t, "gateway-1", string(status.Parents[0].ParentRef.Name)) }, }, { name: "should update/recreate our status from previous reconciliation", givens: []runtime.Object{ - NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)), + NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass("higress")), NewHTTPRoute("route-1", InNamespace(DefaultTestNS), - WithParentRefAndStatus("gateway-1", DefaultTestNS, HigressController), + WithParentRefAndStatus("gateway-1", DefaultTestNS, IstioController), WithBackendRef("test-pool", DefaultTestNS)), }, targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS), WithParentStatus("gateway-1", DefaultTestNS, WithAcceptedConditions(), )), - expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) { + expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) { require.Len(t, status.Parents, 1, "Expected one parent reference") - assert.Equal(t, "gateway-1", string(status.Parents[0].GatewayRef.Name)) + assert.Equal(t, "gateway-1", string(status.Parents[0].ParentRef.Name)) require.Len(t, status.Parents[0].Conditions, 2, "Expected two conditions") }, }, { name: "should keep others status from previous reconciliation", givens: []runtime.Object{ - NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)), + NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass("higress")), NewGateway("gateway-2", InNamespace(DefaultTestNS), WithGatewayClass("other-class")), NewHTTPRoute("route-1", InNamespace(DefaultTestNS), - WithParentRefAndStatus("gateway-1", DefaultTestNS, HigressController), + WithParentRefAndStatus("gateway-1", DefaultTestNS, IstioController), WithBackendRef("test-pool", DefaultTestNS)), }, targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS), WithParentStatus("gateway-2", DefaultTestNS, WithAcceptedConditions())), - expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) { + expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) { require.Len(t, status.Parents, 2, "Expected two parent references") assert.ElementsMatch(t, []string{"gateway-1", "gateway-2"}, - []string{string(status.Parents[0].GatewayRef.Name), string(status.Parents[1].GatewayRef.Name)}, + []string{string(status.Parents[0].ParentRef.Name), string(status.Parents[1].ParentRef.Name)}, ) }, }, { name: "should remove default parent 'waiting for controller' status", givens: []runtime.Object{ - NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)), + NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass("higress")), NewHTTPRoute("route-1", InNamespace(DefaultTestNS), - WithParentRefAndStatus("gateway-1", DefaultTestNS, HigressController), + WithParentRefAndStatus("gateway-1", DefaultTestNS, IstioController), WithBackendRef("test-pool", DefaultTestNS)), }, targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS), WithParentStatus("default", DefaultTestNS, AsDefaultStatus())), - expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) { + expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) { require.Len(t, status.Parents, 1, "Expected two parent references") - assert.Equal(t, "gateway-1", string(status.Parents[0].GatewayRef.Name)) + assert.Equal(t, "gateway-1", string(status.Parents[0].ParentRef.Name)) }, }, { name: "should remove unknown condition types from controlled parents", givens: []runtime.Object{ - NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)), + NewGateway("gateway-1", InNamespace(DefaultTestNS), WithGatewayClass("higress")), NewHTTPRoute("route-1", InNamespace(DefaultTestNS), - WithParentRefAndStatus("gateway-1", DefaultTestNS, HigressController), + WithParentRefAndStatus("gateway-1", DefaultTestNS, IstioController), WithBackendRef("test-pool", DefaultTestNS)), }, targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS), @@ -220,12 +220,12 @@ func TestInferencePoolStatusReconciliation(t *testing.T) { WithAcceptedConditions(), WithConditions(metav1.ConditionUnknown, "X", "Y", "Dummy"), )), - expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) { + expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) { require.Len(t, status.Parents, 1, "Expected two parent references") - assert.Equal(t, "gateway-1", string(status.Parents[0].GatewayRef.Name)) + assert.Equal(t, "gateway-1", string(status.Parents[0].ParentRef.Name)) require.Len(t, status.Parents[0].Conditions, 2, "Expected two conditions") assert.ElementsMatch(t, - []string{string(inferencev1alpha2.InferencePoolConditionAccepted), string(inferencev1alpha2.InferencePoolConditionResolvedRefs)}, + []string{string(inferencev1.InferencePoolConditionAccepted), string(inferencev1.InferencePoolConditionResolvedRefs)}, []string{status.Parents[0].Conditions[0].Type, status.Parents[0].Conditions[1].Type}, ) }, @@ -233,97 +233,97 @@ func TestInferencePoolStatusReconciliation(t *testing.T) { { name: "should handle cross-namespace gateway references correctly", givens: []runtime.Object{ - NewGateway("main-gateway", InNamespace(GatewayTestNS), WithGatewayClass(constants.DefaultGatewayClass)), + NewGateway("main-gateway", InNamespace(GatewayTestNS), WithGatewayClass("higress")), NewHTTPRoute("test-route", InNamespace(AppTestNS), - WithParentRefAndStatus("main-gateway", GatewayTestNS, HigressController), + WithParentRefAndStatus("main-gateway", GatewayTestNS, IstioController), WithBackendRef("test-pool", AppTestNS)), }, targetPool: NewInferencePool("test-pool", InNamespace(AppTestNS)), - expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) { + expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) { require.Len(t, status.Parents, 1, "Expected one parent reference") - assert.Equal(t, "main-gateway", string(status.Parents[0].GatewayRef.Name)) - assert.Equal(t, GatewayTestNS, string(*status.Parents[0].GatewayRef.Namespace)) + assert.Equal(t, "main-gateway", string(status.Parents[0].ParentRef.Name)) + assert.Equal(t, GatewayTestNS, string(status.Parents[0].ParentRef.Namespace)) }, }, { name: "should handle cross-namespace httproute references correctly", givens: []runtime.Object{ - NewGateway("main-gateway", InNamespace(GatewayTestNS), WithGatewayClass(constants.DefaultGatewayClass)), + NewGateway("main-gateway", InNamespace(GatewayTestNS), WithGatewayClass("higress")), NewHTTPRoute("test-route", InNamespace(AppTestNS), - WithParentRefAndStatus("main-gateway", GatewayTestNS, HigressController), + WithParentRefAndStatus("main-gateway", GatewayTestNS, IstioController), WithBackendRef("test-pool", DefaultTestNS)), }, targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS)), - expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) { + expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) { require.Len(t, status.Parents, 1, "Expected one parent reference") - assert.Equal(t, "main-gateway", string(status.Parents[0].GatewayRef.Name)) - assert.Equal(t, GatewayTestNS, string(*status.Parents[0].GatewayRef.Namespace)) + assert.Equal(t, "main-gateway", string(status.Parents[0].ParentRef.Name)) + assert.Equal(t, GatewayTestNS, string(status.Parents[0].ParentRef.Namespace)) }, }, { name: "should handle HTTPRoute in same namespace (empty)", givens: []runtime.Object{ - NewGateway("main-gateway", InNamespace(GatewayTestNS), WithGatewayClass(constants.DefaultGatewayClass)), + NewGateway("main-gateway", InNamespace(GatewayTestNS), WithGatewayClass("higress")), NewHTTPRoute("test-route", InNamespace(AppTestNS), - WithParentRefAndStatus("main-gateway", GatewayTestNS, HigressController), + WithParentRefAndStatus("main-gateway", GatewayTestNS, IstioController), WithBackendRef("test-pool", EmptyTestNS)), }, targetPool: NewInferencePool("test-pool", InNamespace(AppTestNS)), - expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) { + expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) { require.Len(t, status.Parents, 1, "Expected one parent reference") - assert.Equal(t, "main-gateway", string(status.Parents[0].GatewayRef.Name)) - assert.Equal(t, GatewayTestNS, string(*status.Parents[0].GatewayRef.Namespace)) + assert.Equal(t, "main-gateway", string(status.Parents[0].ParentRef.Name)) + assert.Equal(t, GatewayTestNS, string(status.Parents[0].ParentRef.Namespace)) }, }, { name: "should handle Gateway in same namespace (empty)", givens: []runtime.Object{ - NewGateway("main-gateway", InNamespace(AppTestNS), WithGatewayClass(constants.DefaultGatewayClass)), + NewGateway("main-gateway", InNamespace(AppTestNS), WithGatewayClass("higress")), NewHTTPRoute("test-route", InNamespace(AppTestNS), - WithParentRefAndStatus("main-gateway", EmptyTestNS, HigressController), + WithParentRefAndStatus("main-gateway", EmptyTestNS, IstioController), WithBackendRef("test-pool", AppTestNS)), }, targetPool: NewInferencePool("test-pool", InNamespace(AppTestNS)), - expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) { + expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) { require.Len(t, status.Parents, 1, "Expected one parent reference") - assert.Equal(t, "main-gateway", string(status.Parents[0].GatewayRef.Name)) - assert.Equal(t, AppTestNS, string(*status.Parents[0].GatewayRef.Namespace)) + assert.Equal(t, "main-gateway", string(status.Parents[0].ParentRef.Name)) + assert.Equal(t, AppTestNS, string(status.Parents[0].ParentRef.Namespace)) }, }, { name: "should add only one parentRef for multiple routes on same gateway", givens: []runtime.Object{ - NewGateway("main-gateway", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)), + NewGateway("main-gateway", InNamespace(DefaultTestNS), WithGatewayClass("higress")), NewHTTPRoute("route-a", InNamespace(DefaultTestNS), - WithParentRefAndStatus("main-gateway", DefaultTestNS, HigressController), + WithParentRefAndStatus("main-gateway", DefaultTestNS, IstioController), WithBackendRef("test-pool", DefaultTestNS)), NewHTTPRoute("route-b", InNamespace(DefaultTestNS), - WithParentRefAndStatus("main-gateway", DefaultTestNS, HigressController), + WithParentRefAndStatus("main-gateway", DefaultTestNS, IstioController), WithBackendRef("test-pool", DefaultTestNS)), }, targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS)), - expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) { + expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) { require.Len(t, status.Parents, 1, "Expected only one parent reference for the same gateway") - assert.Equal(t, "main-gateway", string(status.Parents[0].GatewayRef.Name)) + assert.Equal(t, "main-gateway", string(status.Parents[0].ParentRef.Name)) }, }, { name: "should report ResolvedRef true when ExtensioNRef found", givens: []runtime.Object{ NewService("test-epp", InNamespace(DefaultTestNS)), - NewGateway("main-gateway", InNamespace(GatewayTestNS), WithGatewayClass(constants.DefaultGatewayClass)), + NewGateway("main-gateway", InNamespace(GatewayTestNS), WithGatewayClass("higress")), NewHTTPRoute("test-route", InNamespace(DefaultTestNS), - WithParentRefAndStatus("main-gateway", DefaultTestNS, HigressController), + WithParentRefAndStatus("main-gateway", DefaultTestNS, IstioController), WithBackendRef("test-pool", DefaultTestNS)), }, targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS), WithExtensionRef("Service", "test-epp")), - expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) { + expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) { require.Len(t, status.Parents, 1, "Expected one parent reference") require.Len(t, status.Parents[0].Conditions, 2, "Expected two condition") assertConditionContains(t, status.Parents[0].Conditions, metav1.Condition{ - Type: string(inferencev1alpha2.InferencePoolConditionResolvedRefs), + Type: string(inferencev1.InferencePoolConditionResolvedRefs), Status: metav1.ConditionTrue, - Reason: string(inferencev1alpha2.InferencePoolReasonResolvedRefs), + Reason: string(inferencev1.InferencePoolReasonResolvedRefs), Message: "Referenced ExtensionRef resolved", }, "Expected condition with InvalidExtensionRef") }, @@ -331,21 +331,21 @@ func TestInferencePoolStatusReconciliation(t *testing.T) { { name: "should report HTTPRoute not accepted when parent gateway rejects HTTPRoute", givens: []runtime.Object{ - NewGateway("main-gateway", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)), + NewGateway("main-gateway", InNamespace(DefaultTestNS), WithGatewayClass("higress")), NewHTTPRoute("test-route", InNamespace(DefaultTestNS), - WithParentRefAndStatus("main-gateway", DefaultTestNS, HigressController), + WithParentRefAndStatus("main-gateway", DefaultTestNS, IstioController), WithRouteParentCondition(string(gatewayv1.RouteConditionAccepted), metav1.ConditionFalse, "GatewayNotReady", "Gateway not ready"), WithBackendRef("test-pool", DefaultTestNS)), }, targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS)), - expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) { + expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) { require.Len(t, status.Parents, 1, "Expected one parent reference") - assert.Equal(t, "main-gateway", string(status.Parents[0].GatewayRef.Name)) - assert.Equal(t, DefaultTestNS, string(*status.Parents[0].GatewayRef.Namespace)) + assert.Equal(t, "main-gateway", string(status.Parents[0].ParentRef.Name)) + assert.Equal(t, DefaultTestNS, string(status.Parents[0].ParentRef.Namespace)) assertConditionContains(t, status.Parents[0].Conditions, metav1.Condition{ - Type: string(inferencev1alpha2.InferencePoolConditionAccepted), + Type: string(inferencev1.InferencePoolConditionAccepted), Status: metav1.ConditionFalse, - Reason: string(inferencev1alpha2.InferencePoolReasonHTTPRouteNotAccepted), + Reason: string(inferencev1.InferencePoolReasonHTTPRouteNotAccepted), Message: "Referenced HTTPRoute default/test-route not accepted by Gateway default/main-gateway", }, "Expected condition with HTTPRouteNotAccepted") }, @@ -353,21 +353,21 @@ func TestInferencePoolStatusReconciliation(t *testing.T) { { name: "should report unknown status when HTTPRoute parent status has no Accepted condition", givens: []runtime.Object{ - NewGateway("main-gateway", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)), + NewGateway("main-gateway", InNamespace(DefaultTestNS), WithGatewayClass("higress")), NewHTTPRoute("test-route", InNamespace(DefaultTestNS), - WithParentRefAndStatus("main-gateway", DefaultTestNS, HigressController), + WithParentRefAndStatus("main-gateway", DefaultTestNS, IstioController), // Note: No WithRouteParentCondition for Accepted - parent is listed but has no conditions WithBackendRef("test-pool", DefaultTestNS)), }, targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS)), - expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) { + expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) { require.Len(t, status.Parents, 1, "Expected one parent reference") - assert.Equal(t, "main-gateway", string(status.Parents[0].GatewayRef.Name)) - assert.Equal(t, DefaultTestNS, string(*status.Parents[0].GatewayRef.Namespace)) + assert.Equal(t, "main-gateway", string(status.Parents[0].ParentRef.Name)) + assert.Equal(t, DefaultTestNS, string(status.Parents[0].ParentRef.Namespace)) assertConditionContains(t, status.Parents[0].Conditions, metav1.Condition{ - Type: string(inferencev1alpha2.InferencePoolConditionAccepted), + Type: string(inferencev1.InferencePoolConditionAccepted), Status: metav1.ConditionUnknown, - Reason: string(inferencev1alpha2.InferencePoolReasonAccepted), + Reason: string(inferencev1.InferencePoolReasonAccepted), Message: "Referenced by an HTTPRoute unknown parentRef Gateway status", }, "Expected condition with ConditionUnknown") }, @@ -385,19 +385,19 @@ func TestInferencePoolStatusReconciliation(t *testing.T) { WithBackendRef("test-pool", DefaultTestNS)), }, targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS)), - expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) { + expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) { assert.Empty(t, status.Parents, "ParentRefs should be empty") }, }, { name: "should not add parentRef if httproute has no backendref", givens: []runtime.Object{ - NewGateway("main-gateway", InNamespace(DefaultTestNS), WithGatewayClass(constants.DefaultGatewayClass)), + NewGateway("main-gateway", InNamespace(DefaultTestNS), WithGatewayClass("higress")), NewHTTPRoute("test-route", InNamespace(DefaultTestNS), - WithParentRefAndStatus("main-gateway", DefaultTestNS, HigressController)), // No BackendRef + WithParentRefAndStatus("main-gateway", DefaultTestNS, IstioController)), // No BackendRef }, targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS)), - expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) { + expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) { assert.Empty(t, status.Parents, "ParentRefs should be empty") }, }, @@ -408,26 +408,26 @@ func TestInferencePoolStatusReconciliation(t *testing.T) { WithBackendRef("test-pool", DefaultTestNS)), // No ParentRef }, targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS)), - expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) { + expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) { assert.Empty(t, status.Parents, "ParentRefs should be empty") }, }, { name: "should report ExtensionRef not found if no matching service found", givens: []runtime.Object{ - NewGateway("main-gateway", InNamespace(GatewayTestNS), WithGatewayClass(constants.DefaultGatewayClass)), + NewGateway("main-gateway", InNamespace(GatewayTestNS), WithGatewayClass("higress")), NewHTTPRoute("test-route", InNamespace(DefaultTestNS), - WithParentRefAndStatus("main-gateway", DefaultTestNS, HigressController), + WithParentRefAndStatus("main-gateway", DefaultTestNS, IstioController), WithBackendRef("test-pool", DefaultTestNS)), }, targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS)), - expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) { + expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) { require.Len(t, status.Parents, 1, "Expected one parent reference") require.Len(t, status.Parents[0].Conditions, 2, "Expected two condition") assertConditionContains(t, status.Parents[0].Conditions, metav1.Condition{ - Type: string(inferencev1alpha2.InferencePoolConditionResolvedRefs), + Type: string(inferencev1.InferencePoolConditionResolvedRefs), Status: metav1.ConditionFalse, - Reason: string(inferencev1alpha2.InferencePoolReasonInvalidExtensionRef), + Reason: string(inferencev1.InferencePoolReasonInvalidExtensionRef), Message: "Referenced ExtensionRef not found", }, "Expected condition with InvalidExtensionRef") }, @@ -435,19 +435,19 @@ func TestInferencePoolStatusReconciliation(t *testing.T) { { name: "should report unsupported ExtensionRef if kind is not service", givens: []runtime.Object{ - NewGateway("main-gateway", InNamespace(GatewayTestNS), WithGatewayClass(constants.DefaultGatewayClass)), + NewGateway("main-gateway", InNamespace(GatewayTestNS), WithGatewayClass("higress")), NewHTTPRoute("test-route", InNamespace(DefaultTestNS), - WithParentRefAndStatus("main-gateway", DefaultTestNS, HigressController), + WithParentRefAndStatus("main-gateway", DefaultTestNS, IstioController), WithBackendRef("test-pool", DefaultTestNS)), }, targetPool: NewInferencePool("test-pool", InNamespace(DefaultTestNS), WithExtensionRef("Gateway", "main-gateway")), - expectations: func(t *testing.T, status *inferencev1alpha2.InferencePoolStatus) { + expectations: func(t *testing.T, status *inferencev1.InferencePoolStatus) { require.Len(t, status.Parents, 1, "Expected one parent reference") require.Len(t, status.Parents[0].Conditions, 2, "Expected two condition") assertConditionContains(t, status.Parents[0].Conditions, metav1.Condition{ - Type: string(inferencev1alpha2.InferencePoolConditionResolvedRefs), + Type: string(inferencev1.InferencePoolConditionResolvedRefs), Status: metav1.ConditionFalse, - Reason: string(inferencev1alpha2.InferencePoolReasonInvalidExtensionRef), + Reason: string(inferencev1.InferencePoolReasonInvalidExtensionRef), Message: "Unsupported ExtensionRef kind", }, "Expected condition with InvalidExtensionRef") }, @@ -472,10 +472,10 @@ func TestInferencePoolStatusReconciliation(t *testing.T) { dumpOnFailure(t, krt.GlobalDebugHandler) - getInferencePoolStatus := func() *inferencev1alpha2.InferencePoolStatus { + getInferencePoolStatus := func() *inferencev1.InferencePoolStatus { statuses := sq.Statuses() for _, status := range statuses { - if pool, ok := status.(*inferencev1alpha2.InferencePoolStatus); ok { + if pool, ok := status.(*inferencev1.InferencePoolStatus); ok { return pool } } @@ -511,7 +511,7 @@ func assertConditionContains(t *testing.T, conditions []metav1.Condition, expect // Option is a function that mutates an object. type Option func(client.Object) -type ParentOption func(*inferencev1alpha2.PoolStatus) +type ParentOption func(*inferencev1.ParentStatus) // --- Helper functions to mutate objects --- @@ -635,15 +635,15 @@ func WithBackendRef(name, namespace string) Option { func WithParentStatus(gatewayName, namespace string, opt ...ParentOption) Option { return func(obj client.Object) { - ip, ok := obj.(*inferencev1alpha2.InferencePool) + ip, ok := obj.(*inferencev1.InferencePool) if ok { if ip.Status.Parents == nil { - ip.Status.Parents = []inferencev1alpha2.PoolStatus{} + ip.Status.Parents = []inferencev1.ParentStatus{} } - poolStatus := inferencev1alpha2.PoolStatus{ - GatewayRef: inferencev1alpha2.ParentGatewayReference{ - Name: inferencev1alpha2.ObjectName(gatewayName), - Namespace: (*inferencev1alpha2.Namespace)(&namespace), + poolStatus := inferencev1.ParentStatus{ + ParentRef: inferencev1.ParentReference{ + Name: inferencev1.ObjectName(gatewayName), + Namespace: inferencev1.Namespace(namespace), }, } for _, opt := range opt { @@ -655,22 +655,22 @@ func WithParentStatus(gatewayName, namespace string, opt ...ParentOption) Option } func AsDefaultStatus() ParentOption { - return func(parentStatusRef *inferencev1alpha2.PoolStatus) { + return func(parentStatusRef *inferencev1.ParentStatus) { dName := "default" dKind := "Status" - parentStatusRef.GatewayRef.Name = inferencev1alpha2.ObjectName(dName) - parentStatusRef.GatewayRef.Kind = (*inferencev1alpha2.Kind)(&dKind) + parentStatusRef.ParentRef.Name = inferencev1.ObjectName(dName) + parentStatusRef.ParentRef.Kind = inferencev1.Kind(dKind) WithConditions( metav1.ConditionUnknown, - string(inferencev1alpha2.InferencePoolConditionAccepted), - string(inferencev1alpha2.InferencePoolReasonPending), + string(inferencev1.InferencePoolConditionAccepted), + infPoolPending, "Waiting for controller", ) } } func WithConditions(status metav1.ConditionStatus, conType, reason, message string) ParentOption { - return func(parentStatusRef *inferencev1alpha2.PoolStatus) { + return func(parentStatusRef *inferencev1.ParentStatus) { if parentStatusRef.Conditions == nil { parentStatusRef.Conditions = []metav1.Condition{} } @@ -688,17 +688,17 @@ func WithConditions(status metav1.ConditionStatus, conType, reason, message stri } func WithAcceptedConditions() ParentOption { - return func(parentStatusRef *inferencev1alpha2.PoolStatus) { + return func(parentStatusRef *inferencev1.ParentStatus) { WithConditions( metav1.ConditionTrue, - string(inferencev1alpha2.InferencePoolConditionAccepted), - string(inferencev1alpha2.InferencePoolReasonAccepted), + string(inferencev1.InferencePoolConditionAccepted), + string(inferencev1.InferencePoolReasonAccepted), "Accepted by the parentRef Gateway", )(parentStatusRef) WithConditions( metav1.ConditionTrue, - string(inferencev1alpha2.InferencePoolConditionResolvedRefs), - string(inferencev1alpha2.InferencePoolReasonResolvedRefs), + string(inferencev1.InferencePoolConditionResolvedRefs), + string(inferencev1.InferencePoolReasonResolvedRefs), "Resolved ExtensionRef", )(parentStatusRef) } @@ -706,14 +706,12 @@ func WithAcceptedConditions() ParentOption { func WithExtensionRef(kind, name string) Option { return func(obj client.Object) { - ip, ok := obj.(*inferencev1alpha2.InferencePool) + ip, ok := obj.(*inferencev1.InferencePool) if ok { - typedKind := inferencev1alpha2.Kind(kind) - ip.Spec.EndpointPickerConfig.ExtensionRef = &inferencev1alpha2.Extension{ - ExtensionReference: inferencev1alpha2.ExtensionReference{ - Name: inferencev1alpha2.ObjectName(name), - Kind: &typedKind, - }, + typedKind := inferencev1.Kind(kind) + ip.Spec.EndpointPickerRef = inferencev1.EndpointPickerRef{ + Name: inferencev1.ObjectName(name), + Kind: typedKind, } } } @@ -728,7 +726,7 @@ func NewGateway(name string, opts ...Option) *gateway.Gateway { Namespace: DefaultTestNS, }, Spec: gateway.GatewaySpec{ - GatewayClassName: "istio", + GatewayClassName: "higress", }, } for _, opt := range opts { @@ -750,23 +748,21 @@ func NewHTTPRoute(name string, opts ...Option) *gateway.HTTPRoute { return hr } -func NewInferencePool(name string, opts ...Option) *inferencev1alpha2.InferencePool { - ip := &inferencev1alpha2.InferencePool{ +func NewInferencePool(name string, opts ...Option) *inferencev1.InferencePool { + ip := &inferencev1.InferencePool{ ObjectMeta: metav1.ObjectMeta{ Name: name, Namespace: DefaultTestNS, }, - Spec: inferencev1alpha2.InferencePoolSpec{ - Selector: map[inferencev1alpha2.LabelKey]inferencev1alpha2.LabelValue{ - "app": "test", - }, - EndpointPickerConfig: inferencev1alpha2.EndpointPickerConfig{ - ExtensionRef: &inferencev1alpha2.Extension{ - ExtensionReference: inferencev1alpha2.ExtensionReference{ - Name: "endpoint-picker", - }, + Spec: inferencev1.InferencePoolSpec{ + Selector: inferencev1.LabelSelector{ + MatchLabels: map[inferencev1.LabelKey]inferencev1.LabelValue{ + "app": "test", }, }, + EndpointPickerRef: inferencev1.EndpointPickerRef{ + Name: "endpoint-picker", + }, }, } for _, opt := range opts { diff --git a/pkg/ingress/kube/gateway/istio/inferencepool_test.go b/pkg/ingress/kube/gateway/istio/inferencepool_test.go index 1bd664c19..b867a8a0f 100644 --- a/pkg/ingress/kube/gateway/istio/inferencepool_test.go +++ b/pkg/ingress/kube/gateway/istio/inferencepool_test.go @@ -19,45 +19,46 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - inferencev1alpha2 "sigs.k8s.io/gateway-api-inference-extension/api/v1alpha2" + inferencev1 "sigs.k8s.io/gateway-api-inference-extension/api/v1" - higressconstants "github.com/alibaba/higress/v2/pkg/config/constants" "istio.io/istio/pilot/pkg/features" "istio.io/istio/pkg/config/constants" "istio.io/istio/pkg/kube/krt" - "istio.io/istio/pkg/ptr" "istio.io/istio/pkg/test" "istio.io/istio/pkg/test/util/assert" ) func TestReconcileInferencePool(t *testing.T) { test.SetForTest(t, &features.EnableGatewayAPIInferenceExtension, true) - pool := &inferencev1alpha2.InferencePool{ + pool := &inferencev1.InferencePool{ ObjectMeta: metav1.ObjectMeta{ Name: "test-pool", Namespace: "default", }, - Spec: inferencev1alpha2.InferencePoolSpec{ - TargetPortNumber: 8080, - Selector: map[inferencev1alpha2.LabelKey]inferencev1alpha2.LabelValue{ - "app": "test", + Spec: inferencev1.InferencePoolSpec{ + TargetPorts: []inferencev1.Port{ + { + Number: inferencev1.PortNumber(8080), + }, }, - EndpointPickerConfig: inferencev1alpha2.EndpointPickerConfig{ - ExtensionRef: &inferencev1alpha2.Extension{ - ExtensionReference: inferencev1alpha2.ExtensionReference{ - Name: "dummy", - // Kind: &inferencev1alpha2.Kind(), - PortNumber: ptr.Of(inferencev1alpha2.PortNumber(5421)), - }, + Selector: inferencev1.LabelSelector{ + MatchLabels: map[inferencev1.LabelKey]inferencev1.LabelValue{ + "app": "test", + }, + }, + EndpointPickerRef: inferencev1.EndpointPickerRef{ + Name: "dummy", + Port: &inferencev1.Port{ + Number: inferencev1.PortNumber(5421), }, }, }, } controller := setupController(t, &corev1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: "default"}}, - NewGateway("test-gw", InNamespace(DefaultTestNS), WithGatewayClass(higressconstants.DefaultGatewayClass)), + NewGateway("test-gw", InNamespace(DefaultTestNS), WithGatewayClass("istio")), NewHTTPRoute("test-route", InNamespace(DefaultTestNS), - WithParentRefAndStatus("test-gw", DefaultTestNS, HigressController), + WithParentRefAndStatus("test-gw", DefaultTestNS, IstioController), WithBackendRef("test-pool", DefaultTestNS), ), pool, @@ -82,4 +83,5 @@ func TestReconcileInferencePool(t *testing.T) { assert.Equal(t, service.ObjectMeta.Labels[InferencePoolRefLabel], pool.Name) assert.Equal(t, service.OwnerReferences[0].Name, pool.Name) assert.Equal(t, service.Spec.Ports[0].TargetPort.IntVal, int32(8080)) + assert.Equal(t, service.Spec.Ports[0].Port, int32(54321)) // dummyPort + i } diff --git a/pkg/ingress/kube/gateway/istio/references.go b/pkg/ingress/kube/gateway/istio/references.go index 6f047561c..88578ba34 100644 --- a/pkg/ingress/kube/gateway/istio/references.go +++ b/pkg/ingress/kube/gateway/istio/references.go @@ -19,7 +19,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayalpha "sigs.k8s.io/gateway-api/apis/v1alpha2" + gatewayx "sigs.k8s.io/gateway-api/apisx/v1alpha1" "istio.io/istio/pkg/config" schematypes "istio.io/istio/pkg/config/schema/kubetypes" @@ -32,7 +32,11 @@ type ReferenceSet struct { erasedCollections map[config.GroupVersionKind]func(name, namespace string) (any, bool) } -func (s ReferenceSet) LocalPolicyTargetRef(ref gatewayalpha.LocalPolicyTargetReference, localNamespace string) (any, error) { +func (s ReferenceSet) LocalPolicyTargetRef(ref gatewayv1.LocalPolicyTargetReference, localNamespace string) (any, error) { + return s.internal(string(ref.Name), string(ref.Group), string(ref.Kind), localNamespace) +} + +func (s ReferenceSet) XLocalPolicyTargetRef(ref gatewayx.LocalPolicyTargetReference, localNamespace string) (any, error) { return s.internal(string(ref.Name), string(ref.Group), string(ref.Kind), localNamespace) } diff --git a/pkg/ingress/kube/gateway/istio/references_collection.go b/pkg/ingress/kube/gateway/istio/references_collection.go index 6a30e4629..08855b4c0 100644 --- a/pkg/ingress/kube/gateway/istio/references_collection.go +++ b/pkg/ingress/kube/gateway/istio/references_collection.go @@ -22,6 +22,7 @@ import ( creds "istio.io/istio/pilot/pkg/model/credentials" "istio.io/istio/pkg/config" + "istio.io/istio/pkg/config/schema/collections" "istio.io/istio/pkg/config/schema/gvk" "istio.io/istio/pkg/kube/krt" ) @@ -72,7 +73,7 @@ func ReferenceGrantsCollection(referenceGrants krt.Collection[*gateway.Reference ref := normalizeReference(&to.Group, &to.Kind, config.GroupVersionKind{}) switch ref { - case gvk.Secret, gvk.Service, gvk.InferencePool: + case gvk.ConfigMap, gvk.Secret, gvk.Service, gvk.InferencePool: toKey.Kind = ref default: continue @@ -127,8 +128,13 @@ func (refs ReferenceGrants) SecretAllowed(ctx krt.HandlerContext, kind config.Gr log.Warnf("failed to parse resource name %q: %v", resourceName, err) return false } + resourceKind := config.GroupVersionKind{Kind: p.ResourceKind.String()} + resourceSchema, resourceSchemaFound := collections.All.FindByGroupKind(resourceKind) + if resourceSchemaFound { + resourceKind = resourceSchema.GroupVersionKind() + } from := Reference{Kind: kind, Namespace: gateway.Namespace(namespace)} - to := Reference{Kind: gvk.Secret, Namespace: gateway.Namespace(p.Namespace)} + to := Reference{Kind: resourceKind, Namespace: gateway.Namespace(p.Namespace)} pair := ReferencePair{From: from, To: to} grants := krt.FetchOrList(ctx, refs.collection, krt.FilterIndex(refs.index, pair)) for _, g := range grants { diff --git a/pkg/ingress/kube/gateway/istio/route_collections.go b/pkg/ingress/kube/gateway/istio/route_collections.go index eb2471fc9..957e877af 100644 --- a/pkg/ingress/kube/gateway/istio/route_collections.go +++ b/pkg/ingress/kube/gateway/istio/route_collections.go @@ -22,7 +22,7 @@ import ( "go.uber.org/atomic" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" - inferencev1alpha2 "sigs.k8s.io/gateway-api-inference-extension/api/v1alpha2" + inferencev1 "sigs.k8s.io/gateway-api-inference-extension/api/v1" gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" gatewayalpha "sigs.k8s.io/gateway-api/apis/v1alpha2" gateway "sigs.k8s.io/gateway-api/apis/v1beta1" @@ -38,14 +38,33 @@ import ( "istio.io/istio/pkg/kube/krt" "istio.io/istio/pkg/ptr" "istio.io/istio/pkg/slices" + "istio.io/istio/pkg/util/sets" ) +type AncestorBackend struct { + Gateway types.NamespacedName + Backend TypedNamespacedName +} + +func (a AncestorBackend) Equals(other AncestorBackend) bool { + return a.Gateway == other.Gateway && a.Backend == other.Backend +} + +func (a AncestorBackend) ResourceName() string { + return a.Gateway.String() + "/" + a.Backend.String() +} + func HTTPRouteCollection( httpRoutes krt.Collection[*gateway.HTTPRoute], inputs RouteContextInputs, opts krt.OptionsBuilder, ) RouteResult[*gateway.HTTPRoute, gateway.HTTPRouteStatus] { routeCount := gatewayRouteAttachmentCountCollection(inputs, httpRoutes, gvk.HTTPRoute, opts) + ancestorBackends := krt.NewManyCollection(httpRoutes, func(krtctx krt.HandlerContext, obj *gateway.HTTPRoute) []AncestorBackend { + return extractAncestorBackends(obj.Namespace, obj.Spec.ParentRefs, obj.Spec.Rules, func(r gateway.HTTPRouteRule) []gateway.HTTPBackendRef { + return r.BackendRefs + }) + }, opts.WithName("HTTPAncestors")...) status, baseVirtualServices := krt.NewStatusManyCollection(httpRoutes, func(krtctx krt.HandlerContext, obj *gateway.HTTPRoute) ( *gateway.HTTPRouteStatus, []RouteWithKey, @@ -145,7 +164,7 @@ func HTTPRouteCollection( currentRouteInferenceConfigs[httpRule.Name] = kube.InferencePoolRouteRuleConfig{ FQDN: ipCfg.endpointPickerDst, Port: ipCfg.endpointPickerPort, - FailureModeAllow: ipCfg.endpointPickerFailureMode == string(inferencev1alpha2.FailOpen), + FailureModeAllow: ipCfg.endpointPickerFailureMode == string(inferencev1.EndpointPickerFailOpen), } } } @@ -184,9 +203,54 @@ func HTTPRouteCollection( VirtualServices: finalVirtualServices, RouteAttachments: routeCount, Status: status, + Ancestors: ancestorBackends, } } +func extractAncestorBackends[RT, BT any](ns string, prefs []gateway.ParentReference, rules []RT, extract func(RT) []BT) []AncestorBackend { + gateways := sets.Set[types.NamespacedName]{} + for _, r := range prefs { + ref := normalizeReference(r.Group, r.Kind, gvk.KubernetesGateway) + if ref != gvk.KubernetesGateway { + continue + } + gateways.Insert(types.NamespacedName{ + Namespace: defaultString(r.Namespace, ns), + Name: string(r.Name), + }) + } + backends := sets.Set[TypedNamespacedName]{} + for _, r := range rules { + for _, b := range extract(r) { + ref, refNs, refName := GetBackendRef(b) + k, ok := gvk.ToKind(ref) + if !ok { + continue + } + be := TypedNamespacedName{ + NamespacedName: types.NamespacedName{ + Namespace: defaultString(refNs, ns), + Name: string(refName), + }, + Kind: k, + } + backends.Insert(be) + } + } + gtw := slices.SortBy(gateways.UnsortedList(), types.NamespacedName.String) + bes := slices.SortBy(backends.UnsortedList(), TypedNamespacedName.String) + res := make([]AncestorBackend, 0, len(gtw)*len(bes)) + for _, gw := range gtw { + for _, be := range bes { + res = append(res, AncestorBackend{ + Gateway: gw, + Backend: be, + }) + } + } + return res +} + type conversionResult[O any] struct { error *ConfigError routes []O @@ -198,6 +262,11 @@ func GRPCRouteCollection( opts krt.OptionsBuilder, ) RouteResult[*gatewayv1.GRPCRoute, gatewayv1.GRPCRouteStatus] { routeCount := gatewayRouteAttachmentCountCollection(inputs, grpcRoutes, gvk.GRPCRoute, opts) + ancestorBackends := krt.NewManyCollection(grpcRoutes, func(krtctx krt.HandlerContext, obj *gatewayv1.GRPCRoute) []AncestorBackend { + return extractAncestorBackends(obj.Namespace, obj.Spec.ParentRefs, obj.Spec.Rules, func(r gatewayv1.GRPCRouteRule) []gatewayv1.GRPCBackendRef { + return r.BackendRefs + }) + }, opts.WithName("GRPCAncestors")...) status, baseVirtualServices := krt.NewStatusManyCollection(grpcRoutes, func(krtctx krt.HandlerContext, obj *gatewayv1.GRPCRoute) ( *gatewayv1.GRPCRouteStatus, []RouteWithKey, @@ -288,7 +357,7 @@ func GRPCRouteCollection( currentRouteInferenceConfigs[httpRule.Name] = kube.InferencePoolRouteRuleConfig{ FQDN: ipCfg.endpointPickerDst, Port: ipCfg.endpointPickerPort, - FailureModeAllow: ipCfg.endpointPickerFailureMode == string(inferencev1alpha2.FailOpen), + FailureModeAllow: ipCfg.endpointPickerFailureMode == string(inferencev1.EndpointPickerFailOpen), } } } @@ -327,6 +396,7 @@ func GRPCRouteCollection( VirtualServices: finalVirtualServices, RouteAttachments: routeCount, Status: status, + Ancestors: ancestorBackends, } } @@ -336,6 +406,11 @@ func TCPRouteCollection( opts krt.OptionsBuilder, ) RouteResult[*gatewayalpha.TCPRoute, gatewayalpha.TCPRouteStatus] { routeCount := gatewayRouteAttachmentCountCollection(inputs, tcpRoutes, gvk.TCPRoute, opts) + ancestorBackends := krt.NewManyCollection(tcpRoutes, func(krtctx krt.HandlerContext, obj *gatewayalpha.TCPRoute) []AncestorBackend { + return extractAncestorBackends(obj.Namespace, obj.Spec.ParentRefs, obj.Spec.Rules, func(r gatewayalpha.TCPRouteRule) []gateway.BackendRef { + return r.BackendRefs + }) + }, opts.WithName("TCPAncestors")...) status, virtualServices := krt.NewStatusManyCollection(tcpRoutes, func(krtctx krt.HandlerContext, obj *gatewayalpha.TCPRoute) ( *gatewayalpha.TCPRouteStatus, []*config.Config, @@ -412,6 +487,7 @@ func TCPRouteCollection( VirtualServices: virtualServices, RouteAttachments: routeCount, Status: status, + Ancestors: ancestorBackends, } } @@ -421,6 +497,11 @@ func TLSRouteCollection( opts krt.OptionsBuilder, ) RouteResult[*gatewayalpha.TLSRoute, gatewayalpha.TLSRouteStatus] { routeCount := gatewayRouteAttachmentCountCollection(inputs, tlsRoutes, gvk.TLSRoute, opts) + ancestorBackends := krt.NewManyCollection(tlsRoutes, func(krtctx krt.HandlerContext, obj *gatewayalpha.TLSRoute) []AncestorBackend { + return extractAncestorBackends(obj.Namespace, obj.Spec.ParentRefs, obj.Spec.Rules, func(r gatewayalpha.TLSRouteRule) []gateway.BackendRef { + return r.BackendRefs + }) + }, opts.WithName("TLSAncestors")...) status, virtualServices := krt.NewStatusManyCollection(tlsRoutes, func(krtctx krt.HandlerContext, obj *gatewayalpha.TLSRoute) ( *gatewayalpha.TLSRouteStatus, []*config.Config, @@ -496,6 +577,7 @@ func TLSRouteCollection( VirtualServices: virtualServices, RouteAttachments: routeCount, Status: status, + Ancestors: ancestorBackends, } } @@ -563,7 +645,7 @@ type RouteContextInputs struct { Services krt.Collection[*corev1.Service] Namespaces krt.Collection[*corev1.Namespace] ServiceEntries krt.Collection[*networkingclient.ServiceEntry] - InferencePools krt.Collection[*inferencev1alpha2.InferencePool] + InferencePools krt.Collection[*inferencev1.InferencePool] internalContext krt.RecomputeProtected[*atomic.Pointer[GatewayContext]] } @@ -608,6 +690,8 @@ type RouteResult[I controllers.Object, IStatus any] struct { RouteAttachments krt.Collection[RouteAttachment] // Status stores the status reports for the incoming object Status krt.StatusCollection[I, IStatus] + // Ancestors stores information about Gateway --> Backend references + Ancestors krt.Collection[AncestorBackend] } type RouteAttachment struct { diff --git a/pkg/ingress/kube/gateway/istio/testdata/backend-lb-policy.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/backend-lb-policy.status.yaml.golden index 96d81df8b..b9bd6d79e 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/backend-lb-policy.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/backend-lb-policy.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.x-k8s.io/v1alpha1 kind: XBackendTrafficPolicy metadata: - creationTimestamp: null name: lb-policy namespace: default spec: null @@ -18,5 +17,5 @@ status: reason: Accepted status: "True" type: Accepted - controllerName: istio.io/gateway-controller + controllerName: istio.io/mesh-controller --- diff --git a/pkg/ingress/kube/gateway/istio/testdata/backend-lb-policy.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/backend-lb-policy.yaml.golden index 8b775f8ee..d988aaa4e 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/backend-lb-policy.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/backend-lb-policy.yaml.golden @@ -3,8 +3,7 @@ kind: DestinationRule metadata: annotations: internal.istio.io/parents: XBackendTrafficPolicy/default.lb-policy - creationTimestamp: null - name: echo-istio-autogenerated-k8s-gateway + name: echo~istio-autogenerated-k8s-gateway namespace: default spec: host: echo.default.svc.domain.suffix diff --git a/pkg/ingress/kube/gateway/istio/testdata/backend-tls-policy.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/backend-tls-policy.status.yaml.golden index af50fcdd6..83a2ad827 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/backend-tls-policy.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/backend-tls-policy.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1alpha3 kind: BackendTLSPolicy metadata: - creationTimestamp: null name: bad-configmap-type namespace: default spec: null @@ -14,15 +13,19 @@ status: conditions: - lastTransitionTime: fake message: 'Certificate reference invalid: unsupported kind UnknownKind' - reason: Invalid + reason: NoValidCACertificate status: "False" type: Accepted - controllerName: istio.io/gateway-controller + - lastTransitionTime: fake + message: 'Certificate reference not supported: unsupported kind UnknownKind' + reason: InvalidKind + status: "False" + type: ResolvedRefs + controllerName: istio.io/mesh-controller --- apiVersion: gateway.networking.k8s.io/v1alpha3 kind: BackendTLSPolicy metadata: - creationTimestamp: null name: bad-service namespace: default spec: null @@ -39,12 +42,16 @@ status: reason: TargetNotFound status: "False" type: Accepted - controllerName: istio.io/gateway-controller + - lastTransitionTime: fake + message: Configuration is valid + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: istio.io/mesh-controller --- apiVersion: gateway.networking.k8s.io/v1alpha3 kind: BackendTLSPolicy metadata: - creationTimestamp: null name: existing-status namespace: default spec: null @@ -71,12 +78,16 @@ status: reason: Accepted status: "True" type: Accepted - controllerName: istio.io/gateway-controller + - lastTransitionTime: fake + message: Configuration is valid + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: istio.io/mesh-controller --- apiVersion: gateway.networking.k8s.io/v1alpha3 kind: BackendTLSPolicy metadata: - creationTimestamp: null name: malformed-configmap namespace: default spec: null @@ -90,15 +101,115 @@ status: - lastTransitionTime: fake message: 'Certificate reference invalid: found secret, but didn''t have expected keys cacert or ca.crt; found: not-ca.crt' - reason: Invalid + reason: NoValidCACertificate status: "False" type: Accepted - controllerName: istio.io/gateway-controller + - lastTransitionTime: fake + message: 'Certificate invalid: found secret, but didn''t have expected keys + cacert or ca.crt; found: not-ca.crt' + reason: InvalidCACertificateRef + status: "False" + type: ResolvedRefs + controllerName: istio.io/mesh-controller +--- +apiVersion: gateway.networking.k8s.io/v1alpha3 +kind: BackendTLSPolicy +metadata: + name: multi-host-service-entry + namespace: default +spec: null +status: + ancestors: + - ancestorRef: + group: networking.istio.io + kind: ServiceEntry + name: multi-host-service + conditions: + - lastTransitionTime: fake + message: Configuration is valid + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: fake + message: Configuration is valid + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: istio.io/mesh-controller +--- +apiVersion: gateway.networking.k8s.io/v1alpha3 +kind: BackendTLSPolicy +metadata: + name: multi-host-service-entry-section-name + namespace: default +spec: null +status: + ancestors: + - ancestorRef: + group: networking.istio.io + kind: ServiceEntry + name: multi-host-service + sectionName: tls + conditions: + - lastTransitionTime: fake + message: Configuration is valid + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: fake + message: Configuration is valid + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: istio.io/mesh-controller +--- +apiVersion: gateway.networking.k8s.io/v1alpha3 +kind: BackendTLSPolicy +metadata: + name: tls-external-service-https + namespace: default +spec: null +status: + ancestors: + - ancestorRef: + group: networking.istio.io + kind: ServiceEntry + name: external-service + sectionName: https + conditions: + - lastTransitionTime: fake + message: Configuration is valid + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: fake + message: Configuration is valid + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: istio.io/mesh-controller + - ancestorRef: + group: networking.istio.io + kind: ServiceEntry + name: external-service + sectionName: non-existing-port-name + conditions: + - lastTransitionTime: fake + message: 'targetRefs invalid: sectionName "non-existing-port-name" does not + exist in ServiceEntry default/external-service' + reason: TargetNotFound + status: "False" + type: Accepted + - lastTransitionTime: fake + message: Configuration is valid + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: istio.io/mesh-controller --- apiVersion: gateway.networking.k8s.io/v1alpha3 kind: BackendTLSPolicy metadata: - creationTimestamp: null name: tls-upstream-echo namespace: default spec: null @@ -114,12 +225,93 @@ status: reason: Accepted status: "True" type: Accepted - controllerName: istio.io/gateway-controller + - lastTransitionTime: fake + message: Configuration is valid + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: istio.io/mesh-controller +--- +apiVersion: gateway.networking.k8s.io/v1alpha3 +kind: BackendTLSPolicy +metadata: + name: tls-upstream-echo-https-merged-rules + namespace: default +spec: null +status: + ancestors: + - ancestorRef: + group: "" + kind: Service + name: echo-https + conditions: + - lastTransitionTime: fake + message: Configuration is valid + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: fake + message: Configuration is valid + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: istio.io/mesh-controller + - ancestorRef: + group: "" + kind: Service + name: echo-https + sectionName: https + conditions: + - lastTransitionTime: fake + message: Configuration is valid + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: fake + message: Configuration is valid + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: istio.io/mesh-controller + - ancestorRef: + group: "" + kind: Service + name: echo-https + sectionName: non-existing-port-name + conditions: + - lastTransitionTime: fake + message: 'targetRefs invalid: sectionName "non-existing-port-name" does not + exist in Service default/echo-https' + reason: TargetNotFound + status: "False" + type: Accepted + - lastTransitionTime: fake + message: Configuration is valid + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: istio.io/mesh-controller + - ancestorRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway + conditions: + - lastTransitionTime: fake + message: 'targetRefs invalid: sectionName "non-existing-port-name" does not + exist in Service default/echo-https' + reason: TargetNotFound + status: "False" + type: Accepted + - lastTransitionTime: fake + message: Configuration is valid + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: higress.io/gateway-controller --- apiVersion: gateway.networking.k8s.io/v1alpha3 kind: BackendTLSPolicy metadata: - creationTimestamp: null name: unknown-configmap namespace: default spec: null @@ -133,8 +325,102 @@ status: - lastTransitionTime: fake message: 'Certificate reference invalid: reference default/does-not-exist (of kind ConfigMap) not found' - reason: Invalid + reason: NoValidCACertificate status: "False" type: Accepted - controllerName: istio.io/gateway-controller + - lastTransitionTime: fake + message: 'Certificate reference not found: reference default/does-not-exist + (of kind ConfigMap) not found' + reason: InvalidCACertificateRef + status: "False" + type: ResolvedRefs + controllerName: istio.io/mesh-controller +--- +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: GatewayClass +metadata: + name: higress +spec: null +status: + conditions: + - lastTransitionTime: fake + message: Handled by Higress controller + reason: Accepted + status: "True" + type: Accepted +--- +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: Gateway +metadata: + name: gateway + namespace: higress-system +spec: null +status: + addresses: + - type: Hostname + value: higress-gateway.higress-system.svc.domain.suffix + conditions: + - lastTransitionTime: fake + message: Resource accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: fake + message: Resource programmed, assigned to service(s) higress-gateway.higress-system.svc.domain.suffix:80 + reason: Programmed + status: "True" + type: Programmed + listeners: + - attachedRoutes: 1 + conditions: + - lastTransitionTime: fake + message: No errors found + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: fake + message: No errors found + reason: NoConflicts + status: "False" + type: Conflicted + - lastTransitionTime: fake + message: No errors found + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: fake + message: No errors found + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: default + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute +--- +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: HTTPRoute +metadata: + name: http + namespace: higress-system +spec: null +status: + parents: + - conditions: + - lastTransitionTime: fake + message: Route was valid + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: fake + message: backendRef echo-https/default not accessible to a HTTPRoute in namespace + "higress-system" (missing a ReferenceGrant?) + reason: RefNotPermitted + status: "False" + type: ResolvedRefs + controllerName: higress.io/gateway-controller + parentRef: + name: gateway --- diff --git a/pkg/ingress/kube/gateway/istio/testdata/backend-tls-policy.yaml b/pkg/ingress/kube/gateway/istio/testdata/backend-tls-policy.yaml index 883d3b222..172a09871 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/backend-tls-policy.yaml +++ b/pkg/ingress/kube/gateway/istio/testdata/backend-tls-policy.yaml @@ -1,4 +1,58 @@ -apiVersion: gateway.networking.k8s.io/v1alpha3 +# echo-https must be created by the kube-client, because it's used in a test +# that verifies `sectionName`, which is internally read from krt, +# so it could be just a `model.ServiceInstance` +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: GatewayClass +metadata: + name: higress +spec: + controllerName: higress.io/gateway-controller +--- +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: Gateway +metadata: + name: gateway + namespace: higress-system +spec: + addresses: + - value: higress-gateway + type: Hostname + gatewayClassName: higress + listeners: + - name: default + hostname: "*.domain.example" + port: 80 + protocol: HTTP +--- +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: HTTPRoute +metadata: + name: http + namespace: higress-system +spec: + parentRefs: + - name: gateway + rules: + - backendRefs: + - name: echo-https + namespace: default + port: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: echo-https + namespace: default +spec: + ports: + - name: http + port: 80 + protocol: TCP + - name: https + port: 443 + protocol: TCP +--- +apiVersion: gateway.networking.k8s.io/v1 kind: BackendTLSPolicy metadata: name: tls-upstream-echo @@ -15,7 +69,32 @@ spec: group: "" hostname: auth.example.com --- -apiVersion: gateway.networking.k8s.io/v1alpha3 +apiVersion: gateway.networking.k8s.io/v1 +kind: BackendTLSPolicy +metadata: + name: tls-upstream-echo-https-merged-rules + namespace: default +spec: + targetRefs: + - kind: Service + name: echo-https + group: "" + - kind: Service + name: echo-https + group: "" + sectionName: https + - kind: Service + name: echo-https + group: "" + sectionName: non-existing-port-name + validation: + caCertificateRefs: + - kind: ConfigMap + name: auth-cert + group: "" + hostname: auth.example.com +--- +apiVersion: gateway.networking.k8s.io/v1 kind: BackendTLSPolicy metadata: name: existing-status @@ -33,19 +112,19 @@ spec: hostname: auth.example.com status: ancestors: - - ancestorRef: - group: "" - kind: Service - name: httpbin - conditions: - - lastTransitionTime: 2000-01-01T01:01:01Z - message: hello - reason: Accepted - status: "True" - type: Accepted - controllerName: example.com/some-other-controller + - ancestorRef: + group: "" + kind: Service + name: httpbin + conditions: + - lastTransitionTime: 2000-01-01T01:01:01Z + message: hello + reason: Accepted + status: "True" + type: Accepted + controllerName: example.com/some-other-controller --- -apiVersion: gateway.networking.k8s.io/v1alpha3 +apiVersion: gateway.networking.k8s.io/v1 kind: BackendTLSPolicy metadata: name: bad-service @@ -62,7 +141,7 @@ spec: group: "" hostname: auth.example.com --- -apiVersion: gateway.networking.k8s.io/v1alpha3 +apiVersion: gateway.networking.k8s.io/v1 kind: BackendTLSPolicy metadata: name: unknown-configmap @@ -79,7 +158,7 @@ spec: group: "" hostname: auth.example.com --- -apiVersion: gateway.networking.k8s.io/v1alpha3 +apiVersion: gateway.networking.k8s.io/v1 kind: BackendTLSPolicy metadata: name: malformed-configmap @@ -96,7 +175,7 @@ spec: group: "" hostname: auth.example.com --- -apiVersion: gateway.networking.k8s.io/v1alpha3 +apiVersion: gateway.networking.k8s.io/v1 kind: BackendTLSPolicy metadata: name: bad-configmap-type @@ -112,3 +191,91 @@ spec: name: blah group: "" hostname: auth.example.com +--- +# ServiceEntry with multiple hosts for testing multiple DestinationRules +apiVersion: networking.istio.io/v1 +kind: ServiceEntry +metadata: + name: multi-host-service + namespace: default +spec: + hosts: + - api.example.com + - cdn.example.com + ports: + - number: 443 + name: https + protocol: HTTPS + - number: 8443 + name: tls + protocol: TLS + resolution: DNS +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: BackendTLSPolicy +metadata: + name: multi-host-service-entry + namespace: default +spec: + targetRefs: + - kind: ServiceEntry + name: multi-host-service + group: networking.istio.io + validation: + wellKnownCACertificates: System + hostname: cdn.example.com +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: BackendTLSPolicy +metadata: + name: multi-host-service-entry-section-name + namespace: default +spec: + targetRefs: + - kind: ServiceEntry + name: multi-host-service + group: networking.istio.io + sectionName: tls + validation: + caCertificateRefs: + - kind: ConfigMap + name: auth-cert + group: "" + hostname: api.example.com +--- +# Simple ServiceEntry with 2 ports for testing sectionName +apiVersion: networking.istio.io/v1 +kind: ServiceEntry +metadata: + name: external-service + namespace: default +spec: + hosts: + - external.example.com + ports: + - number: 80 + name: http + protocol: HTTP + - number: 443 + name: https + protocol: HTTPS + resolution: DNS +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: BackendTLSPolicy +metadata: + name: tls-external-service-https + namespace: default +spec: + targetRefs: + - kind: ServiceEntry + name: external-service + group: networking.istio.io + sectionName: https + - kind: ServiceEntry + name: external-service + group: networking.istio.io + sectionName: non-existing-port-name + validation: + wellKnownCACertificates: System + hostname: external.example.com diff --git a/pkg/ingress/kube/gateway/istio/testdata/backend-tls-policy.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/backend-tls-policy.yaml.golden index 9d7521006..1d3cbd508 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/backend-tls-policy.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/backend-tls-policy.yaml.golden @@ -1,10 +1,68 @@ apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + annotations: + internal.istio.io/gateway-semantics: gateway + internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix + internal.istio.io/parents: Gateway/gateway/default.higress-system + internal.istio.io/service-account-name: "" + name: gateway-istio-autogenerated-k8s-gateway-default + namespace: higress-system +spec: + servers: + - hosts: + - higress-system/*.domain.example + port: + name: default + number: 80 + protocol: HTTP +--- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + annotations: + internal.istio.io/parents: HTTPRoute/http.higress-system + internal.istio.io/route-semantics: gateway + name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~* + namespace: higress-system +spec: + gateways: + - higress-system/gateway-istio-autogenerated-k8s-gateway-default + hosts: + - '*' + http: + - name: http + route: + - destination: {} +--- +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + annotations: + internal.istio.io/parents: BackendTLSPolicy/default.tls-upstream-echo-https-merged-rules + name: echo-https~istio-autogenerated-k8s-gateway + namespace: default +spec: + host: echo-https.default.svc.domain.suffix + trafficPolicy: + portLevelSettings: + - port: + number: 443 + tls: + credentialName: configmap://default/auth-cert + mode: SIMPLE + sni: auth.example.com + tls: + credentialName: configmap://default/auth-cert + mode: SIMPLE + sni: auth.example.com +--- +apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: annotations: internal.istio.io/parents: BackendTLSPolicy/default.tls-upstream-echo - creationTimestamp: null - name: echo-istio-autogenerated-k8s-gateway + name: echo~istio-autogenerated-k8s-gateway namespace: default spec: host: echo.default.svc.domain.suffix @@ -16,11 +74,27 @@ spec: --- apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule +metadata: + annotations: + internal.istio.io/parents: BackendTLSPolicy/default.tls-external-service-https + name: external-service~external-example-com~istio-autogenerated-k8s-gateway + namespace: default +spec: + host: external.example.com + trafficPolicy: + portLevelSettings: + - port: + number: 443 + tls: + mode: SIMPLE + sni: external.example.com +--- +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule metadata: annotations: internal.istio.io/parents: BackendTLSPolicy/default.bad-configmap-type - creationTimestamp: null - name: foo-svc-istio-autogenerated-k8s-gateway + name: foo-svc~istio-autogenerated-k8s-gateway namespace: default spec: host: foo-svc.default.svc.domain.suffix @@ -32,27 +106,10 @@ spec: --- apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule -metadata: - annotations: - internal.istio.io/parents: BackendTLSPolicy/default.existing-status - creationTimestamp: null - name: httpbin-istio-autogenerated-k8s-gateway - namespace: default -spec: - host: httpbin.default.svc.domain.suffix - trafficPolicy: - tls: - credentialName: configmap://default/auth-cert - mode: SIMPLE - sni: auth.example.com ---- -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule metadata: annotations: internal.istio.io/parents: BackendTLSPolicy/default.malformed-configmap - creationTimestamp: null - name: httpbin-other-istio-autogenerated-k8s-gateway + name: httpbin-other~istio-autogenerated-k8s-gateway namespace: default spec: host: httpbin-other.default.svc.domain.suffix @@ -67,8 +124,7 @@ kind: DestinationRule metadata: annotations: internal.istio.io/parents: BackendTLSPolicy/default.unknown-configmap - creationTimestamp: null - name: httpbin-second-istio-autogenerated-k8s-gateway + name: httpbin-second~istio-autogenerated-k8s-gateway namespace: default spec: host: httpbin-second.default.svc.domain.suffix @@ -78,3 +134,60 @@ spec: mode: SIMPLE sni: auth.example.com --- +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + annotations: + internal.istio.io/parents: BackendTLSPolicy/default.existing-status + name: httpbin~istio-autogenerated-k8s-gateway + namespace: default +spec: + host: httpbin.default.svc.domain.suffix + trafficPolicy: + tls: + credentialName: configmap://default/auth-cert + mode: SIMPLE + sni: auth.example.com +--- +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + annotations: + internal.istio.io/parents: BackendTLSPolicy/default.multi-host-service-entry,BackendTLSPolicy/default.multi-host-service-entry-section-name + name: multi-host-service~api-example-com~istio-autogenerated-k8s-gateway + namespace: default +spec: + host: api.example.com + trafficPolicy: + portLevelSettings: + - port: + number: 8443 + tls: + credentialName: configmap://default/auth-cert + mode: SIMPLE + sni: api.example.com + tls: + mode: SIMPLE + sni: cdn.example.com +--- +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + annotations: + internal.istio.io/parents: BackendTLSPolicy/default.multi-host-service-entry,BackendTLSPolicy/default.multi-host-service-entry-section-name + name: multi-host-service~cdn-example-com~istio-autogenerated-k8s-gateway + namespace: default +spec: + host: cdn.example.com + trafficPolicy: + portLevelSettings: + - port: + number: 8443 + tls: + credentialName: configmap://default/auth-cert + mode: SIMPLE + sni: api.example.com + tls: + mode: SIMPLE + sni: cdn.example.com +--- diff --git a/pkg/ingress/kube/gateway/istio/testdata/benchmark-httproute.yaml b/pkg/ingress/kube/gateway/istio/testdata/benchmark-httproute.yaml index 7bfa89b79..11b78a540 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/benchmark-httproute.yaml +++ b/pkg/ingress/kube/gateway/istio/testdata/benchmark-httproute.yaml @@ -4,7 +4,7 @@ kind: GatewayClass metadata: name: istio spec: - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway diff --git a/pkg/ingress/kube/gateway/istio/testdata/delegated.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/delegated.status.yaml.golden index 06e2109c1..debb7a063 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/delegated.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/delegated.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass metadata: - creationTimestamp: null name: higress spec: null status: @@ -15,7 +14,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: gateway namespace: higress-system spec: null @@ -95,7 +93,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: http namespace: apple spec: null @@ -112,7 +109,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -120,7 +117,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: http namespace: banana spec: null @@ -137,7 +133,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system diff --git a/pkg/ingress/kube/gateway/istio/testdata/delegated.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/delegated.yaml.golden index 3a5091084..d2cd9a069 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/delegated.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/delegated.yaml.golden @@ -5,7 +5,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/apple.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-apple namespace: higress-system spec: @@ -24,7 +24,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/banana.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-banana namespace: higress-system spec: @@ -42,7 +42,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/http.apple internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-apple~* namespace: apple spec: @@ -64,7 +63,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/http.banana internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-banana~* namespace: banana spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/deployment/cluster-ip.yaml b/pkg/ingress/kube/gateway/istio/testdata/deployment/cluster-ip.yaml deleted file mode 100644 index 0d16fc7d3..000000000 --- a/pkg/ingress/kube/gateway/istio/testdata/deployment/cluster-ip.yaml +++ /dev/null @@ -1,253 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: Gateway -metadata: - annotations: - gateway.istio.io/controller-version: "5" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - networking.istio.io/service-type: ClusterIP - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - networking.istio.io/service-type: ClusterIP - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - name: default - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: default - template: - metadata: - annotations: - istio.io/rev: default - networking.istio.io/service-type: ClusterIP - prometheus.io/path: /stats/prometheus - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - service.istio.io/canonical-name: default - service.istio.io/canonical-revision: latest - sidecar.istio.io/inject: "false" - spec: - containers: - - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc. - - --proxyLogLevel - - - - --proxyComponentLogLevel - - - - --log_output_level - - - env: - - name: PILOT_CERT_PROVIDER - value: - - name: CA_ADDR - value: istiod-..svc:15012 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {} - - name: ISTIO_META_POD_PORTS - value: '[]' - - name: ISTIO_META_APP_CONTAINERS - value: "" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: Kubernetes - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: default - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/default/deployments/default - - name: ISTIO_META_MESH_ID - value: cluster.local - - name: TRUST_DOMAIN - value: cluster.local - image: test/proxyv2:test - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - name: http-envoy-prom - protocol: TCP - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: true - runAsUser: 1337 - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/credential-uds - name: credential-socket - - mountPath: /var/run/secrets/workload-spiffe-credentials - name: workload-certs - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - securityContext: - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - serviceAccountName: default-istio - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - - emptyDir: {} - name: workload-certs - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: {} - name: istio-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: - expirationSeconds: 43200 - path: istio-token ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - networking.istio.io/service-type: ClusterIP - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - name: default - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: null -spec: - ipFamilyPolicy: PreferDualStack - ports: - - appProtocol: tcp - name: status-port - port: 15021 - protocol: TCP - - appProtocol: http - name: http - port: 80 - protocol: TCP - selector: - gateway.networking.k8s.io/gateway-name: default - type: ClusterIP ---- diff --git a/pkg/ingress/kube/gateway/istio/testdata/deployment/copy-labels-annotations-disabled-infra-nil.yaml b/pkg/ingress/kube/gateway/istio/testdata/deployment/copy-labels-annotations-disabled-infra-nil.yaml deleted file mode 100644 index d55745df9..000000000 --- a/pkg/ingress/kube/gateway/istio/testdata/deployment/copy-labels-annotations-disabled-infra-nil.yaml +++ /dev/null @@ -1,245 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: Gateway -metadata: - annotations: - gateway.istio.io/controller-version: "5" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: default - template: - metadata: - annotations: - istio.io/rev: default - prometheus.io/path: /stats/prometheus - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - service.istio.io/canonical-name: default-istio - service.istio.io/canonical-revision: latest - sidecar.istio.io/inject: "false" - spec: - containers: - - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc. - - --proxyLogLevel - - - - --proxyComponentLogLevel - - - - --log_output_level - - - env: - - name: PILOT_CERT_PROVIDER - value: - - name: CA_ADDR - value: istiod-..svc:15012 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {} - - name: ISTIO_META_POD_PORTS - value: '[]' - - name: ISTIO_META_APP_CONTAINERS - value: "" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: Kubernetes - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: default-istio - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-istio - - name: ISTIO_META_MESH_ID - value: cluster.local - - name: TRUST_DOMAIN - value: cluster.local - image: test/proxyv2:test - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - name: http-envoy-prom - protocol: TCP - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: true - runAsUser: 1337 - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/credential-uds - name: credential-socket - - mountPath: /var/run/secrets/workload-spiffe-credentials - name: workload-certs - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - securityContext: - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - serviceAccountName: default-istio - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - - emptyDir: {} - name: workload-certs - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: {} - name: istio-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: - expirationSeconds: 43200 - path: istio-token ---- -apiVersion: v1 -kind: Service -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: null -spec: - ipFamilyPolicy: PreferDualStack - ports: - - appProtocol: tcp - name: status-port - port: 15021 - protocol: TCP - selector: - gateway.networking.k8s.io/gateway-name: default - type: LoadBalancer ---- diff --git a/pkg/ingress/kube/gateway/istio/testdata/deployment/copy-labels-annotations-disabled-infra-set.yaml b/pkg/ingress/kube/gateway/istio/testdata/deployment/copy-labels-annotations-disabled-infra-set.yaml deleted file mode 100644 index 729dd3567..000000000 --- a/pkg/ingress/kube/gateway/istio/testdata/deployment/copy-labels-annotations-disabled-infra-set.yaml +++ /dev/null @@ -1,253 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: Gateway -metadata: - annotations: - gateway.istio.io/controller-version: "5" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - should: see-infra-annotation - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - should: see-infra-label - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - should: see-infra-annotation - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - should: see-infra-label - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: default - template: - metadata: - annotations: - istio.io/rev: default - prometheus.io/path: /stats/prometheus - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - should: see-infra-annotation - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - service.istio.io/canonical-name: default-istio - service.istio.io/canonical-revision: latest - should: see-infra-label - sidecar.istio.io/inject: "false" - spec: - containers: - - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc. - - --proxyLogLevel - - - - --proxyComponentLogLevel - - - - --log_output_level - - - env: - - name: PILOT_CERT_PROVIDER - value: - - name: CA_ADDR - value: istiod-..svc:15012 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {} - - name: ISTIO_META_POD_PORTS - value: '[]' - - name: ISTIO_META_APP_CONTAINERS - value: "" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: Kubernetes - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: default-istio - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-istio - - name: ISTIO_META_MESH_ID - value: cluster.local - - name: TRUST_DOMAIN - value: cluster.local - image: test/proxyv2:test - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - name: http-envoy-prom - protocol: TCP - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: true - runAsUser: 1337 - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/credential-uds - name: credential-socket - - mountPath: /var/run/secrets/workload-spiffe-credentials - name: workload-certs - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - securityContext: - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - serviceAccountName: default-istio - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - - emptyDir: {} - name: workload-certs - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: {} - name: istio-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: - expirationSeconds: 43200 - path: istio-token ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - should: see-infra-annotation - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - should: see-infra-label - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: null -spec: - ipFamilyPolicy: PreferDualStack - ports: - - appProtocol: tcp - name: status-port - port: 15021 - protocol: TCP - selector: - gateway.networking.k8s.io/gateway-name: default - type: LoadBalancer ---- diff --git a/pkg/ingress/kube/gateway/istio/testdata/deployment/copy-labels-annotations-enabled-infra-nil.yaml b/pkg/ingress/kube/gateway/istio/testdata/deployment/copy-labels-annotations-enabled-infra-nil.yaml deleted file mode 100644 index 28a5c58f2..000000000 --- a/pkg/ingress/kube/gateway/istio/testdata/deployment/copy-labels-annotations-enabled-infra-nil.yaml +++ /dev/null @@ -1,253 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: Gateway -metadata: - annotations: - gateway.istio.io/controller-version: "5" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - should: see - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - should: see - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - should: see - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - should: see - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: default - template: - metadata: - annotations: - istio.io/rev: default - prometheus.io/path: /stats/prometheus - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - should: see - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - service.istio.io/canonical-name: default-istio - service.istio.io/canonical-revision: latest - should: see - sidecar.istio.io/inject: "false" - spec: - containers: - - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc. - - --proxyLogLevel - - - - --proxyComponentLogLevel - - - - --log_output_level - - - env: - - name: PILOT_CERT_PROVIDER - value: - - name: CA_ADDR - value: istiod-..svc:15012 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {} - - name: ISTIO_META_POD_PORTS - value: '[]' - - name: ISTIO_META_APP_CONTAINERS - value: "" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: Kubernetes - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: default-istio - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-istio - - name: ISTIO_META_MESH_ID - value: cluster.local - - name: TRUST_DOMAIN - value: cluster.local - image: test/proxyv2:test - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - name: http-envoy-prom - protocol: TCP - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: true - runAsUser: 1337 - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/credential-uds - name: credential-socket - - mountPath: /var/run/secrets/workload-spiffe-credentials - name: workload-certs - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - securityContext: - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - serviceAccountName: default-istio - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - - emptyDir: {} - name: workload-certs - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: {} - name: istio-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: - expirationSeconds: 43200 - path: istio-token ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - should: see - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - should: see - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: null -spec: - ipFamilyPolicy: PreferDualStack - ports: - - appProtocol: tcp - name: status-port - port: 15021 - protocol: TCP - selector: - gateway.networking.k8s.io/gateway-name: default - type: LoadBalancer ---- diff --git a/pkg/ingress/kube/gateway/istio/testdata/deployment/custom-class.yaml b/pkg/ingress/kube/gateway/istio/testdata/deployment/custom-class.yaml deleted file mode 100644 index 4728b55c4..000000000 --- a/pkg/ingress/kube/gateway/istio/testdata/deployment/custom-class.yaml +++ /dev/null @@ -1,245 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: Gateway -metadata: - annotations: - gateway.istio.io/controller-version: "5" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - name: default-custom - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - name: default-custom - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: default - template: - metadata: - annotations: - istio.io/rev: default - prometheus.io/path: /stats/prometheus - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - service.istio.io/canonical-name: default-custom - service.istio.io/canonical-revision: latest - sidecar.istio.io/inject: "false" - spec: - containers: - - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc. - - --proxyLogLevel - - - - --proxyComponentLogLevel - - - - --log_output_level - - - env: - - name: PILOT_CERT_PROVIDER - value: - - name: CA_ADDR - value: istiod-..svc:15012 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {} - - name: ISTIO_META_POD_PORTS - value: '[]' - - name: ISTIO_META_APP_CONTAINERS - value: "" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: Kubernetes - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: default-custom - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-custom - - name: ISTIO_META_MESH_ID - value: cluster.local - - name: TRUST_DOMAIN - value: cluster.local - image: test/proxyv2:test - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - name: http-envoy-prom - protocol: TCP - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: true - runAsUser: 1337 - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/credential-uds - name: credential-socket - - mountPath: /var/run/secrets/workload-spiffe-credentials - name: workload-certs - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - securityContext: - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - serviceAccountName: default-custom - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - - emptyDir: {} - name: workload-certs - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: {} - name: istio-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: - expirationSeconds: 43200 - path: istio-token ---- -apiVersion: v1 -kind: Service -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - name: default-custom - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: null -spec: - ipFamilyPolicy: PreferDualStack - ports: - - appProtocol: tcp - name: status-port - port: 15021 - protocol: TCP - selector: - gateway.networking.k8s.io/gateway-name: default - type: LoadBalancer ---- diff --git a/pkg/ingress/kube/gateway/istio/testdata/deployment/customizations.yaml b/pkg/ingress/kube/gateway/istio/testdata/deployment/customizations.yaml deleted file mode 100644 index d643f1a3e..000000000 --- a/pkg/ingress/kube/gateway/istio/testdata/deployment/customizations.yaml +++ /dev/null @@ -1,300 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: Gateway -metadata: - annotations: - gateway.istio.io/controller-version: "5" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: {} - labels: - foo: bar - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: namespace - istio.io/dataplane-mode: none - name: namespace-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: namespace - uid: "" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - cm-annotation: cm-annotation-value - labels: - foo: bar - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: namespace - istio.io/dataplane-mode: none - name: namespace-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: namespace - uid: "" -spec: - replicas: 4 - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: namespace - template: - metadata: - annotations: - istio.io/rev: default - prometheus.io/path: /stats/prometheus - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - labels: - foo: bar - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: namespace - istio.io/dataplane-mode: none - service.istio.io/canonical-name: namespace-istio - service.istio.io/canonical-revision: latest - sidecar.istio.io/inject: "false" - spec: - containers: - - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc. - - --proxyLogLevel - - - - --proxyComponentLogLevel - - - - --log_output_level - - - env: - - name: PILOT_CERT_PROVIDER - value: - - name: CA_ADDR - value: istiod-..svc:15012 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {} - - name: ISTIO_META_POD_PORTS - value: '[]' - - name: ISTIO_META_APP_CONTAINERS - value: "" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: Kubernetes - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: namespace-istio - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/default/deployments/namespace-istio - - name: ISTIO_META_MESH_ID - value: cluster.local - - name: TRUST_DOMAIN - value: cluster.local - image: test/proxyv2:test - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - name: http-envoy-prom - protocol: TCP - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 222m - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: true - runAsUser: 1337 - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/credential-uds - name: credential-socket - - mountPath: /var/run/secrets/workload-spiffe-credentials - name: workload-certs - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - securityContext: - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - serviceAccountName: namespace-istio - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - - emptyDir: {} - name: workload-certs - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: {} - name: istio-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: - expirationSeconds: 43200 - path: istio-token ---- -apiVersion: v1 -kind: Service -metadata: - annotations: {} - labels: - foo: bar - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: namespace - istio.io/dataplane-mode: none - name: namespace-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: namespace - uid: null -spec: - ipFamilyPolicy: PreferDualStack - ports: - - appProtocol: tcp - name: status-port - port: 15021 - protocol: TCP - selector: - gateway.networking.k8s.io/gateway-name: namespace - type: LoadBalancer ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - annotations: {} - labels: - foo: bar - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: namespace - istio.io/dataplane-mode: none - name: namespace-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: namespace - uid: "" -spec: - maxReplicas: 2 - minReplicas: 2 - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: namespace-istio ---- -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - annotations: {} - labels: - foo: bar - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: namespace - istio.io/dataplane-mode: none - name: namespace-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: namespace - uid: "" -spec: - minAvailable: 1 - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: namespace ---- diff --git a/pkg/ingress/kube/gateway/istio/testdata/deployment/gateway-with-infrerencepool-extproc-infra-label.yaml b/pkg/ingress/kube/gateway/istio/testdata/deployment/gateway-with-infrerencepool-extproc-infra-label.yaml deleted file mode 100644 index 7f0fb687b..000000000 --- a/pkg/ingress/kube/gateway/istio/testdata/deployment/gateway-with-infrerencepool-extproc-infra-label.yaml +++ /dev/null @@ -1,257 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: Gateway -metadata: - annotations: - gateway.istio.io/controller-version: "5" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - fizz: buzz - labels: - foo: bar - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - istio.io/enable-inference-extproc: "true" - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - fizz: buzz - labels: - foo: bar - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - istio.io/enable-inference-extproc: "true" - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: default - template: - metadata: - annotations: - fizz: buzz - istio.io/rev: default - prometheus.io/path: /stats/prometheus - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - labels: - foo: bar - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - istio.io/enable-inference-extproc: "true" - service.istio.io/canonical-name: default-istio - service.istio.io/canonical-revision: latest - sidecar.istio.io/inject: "false" - spec: - containers: - - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc. - - --proxyLogLevel - - - - --proxyComponentLogLevel - - - - --log_output_level - - - env: - - name: PILOT_CERT_PROVIDER - value: - - name: CA_ADDR - value: istiod-..svc:15012 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {} - - name: ISTIO_META_POD_PORTS - value: '[]' - - name: ISTIO_META_APP_CONTAINERS - value: "" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: Kubernetes - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: default-istio - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-istio - - name: ISTIO_META_MESH_ID - value: cluster.local - - name: TRUST_DOMAIN - value: cluster.local - image: test/proxyv2:test - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - name: http-envoy-prom - protocol: TCP - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: true - runAsUser: 1337 - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/credential-uds - name: credential-socket - - mountPath: /var/run/secrets/workload-spiffe-credentials - name: workload-certs - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - securityContext: - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - serviceAccountName: default-istio - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - - emptyDir: {} - name: workload-certs - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: {} - name: istio-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: - expirationSeconds: 43200 - path: istio-token ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - fizz: buzz - labels: - foo: bar - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - istio.io/enable-inference-extproc: "true" - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: null -spec: - ipFamilyPolicy: PreferDualStack - ports: - - appProtocol: tcp - name: status-port - port: 15021 - protocol: TCP - selector: - gateway.networking.k8s.io/gateway-name: default - type: LoadBalancer ---- diff --git a/pkg/ingress/kube/gateway/istio/testdata/deployment/illegal_customizations.yaml b/pkg/ingress/kube/gateway/istio/testdata/deployment/illegal_customizations.yaml deleted file mode 100644 index 594973fbf..000000000 --- a/pkg/ingress/kube/gateway/istio/testdata/deployment/illegal_customizations.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: Gateway -metadata: - annotations: - gateway.istio.io/controller-version: "5" ---- diff --git a/pkg/ingress/kube/gateway/istio/testdata/deployment/infrastructure-labels-annotations.yaml b/pkg/ingress/kube/gateway/istio/testdata/deployment/infrastructure-labels-annotations.yaml deleted file mode 100644 index 6c1442d62..000000000 --- a/pkg/ingress/kube/gateway/istio/testdata/deployment/infrastructure-labels-annotations.yaml +++ /dev/null @@ -1,253 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: Gateway -metadata: - annotations: - gateway.istio.io/controller-version: "5" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - fizz: buzz - labels: - foo: bar - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - fizz: buzz - labels: - foo: bar - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: default - template: - metadata: - annotations: - fizz: buzz - istio.io/rev: default - prometheus.io/path: /stats/prometheus - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - labels: - foo: bar - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - service.istio.io/canonical-name: default-istio - service.istio.io/canonical-revision: latest - sidecar.istio.io/inject: "false" - spec: - containers: - - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc. - - --proxyLogLevel - - - - --proxyComponentLogLevel - - - - --log_output_level - - - env: - - name: PILOT_CERT_PROVIDER - value: - - name: CA_ADDR - value: istiod-..svc:15012 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {} - - name: ISTIO_META_POD_PORTS - value: '[]' - - name: ISTIO_META_APP_CONTAINERS - value: "" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: Kubernetes - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: default-istio - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-istio - - name: ISTIO_META_MESH_ID - value: cluster.local - - name: TRUST_DOMAIN - value: cluster.local - image: test/proxyv2:test - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - name: http-envoy-prom - protocol: TCP - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: true - runAsUser: 1337 - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/credential-uds - name: credential-socket - - mountPath: /var/run/secrets/workload-spiffe-credentials - name: workload-certs - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - securityContext: - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - serviceAccountName: default-istio - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - - emptyDir: {} - name: workload-certs - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: {} - name: istio-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: - expirationSeconds: 43200 - path: istio-token ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - fizz: buzz - labels: - foo: bar - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: null -spec: - ipFamilyPolicy: PreferDualStack - ports: - - appProtocol: tcp - name: status-port - port: 15021 - protocol: TCP - selector: - gateway.networking.k8s.io/gateway-name: default - type: LoadBalancer ---- diff --git a/pkg/ingress/kube/gateway/istio/testdata/deployment/istio-east-west.yaml b/pkg/ingress/kube/gateway/istio/testdata/deployment/istio-east-west.yaml deleted file mode 100644 index 3e2c65928..000000000 --- a/pkg/ingress/kube/gateway/istio/testdata/deployment/istio-east-west.yaml +++ /dev/null @@ -1,254 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: Gateway -metadata: - annotations: - gateway.istio.io/controller-version: "5" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-eastwest-controller - gateway.networking.k8s.io/gateway-name: eastwestgateway - topology.istio.io/network: network-1 - name: eastwestgateway - namespace: istio-system - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: eastwestgateway - uid: "" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-eastwest-controller - gateway.networking.k8s.io/gateway-name: eastwestgateway - topology.istio.io/network: network-1 - name: eastwestgateway - namespace: istio-system - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: eastwestgateway - uid: "" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: eastwestgateway - template: - metadata: - annotations: - istio.io/rev: default - prometheus.io/path: /stats/prometheus - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - labels: - gateway.istio.io/managed: istio.io-eastwest-controller - gateway.networking.k8s.io/gateway-name: eastwestgateway - istio.io/dataplane-mode: none - service.istio.io/canonical-name: eastwestgateway - service.istio.io/canonical-revision: latest - sidecar.istio.io/inject: "false" - topology.istio.io/network: network-1 - spec: - containers: - - args: - - proxy - - waypoint - - --domain - - $(POD_NAMESPACE).svc. - - --serviceCluster - - eastwestgateway.$(POD_NAMESPACE) - - --proxyLogLevel - - - - --proxyComponentLogLevel - - - - --log_output_level - - - env: - - name: ISTIO_META_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: PILOT_CERT_PROVIDER - value: - - name: CA_ADDR - value: istiod-..svc:15012 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {} - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: Kubernetes - - name: ISTIO_META_NETWORK - value: network-1 - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: eastwestgateway - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/istio-system/deployments/eastwestgateway - - name: ISTIO_META_MESH_ID - value: cluster.local - - name: TRUST_DOMAIN - value: cluster.local - image: test/proxyv2:test - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - name: http-envoy-prom - protocol: TCP - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: true - runAsUser: 1337 - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - serviceAccountName: eastwestgateway - terminationGracePeriodSeconds: 2 - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: - medium: Memory - name: go-proxy-envoy - - emptyDir: {} - name: istio-data - - emptyDir: {} - name: go-proxy-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: istio-ca - expirationSeconds: 43200 - path: istio-token - - configMap: - name: istio-ca-root-cert - name: istiod-ca-cert ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - networking.istio.io/traffic-distribution: PreferClose - labels: - gateway.istio.io/managed: istio.io-eastwest-controller - gateway.networking.k8s.io/gateway-name: eastwestgateway - topology.istio.io/network: network-1 - name: eastwestgateway - namespace: istio-system - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: eastwestgateway - uid: "" -spec: - ipFamilyPolicy: PreferDualStack - ports: - - appProtocol: tcp - name: status-port - port: 15021 - protocol: TCP - - appProtocol: all - name: mesh - port: 15008 - protocol: TCP - selector: - gateway.networking.k8s.io/gateway-name: eastwestgateway - type: LoadBalancer ---- diff --git a/pkg/ingress/kube/gateway/istio/testdata/deployment/istio-upgrade-to-1.24.yaml b/pkg/ingress/kube/gateway/istio/testdata/deployment/istio-upgrade-to-1.24.yaml deleted file mode 100644 index c9cd8e60d..000000000 --- a/pkg/ingress/kube/gateway/istio/testdata/deployment/istio-upgrade-to-1.24.yaml +++ /dev/null @@ -1,256 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: Gateway -metadata: - annotations: - gateway.istio.io/controller-version: "5" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-mesh-controller - gateway.networking.k8s.io/gateway-name: test-upgrade - topology.istio.io/network: network-1 - name: test-upgrade - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: test-upgrade - uid: "" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-mesh-controller - gateway.networking.k8s.io/gateway-name: test-upgrade - topology.istio.io/network: network-1 - name: test-upgrade - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: test-upgrade - uid: "" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: test-upgrade - istio.io/gateway-name: test-upgrade - template: - metadata: - annotations: - istio.io/rev: default - prometheus.io/path: /stats/prometheus - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - labels: - gateway.istio.io/managed: istio.io-mesh-controller - gateway.networking.k8s.io/gateway-name: test-upgrade - istio.io/dataplane-mode: none - istio.io/gateway-name: test-upgrade - service.istio.io/canonical-name: test-upgrade - service.istio.io/canonical-revision: latest - sidecar.istio.io/inject: "false" - topology.istio.io/network: network-1 - spec: - containers: - - args: - - proxy - - waypoint - - --domain - - $(POD_NAMESPACE).svc. - - --serviceCluster - - test-upgrade.$(POD_NAMESPACE) - - --proxyLogLevel - - - - --proxyComponentLogLevel - - - - --log_output_level - - - env: - - name: ISTIO_META_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: PILOT_CERT_PROVIDER - value: - - name: CA_ADDR - value: istiod-..svc:15012 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {} - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: Kubernetes - - name: ISTIO_META_NETWORK - value: network-1 - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: test-upgrade - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/default/deployments/test-upgrade - - name: ISTIO_META_MESH_ID - value: cluster.local - - name: TRUST_DOMAIN - value: cluster.local - image: test/proxyv2:test - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - name: http-envoy-prom - protocol: TCP - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: true - runAsUser: 1337 - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - serviceAccountName: test-upgrade - terminationGracePeriodSeconds: 2 - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: - medium: Memory - name: go-proxy-envoy - - emptyDir: {} - name: istio-data - - emptyDir: {} - name: go-proxy-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: istio-ca - expirationSeconds: 43200 - path: istio-token - - configMap: - name: istio-ca-root-cert - name: istiod-ca-cert ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - networking.istio.io/traffic-distribution: PreferClose - labels: - gateway.istio.io/managed: istio.io-mesh-controller - gateway.networking.k8s.io/gateway-name: test-upgrade - topology.istio.io/network: network-1 - name: test-upgrade - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: test-upgrade - uid: "" -spec: - ipFamilyPolicy: PreferDualStack - ports: - - appProtocol: tcp - name: status-port - port: 15021 - protocol: TCP - - appProtocol: all - name: mesh - port: 15008 - protocol: TCP - selector: - gateway.networking.k8s.io/gateway-name: test-upgrade - type: ClusterIP ---- diff --git a/pkg/ingress/kube/gateway/istio/testdata/deployment/kube-gateway-ambient-redirect-infra.yaml b/pkg/ingress/kube/gateway/istio/testdata/deployment/kube-gateway-ambient-redirect-infra.yaml deleted file mode 100644 index 8ffa02d74..000000000 --- a/pkg/ingress/kube/gateway/istio/testdata/deployment/kube-gateway-ambient-redirect-infra.yaml +++ /dev/null @@ -1,245 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: Gateway -metadata: - annotations: - gateway.istio.io/controller-version: "5" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: ambient - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: ambient - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: default - template: - metadata: - annotations: - istio.io/rev: default - prometheus.io/path: /stats/prometheus - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: ambient - service.istio.io/canonical-name: default-istio - service.istio.io/canonical-revision: latest - sidecar.istio.io/inject: "false" - spec: - containers: - - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc. - - --proxyLogLevel - - - - --proxyComponentLogLevel - - - - --log_output_level - - - env: - - name: PILOT_CERT_PROVIDER - value: - - name: CA_ADDR - value: istiod-..svc:15012 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {} - - name: ISTIO_META_POD_PORTS - value: '[]' - - name: ISTIO_META_APP_CONTAINERS - value: "" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: Kubernetes - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: default-istio - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-istio - - name: ISTIO_META_MESH_ID - value: cluster.local - - name: TRUST_DOMAIN - value: cluster.local - image: test/proxyv2:test - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - name: http-envoy-prom - protocol: TCP - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: true - runAsUser: 1337 - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/credential-uds - name: credential-socket - - mountPath: /var/run/secrets/workload-spiffe-credentials - name: workload-certs - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - securityContext: - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - serviceAccountName: default-istio - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - - emptyDir: {} - name: workload-certs - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: {} - name: istio-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: - expirationSeconds: 43200 - path: istio-token ---- -apiVersion: v1 -kind: Service -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: ambient - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: null -spec: - ipFamilyPolicy: PreferDualStack - ports: - - appProtocol: tcp - name: status-port - port: 15021 - protocol: TCP - selector: - gateway.networking.k8s.io/gateway-name: default - type: LoadBalancer ---- diff --git a/pkg/ingress/kube/gateway/istio/testdata/deployment/kube-gateway-ambient-redirect.yaml b/pkg/ingress/kube/gateway/istio/testdata/deployment/kube-gateway-ambient-redirect.yaml deleted file mode 100644 index 8ffa02d74..000000000 --- a/pkg/ingress/kube/gateway/istio/testdata/deployment/kube-gateway-ambient-redirect.yaml +++ /dev/null @@ -1,245 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: Gateway -metadata: - annotations: - gateway.istio.io/controller-version: "5" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: ambient - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: ambient - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: default - template: - metadata: - annotations: - istio.io/rev: default - prometheus.io/path: /stats/prometheus - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: ambient - service.istio.io/canonical-name: default-istio - service.istio.io/canonical-revision: latest - sidecar.istio.io/inject: "false" - spec: - containers: - - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc. - - --proxyLogLevel - - - - --proxyComponentLogLevel - - - - --log_output_level - - - env: - - name: PILOT_CERT_PROVIDER - value: - - name: CA_ADDR - value: istiod-..svc:15012 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {} - - name: ISTIO_META_POD_PORTS - value: '[]' - - name: ISTIO_META_APP_CONTAINERS - value: "" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: Kubernetes - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: default-istio - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-istio - - name: ISTIO_META_MESH_ID - value: cluster.local - - name: TRUST_DOMAIN - value: cluster.local - image: test/proxyv2:test - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - name: http-envoy-prom - protocol: TCP - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: true - runAsUser: 1337 - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/credential-uds - name: credential-socket - - mountPath: /var/run/secrets/workload-spiffe-credentials - name: workload-certs - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - securityContext: - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - serviceAccountName: default-istio - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - - emptyDir: {} - name: workload-certs - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: {} - name: istio-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: - expirationSeconds: 43200 - path: istio-token ---- -apiVersion: v1 -kind: Service -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: ambient - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: null -spec: - ipFamilyPolicy: PreferDualStack - ports: - - appProtocol: tcp - name: status-port - port: 15021 - protocol: TCP - selector: - gateway.networking.k8s.io/gateway-name: default - type: LoadBalancer ---- diff --git a/pkg/ingress/kube/gateway/istio/testdata/deployment/manual-ip.yaml b/pkg/ingress/kube/gateway/istio/testdata/deployment/manual-ip.yaml deleted file mode 100644 index 7ff97e654..000000000 --- a/pkg/ingress/kube/gateway/istio/testdata/deployment/manual-ip.yaml +++ /dev/null @@ -1,246 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: Gateway -metadata: - annotations: - gateway.istio.io/controller-version: "5" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - name: default - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: default - template: - metadata: - annotations: - istio.io/rev: default - prometheus.io/path: /stats/prometheus - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - service.istio.io/canonical-name: default - service.istio.io/canonical-revision: latest - sidecar.istio.io/inject: "false" - spec: - containers: - - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc. - - --proxyLogLevel - - - - --proxyComponentLogLevel - - - - --log_output_level - - - env: - - name: PILOT_CERT_PROVIDER - value: - - name: CA_ADDR - value: istiod-..svc:15012 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {} - - name: ISTIO_META_POD_PORTS - value: '[]' - - name: ISTIO_META_APP_CONTAINERS - value: "" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: Kubernetes - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: default - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/default/deployments/default - - name: ISTIO_META_MESH_ID - value: cluster.local - - name: TRUST_DOMAIN - value: cluster.local - image: test/proxyv2:test - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - name: http-envoy-prom - protocol: TCP - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: true - runAsUser: 1337 - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/credential-uds - name: credential-socket - - mountPath: /var/run/secrets/workload-spiffe-credentials - name: workload-certs - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - securityContext: - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - serviceAccountName: default-istio - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - - emptyDir: {} - name: workload-certs - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: {} - name: istio-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: - expirationSeconds: 43200 - path: istio-token ---- -apiVersion: v1 -kind: Service -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - name: default - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: null -spec: - ipFamilyPolicy: PreferDualStack - loadBalancerIP: 1.2.3.4 - ports: - - appProtocol: tcp - name: status-port - port: 15021 - protocol: TCP - selector: - gateway.networking.k8s.io/gateway-name: default - type: LoadBalancer ---- diff --git a/pkg/ingress/kube/gateway/istio/testdata/deployment/manual-sa.yaml b/pkg/ingress/kube/gateway/istio/testdata/deployment/manual-sa.yaml deleted file mode 100644 index 1c7b44b57..000000000 --- a/pkg/ingress/kube/gateway/istio/testdata/deployment/manual-sa.yaml +++ /dev/null @@ -1,245 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: Gateway -metadata: - annotations: - gateway.istio.io/controller-version: "5" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - name: custom-sa - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: default - template: - metadata: - annotations: - istio.io/rev: default - prometheus.io/path: /stats/prometheus - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - service.istio.io/canonical-name: default-istio - service.istio.io/canonical-revision: latest - sidecar.istio.io/inject: "false" - spec: - containers: - - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc. - - --proxyLogLevel - - - - --proxyComponentLogLevel - - - - --log_output_level - - - env: - - name: PILOT_CERT_PROVIDER - value: - - name: CA_ADDR - value: istiod-..svc:15012 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {} - - name: ISTIO_META_POD_PORTS - value: '[]' - - name: ISTIO_META_APP_CONTAINERS - value: "" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: Kubernetes - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: default-istio - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-istio - - name: ISTIO_META_MESH_ID - value: cluster.local - - name: TRUST_DOMAIN - value: cluster.local - image: test/proxyv2:test - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - name: http-envoy-prom - protocol: TCP - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: true - runAsUser: 1337 - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/credential-uds - name: credential-socket - - mountPath: /var/run/secrets/workload-spiffe-credentials - name: workload-certs - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - securityContext: - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - serviceAccountName: custom-sa - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - - emptyDir: {} - name: workload-certs - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: {} - name: istio-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: - expirationSeconds: 43200 - path: istio-token ---- -apiVersion: v1 -kind: Service -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: null -spec: - ipFamilyPolicy: PreferDualStack - ports: - - appProtocol: tcp - name: status-port - port: 15021 - protocol: TCP - selector: - gateway.networking.k8s.io/gateway-name: default - type: LoadBalancer ---- diff --git a/pkg/ingress/kube/gateway/istio/testdata/deployment/multinetwork.yaml b/pkg/ingress/kube/gateway/istio/testdata/deployment/multinetwork.yaml deleted file mode 100644 index e1a2fe79e..000000000 --- a/pkg/ingress/kube/gateway/istio/testdata/deployment/multinetwork.yaml +++ /dev/null @@ -1,257 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: Gateway -metadata: - annotations: - gateway.istio.io/controller-version: "5" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - topology.istio.io/network: network-1 - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - topology.istio.io/network: network-1 - name: default - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: default - template: - metadata: - annotations: - istio.io/rev: default - prometheus.io/path: /stats/prometheus - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - service.istio.io/canonical-name: default - service.istio.io/canonical-revision: latest - sidecar.istio.io/inject: "false" - topology.istio.io/network: network-1 - spec: - containers: - - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc. - - --proxyLogLevel - - - - --proxyComponentLogLevel - - - - --log_output_level - - - env: - - name: PILOT_CERT_PROVIDER - value: - - name: CA_ADDR - value: istiod-..svc:15012 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {} - - name: ISTIO_META_POD_PORTS - value: '[]' - - name: ISTIO_META_APP_CONTAINERS - value: "" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: Kubernetes - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_NETWORK - value: network-1 - - name: ISTIO_META_WORKLOAD_NAME - value: default - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/default/deployments/default - - name: ISTIO_META_MESH_ID - value: cluster.local - - name: TRUST_DOMAIN - value: cluster.local - - name: ISTIO_META_REQUESTED_NETWORK_VIEW - value: network-1 - image: test/proxyv2:test - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - name: http-envoy-prom - protocol: TCP - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: true - runAsUser: 1337 - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/credential-uds - name: credential-socket - - mountPath: /var/run/secrets/workload-spiffe-credentials - name: workload-certs - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - securityContext: - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - serviceAccountName: default-istio - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - - emptyDir: {} - name: workload-certs - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: {} - name: istio-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: - expirationSeconds: 43200 - path: istio-token ---- -apiVersion: v1 -kind: Service -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - topology.istio.io/network: network-1 - name: default - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: null -spec: - ipFamilyPolicy: PreferDualStack - ports: - - appProtocol: tcp - name: status-port - port: 15021 - protocol: TCP - - appProtocol: http - name: http - port: 80 - protocol: TCP - selector: - gateway.networking.k8s.io/gateway-name: default - type: LoadBalancer ---- diff --git a/pkg/ingress/kube/gateway/istio/testdata/deployment/proxy-config-crd.yaml b/pkg/ingress/kube/gateway/istio/testdata/deployment/proxy-config-crd.yaml deleted file mode 100644 index 890c525a5..000000000 --- a/pkg/ingress/kube/gateway/istio/testdata/deployment/proxy-config-crd.yaml +++ /dev/null @@ -1,245 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: Gateway -metadata: - annotations: - gateway.istio.io/controller-version: "5" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: default - template: - metadata: - annotations: - istio.io/rev: default - prometheus.io/path: /stats/prometheus - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - service.istio.io/canonical-name: default-istio - service.istio.io/canonical-revision: latest - sidecar.istio.io/inject: "false" - spec: - containers: - - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc. - - --proxyLogLevel - - - - --proxyComponentLogLevel - - - - --log_output_level - - - env: - - name: PILOT_CERT_PROVIDER - value: - - name: CA_ADDR - value: istiod-..svc:15012 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {"image":{"imageType":"distroless"}} - - name: ISTIO_META_POD_PORTS - value: '[]' - - name: ISTIO_META_APP_CONTAINERS - value: "" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: Kubernetes - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: default-istio - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-istio - - name: ISTIO_META_MESH_ID - value: cluster.local - - name: TRUST_DOMAIN - value: cluster.local - image: test/proxyv2:test-distroless - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - name: http-envoy-prom - protocol: TCP - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: true - runAsUser: 1337 - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/credential-uds - name: credential-socket - - mountPath: /var/run/secrets/workload-spiffe-credentials - name: workload-certs - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - securityContext: - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - serviceAccountName: default-istio - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - - emptyDir: {} - name: workload-certs - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: {} - name: istio-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: - expirationSeconds: 43200 - path: istio-token ---- -apiVersion: v1 -kind: Service -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: null -spec: - ipFamilyPolicy: PreferDualStack - ports: - - appProtocol: tcp - name: status-port - port: 15021 - protocol: TCP - selector: - gateway.networking.k8s.io/gateway-name: default - type: LoadBalancer ---- diff --git a/pkg/ingress/kube/gateway/istio/testdata/deployment/simple.yaml b/pkg/ingress/kube/gateway/istio/testdata/deployment/simple.yaml deleted file mode 100644 index 28a5c58f2..000000000 --- a/pkg/ingress/kube/gateway/istio/testdata/deployment/simple.yaml +++ /dev/null @@ -1,253 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: Gateway -metadata: - annotations: - gateway.istio.io/controller-version: "5" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - should: see - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - should: see - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - should: see - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - should: see - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: "" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: default - template: - metadata: - annotations: - istio.io/rev: default - prometheus.io/path: /stats/prometheus - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - should: see - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - service.istio.io/canonical-name: default-istio - service.istio.io/canonical-revision: latest - should: see - sidecar.istio.io/inject: "false" - spec: - containers: - - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc. - - --proxyLogLevel - - - - --proxyComponentLogLevel - - - - --log_output_level - - - env: - - name: PILOT_CERT_PROVIDER - value: - - name: CA_ADDR - value: istiod-..svc:15012 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {} - - name: ISTIO_META_POD_PORTS - value: '[]' - - name: ISTIO_META_APP_CONTAINERS - value: "" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: Kubernetes - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: default-istio - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-istio - - name: ISTIO_META_MESH_ID - value: cluster.local - - name: TRUST_DOMAIN - value: cluster.local - image: test/proxyv2:test - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - name: http-envoy-prom - protocol: TCP - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: true - runAsUser: 1337 - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/credential-uds - name: credential-socket - - mountPath: /var/run/secrets/workload-spiffe-credentials - name: workload-certs - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - securityContext: - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - serviceAccountName: default-istio - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - - emptyDir: {} - name: workload-certs - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: {} - name: istio-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: - expirationSeconds: 43200 - path: istio-token ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - should: see - labels: - gateway.istio.io/managed: istio.io-gateway-controller - gateway.networking.k8s.io/gateway-name: default - istio.io/dataplane-mode: none - should: see - name: default-istio - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: default - uid: null -spec: - ipFamilyPolicy: PreferDualStack - ports: - - appProtocol: tcp - name: status-port - port: 15021 - protocol: TCP - selector: - gateway.networking.k8s.io/gateway-name: default - type: LoadBalancer ---- diff --git a/pkg/ingress/kube/gateway/istio/testdata/deployment/waypoint-no-network-label.yaml b/pkg/ingress/kube/gateway/istio/testdata/deployment/waypoint-no-network-label.yaml deleted file mode 100644 index 5129eb15a..000000000 --- a/pkg/ingress/kube/gateway/istio/testdata/deployment/waypoint-no-network-label.yaml +++ /dev/null @@ -1,254 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: Gateway -metadata: - annotations: - gateway.istio.io/controller-version: "5" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-mesh-controller - gateway.networking.k8s.io/gateway-name: namespace - topology.istio.io/network: network-1 - name: namespace - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: namespace - uid: "" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-mesh-controller - gateway.networking.k8s.io/gateway-name: namespace - topology.istio.io/network: network-1 - name: namespace - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: namespace - uid: "" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: namespace - template: - metadata: - annotations: - istio.io/rev: default - prometheus.io/path: /stats/prometheus - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - labels: - gateway.istio.io/managed: istio.io-mesh-controller - gateway.networking.k8s.io/gateway-name: namespace - istio.io/dataplane-mode: none - service.istio.io/canonical-name: namespace - service.istio.io/canonical-revision: latest - sidecar.istio.io/inject: "false" - topology.istio.io/network: network-1 - spec: - containers: - - args: - - proxy - - waypoint - - --domain - - $(POD_NAMESPACE).svc. - - --serviceCluster - - namespace.$(POD_NAMESPACE) - - --proxyLogLevel - - - - --proxyComponentLogLevel - - - - --log_output_level - - - env: - - name: ISTIO_META_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: PILOT_CERT_PROVIDER - value: - - name: CA_ADDR - value: istiod-..svc:15012 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {} - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: Kubernetes - - name: ISTIO_META_NETWORK - value: network-1 - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: namespace - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/default/deployments/namespace - - name: ISTIO_META_MESH_ID - value: cluster.local - - name: TRUST_DOMAIN - value: cluster.local - image: test/proxyv2:test - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - name: http-envoy-prom - protocol: TCP - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: true - runAsUser: 1337 - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - serviceAccountName: namespace - terminationGracePeriodSeconds: 2 - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: - medium: Memory - name: go-proxy-envoy - - emptyDir: {} - name: istio-data - - emptyDir: {} - name: go-proxy-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: istio-ca - expirationSeconds: 43200 - path: istio-token - - configMap: - name: istio-ca-root-cert - name: istiod-ca-cert ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - networking.istio.io/traffic-distribution: PreferClose - labels: - gateway.istio.io/managed: istio.io-mesh-controller - gateway.networking.k8s.io/gateway-name: namespace - topology.istio.io/network: network-1 - name: namespace - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: namespace - uid: "" -spec: - ipFamilyPolicy: PreferDualStack - ports: - - appProtocol: tcp - name: status-port - port: 15021 - protocol: TCP - - appProtocol: all - name: mesh - port: 15008 - protocol: TCP - selector: - gateway.networking.k8s.io/gateway-name: namespace - type: ClusterIP ---- diff --git a/pkg/ingress/kube/gateway/istio/testdata/deployment/waypoint.yaml b/pkg/ingress/kube/gateway/istio/testdata/deployment/waypoint.yaml deleted file mode 100644 index 5129eb15a..000000000 --- a/pkg/ingress/kube/gateway/istio/testdata/deployment/waypoint.yaml +++ /dev/null @@ -1,254 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: Gateway -metadata: - annotations: - gateway.istio.io/controller-version: "5" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-mesh-controller - gateway.networking.k8s.io/gateway-name: namespace - topology.istio.io/network: network-1 - name: namespace - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: namespace - uid: "" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: {} - labels: - gateway.istio.io/managed: istio.io-mesh-controller - gateway.networking.k8s.io/gateway-name: namespace - topology.istio.io/network: network-1 - name: namespace - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: namespace - uid: "" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: namespace - template: - metadata: - annotations: - istio.io/rev: default - prometheus.io/path: /stats/prometheus - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - labels: - gateway.istio.io/managed: istio.io-mesh-controller - gateway.networking.k8s.io/gateway-name: namespace - istio.io/dataplane-mode: none - service.istio.io/canonical-name: namespace - service.istio.io/canonical-revision: latest - sidecar.istio.io/inject: "false" - topology.istio.io/network: network-1 - spec: - containers: - - args: - - proxy - - waypoint - - --domain - - $(POD_NAMESPACE).svc. - - --serviceCluster - - namespace.$(POD_NAMESPACE) - - --proxyLogLevel - - - - --proxyComponentLogLevel - - - - --log_output_level - - - env: - - name: ISTIO_META_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: PILOT_CERT_PROVIDER - value: - - name: CA_ADDR - value: istiod-..svc:15012 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {} - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: Kubernetes - - name: ISTIO_META_NETWORK - value: network-1 - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: namespace - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/default/deployments/namespace - - name: ISTIO_META_MESH_ID - value: cluster.local - - name: TRUST_DOMAIN - value: cluster.local - image: test/proxyv2:test - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - name: http-envoy-prom - protocol: TCP - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: true - runAsUser: 1337 - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - serviceAccountName: namespace - terminationGracePeriodSeconds: 2 - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: - medium: Memory - name: go-proxy-envoy - - emptyDir: {} - name: istio-data - - emptyDir: {} - name: go-proxy-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: istio-ca - expirationSeconds: 43200 - path: istio-token - - configMap: - name: istio-ca-root-cert - name: istiod-ca-cert ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - networking.istio.io/traffic-distribution: PreferClose - labels: - gateway.istio.io/managed: istio.io-mesh-controller - gateway.networking.k8s.io/gateway-name: namespace - topology.istio.io/network: network-1 - name: namespace - namespace: default - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: namespace - uid: "" -spec: - ipFamilyPolicy: PreferDualStack - ports: - - appProtocol: tcp - name: status-port - port: 15021 - protocol: TCP - - appProtocol: all - name: mesh - port: 15008 - protocol: TCP - selector: - gateway.networking.k8s.io/gateway-name: namespace - type: ClusterIP ---- diff --git a/pkg/ingress/kube/gateway/istio/testdata/east-west-ambient.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/east-west-ambient.status.yaml.golden index 494c54e47..184a78666 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/east-west-ambient.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/east-west-ambient.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: eastwestgateway namespace: istio-system spec: null @@ -47,7 +46,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: invalid namespace: istio-system spec: null diff --git a/pkg/ingress/kube/gateway/istio/testdata/eastwest-labelport.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/eastwest-labelport.status.yaml.golden index 7724fba93..f223cbdd7 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/eastwest-labelport.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/eastwest-labelport.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: eastwestgateway namespace: istio-system spec: null @@ -101,7 +100,6 @@ status: apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TLSRoute metadata: - creationTimestamp: null name: eastwestgateway-grpc namespace: istio-system spec: null @@ -118,7 +116,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: kind: Gateway name: eastwestgateway @@ -127,7 +125,6 @@ status: apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TLSRoute metadata: - creationTimestamp: null name: eastwestgateway-webhook namespace: istio-system spec: null @@ -144,7 +141,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: kind: Gateway name: eastwestgateway diff --git a/pkg/ingress/kube/gateway/istio/testdata/eastwest-labelport.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/eastwest-labelport.yaml.golden index 688ad34d5..3d00e3395 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/eastwest-labelport.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/eastwest-labelport.yaml.golden @@ -5,7 +5,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: eastwestgateway-istio.istio-system.svc.domain.suffix internal.istio.io/parents: Gateway/eastwestgateway/cross-network.istio-system - creationTimestamp: null name: eastwestgateway-istio-autogenerated-k8s-gateway-cross-network namespace: istio-system spec: @@ -26,7 +25,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: eastwestgateway-istio.istio-system.svc.domain.suffix internal.istio.io/parents: Gateway/eastwestgateway/istiod-grpc.istio-system - creationTimestamp: null name: eastwestgateway-istio-autogenerated-k8s-gateway-istiod-grpc namespace: istio-system spec: @@ -46,7 +44,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: eastwestgateway-istio.istio-system.svc.domain.suffix internal.istio.io/parents: Gateway/eastwestgateway/istiod-webhook.istio-system - creationTimestamp: null name: eastwestgateway-istio-autogenerated-k8s-gateway-istiod-webhook namespace: istio-system spec: @@ -65,7 +62,6 @@ metadata: annotations: internal.istio.io/parents: TLSRoute/eastwestgateway-grpc.istio-system internal.istio.io/route-semantics: gateway - creationTimestamp: null name: eastwestgateway-grpc-tls-0-istio-autogenerated-k8s-gateway namespace: istio-system spec: @@ -89,7 +85,6 @@ metadata: annotations: internal.istio.io/parents: TLSRoute/eastwestgateway-webhook.istio-system internal.istio.io/route-semantics: gateway - creationTimestamp: null name: eastwestgateway-webhook-tls-0-istio-autogenerated-k8s-gateway namespace: istio-system spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/eastwest-remote.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/eastwest-remote.status.yaml.golden index 02a022a9c..7c486f4f6 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/eastwest-remote.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/eastwest-remote.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: eastwestgateway namespace: istio-system spec: null @@ -24,7 +23,6 @@ status: apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TLSRoute metadata: - creationTimestamp: null name: eastwestgateway-grpc namespace: istio-system spec: null @@ -34,7 +32,6 @@ status: apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TLSRoute metadata: - creationTimestamp: null name: eastwestgateway-webhook namespace: istio-system spec: null diff --git a/pkg/ingress/kube/gateway/istio/testdata/eastwest-tlsoption.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/eastwest-tlsoption.status.yaml.golden index 7724fba93..f223cbdd7 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/eastwest-tlsoption.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/eastwest-tlsoption.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: eastwestgateway namespace: istio-system spec: null @@ -101,7 +100,6 @@ status: apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TLSRoute metadata: - creationTimestamp: null name: eastwestgateway-grpc namespace: istio-system spec: null @@ -118,7 +116,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: kind: Gateway name: eastwestgateway @@ -127,7 +125,6 @@ status: apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TLSRoute metadata: - creationTimestamp: null name: eastwestgateway-webhook namespace: istio-system spec: null @@ -144,7 +141,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: kind: Gateway name: eastwestgateway diff --git a/pkg/ingress/kube/gateway/istio/testdata/eastwest-tlsoption.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/eastwest-tlsoption.yaml.golden index 688ad34d5..3d00e3395 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/eastwest-tlsoption.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/eastwest-tlsoption.yaml.golden @@ -5,7 +5,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: eastwestgateway-istio.istio-system.svc.domain.suffix internal.istio.io/parents: Gateway/eastwestgateway/cross-network.istio-system - creationTimestamp: null name: eastwestgateway-istio-autogenerated-k8s-gateway-cross-network namespace: istio-system spec: @@ -26,7 +25,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: eastwestgateway-istio.istio-system.svc.domain.suffix internal.istio.io/parents: Gateway/eastwestgateway/istiod-grpc.istio-system - creationTimestamp: null name: eastwestgateway-istio-autogenerated-k8s-gateway-istiod-grpc namespace: istio-system spec: @@ -46,7 +44,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: eastwestgateway-istio.istio-system.svc.domain.suffix internal.istio.io/parents: Gateway/eastwestgateway/istiod-webhook.istio-system - creationTimestamp: null name: eastwestgateway-istio-autogenerated-k8s-gateway-istiod-webhook namespace: istio-system spec: @@ -65,7 +62,6 @@ metadata: annotations: internal.istio.io/parents: TLSRoute/eastwestgateway-grpc.istio-system internal.istio.io/route-semantics: gateway - creationTimestamp: null name: eastwestgateway-grpc-tls-0-istio-autogenerated-k8s-gateway namespace: istio-system spec: @@ -89,7 +85,6 @@ metadata: annotations: internal.istio.io/parents: TLSRoute/eastwestgateway-webhook.istio-system internal.istio.io/route-semantics: gateway - creationTimestamp: null name: eastwestgateway-webhook-tls-0-istio-autogenerated-k8s-gateway namespace: istio-system spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/eastwest.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/eastwest.status.yaml.golden index 7724fba93..f223cbdd7 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/eastwest.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/eastwest.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: eastwestgateway namespace: istio-system spec: null @@ -101,7 +100,6 @@ status: apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TLSRoute metadata: - creationTimestamp: null name: eastwestgateway-grpc namespace: istio-system spec: null @@ -118,7 +116,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: kind: Gateway name: eastwestgateway @@ -127,7 +125,6 @@ status: apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TLSRoute metadata: - creationTimestamp: null name: eastwestgateway-webhook namespace: istio-system spec: null @@ -144,7 +141,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: kind: Gateway name: eastwestgateway diff --git a/pkg/ingress/kube/gateway/istio/testdata/eastwest.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/eastwest.yaml.golden index 3342f420f..a3c98af80 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/eastwest.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/eastwest.yaml.golden @@ -5,7 +5,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: eastwestgateway-istio.istio-system.svc.domain.suffix internal.istio.io/parents: Gateway/eastwestgateway/cross-network.istio-system - creationTimestamp: null name: eastwestgateway-istio-autogenerated-k8s-gateway-cross-network namespace: istio-system spec: @@ -26,7 +25,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: eastwestgateway-istio.istio-system.svc.domain.suffix internal.istio.io/parents: Gateway/eastwestgateway/istiod-grpc.istio-system - creationTimestamp: null name: eastwestgateway-istio-autogenerated-k8s-gateway-istiod-grpc namespace: istio-system spec: @@ -46,7 +44,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: eastwestgateway-istio.istio-system.svc.domain.suffix internal.istio.io/parents: Gateway/eastwestgateway/istiod-webhook.istio-system - creationTimestamp: null name: eastwestgateway-istio-autogenerated-k8s-gateway-istiod-webhook namespace: istio-system spec: @@ -65,7 +62,6 @@ metadata: annotations: internal.istio.io/parents: TLSRoute/eastwestgateway-grpc.istio-system internal.istio.io/route-semantics: gateway - creationTimestamp: null name: eastwestgateway-grpc-tls-0-istio-autogenerated-k8s-gateway namespace: istio-system spec: @@ -89,7 +85,6 @@ metadata: annotations: internal.istio.io/parents: TLSRoute/eastwestgateway-webhook.istio-system internal.istio.io/route-semantics: gateway - creationTimestamp: null name: eastwestgateway-webhook-tls-0-istio-autogenerated-k8s-gateway namespace: istio-system spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/grpc.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/grpc.status.yaml.golden index 3b65d6850..f75a1c811 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/grpc.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/grpc.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass metadata: - creationTimestamp: null name: higress spec: null status: @@ -15,7 +14,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: gateway namespace: higress-system spec: null @@ -65,7 +63,6 @@ status: apiVersion: gateway.networking.k8s.io/v1 kind: GRPCRoute metadata: - creationTimestamp: null name: grpc namespace: default spec: null @@ -82,7 +79,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system diff --git a/pkg/ingress/kube/gateway/istio/testdata/grpc.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/grpc.yaml.golden index e3ef58130..b1d7904c4 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/grpc.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/grpc.yaml.golden @@ -5,7 +5,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/default.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-default namespace: higress-system spec: @@ -23,7 +23,6 @@ metadata: annotations: internal.istio.io/parents: GRPCRoute/grpc.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~another.domain.example namespace: default spec: @@ -66,7 +65,6 @@ metadata: annotations: internal.istio.io/parents: GRPCRoute/grpc.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~first.domain.example namespace: default spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/http.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/http.status.yaml.golden index 64bf857ff..c64cb156d 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/http.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/http.status.yaml.golden @@ -1,16 +1,14 @@ -apiVersion: inference.networking.x-k8s.io/v1alpha2 +apiVersion: inference.networking.k8s.io/v1 kind: InferencePool metadata: - creationTimestamp: null name: infpool-gen namespace: default spec: null status: {} --- -apiVersion: inference.networking.x-k8s.io/v1alpha2 +apiVersion: inference.networking.k8s.io/v1 kind: InferencePool metadata: - creationTimestamp: null name: infpool-gen2 namespace: default spec: null @@ -19,7 +17,6 @@ status: {} apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass metadata: - creationTimestamp: null name: higress spec: null status: @@ -33,7 +30,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: gateway namespace: higress-system spec: null @@ -85,7 +81,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: http namespace: default spec: null @@ -102,7 +97,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -110,7 +105,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: http-not-selected namespace: default spec: null @@ -127,7 +121,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -135,7 +129,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: http-retry-request namespace: default spec: null @@ -152,7 +145,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -160,7 +153,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: http-route-cors namespace: default spec: null @@ -177,7 +169,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -185,7 +177,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: http-timeout-backend-request namespace: default spec: null @@ -202,7 +193,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -210,7 +201,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: http-timeout-request namespace: default spec: null @@ -227,7 +217,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -235,7 +225,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: http2 namespace: default spec: null @@ -252,7 +241,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -260,7 +249,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: mirror namespace: default spec: null @@ -277,7 +265,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -285,7 +273,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: multiple-inferencepool-backend-refs namespace: default spec: null @@ -302,7 +289,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -310,7 +297,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: redirect namespace: default spec: null @@ -327,7 +313,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -335,7 +321,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: redirect-prefix-replace namespace: default spec: null @@ -352,7 +337,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -360,7 +345,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: rewrite namespace: default spec: null @@ -377,7 +361,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system diff --git a/pkg/ingress/kube/gateway/istio/testdata/http.yaml b/pkg/ingress/kube/gateway/istio/testdata/http.yaml index e77ec251a..45dda70d6 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/http.yaml +++ b/pkg/ingress/kube/gateway/istio/testdata/http.yaml @@ -12,17 +12,17 @@ metadata: namespace: higress-system spec: addresses: - - value: higress-gateway - type: Hostname + - value: higress-gateway + type: Hostname gatewayClassName: higress listeners: - - name: default - hostname: "*.domain.example" - port: 80 - protocol: HTTP - allowedRoutes: - namespaces: - from: All + - name: default + hostname: "*.domain.example" + port: 80 + protocol: HTTP + allowedRoutes: + namespaces: + from: All --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute @@ -31,34 +31,34 @@ metadata: namespace: default spec: parentRefs: - - name: gateway - namespace: higress-system + - name: gateway + namespace: higress-system hostnames: ["first.domain.example", "another.domain.example"] rules: - - matches: - - path: - type: PathPrefix - value: /get - headers: - - name: my-header - value: some-value - type: Exact - filters: - - type: RequestHeaderModifier - requestHeaderModifier: - add: - - name: my-added-header - value: added-value - remove: [my-removed-header] - - type: ResponseHeaderModifier - responseHeaderModifier: - add: - - name: my-added-resp-header - value: added-resp-value - remove: [my-removed-header] - backendRefs: - - name: httpbin - port: 80 + - matches: + - path: + type: PathPrefix + value: /get + headers: + - name: my-header + value: some-value + type: Exact + filters: + - type: RequestHeaderModifier + requestHeaderModifier: + add: + - name: my-added-header + value: added-value + remove: [my-removed-header] + - type: ResponseHeaderModifier + responseHeaderModifier: + add: + - name: my-added-resp-header + value: added-resp-value + remove: [my-removed-header] + backendRefs: + - name: httpbin + port: 80 --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute @@ -67,24 +67,24 @@ metadata: namespace: default spec: parentRefs: - - name: gateway - namespace: higress-system + - name: gateway + namespace: higress-system hostnames: ["second.domain.example"] rules: - - matches: - - path: - type: PathPrefix - value: /second - backendRefs: - - name: httpbin-second - port: 80 - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - name: httpbin-wildcard - port: 80 + - matches: + - path: + type: PathPrefix + value: /second + backendRefs: + - name: httpbin-second + port: 80 + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: httpbin-wildcard + port: 80 --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute @@ -93,18 +93,18 @@ metadata: namespace: default spec: parentRefs: - - name: gateway - namespace: higress-system + - name: gateway + namespace: higress-system rules: - - filters: - - type: RequestRedirect - requestRedirect: - port: 8080 - statusCode: 302 - scheme: https - path: - type: ReplaceFullPath - replaceFullPath: /replace-full + - filters: + - type: RequestRedirect + requestRedirect: + port: 8080 + statusCode: 302 + scheme: https + path: + type: ReplaceFullPath + replaceFullPath: /replace-full --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute @@ -113,23 +113,23 @@ metadata: namespace: default spec: parentRefs: - - name: gateway - namespace: higress-system + - name: gateway + namespace: higress-system hostnames: ["redirect.domain.example"] rules: - - matches: - - path: - type: PathPrefix - value: /original - filters: - - type: RequestRedirect - requestRedirect: - port: 8080 - statusCode: 302 - scheme: https - path: - type: ReplacePrefixMatch - replacePrefixMatch: /replacement + - matches: + - path: + type: PathPrefix + value: /original + filters: + - type: RequestRedirect + requestRedirect: + port: 8080 + statusCode: 302 + scheme: https + path: + type: ReplacePrefixMatch + replacePrefixMatch: /replacement --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute @@ -138,51 +138,51 @@ metadata: namespace: default spec: parentRefs: - - name: gateway - namespace: higress-system + - name: gateway + namespace: higress-system rules: - - name: route1 - matches: - - path: - type: PathPrefix - value: /prefix-original - filters: - - type: URLRewrite - urlRewrite: - hostname: "new.example.com" - path: - type: ReplacePrefixMatch - replacePrefixMatch: "/replacement" - backendRefs: - - name: httpbin - port: 80 - - matches: - - path: - type: PathPrefix - value: /prefix-to-be-removed - filters: - - type: URLRewrite - urlRewrite: - path: - type: ReplacePrefixMatch - replacePrefixMatch: "" - backendRefs: - - name: httpbin - port: 80 - - matches: - - path: - type: PathPrefix - value: /full-original - filters: - - type: URLRewrite - urlRewrite: - hostname: "new.example.com" - path: - type: ReplaceFullPath - replaceFullPath: "/replacement" - backendRefs: - - name: httpbin - port: 80 + - name: route1 + matches: + - path: + type: PathPrefix + value: /prefix-original + filters: + - type: URLRewrite + urlRewrite: + hostname: "new.example.com" + path: + type: ReplacePrefixMatch + replacePrefixMatch: "/replacement" + backendRefs: + - name: httpbin + port: 80 + - matches: + - path: + type: PathPrefix + value: /prefix-to-be-removed + filters: + - type: URLRewrite + urlRewrite: + path: + type: ReplacePrefixMatch + replacePrefixMatch: "" + backendRefs: + - name: httpbin + port: 80 + - matches: + - path: + type: PathPrefix + value: /full-original + filters: + - type: URLRewrite + urlRewrite: + hostname: "new.example.com" + path: + type: ReplaceFullPath + replaceFullPath: "/replacement" + backendRefs: + - name: httpbin + port: 80 --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute @@ -191,27 +191,27 @@ metadata: namespace: default spec: parentRefs: - - name: gateway - namespace: higress-system + - name: gateway + namespace: higress-system rules: - - filters: - - type: RequestMirror - requestMirror: - fraction: - numerator: 4 - denominator: 8 - backendRef: - name: httpbin-mirror + - filters: + - type: RequestMirror + requestMirror: + fraction: + numerator: 4 + denominator: 8 + backendRef: + name: httpbin-mirror + port: 80 + - type: RequestMirror + requestMirror: + percent: 80 + backendRef: + name: httpbin-second + port: 80 + backendRefs: + - name: httpbin port: 80 - - type: RequestMirror - requestMirror: - percent: 80 - backendRef: - name: httpbin-second - port: 80 - backendRefs: - - name: httpbin - port: 80 --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute @@ -220,17 +220,17 @@ metadata: namespace: default spec: parentRefs: - - name: gateway - namespace: higress-system + - name: gateway + namespace: higress-system hostnames: ["should.not.select"] rules: - - matches: - - path: - type: PathPrefix - value: /get - backendRefs: - - name: httpbin-bad - port: 80 + - matches: + - path: + type: PathPrefix + value: /get + backendRefs: + - name: httpbin-bad + port: 80 --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute @@ -239,19 +239,19 @@ metadata: namespace: default spec: parentRefs: - - name: gateway - namespace: higress-system + - name: gateway + namespace: higress-system hostnames: ["timeout.domain.example"] rules: - - matches: - - path: - type: PathPrefix - value: /get - backendRefs: - - name: httpbin - port: 80 - timeouts: - request: 1ms + - matches: + - path: + type: PathPrefix + value: /get + backendRefs: + - name: httpbin + port: 80 + timeouts: + request: 1ms --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute @@ -260,20 +260,20 @@ metadata: namespace: default spec: parentRefs: - - name: gateway - namespace: higress-system + - name: gateway + namespace: higress-system hostnames: ["timeout-backend.domain.example"] rules: - - matches: - - path: - type: PathPrefix - value: /get - backendRefs: - - name: httpbin - port: 80 - timeouts: - request: 2ms - backendRequest: 1ms + - matches: + - path: + type: PathPrefix + value: /get + backendRefs: + - name: httpbin + port: 80 + timeouts: + request: 2ms + backendRequest: 1ms --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute @@ -297,8 +297,8 @@ spec: attempts: 3 backoff: 3ms codes: - - 503 - - 429 + - 503 + - 429 - matches: - path: type: PathPrefix @@ -324,7 +324,7 @@ metadata: namespace: default spec: hostnames: - - "cors.domain.example" + - "cors.domain.example" parentRefs: - name: gateway namespace: higress-system @@ -337,8 +337,8 @@ spec: - cors: allowCredentials: true allowOrigins: - # - '*' # This will be allowed in the future, probably https://github.com/kubernetes-sigs/gateway-api/issues/3648#issuecomment-2735208553 - # - '*.com' + # - '*' # This will be allowed in the future, probably https://github.com/kubernetes-sigs/gateway-api/issues/3648#issuecomment-2735208553 + # - '*.com' - "https://example.com" allowMethods: - GET @@ -368,12 +368,12 @@ spec: type: PathPrefix value: /infpool headers: - - name: my-header - value: some-value - type: Exact + - name: my-header + value: some-value + type: Exact backendRefs: - name: infpool-gen - group: inference.networking.x-k8s.io + group: inference.networking.k8s.io kind: InferencePool port: 80 - matches: @@ -381,35 +381,43 @@ spec: type: PathPrefix value: /infpool headers: - - name: my-header - value: some-value-2 - type: Exact + - name: my-header + value: some-value-2 + type: Exact backendRefs: - name: infpool-gen2 - group: inference.networking.x-k8s.io + group: inference.networking.k8s.io kind: InferencePool port: 80 --- -apiVersion: inference.networking.x-k8s.io/v1alpha2 +apiVersion: inference.networking.k8s.io/v1 kind: InferencePool metadata: name: infpool-gen namespace: default spec: - targetPortNumber: 8000 + targetPorts: + - number: 8000 selector: - app: vllm-llama3-8b-instruct - extensionRef: + matchLabels: + app: vllm-llama3-8b-instruct + endpointPickerRef: name: vllm-llama3-8b-instruct-epp + port: + number: 9002 --- -apiVersion: inference.networking.x-k8s.io/v1alpha2 +apiVersion: inference.networking.k8s.io/v1 kind: InferencePool metadata: name: infpool-gen2 namespace: default spec: - targetPortNumber: 8000 + targetPorts: + - number: 8000 selector: - app: vllm-llama3-8b-instruct - extensionRef: + matchLabels: + app: vllm-llama3-8b-instruct + endpointPickerRef: name: vllm-llama3-8b-instruct-epp + port: + number: 9002 diff --git a/pkg/ingress/kube/gateway/istio/testdata/http.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/http.yaml.golden index b93fc611c..9b2f30641 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/http.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/http.yaml.golden @@ -5,7 +5,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/default.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-default namespace: higress-system spec: @@ -23,7 +23,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/mirror.default,HTTPRoute/redirect.default,HTTPRoute/rewrite.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~* namespace: default spec: @@ -101,7 +100,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/http.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~another.domain.example namespace: default spec: @@ -140,7 +138,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/http-route-cors.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~cors.domain.example namespace: default spec: @@ -176,7 +173,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/http.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~first.domain.example namespace: default spec: @@ -215,7 +211,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/multiple-inferencepool-backend-refs.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~infpool-multi.domain.example namespace: default spec: @@ -251,7 +246,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/redirect-prefix-replace.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~redirect.domain.example namespace: default spec: @@ -276,7 +270,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/http-retry-request.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~retry.domain.example namespace: default spec: @@ -327,7 +320,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/http2.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~second.domain.example namespace: default spec: @@ -361,7 +353,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/http-timeout-backend-request.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~timeout-backend.domain.example namespace: default spec: @@ -387,7 +378,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/http-timeout-request.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~timeout.domain.example namespace: default spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/invalid.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/invalid.status.yaml.golden index f3ac20d0f..a4b620a9f 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/invalid.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/invalid.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass metadata: - creationTimestamp: null name: higress spec: null status: @@ -15,7 +14,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: gateway namespace: higress-system spec: null @@ -67,7 +65,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: invalid-cert-kind namespace: higress-system spec: null @@ -120,7 +117,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: invalid-cert-malformed namespace: higress-system spec: null @@ -171,7 +167,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: invalid-cert-notfound namespace: higress-system spec: null @@ -224,7 +219,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: invalid-service namespace: higress-system spec: null @@ -274,7 +268,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: protocol-lower-case namespace: higress-system spec: null @@ -320,7 +313,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: target-port-reference namespace: higress-system spec: null @@ -370,7 +362,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: udp-protocol namespace: higress-system spec: null @@ -416,7 +407,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: unknown-protocol namespace: higress-system spec: null @@ -462,7 +452,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: invalid-gateway-address namespace: invalid-gateway-address spec: null @@ -512,7 +501,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: invalid-backendRef-hostname namespace: default spec: null @@ -529,7 +517,7 @@ status: reason: BackendNotFound status: "False" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: "" kind: Service @@ -538,7 +526,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: invalid-backendRef-kind namespace: default spec: null @@ -555,7 +542,7 @@ status: reason: InvalidKind status: "False" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -563,7 +550,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: invalid-backendRef-mirror namespace: default spec: null @@ -580,7 +566,7 @@ status: reason: BackendNotFound status: "False" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: "" kind: Service @@ -589,7 +575,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: invalid-backendRef-mixed namespace: default spec: null @@ -606,7 +591,7 @@ status: reason: InvalidKind status: "False" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -614,7 +599,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: invalid-backendRef-notfound namespace: default spec: null @@ -631,7 +615,7 @@ status: reason: BackendNotFound status: "False" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -639,7 +623,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: invalid-backendRef-serviceimport namespace: default spec: null @@ -656,7 +639,7 @@ status: reason: BackendNotFound status: "False" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: "" kind: Service @@ -665,7 +648,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: invalid-mirror namespace: default spec: null @@ -682,7 +664,7 @@ status: reason: InvalidKind status: "False" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -690,7 +672,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: invalid-parentRef-port namespace: default spec: null @@ -707,7 +688,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -716,7 +697,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: invalid-parentRef-service namespace: default spec: null @@ -733,7 +713,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: "" kind: Service @@ -742,7 +722,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: invalid-parentRef-service-entry namespace: default spec: null @@ -759,7 +738,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: networking.istio.io kind: ServiceEntry @@ -768,7 +747,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: invalid-sectionname-port namespace: default spec: null @@ -785,7 +763,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -794,7 +772,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: no-backend namespace: default spec: null @@ -811,7 +788,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: "" kind: Service diff --git a/pkg/ingress/kube/gateway/istio/testdata/invalid.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/invalid.yaml.golden index c5c07d0ae..7bb399215 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/invalid.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/invalid.yaml.golden @@ -5,7 +5,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/default.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-default namespace: higress-system spec: @@ -24,7 +24,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: fake-service.com internal.istio.io/parents: Gateway/invalid-service/default.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: invalid-service-istio-autogenerated-k8s-gateway-default namespace: higress-system spec: @@ -43,7 +43,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/target-port-reference/default.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: target-port-reference-istio-autogenerated-k8s-gateway-default namespace: higress-system spec: @@ -62,7 +62,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.cluster.local internal.istio.io/parents: Gateway/invalid-gateway-address/default.invalid-gateway-address - creationTimestamp: null + internal.istio.io/service-account-name: "" name: invalid-gateway-address-istio-autogenerated-k8s-gateway-default namespace: invalid-gateway-address spec: @@ -80,7 +80,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/invalid-backendRef-hostname.default,HTTPRoute/invalid-backendRef-mirror.default,HTTPRoute/invalid-backendRef-serviceimport.default,HTTPRoute/no-backend.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: default~httpbin.default.svc.domain.suffix namespace: default spec: @@ -122,7 +121,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/invalid-parentRef-service.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: default~not-found.default.svc.domain.suffix namespace: default spec: @@ -144,7 +142,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/invalid-mirror.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~* namespace: default spec: @@ -166,7 +163,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/invalid-backendRef-kind.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~first.domain.example namespace: default spec: @@ -185,7 +181,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/invalid-backendRef-notfound.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~second.domain.example namespace: default spec: @@ -207,7 +202,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/invalid-backendRef-mixed.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~third.domain.example namespace: default spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/isolation.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/isolation.status.yaml.golden index 8fd4f3f5e..905a120ef 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/isolation.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/isolation.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: isolation namespace: gateway-conformance-infra spec: null @@ -135,7 +134,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: attaches-to-abc-foo-example-com-with-hostname-intersection namespace: gateway-conformance-infra spec: null @@ -153,7 +151,7 @@ status: reason: BackendNotFound status: "False" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: isolation namespace: gateway-conformance-infra @@ -162,7 +160,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: attaches-to-empty-hostname-with-hostname-intersection namespace: gateway-conformance-infra spec: null @@ -180,7 +177,7 @@ status: reason: BackendNotFound status: "False" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: isolation namespace: gateway-conformance-infra @@ -189,7 +186,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: attaches-to-wildcard-example-com-with-hostname-intersection namespace: gateway-conformance-infra spec: null @@ -207,7 +203,7 @@ status: reason: BackendNotFound status: "False" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: isolation namespace: gateway-conformance-infra @@ -216,7 +212,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: attaches-to-wildcard-foo-example-com-with-hostname-intersection namespace: gateway-conformance-infra spec: null @@ -234,7 +229,7 @@ status: reason: BackendNotFound status: "False" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: isolation namespace: gateway-conformance-infra diff --git a/pkg/ingress/kube/gateway/istio/testdata/isolation.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/isolation.yaml.golden index 19252bd69..1350cc757 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/isolation.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/isolation.yaml.golden @@ -5,7 +5,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: isolation-istio.gateway-conformance-infra.svc.domain.suffix internal.istio.io/parents: Gateway/isolation/abc-foo-example-com.gateway-conformance-infra - creationTimestamp: null name: isolation-istio-autogenerated-k8s-gateway-abc-foo-example-com namespace: gateway-conformance-infra spec: @@ -24,7 +23,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: isolation-istio.gateway-conformance-infra.svc.domain.suffix internal.istio.io/parents: Gateway/isolation/empty-hostname.gateway-conformance-infra - creationTimestamp: null name: isolation-istio-autogenerated-k8s-gateway-empty-hostname namespace: gateway-conformance-infra spec: @@ -43,7 +41,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: isolation-istio.gateway-conformance-infra.svc.domain.suffix internal.istio.io/parents: Gateway/isolation/wildcard-example-com.gateway-conformance-infra - creationTimestamp: null name: isolation-istio-autogenerated-k8s-gateway-wildcard-example-com namespace: gateway-conformance-infra spec: @@ -62,7 +59,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: isolation-istio.gateway-conformance-infra.svc.domain.suffix internal.istio.io/parents: Gateway/isolation/wildcard-foo-example-com.gateway-conformance-infra - creationTimestamp: null name: isolation-istio-autogenerated-k8s-gateway-wildcard-foo-example-com namespace: gateway-conformance-infra spec: @@ -80,7 +76,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/attaches-to-abc-foo-example-com-with-hostname-intersection.gateway-conformance-infra internal.istio.io/route-semantics: gateway - creationTimestamp: null name: gateway-conformance-infra~isolation-istio-autogenerated-k8s-gateway-abc-foo-example-com~*.example.com namespace: gateway-conformance-infra spec: @@ -105,7 +100,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/attaches-to-abc-foo-example-com-with-hostname-intersection.gateway-conformance-infra internal.istio.io/route-semantics: gateway - creationTimestamp: null name: gateway-conformance-infra~isolation-istio-autogenerated-k8s-gateway-abc-foo-example-com~*.foo.example.com namespace: gateway-conformance-infra spec: @@ -130,7 +124,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/attaches-to-abc-foo-example-com-with-hostname-intersection.gateway-conformance-infra internal.istio.io/route-semantics: gateway - creationTimestamp: null name: gateway-conformance-infra~isolation-istio-autogenerated-k8s-gateway-abc-foo-example-com~abc.foo.example.com namespace: gateway-conformance-infra spec: @@ -155,7 +148,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/attaches-to-abc-foo-example-com-with-hostname-intersection.gateway-conformance-infra internal.istio.io/route-semantics: gateway - creationTimestamp: null name: gateway-conformance-infra~isolation-istio-autogenerated-k8s-gateway-abc-foo-example-com~bar.com namespace: gateway-conformance-infra spec: @@ -180,7 +172,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/attaches-to-empty-hostname-with-hostname-intersection.gateway-conformance-infra internal.istio.io/route-semantics: gateway - creationTimestamp: null name: gateway-conformance-infra~isolation-istio-autogenerated-k8s-gateway-empty-hostname~bar.com namespace: gateway-conformance-infra spec: @@ -205,7 +196,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/attaches-to-wildcard-example-com-with-hostname-intersection.gateway-conformance-infra internal.istio.io/route-semantics: gateway - creationTimestamp: null name: gateway-conformance-infra~isolation-istio-autogenerated-k8s-gateway-wildcard-example-com~*.example.com namespace: gateway-conformance-infra spec: @@ -230,7 +220,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/attaches-to-wildcard-foo-example-com-with-hostname-intersection.gateway-conformance-infra internal.istio.io/route-semantics: gateway - creationTimestamp: null name: gateway-conformance-infra~isolation-istio-autogenerated-k8s-gateway-wildcard-foo-example-com~*.example.com namespace: gateway-conformance-infra spec: @@ -255,7 +244,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/attaches-to-wildcard-foo-example-com-with-hostname-intersection.gateway-conformance-infra internal.istio.io/route-semantics: gateway - creationTimestamp: null name: gateway-conformance-infra~isolation-istio-autogenerated-k8s-gateway-wildcard-foo-example-com~*.foo.example.com namespace: gateway-conformance-infra spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/listenerset-cross-namespace.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/listenerset-cross-namespace.status.yaml.golden index 6c4c7fc29..6c9e33081 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/listenerset-cross-namespace.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/listenerset-cross-namespace.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.x-k8s.io/v1alpha1 kind: XListenerSet metadata: - creationTimestamp: null name: single-entry-http namespace: ns1 spec: null @@ -51,7 +50,6 @@ status: apiVersion: gateway.networking.x-k8s.io/v1alpha1 kind: XListenerSet metadata: - creationTimestamp: null name: cross-ns-cert namespace: ns2 spec: null @@ -131,7 +129,6 @@ status: apiVersion: gateway.networking.x-k8s.io/v1alpha1 kind: XListenerSet metadata: - creationTimestamp: null name: same-ns-cert namespace: ns2 spec: null @@ -181,7 +178,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass metadata: - creationTimestamp: null name: istio spec: null status: @@ -195,7 +191,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: parent-gateway namespace: istio-system spec: null diff --git a/pkg/ingress/kube/gateway/istio/testdata/listenerset-cross-namespace.yaml b/pkg/ingress/kube/gateway/istio/testdata/listenerset-cross-namespace.yaml index 0a5c62ebc..7dd2bb8cb 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/listenerset-cross-namespace.yaml +++ b/pkg/ingress/kube/gateway/istio/testdata/listenerset-cross-namespace.yaml @@ -3,7 +3,7 @@ kind: GatewayClass metadata: name: istio spec: - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway diff --git a/pkg/ingress/kube/gateway/istio/testdata/listenerset-cross-namespace.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/listenerset-cross-namespace.yaml.golden index 4e9155b6b..690666888 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/listenerset-cross-namespace.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/listenerset-cross-namespace.yaml.golden @@ -5,7 +5,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix internal.istio.io/parents: Gateway/parent-gateway/foo.istio-system - creationTimestamp: null name: parent-gateway-istio-autogenerated-k8s-gateway-foo namespace: istio-system spec: @@ -25,7 +24,6 @@ metadata: internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix internal.istio.io/parent-namespace: istio-system internal.istio.io/parents: XListenerSet/single-entry-http/first.ns1 - creationTimestamp: null name: single-entry-http-istio-autogenerated-k8s-gateway-first namespace: ns1 spec: @@ -45,7 +43,6 @@ metadata: internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix internal.istio.io/parent-namespace: istio-system internal.istio.io/parents: XListenerSet/cross-ns-cert/allowed.ns2 - creationTimestamp: null name: cross-ns-cert-istio-autogenerated-k8s-gateway-allowed namespace: ns2 spec: @@ -68,7 +65,6 @@ metadata: internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix internal.istio.io/parent-namespace: istio-system internal.istio.io/parents: XListenerSet/same-ns-cert/second.ns2 - creationTimestamp: null name: same-ns-cert-istio-autogenerated-k8s-gateway-second namespace: ns2 spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/listenerset-empty-listeners.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/listenerset-empty-listeners.status.yaml.golden index d83edd35c..15375e6bf 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/listenerset-empty-listeners.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/listenerset-empty-listeners.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.x-k8s.io/v1alpha1 kind: XListenerSet metadata: - creationTimestamp: null name: single-entry-http namespace: istio-system spec: null @@ -51,7 +50,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass metadata: - creationTimestamp: null name: istio spec: null status: @@ -65,7 +63,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: parent-gateway namespace: istio-system spec: null diff --git a/pkg/ingress/kube/gateway/istio/testdata/listenerset-empty-listeners.yaml b/pkg/ingress/kube/gateway/istio/testdata/listenerset-empty-listeners.yaml index 59b2a1578..080d49ef3 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/listenerset-empty-listeners.yaml +++ b/pkg/ingress/kube/gateway/istio/testdata/listenerset-empty-listeners.yaml @@ -3,7 +3,7 @@ kind: GatewayClass metadata: name: istio spec: - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway diff --git a/pkg/ingress/kube/gateway/istio/testdata/listenerset-empty-listeners.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/listenerset-empty-listeners.yaml.golden index 79a606283..553442b29 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/listenerset-empty-listeners.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/listenerset-empty-listeners.yaml.golden @@ -6,7 +6,6 @@ metadata: internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix internal.istio.io/parent-namespace: istio-system internal.istio.io/parents: XListenerSet/single-entry-http/first.istio-system - creationTimestamp: null name: single-entry-http-istio-autogenerated-k8s-gateway-first namespace: istio-system spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/listenerset-invalid.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/listenerset-invalid.status.yaml.golden index b789baf9a..362636f3b 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/listenerset-invalid.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/listenerset-invalid.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.x-k8s.io/v1alpha1 kind: XListenerSet metadata: - creationTimestamp: null name: invalid-class namespace: istio-system spec: null @@ -21,7 +20,6 @@ status: apiVersion: gateway.networking.x-k8s.io/v1alpha1 kind: XListenerSet metadata: - creationTimestamp: null name: not-accepted-parent namespace: istio-system spec: null @@ -41,7 +39,6 @@ status: apiVersion: gateway.networking.x-k8s.io/v1alpha1 kind: XListenerSet metadata: - creationTimestamp: null name: not-allowed namespace: istio-system spec: null @@ -61,7 +58,6 @@ status: apiVersion: gateway.networking.x-k8s.io/v1alpha1 kind: XListenerSet metadata: - creationTimestamp: null name: port-not-in-service namespace: istio-system spec: null @@ -112,7 +108,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass metadata: - creationTimestamp: null name: istio spec: null status: @@ -126,7 +121,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: not-accepted-parent namespace: istio-system spec: null @@ -151,7 +145,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: parent-gateway namespace: istio-system spec: null @@ -210,7 +203,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: parent-no-allowed-listeners namespace: istio-system spec: null @@ -262,7 +254,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: parent-with-no-children namespace: istio-system spec: null @@ -319,7 +310,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: waypoint namespace: istio-system spec: null diff --git a/pkg/ingress/kube/gateway/istio/testdata/listenerset-invalid.yaml b/pkg/ingress/kube/gateway/istio/testdata/listenerset-invalid.yaml index 5ce438111..ca53459d4 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/listenerset-invalid.yaml +++ b/pkg/ingress/kube/gateway/istio/testdata/listenerset-invalid.yaml @@ -3,7 +3,7 @@ kind: GatewayClass metadata: name: istio spec: - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway diff --git a/pkg/ingress/kube/gateway/istio/testdata/listenerset-invalid.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/listenerset-invalid.yaml.golden index 80c02da37..d8e73c8a3 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/listenerset-invalid.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/listenerset-invalid.yaml.golden @@ -5,7 +5,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix internal.istio.io/parents: Gateway/parent-gateway/foo.istio-system - creationTimestamp: null name: parent-gateway-istio-autogenerated-k8s-gateway-foo namespace: istio-system spec: @@ -24,7 +23,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix internal.istio.io/parents: Gateway/parent-no-allowed-listeners/foo.istio-system - creationTimestamp: null name: parent-no-allowed-listeners-istio-autogenerated-k8s-gateway-foo namespace: istio-system spec: @@ -43,7 +41,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix internal.istio.io/parents: Gateway/parent-with-no-children/foo.istio-system - creationTimestamp: null name: parent-with-no-children-istio-autogenerated-k8s-gateway-foo namespace: istio-system spec: @@ -63,7 +60,6 @@ metadata: internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix internal.istio.io/parent-namespace: istio-system internal.istio.io/parents: XListenerSet/port-not-in-service/first.istio-system - creationTimestamp: null name: port-not-in-service-istio-autogenerated-k8s-gateway-first namespace: istio-system spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/listenerset.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/listenerset.status.yaml.golden index 9bec903ea..71e909bc5 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/listenerset.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/listenerset.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.x-k8s.io/v1alpha1 kind: XListenerSet metadata: - creationTimestamp: null name: multi-entry namespace: istio-system spec: null @@ -81,7 +80,6 @@ status: apiVersion: gateway.networking.x-k8s.io/v1alpha1 kind: XListenerSet metadata: - creationTimestamp: null name: single-entry-http namespace: istio-system spec: null @@ -131,7 +129,6 @@ status: apiVersion: gateway.networking.x-k8s.io/v1alpha1 kind: XListenerSet metadata: - creationTimestamp: null name: single-entry-tls namespace: istio-system spec: null @@ -181,7 +178,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass metadata: - creationTimestamp: null name: istio spec: null status: @@ -195,7 +191,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: parent-gateway namespace: istio-system spec: null @@ -253,7 +248,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: bind-both namespace: istio-system spec: null @@ -270,7 +264,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: gateway.networking.x-k8s.io kind: XListenerSet @@ -287,14 +281,13 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: parent-gateway --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: bind-parent namespace: istio-system spec: null @@ -311,14 +304,13 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: parent-gateway --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: bind-set namespace: istio-system spec: null @@ -335,7 +327,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: gateway.networking.x-k8s.io kind: XListenerSet diff --git a/pkg/ingress/kube/gateway/istio/testdata/listenerset.yaml b/pkg/ingress/kube/gateway/istio/testdata/listenerset.yaml index 71fa12e23..a596236a0 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/listenerset.yaml +++ b/pkg/ingress/kube/gateway/istio/testdata/listenerset.yaml @@ -3,7 +3,7 @@ kind: GatewayClass metadata: name: istio spec: - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway diff --git a/pkg/ingress/kube/gateway/istio/testdata/listenerset.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/listenerset.yaml.golden index 893b18df5..9e0756cf7 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/listenerset.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/listenerset.yaml.golden @@ -6,7 +6,6 @@ metadata: internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix internal.istio.io/parent-namespace: istio-system internal.istio.io/parents: XListenerSet/multi-entry/forth.istio-system - creationTimestamp: null name: multi-entry-istio-autogenerated-k8s-gateway-forth namespace: istio-system spec: @@ -29,7 +28,6 @@ metadata: internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix internal.istio.io/parent-namespace: istio-system internal.istio.io/parents: XListenerSet/multi-entry/third.istio-system - creationTimestamp: null name: multi-entry-istio-autogenerated-k8s-gateway-third namespace: istio-system spec: @@ -48,7 +46,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix internal.istio.io/parents: Gateway/parent-gateway/foo.istio-system - creationTimestamp: null name: parent-gateway-istio-autogenerated-k8s-gateway-foo namespace: istio-system spec: @@ -68,7 +65,6 @@ metadata: internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix internal.istio.io/parent-namespace: istio-system internal.istio.io/parents: XListenerSet/single-entry-http/first.istio-system - creationTimestamp: null name: single-entry-http-istio-autogenerated-k8s-gateway-first namespace: istio-system spec: @@ -88,7 +84,6 @@ metadata: internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix internal.istio.io/parent-namespace: istio-system internal.istio.io/parents: XListenerSet/single-entry-tls/second.istio-system - creationTimestamp: null name: single-entry-tls-istio-autogenerated-k8s-gateway-second namespace: istio-system spec: @@ -109,7 +104,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/bind-both.istio-system,HTTPRoute/bind-parent.istio-system internal.istio.io/route-semantics: gateway - creationTimestamp: null name: istio-system~parent-gateway-istio-autogenerated-k8s-gateway-foo~* namespace: istio-system spec: @@ -143,7 +137,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/bind-both.istio-system,HTTPRoute/bind-set.istio-system internal.istio.io/route-semantics: gateway - creationTimestamp: null name: istio-system~single-entry-http-istio-autogenerated-k8s-gateway-first~* namespace: istio-system spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/mcs.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/mcs.status.yaml.golden index 2b95a856a..d154aed47 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/mcs.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/mcs.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: gateway namespace: istio-system spec: null @@ -51,7 +50,6 @@ status: apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TCPRoute metadata: - creationTimestamp: null name: tcp namespace: istio-system spec: null @@ -68,7 +66,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: istio-system diff --git a/pkg/ingress/kube/gateway/istio/testdata/mcs.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/mcs.yaml.golden index a0e28174e..0b3863583 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/mcs.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/mcs.yaml.golden @@ -5,7 +5,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/default.istio-system - creationTimestamp: null name: gateway-istio-autogenerated-k8s-gateway-default namespace: istio-system spec: @@ -23,7 +22,6 @@ metadata: annotations: internal.istio.io/parents: TCPRoute/tcp.istio-system internal.istio.io/route-semantics: gateway - creationTimestamp: null name: tcp-tcp-0-istio-autogenerated-k8s-gateway namespace: istio-system spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/mesh.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/mesh.status.yaml.golden index ba13be784..8e1511420 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/mesh.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/mesh.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass metadata: - creationTimestamp: null name: istio spec: null status: @@ -15,7 +14,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: gateway namespace: istio-system spec: null @@ -67,7 +65,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: consumer-override namespace: default spec: null @@ -84,7 +81,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: "" kind: Service @@ -95,7 +92,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: dual namespace: default spec: null @@ -112,7 +108,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: istio-system @@ -127,7 +123,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: "" kind: Service @@ -136,7 +132,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: echo namespace: default spec: null @@ -153,7 +148,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: "" kind: Service @@ -162,7 +157,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: echo-port namespace: default spec: null @@ -179,7 +173,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: "" kind: Service @@ -189,7 +183,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: header namespace: default spec: null @@ -206,7 +199,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: "" kind: Service @@ -215,7 +208,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: multi-service namespace: default spec: null @@ -232,7 +224,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: "" kind: Service @@ -248,7 +240,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: "" kind: Service @@ -265,7 +257,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: "" kind: Service @@ -275,7 +267,6 @@ status: apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TLSRoute metadata: - creationTimestamp: null name: tls namespace: default spec: null @@ -292,7 +283,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: "" kind: Service @@ -301,7 +292,6 @@ status: apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TCPRoute metadata: - creationTimestamp: null name: tcp namespace: default spec: null @@ -318,7 +308,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: "" kind: Service diff --git a/pkg/ingress/kube/gateway/istio/testdata/mesh.yaml b/pkg/ingress/kube/gateway/istio/testdata/mesh.yaml index 6a71b3d9d..c55d57eea 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/mesh.yaml +++ b/pkg/ingress/kube/gateway/istio/testdata/mesh.yaml @@ -3,7 +3,7 @@ kind: GatewayClass metadata: name: istio spec: - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway diff --git a/pkg/ingress/kube/gateway/istio/testdata/mesh.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/mesh.yaml.golden index 54af92a3e..20160e181 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/mesh.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/mesh.yaml.golden @@ -5,7 +5,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/default.istio-system - creationTimestamp: null name: gateway-istio-autogenerated-k8s-gateway-default namespace: istio-system spec: @@ -23,7 +22,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/multi-service.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: default~8080~echo-1.default.svc.domain.suffix namespace: default spec: @@ -47,7 +45,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/multi-service.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: default~80~echo-1.default.svc.domain.suffix namespace: default spec: @@ -71,7 +68,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/echo-port.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: default~80~echo-port.default.svc.domain.suffix namespace: default spec: @@ -95,7 +91,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/consumer-override.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: default~80~httpbin-apple.apple.svc.domain.suffix namespace: default spec: @@ -119,7 +114,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/multi-service.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: default~echo-2.default.svc.domain.suffix namespace: default spec: @@ -141,7 +135,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/echo.default,HTTPRoute/header.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: default~echo.default.svc.domain.suffix namespace: default spec: @@ -176,7 +169,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/dual.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: default~example.default.svc.domain.suffix namespace: default spec: @@ -198,7 +190,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/dual.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: istio-system~gateway-istio-autogenerated-k8s-gateway-default~foo.example.com namespace: default spec: @@ -220,7 +211,6 @@ metadata: annotations: internal.istio.io/parents: TCPRoute/tcp.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: tcp-tcp-0-istio-autogenerated-k8s-gateway namespace: default spec: @@ -241,7 +231,6 @@ metadata: annotations: internal.istio.io/parents: TLSRoute/tls.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: tls-tls-0-istio-autogenerated-k8s-gateway namespace: default spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/mismatch.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/mismatch.status.yaml.golden index 3f4ab58fc..96d7bafe8 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/mismatch.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/mismatch.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass metadata: - creationTimestamp: null name: higress spec: null status: diff --git a/pkg/ingress/kube/gateway/istio/testdata/mix-backend-policy.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/mix-backend-policy.status.yaml.golden index 8543b410e..2c877e009 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/mix-backend-policy.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/mix-backend-policy.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.x-k8s.io/v1alpha1 kind: XBackendTrafficPolicy metadata: - creationTimestamp: null name: lb-policy namespace: default spec: null @@ -18,12 +17,11 @@ status: reason: Accepted status: "True" type: Accepted - controllerName: istio.io/gateway-controller + controllerName: istio.io/mesh-controller --- apiVersion: gateway.networking.k8s.io/v1alpha3 kind: BackendTLSPolicy metadata: - creationTimestamp: null name: tls-upstream-echo namespace: default spec: null @@ -39,12 +37,16 @@ status: reason: Accepted status: "True" type: Accepted - controllerName: istio.io/gateway-controller + - lastTransitionTime: fake + message: Configuration is valid + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: istio.io/mesh-controller --- apiVersion: gateway.networking.k8s.io/v1alpha3 kind: BackendTLSPolicy metadata: - creationTimestamp: null name: tls-upstream-echo-extra namespace: default spec: null @@ -60,5 +62,10 @@ status: reason: Accepted status: "True" type: Accepted - controllerName: istio.io/gateway-controller + - lastTransitionTime: fake + message: Configuration is valid + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: istio.io/mesh-controller --- diff --git a/pkg/ingress/kube/gateway/istio/testdata/mix-backend-policy.yaml b/pkg/ingress/kube/gateway/istio/testdata/mix-backend-policy.yaml index 200b7155d..4c7a4f527 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/mix-backend-policy.yaml +++ b/pkg/ingress/kube/gateway/istio/testdata/mix-backend-policy.yaml @@ -1,4 +1,4 @@ -apiVersion: gateway.networking.k8s.io/v1alpha3 +apiVersion: gateway.networking.k8s.io/v1 kind: BackendTLSPolicy metadata: name: tls-upstream-echo @@ -16,7 +16,7 @@ spec: hostname: auth.example.com --- # A redundant policy for the same service -apiVersion: gateway.networking.k8s.io/v1alpha3 +apiVersion: gateway.networking.k8s.io/v1 kind: BackendTLSPolicy metadata: name: tls-upstream-echo-extra diff --git a/pkg/ingress/kube/gateway/istio/testdata/mix-backend-policy.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/mix-backend-policy.yaml.golden index 353089106..a89294673 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/mix-backend-policy.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/mix-backend-policy.yaml.golden @@ -3,8 +3,7 @@ kind: DestinationRule metadata: annotations: internal.istio.io/parents: XBackendTrafficPolicy/default.lb-policy,BackendTLSPolicy/default.tls-upstream-echo - creationTimestamp: null - name: echo-istio-autogenerated-k8s-gateway + name: echo~istio-autogenerated-k8s-gateway namespace: default spec: host: echo.default.svc.domain.suffix diff --git a/pkg/ingress/kube/gateway/istio/testdata/multi-gateway.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/multi-gateway.status.yaml.golden index 2b2feed00..88490a17a 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/multi-gateway.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/multi-gateway.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass metadata: - creationTimestamp: null name: istio spec: null status: @@ -15,7 +14,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: gateway namespace: istio-system spec: null diff --git a/pkg/ingress/kube/gateway/istio/testdata/multi-gateway.yaml b/pkg/ingress/kube/gateway/istio/testdata/multi-gateway.yaml index febd7140f..ddd2e2dd5 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/multi-gateway.yaml +++ b/pkg/ingress/kube/gateway/istio/testdata/multi-gateway.yaml @@ -3,7 +3,7 @@ kind: GatewayClass metadata: name: istio spec: - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway diff --git a/pkg/ingress/kube/gateway/istio/testdata/multi-gateway.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/multi-gateway.yaml.golden index 201c956ab..68439f5da 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/multi-gateway.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/multi-gateway.yaml.golden @@ -5,7 +5,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix,istio-ingressgateway.not-default.svc.domain.suffix,example.com internal.istio.io/parents: Gateway/gateway/http.istio-system - creationTimestamp: null name: gateway-istio-autogenerated-k8s-gateway-http namespace: istio-system spec: @@ -24,7 +23,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix,istio-ingressgateway.not-default.svc.domain.suffix,example.com internal.istio.io/parents: Gateway/gateway/tcp.istio-system - creationTimestamp: null name: gateway-istio-autogenerated-k8s-gateway-tcp namespace: istio-system spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/reference-policy-inferencepool.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/reference-policy-inferencepool.status.yaml.golden index 670db3dc4..5a4ef3597 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/reference-policy-inferencepool.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/reference-policy-inferencepool.status.yaml.golden @@ -1,7 +1,6 @@ -apiVersion: inference.networking.x-k8s.io/v1alpha2 +apiVersion: inference.networking.k8s.io/v1 kind: InferencePool metadata: - creationTimestamp: null name: my-ip namespace: inferencepool spec: null @@ -10,7 +9,6 @@ status: {} apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: gateway namespace: higress-system spec: null @@ -62,7 +60,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: backend-allowed-ip namespace: higress-system spec: null @@ -79,7 +76,7 @@ status: reason: BackendNotFound status: "False" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -87,7 +84,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: backend-not-allowed-ip namespace: higress-system spec: null @@ -105,7 +101,7 @@ status: reason: RefNotPermitted status: "False" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system diff --git a/pkg/ingress/kube/gateway/istio/testdata/reference-policy-inferencepool.yaml b/pkg/ingress/kube/gateway/istio/testdata/reference-policy-inferencepool.yaml index 43abef42c..5604b6f8d 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/reference-policy-inferencepool.yaml +++ b/pkg/ingress/kube/gateway/istio/testdata/reference-policy-inferencepool.yaml @@ -17,20 +17,24 @@ spec: namespaces: from: All --- -apiVersion: inference.networking.x-k8s.io/v1alpha2 +apiVersion: inference.networking.k8s.io/v1 kind: InferencePool metadata: name: my-ip namespace: inferencepool spec: - extensionRef: + endpointPickerRef: failureMode: FailOpen group: "" kind: Service name: endpoint-picker-svc + port: + number: 9002 selector: - app: model-server - targetPortNumber: 3000 + matchLabels: + app: model-server + targetPorts: + - number: 3000 --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: ReferenceGrant @@ -43,7 +47,7 @@ spec: kind: HTTPRoute namespace: higress-system to: - - group: inference.networking.x-k8s.io + - group: inference.networking.k8s.io kind: InferencePool name: my-ip --- @@ -61,7 +65,7 @@ spec: - backendRefs: - name: my-ip kind: InferencePool - group: inference.networking.x-k8s.io + group: inference.networking.k8s.io namespace: inferencepool port: 80 --- @@ -79,7 +83,7 @@ spec: - backendRefs: - name: my-ip kind: InferencePool - group: inference.networking.x-k8s.io + group: inference.networking.k8s.io namespace: inferencepool port: 80 weight: 1 diff --git a/pkg/ingress/kube/gateway/istio/testdata/reference-policy-inferencepool.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/reference-policy-inferencepool.yaml.golden index e3c4b7756..863c6a649 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/reference-policy-inferencepool.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/reference-policy-inferencepool.yaml.golden @@ -5,7 +5,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/simple.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-simple namespace: higress-system spec: @@ -23,7 +23,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/backend-allowed-ip.higress-system internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-simple~simple.domain.example namespace: higress-system spec: @@ -42,7 +41,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/backend-not-allowed-ip.higress-system internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-simple~simple2.domain.example namespace: higress-system spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/reference-policy-service.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/reference-policy-service.status.yaml.golden index eb29d909e..f48e4c2b4 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/reference-policy-service.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/reference-policy-service.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: gateway namespace: higress-system spec: null @@ -53,7 +52,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: backend-not-allowed namespace: higress-system spec: null @@ -71,7 +69,7 @@ status: reason: RefNotPermitted status: "False" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -79,7 +77,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: http namespace: higress-system spec: null @@ -96,7 +93,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system diff --git a/pkg/ingress/kube/gateway/istio/testdata/reference-policy-service.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/reference-policy-service.yaml.golden index 22b0a17ac..497a7a531 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/reference-policy-service.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/reference-policy-service.yaml.golden @@ -5,7 +5,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/simple.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-simple namespace: higress-system spec: @@ -23,7 +23,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/http.higress-system internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-simple~simple.domain.example namespace: higress-system spec: @@ -45,7 +44,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/backend-not-allowed.higress-system internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-simple~simple2.domain.example namespace: higress-system spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/reference-policy-tcp.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/reference-policy-tcp.status.yaml.golden index d875b3886..10144ffc9 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/reference-policy-tcp.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/reference-policy-tcp.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: gateway namespace: higress-system spec: null @@ -78,7 +77,6 @@ status: apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TCPRoute metadata: - creationTimestamp: null name: allowed-my-svc namespace: higress-system spec: null @@ -95,7 +93,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -104,7 +102,6 @@ status: apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TCPRoute metadata: - creationTimestamp: null name: not-allowed-echo namespace: higress-system spec: null @@ -122,7 +119,7 @@ status: reason: RefNotPermitted status: "False" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system diff --git a/pkg/ingress/kube/gateway/istio/testdata/reference-policy-tcp.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/reference-policy-tcp.yaml.golden index b2c77067c..b3ba013bc 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/reference-policy-tcp.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/reference-policy-tcp.yaml.golden @@ -5,7 +5,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/echo.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-echo namespace: higress-system spec: @@ -24,7 +24,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/my-svc.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-my-svc namespace: higress-system spec: @@ -42,7 +42,6 @@ metadata: annotations: internal.istio.io/parents: TCPRoute/allowed-my-svc.higress-system internal.istio.io/route-semantics: gateway - creationTimestamp: null name: allowed-my-svc-tcp-0-istio-autogenerated-k8s-gateway namespace: higress-system spec: @@ -63,7 +62,6 @@ metadata: annotations: internal.istio.io/parents: TCPRoute/not-allowed-echo.higress-system internal.istio.io/route-semantics: gateway - creationTimestamp: null name: not-allowed-echo-tcp-0-istio-autogenerated-k8s-gateway namespace: higress-system spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/reference-policy-tls.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/reference-policy-tls.status.yaml.golden index 1d9cecc43..ff926614d 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/reference-policy-tls.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/reference-policy-tls.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass metadata: - creationTimestamp: null name: higress spec: null status: @@ -15,7 +14,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: gateway namespace: higress-system spec: null @@ -67,7 +65,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: http namespace: cert spec: null @@ -84,7 +81,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system diff --git a/pkg/ingress/kube/gateway/istio/testdata/reference-policy-tls.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/reference-policy-tls.yaml.golden index 285abd3bf..c88dc9577 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/reference-policy-tls.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/reference-policy-tls.yaml.golden @@ -5,7 +5,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/cross.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-cross namespace: higress-system spec: @@ -26,7 +26,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/http.cert internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-cross~cert1.domain.example namespace: cert spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/route-binding.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/route-binding.status.yaml.golden index ea66eb139..d11313075 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/route-binding.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/route-binding.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass metadata: - creationTimestamp: null name: higress spec: null status: @@ -15,7 +14,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: gateway namespace: higress-system spec: null @@ -453,7 +451,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: bind-all namespace: default spec: null @@ -470,7 +467,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -478,7 +475,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: host-mismatch namespace: default spec: null @@ -495,7 +491,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -504,7 +500,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: invalid-bind-cross-namespace namespace: default spec: null @@ -522,7 +517,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -531,7 +526,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: same-namespace-invalid namespace: default spec: null @@ -548,7 +542,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: kind: Gateway name: gateway @@ -558,7 +552,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: section-name-cross-namespace namespace: default spec: null @@ -575,7 +568,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -584,7 +577,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: bind-cross-namespace namespace: group-namespace1 spec: null @@ -602,7 +594,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -618,7 +610,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -634,7 +626,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -651,7 +643,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -668,7 +660,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -685,7 +677,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -702,7 +694,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -718,7 +710,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -734,7 +726,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -751,7 +743,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -768,7 +760,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -777,7 +769,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: bind-cross-namespace namespace: group-namespace2 spec: null @@ -795,7 +786,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -804,7 +795,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: same-namespace-valid namespace: istio-system spec: null @@ -822,7 +812,7 @@ status: reason: BackendNotFound status: "False" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -838,7 +828,7 @@ status: reason: BackendNotFound status: "False" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -847,7 +837,6 @@ status: apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TCPRoute metadata: - creationTimestamp: null name: wrong-protocol namespace: default spec: null @@ -864,7 +853,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system diff --git a/pkg/ingress/kube/gateway/istio/testdata/route-binding.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/route-binding.yaml.golden index e5f950fdb..cf4cdf928 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/route-binding.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/route-binding.yaml.golden @@ -5,7 +5,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/default.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-default namespace: higress-system spec: @@ -24,7 +24,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/foobar.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-foobar namespace: higress-system spec: @@ -43,7 +43,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/same-namespace.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-same-namespace namespace: higress-system spec: @@ -62,7 +62,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/scope-route.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-scope-route namespace: higress-system spec: @@ -81,7 +81,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/slctr-combined-no.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-slctr-combined-no namespace: higress-system spec: @@ -100,7 +100,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/slctr-combined-yes.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-slctr-combined-yes namespace: higress-system spec: @@ -119,7 +119,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/slctr-expr-dne-no.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-slctr-expr-dne-no namespace: higress-system spec: @@ -142,7 +142,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/slctr-expr-dne-yes.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-slctr-expr-dne-yes namespace: higress-system spec: @@ -165,7 +165,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/slctr-expr-exists-no.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-slctr-expr-exists-no namespace: higress-system spec: @@ -184,7 +184,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/slctr-expr-exists-yes.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-slctr-expr-exists-yes namespace: higress-system spec: @@ -203,7 +203,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/slctr-expr-in-no.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-slctr-expr-in-no namespace: higress-system spec: @@ -222,7 +222,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/slctr-expr-in-yes.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-slctr-expr-in-yes namespace: higress-system spec: @@ -241,7 +241,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/slctr-expr-notin-no.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-slctr-expr-notin-no namespace: higress-system spec: @@ -264,7 +264,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/slctr-expr-notin-yes.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-slctr-expr-notin-yes namespace: higress-system spec: @@ -287,7 +287,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/slctr-labels.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-slctr-labels namespace: higress-system spec: @@ -305,7 +305,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/bind-all.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~* namespace: default spec: @@ -327,7 +326,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/bind-all.default,HTTPRoute/same-namespace-valid.istio-system internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-foobar~* namespace: default spec: @@ -355,7 +353,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/section-name-cross-namespace.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-foobar~alpha.foobar.example namespace: default spec: @@ -377,7 +374,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/bind-all.default,HTTPRoute/bind-cross-namespace.group-namespace1 internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-slctr-expr-dne-no~* namespace: default spec: @@ -405,7 +401,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/bind-all.default,HTTPRoute/bind-cross-namespace.group-namespace1 internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-slctr-expr-dne-yes~* namespace: default spec: @@ -433,7 +428,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/bind-all.default,HTTPRoute/bind-cross-namespace.group-namespace1 internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-slctr-expr-notin-no~* namespace: default spec: @@ -461,7 +455,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/bind-all.default,HTTPRoute/bind-cross-namespace.group-namespace1 internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-slctr-expr-notin-yes~* namespace: default spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/route-precedence.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/route-precedence.status.yaml.golden index aed94cf6c..1ba8e90cd 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/route-precedence.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/route-precedence.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass metadata: - creationTimestamp: null name: istio spec: null status: @@ -15,7 +14,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: gateway namespace: istio-system spec: null @@ -67,7 +65,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: http namespace: allowed-1 spec: null @@ -84,7 +81,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: istio-system @@ -99,7 +96,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: "" kind: Service @@ -115,7 +112,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: "" kind: Service @@ -124,7 +121,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: http namespace: allowed-2 spec: null @@ -141,7 +137,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: istio-system @@ -156,7 +152,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: "" kind: Service @@ -165,7 +161,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: http namespace: default spec: null @@ -183,7 +178,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: istio-system diff --git a/pkg/ingress/kube/gateway/istio/testdata/route-precedence.yaml b/pkg/ingress/kube/gateway/istio/testdata/route-precedence.yaml index 79330a91a..6fafa85c9 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/route-precedence.yaml +++ b/pkg/ingress/kube/gateway/istio/testdata/route-precedence.yaml @@ -3,7 +3,7 @@ kind: GatewayClass metadata: name: istio spec: - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway diff --git a/pkg/ingress/kube/gateway/istio/testdata/route-precedence.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/route-precedence.yaml.golden index 777ea1990..d5aad3154 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/route-precedence.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/route-precedence.yaml.golden @@ -5,7 +5,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/default.istio-system - creationTimestamp: null name: gateway-istio-autogenerated-k8s-gateway-default namespace: istio-system spec: @@ -24,7 +23,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/http.allowed-1 internal.istio.io/route-semantics: gateway - creationTimestamp: null name: allowed-1~a-example.allowed-1.svc.domain.suffix namespace: allowed-1 spec: @@ -61,7 +59,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/http.allowed-1 internal.istio.io/route-semantics: gateway - creationTimestamp: null name: allowed-1~b-example.allowed-1.svc.domain.suffix namespace: allowed-1 spec: @@ -98,7 +95,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/http.allowed-1,HTTPRoute/http.allowed-2 internal.istio.io/route-semantics: gateway - creationTimestamp: null name: istio-system~gateway-istio-autogenerated-k8s-gateway-default~a.domain.example namespace: allowed-1 spec: @@ -188,7 +184,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/http.allowed-1 internal.istio.io/route-semantics: gateway - creationTimestamp: null name: istio-system~gateway-istio-autogenerated-k8s-gateway-default~b.domain.example namespace: allowed-1 spec: @@ -225,7 +220,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/http.allowed-2 internal.istio.io/route-semantics: gateway - creationTimestamp: null name: allowed-2~a-example.allowed-2.svc.domain.suffix namespace: allowed-2 spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/serviceentry.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/serviceentry.status.yaml.golden index 4e93b4de4..eb4f81cf7 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/serviceentry.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/serviceentry.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: gateway namespace: istio-system spec: null @@ -51,7 +50,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: egress namespace: default spec: null @@ -68,7 +66,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: networking.istio.io kind: ServiceEntry @@ -77,7 +75,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: http namespace: default spec: null @@ -94,7 +91,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: istio-system @@ -102,7 +99,6 @@ status: apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TLSRoute metadata: - creationTimestamp: null name: egress namespace: default spec: null @@ -119,7 +115,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: networking.istio.io kind: ServiceEntry @@ -128,7 +124,6 @@ status: apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TCPRoute metadata: - creationTimestamp: null name: egress namespace: default spec: null @@ -145,7 +140,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: networking.istio.io kind: ServiceEntry diff --git a/pkg/ingress/kube/gateway/istio/testdata/serviceentry.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/serviceentry.yaml.golden index e7a875c1d..8e4cdd8a2 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/serviceentry.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/serviceentry.yaml.golden @@ -5,7 +5,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: gateway-istio.istio-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/default.istio-system - creationTimestamp: null name: gateway-istio-autogenerated-k8s-gateway-default namespace: istio-system spec: @@ -23,7 +22,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/egress.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: default~*.egress.com namespace: default spec: @@ -45,7 +43,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/egress.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: default~google.com namespace: default spec: @@ -67,7 +64,6 @@ metadata: annotations: internal.istio.io/parents: TCPRoute/egress.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: egress-tcp-0-istio-autogenerated-k8s-gateway namespace: default spec: @@ -88,7 +84,6 @@ metadata: annotations: internal.istio.io/parents: TCPRoute/egress.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: egress-tcp-1-istio-autogenerated-k8s-gateway namespace: default spec: @@ -109,7 +104,6 @@ metadata: annotations: internal.istio.io/parents: TLSRoute/egress.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: egress-tls-0-istio-autogenerated-k8s-gateway namespace: default spec: @@ -133,7 +127,6 @@ metadata: annotations: internal.istio.io/parents: TLSRoute/egress.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: egress-tls-1-istio-autogenerated-k8s-gateway namespace: default spec: @@ -157,7 +150,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/http.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: istio-system~gateway-istio-autogenerated-k8s-gateway-default~* namespace: default spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/status.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/status.status.yaml.golden index 4f7faea0d..017a040ff 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/status.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/status.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass metadata: - creationTimestamp: null name: istio spec: null status: @@ -15,7 +14,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: gateway namespace: istio-system spec: null @@ -95,7 +93,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: existing-istio-first namespace: istio-system spec: null @@ -112,7 +109,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway - controllerName: example.com/not-istio @@ -125,7 +122,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: existing-istio-last namespace: istio-system spec: null @@ -148,14 +144,13 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: stale-istio-reference namespace: istio-system spec: null @@ -172,14 +167,13 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: stale-other-reference namespace: istio-system spec: null @@ -196,7 +190,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway - controllerName: example.com/not-istio diff --git a/pkg/ingress/kube/gateway/istio/testdata/status.yaml b/pkg/ingress/kube/gateway/istio/testdata/status.yaml index b6151ab1e..3986895d3 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/status.yaml +++ b/pkg/ingress/kube/gateway/istio/testdata/status.yaml @@ -46,7 +46,7 @@ status: kind: Gateway name: not-istio namespace: higress-system - - controllerName: istio.io/gateway-controller + - controllerName: higress.io/gateway-controller parentRef: group: gateway.networking.k8s.io kind: Gateway @@ -68,7 +68,7 @@ spec: port: 80 status: parents: - - controllerName: istio.io/gateway-controller + - controllerName: higress.io/gateway-controller parentRef: group: gateway.networking.k8s.io kind: Gateway @@ -95,13 +95,13 @@ spec: port: 80 status: parents: - - controllerName: istio.io/gateway-controller + - controllerName: higress.io/gateway-controller parentRef: group: gateway.networking.k8s.io kind: Gateway name: gateway namespace: higress-system - - controllerName: istio.io/gateway-controller # We do own this one so should prune it + - controllerName: higress.io/gateway-controller # We do own this one so should prune it parentRef: group: gateway.networking.k8s.io kind: Gateway @@ -122,7 +122,7 @@ spec: port: 80 status: parents: - - controllerName: istio.io/gateway-controller + - controllerName: higress.io/gateway-controller parentRef: group: gateway.networking.k8s.io kind: Gateway diff --git a/pkg/ingress/kube/gateway/istio/testdata/status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/status.yaml.golden index 245d0910e..d800eb2f7 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/status.yaml.golden @@ -5,7 +5,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/a.istio-system - creationTimestamp: null name: gateway-istio-autogenerated-k8s-gateway-a namespace: istio-system spec: @@ -24,7 +23,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/b.istio-system - creationTimestamp: null name: gateway-istio-autogenerated-k8s-gateway-b namespace: istio-system spec: @@ -42,7 +40,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/existing-istio-first.istio-system,HTTPRoute/existing-istio-last.istio-system,HTTPRoute/stale-istio-reference.istio-system,HTTPRoute/stale-other-reference.istio-system internal.istio.io/route-semantics: gateway - creationTimestamp: null name: istio-system~gateway-istio-autogenerated-k8s-gateway-a~* namespace: istio-system spec: @@ -82,7 +79,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/existing-istio-first.istio-system,HTTPRoute/existing-istio-last.istio-system,HTTPRoute/stale-istio-reference.istio-system,HTTPRoute/stale-other-reference.istio-system internal.istio.io/route-semantics: gateway - creationTimestamp: null name: istio-system~gateway-istio-autogenerated-k8s-gateway-b~* namespace: istio-system spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/tcp.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/tcp.status.yaml.golden index ddd5b454a..acbf58974 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/tcp.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/tcp.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass metadata: - creationTimestamp: null name: higress spec: null status: @@ -15,7 +14,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: gateway namespace: higress-system spec: null @@ -65,7 +63,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: gateway2 namespace: higress-system spec: null @@ -115,7 +112,6 @@ status: apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TCPRoute metadata: - creationTimestamp: null name: tcp namespace: default spec: null @@ -132,7 +128,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway2 namespace: higress-system @@ -147,7 +143,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system diff --git a/pkg/ingress/kube/gateway/istio/testdata/tcp.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/tcp.yaml.golden index 206dee106..377b7f0e1 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/tcp.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/tcp.yaml.golden @@ -5,7 +5,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/default.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-default namespace: higress-system spec: @@ -24,7 +24,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway2/default.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway2-istio-autogenerated-k8s-gateway-default namespace: higress-system spec: @@ -42,7 +42,6 @@ metadata: annotations: internal.istio.io/parents: TCPRoute/tcp.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: tcp-tcp-0-istio-autogenerated-k8s-gateway namespace: default spec: @@ -63,7 +62,6 @@ metadata: annotations: internal.istio.io/parents: TCPRoute/tcp.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: tcp-tcp-1-istio-autogenerated-k8s-gateway namespace: default spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/tls.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/tls.status.yaml.golden index 85fe00371..9acc50d34 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/tls.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/tls.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass metadata: - creationTimestamp: null name: higress spec: null status: @@ -15,7 +14,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: gateway namespace: higress-system spec: null @@ -145,6 +143,62 @@ status: kind: HTTPRoute - group: gateway.networking.k8s.io kind: GRPCRoute + - attachedRoutes: 0 + conditions: + - lastTransitionTime: fake + message: No errors found + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: fake + message: No errors found + reason: NoConflicts + status: "False" + type: Conflicted + - lastTransitionTime: fake + message: No errors found + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: fake + message: No errors found + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: terminate-mtls-frontendvalidation-configmap + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute + - attachedRoutes: 0 + conditions: + - lastTransitionTime: fake + message: No errors found + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: fake + message: No errors found + reason: NoConflicts + status: "False" + type: Conflicted + - lastTransitionTime: fake + message: No errors found + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: fake + message: No errors found + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: terminate-mtls-frontendvalidation-secret + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute - attachedRoutes: 0 conditions: - lastTransitionTime: fake @@ -205,7 +259,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: gateway2 namespace: higress-system spec: null @@ -255,7 +308,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: http namespace: default spec: null @@ -280,7 +332,6 @@ status: apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TLSRoute metadata: - creationTimestamp: null name: tls namespace: default spec: null @@ -299,7 +350,7 @@ status: type: ResolvedRefs controllerName: higress.io/gateway-controller parentRef: - name: gateway + name: gateway2 namespace: higress-system - conditions: - lastTransitionTime: fake @@ -314,13 +365,12 @@ status: type: ResolvedRefs controllerName: higress.io/gateway-controller parentRef: - name: gateway2 + name: gateway namespace: higress-system --- apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TLSRoute metadata: - creationTimestamp: null name: tls-match namespace: default spec: null diff --git a/pkg/ingress/kube/gateway/istio/testdata/tls.yaml b/pkg/ingress/kube/gateway/istio/testdata/tls.yaml index 8eb1b3462..a23e8e814 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/tls.yaml +++ b/pkg/ingress/kube/gateway/istio/testdata/tls.yaml @@ -11,77 +11,108 @@ metadata: name: gateway namespace: higress-system spec: + # TODO: test per-port + tls: + frontend: + default: + validation: + caCertificateRefs: + - group: "" + kind: ConfigMap + name: my-cert-http addresses: - - value: higress-gateway - type: Hostname + - value: higress-gateway + type: Hostname gatewayClassName: higress listeners: - - name: passthrough - port: 34000 - protocol: TLS - allowedRoutes: - namespaces: - from: All - tls: - mode: Passthrough - - name: terminate - hostname: "domain.example" - port: 34000 - protocol: HTTPS - allowedRoutes: - namespaces: - from: All - tls: - mode: Terminate - certificateRefs: - - name: my-cert-http - - name: terminate-multi - hostname: "domainmulti.example" - port: 34000 - protocol: HTTPS - allowedRoutes: - namespaces: - from: All - tls: - mode: Terminate - certificateRefs: - - name: my-cert-http - - name: my-cert-http2 - - name: terminate-mtls - hostname: "other.example" - port: 34000 - protocol: HTTPS - allowedRoutes: - namespaces: - from: All - tls: - mode: Terminate - certificateRefs: - - name: my-cert-http - options: - gateway.istio.io/tls-terminate-mode: MUTUAL - - name: terminate-istio-mtls - hostname: "egress.example" - port: 34000 - protocol: HTTPS - allowedRoutes: - namespaces: - from: All - tls: - mode: Terminate - options: - gateway.istio.io/tls-terminate-mode: ISTIO_MUTUAL - - name: terminate-istio-builtin - hostname: "builtin.example" - port: 34000 - protocol: HTTPS - allowedRoutes: - namespaces: - from: All - tls: - mode: Terminate - options: - gateway.istio.io/tls-terminate-mode: ISTIO_SIMPLE + - name: passthrough + port: 34000 + protocol: TLS + allowedRoutes: + namespaces: + from: All + tls: + mode: Passthrough + - name: terminate + hostname: "domain.example" + port: 34000 + protocol: HTTPS + allowedRoutes: + namespaces: + from: All + tls: + mode: Terminate + certificateRefs: + - name: my-cert-http + - name: terminate-multi + hostname: "domainmulti.example" + port: 34000 + protocol: HTTPS + allowedRoutes: + namespaces: + from: All + tls: + mode: Terminate + certificateRefs: + - name: my-cert-http + - name: my-cert-http2 + - name: terminate-mtls + hostname: "other.example" + port: 34000 + protocol: HTTPS + allowedRoutes: + namespaces: + from: All + tls: + mode: Terminate + certificateRefs: + - name: my-cert-http + options: + gateway.istio.io/tls-terminate-mode: MUTUAL + - name: terminate-mtls-frontendvalidation-configmap + hostname: "frontendvalidation-configmap.example" + port: 34000 + protocol: HTTPS + allowedRoutes: + namespaces: + from: All + tls: + mode: Terminate + certificateRefs: + - name: my-cert-http + - name: terminate-mtls-frontendvalidation-secret + hostname: "frontendvalidation-secret.example" + port: 34000 + protocol: HTTPS + allowedRoutes: + namespaces: + from: All + tls: + mode: Terminate + certificateRefs: + - name: my-cert-http + - name: terminate-istio-mtls + hostname: "egress.example" + port: 34000 + protocol: HTTPS + allowedRoutes: + namespaces: + from: All + tls: + mode: Terminate + options: + gateway.istio.io/tls-terminate-mode: ISTIO_MUTUAL + - name: terminate-istio-builtin + hostname: "builtin.example" + port: 34000 + protocol: HTTPS + allowedRoutes: + namespaces: + from: All + tls: + mode: Terminate + options: + gateway.istio.io/tls-terminate-mode: ISTIO_SIMPLE --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway @@ -90,18 +121,18 @@ metadata: namespace: higress-system spec: addresses: - - value: higress-gateway - type: Hostname + - value: higress-gateway + type: Hostname gatewayClassName: higress listeners: - - name: passthrough - port: 34000 - protocol: TLS - allowedRoutes: - namespaces: - from: All - tls: - mode: Passthrough + - name: passthrough + port: 34000 + protocol: TLS + allowedRoutes: + namespaces: + from: All + tls: + mode: Passthrough --- apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TLSRoute @@ -110,14 +141,14 @@ metadata: namespace: default spec: parentRefs: - - name: gateway - namespace: higress-system - - name: gateway2 - namespace: higress-system + - name: gateway + namespace: higress-system + - name: gateway2 + namespace: higress-system rules: - - backendRefs: - - name: httpbin - port: 443 + - backendRefs: + - name: httpbin + port: 443 --- apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TLSRoute @@ -126,14 +157,14 @@ metadata: namespace: default spec: parentRefs: - - name: gateway - namespace: higress-system + - name: gateway + namespace: higress-system hostnames: - - "foo.com" + - "foo.com" rules: - - backendRefs: - - name: httpbin-foo - port: 443 + - backendRefs: + - name: httpbin-foo + port: 443 --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute @@ -142,10 +173,10 @@ metadata: namespace: default spec: parentRefs: - - name: gateway - namespace: higress-system + - name: gateway + namespace: higress-system hostnames: ["domain.example"] rules: - - backendRefs: - - name: httpbin - port: 80 \ No newline at end of file + - backendRefs: + - name: httpbin + port: 80 \ No newline at end of file diff --git a/pkg/ingress/kube/gateway/istio/testdata/tls.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/tls.yaml.golden index 3d1331e8a..fa28af81c 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/tls.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/tls.yaml.golden @@ -5,7 +5,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/passthrough.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-passthrough namespace: higress-system spec: @@ -25,7 +25,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/terminate.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-terminate namespace: higress-system spec: @@ -38,7 +38,7 @@ spec: protocol: HTTPS tls: credentialName: kubernetes-gateway://higress-system/my-cert-http - mode: SIMPLE + mode: MUTUAL --- apiVersion: networking.istio.io/v1alpha3 kind: Gateway @@ -47,7 +47,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/terminate-istio-builtin.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-terminate-istio-builtin namespace: higress-system spec: @@ -68,7 +68,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/terminate-istio-mtls.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-terminate-istio-mtls namespace: higress-system spec: @@ -80,7 +80,7 @@ spec: number: 34000 protocol: HTTPS tls: - mode: ISTIO_MUTUAL + mode: SIMPLE --- apiVersion: networking.istio.io/v1alpha3 kind: Gateway @@ -89,7 +89,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/terminate-mtls.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-terminate-mtls namespace: higress-system spec: @@ -106,12 +106,56 @@ spec: --- apiVersion: networking.istio.io/v1alpha3 kind: Gateway +metadata: + annotations: + internal.istio.io/gateway-semantics: gateway + internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix + internal.istio.io/parents: Gateway/gateway/terminate-mtls-frontendvalidation-configmap.higress-system + internal.istio.io/service-account-name: "" + name: gateway-istio-autogenerated-k8s-gateway-terminate-mtls-frontendvalidation-configmap + namespace: higress-system +spec: + servers: + - hosts: + - '*/frontendvalidation-configmap.example' + port: + name: default + number: 34000 + protocol: HTTPS + tls: + credentialName: kubernetes-gateway://higress-system/my-cert-http + mode: MUTUAL +--- +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + annotations: + internal.istio.io/gateway-semantics: gateway + internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix + internal.istio.io/parents: Gateway/gateway/terminate-mtls-frontendvalidation-secret.higress-system + internal.istio.io/service-account-name: "" + name: gateway-istio-autogenerated-k8s-gateway-terminate-mtls-frontendvalidation-secret + namespace: higress-system +spec: + servers: + - hosts: + - '*/frontendvalidation-secret.example' + port: + name: default + number: 34000 + protocol: HTTPS + tls: + credentialName: kubernetes-gateway://higress-system/my-cert-http + mode: MUTUAL +--- +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway metadata: annotations: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/terminate-multi.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-terminate-multi namespace: higress-system spec: @@ -126,7 +170,7 @@ spec: credentialNames: - kubernetes-gateway://higress-system/my-cert-http - kubernetes-gateway://higress-system/my-cert-http2 - mode: SIMPLE + mode: MUTUAL --- apiVersion: networking.istio.io/v1alpha3 kind: Gateway @@ -135,7 +179,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway2/passthrough.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway2-istio-autogenerated-k8s-gateway-passthrough namespace: higress-system spec: @@ -154,7 +198,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/http.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-terminate~domain.example namespace: default spec: @@ -176,7 +219,6 @@ metadata: annotations: internal.istio.io/parents: TLSRoute/tls-match.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: tls-match-tls-0-istio-autogenerated-k8s-gateway namespace: default spec: @@ -200,7 +242,6 @@ metadata: annotations: internal.istio.io/parents: TLSRoute/tls.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: tls-tls-0-istio-autogenerated-k8s-gateway namespace: default spec: @@ -224,7 +265,6 @@ metadata: annotations: internal.istio.io/parents: TLSRoute/tls.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: tls-tls-1-istio-autogenerated-k8s-gateway namespace: default spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/valid-invalid-parent-ref.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/valid-invalid-parent-ref.status.yaml.golden index a8c36dc1e..8c8b11067 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/valid-invalid-parent-ref.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/valid-invalid-parent-ref.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass metadata: - creationTimestamp: null name: istio spec: null status: @@ -15,7 +14,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: gateway namespace: istio-system spec: null @@ -67,7 +65,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: mixed-parent-ref-validity namespace: default spec: null @@ -84,7 +81,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: networking.istio.io kind: ServiceEntry @@ -100,7 +97,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: istio-system @@ -116,7 +113,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: istio-system @@ -132,7 +129,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: group: "" kind: Service diff --git a/pkg/ingress/kube/gateway/istio/testdata/valid-invalid-parent-ref.yaml b/pkg/ingress/kube/gateway/istio/testdata/valid-invalid-parent-ref.yaml index 2e6e3dd34..44879f324 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/valid-invalid-parent-ref.yaml +++ b/pkg/ingress/kube/gateway/istio/testdata/valid-invalid-parent-ref.yaml @@ -3,7 +3,7 @@ kind: GatewayClass metadata: name: istio spec: - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway diff --git a/pkg/ingress/kube/gateway/istio/testdata/valid-invalid-parent-ref.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/valid-invalid-parent-ref.yaml.golden index d9db660e1..477eeb8f9 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/valid-invalid-parent-ref.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/valid-invalid-parent-ref.yaml.golden @@ -5,7 +5,6 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/default.istio-system - creationTimestamp: null name: gateway-istio-autogenerated-k8s-gateway-default namespace: istio-system spec: @@ -23,7 +22,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/mixed-parent-ref-validity.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: default~google.com namespace: default spec: @@ -45,7 +43,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/mixed-parent-ref-validity.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: istio-system~gateway-istio-autogenerated-k8s-gateway-default~* namespace: default spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/waypoint.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/waypoint.status.yaml.golden index c645ee22d..44e595079 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/waypoint.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/waypoint.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: invalid namespace: ns spec: null @@ -51,7 +50,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: namespace namespace: ns spec: null diff --git a/pkg/ingress/kube/gateway/istio/testdata/weighted.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/weighted.status.yaml.golden index 3e228182f..4c7450178 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/weighted.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/weighted.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass metadata: - creationTimestamp: null name: higress spec: null status: @@ -15,7 +14,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: gateway namespace: higress-system spec: null @@ -94,7 +92,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: http namespace: default spec: null @@ -111,7 +108,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -119,7 +116,6 @@ status: apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TCPRoute metadata: - creationTimestamp: null name: tcp namespace: default spec: null @@ -136,7 +132,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system diff --git a/pkg/ingress/kube/gateway/istio/testdata/weighted.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/weighted.yaml.golden index ebce3a0c9..af3417420 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/weighted.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/weighted.yaml.golden @@ -5,7 +5,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/http.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-http namespace: higress-system spec: @@ -24,7 +24,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/tcp.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-tcp namespace: higress-system spec: @@ -42,7 +42,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/http.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-http~first.domain.example namespace: default spec: @@ -89,7 +88,6 @@ metadata: annotations: internal.istio.io/parents: TCPRoute/tcp.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: tcp-tcp-0-istio-autogenerated-k8s-gateway namespace: default spec: diff --git a/pkg/ingress/kube/gateway/istio/testdata/zero.status.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/zero.status.yaml.golden index 3d4ccb744..338044ffc 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/zero.status.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/zero.status.yaml.golden @@ -1,7 +1,6 @@ apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass metadata: - creationTimestamp: null name: higress spec: null status: @@ -15,7 +14,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: - creationTimestamp: null name: gateway namespace: higress-system spec: null @@ -94,7 +92,6 @@ status: apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: - creationTimestamp: null name: http namespace: default spec: null @@ -111,7 +108,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system @@ -119,7 +116,6 @@ status: apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TCPRoute metadata: - creationTimestamp: null name: tcp namespace: default spec: null @@ -136,7 +132,7 @@ status: reason: ResolvedRefs status: "True" type: ResolvedRefs - controllerName: istio.io/gateway-controller + controllerName: higress.io/gateway-controller parentRef: name: gateway namespace: higress-system diff --git a/pkg/ingress/kube/gateway/istio/testdata/zero.yaml.golden b/pkg/ingress/kube/gateway/istio/testdata/zero.yaml.golden index 144ba873d..379f564ac 100644 --- a/pkg/ingress/kube/gateway/istio/testdata/zero.yaml.golden +++ b/pkg/ingress/kube/gateway/istio/testdata/zero.yaml.golden @@ -5,7 +5,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/default.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-default namespace: higress-system spec: @@ -24,7 +24,7 @@ metadata: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: higress-gateway.higress-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/tcp.higress-system - creationTimestamp: null + internal.istio.io/service-account-name: "" name: gateway-istio-autogenerated-k8s-gateway-tcp namespace: higress-system spec: @@ -42,7 +42,6 @@ metadata: annotations: internal.istio.io/parents: HTTPRoute/http.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: higress-system~gateway-istio-autogenerated-k8s-gateway-default~first.domain.example namespace: default spec: @@ -77,7 +76,6 @@ metadata: annotations: internal.istio.io/parents: TCPRoute/tcp.default internal.istio.io/route-semantics: gateway - creationTimestamp: null name: tcp-tcp-0-istio-autogenerated-k8s-gateway namespace: default spec: diff --git a/pkg/ingress/mcp/generator.go b/pkg/ingress/mcp/generator.go index 693a8c923..4b379ffa3 100644 --- a/pkg/ingress/mcp/generator.go +++ b/pkg/ingress/mcp/generator.go @@ -16,18 +16,21 @@ package mcp // nolint import ( + "encoding/json" "path" "sort" discovery "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" "github.com/gogo/protobuf/types" "github.com/golang/protobuf/ptypes/timestamp" + "google.golang.org/protobuf/encoding/protowire" "google.golang.org/protobuf/types/known/anypb" mcp "istio.io/api/mcp/v1alpha1" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/pkg/xds" cfg "istio.io/istio/pkg/config" "istio.io/istio/pkg/config/schema/gvk" + "istio.io/istio/pkg/log" ) var ( @@ -211,6 +214,14 @@ func generate(proxy *model.Proxy, configs []cfg.Config, w *model.WatchedResource if keepAnnotations { resource.Metadata.Annotations = config.Annotations } + + // Add config.Extra to Resource's unknown fields + if len(config.Extra) > 0 { + if err = addExtraToUnknownFields(resource, config.Extra); err != nil { + log.Warnf("Failed to add Extra to unknown fields: %v, extra: %v", err, config.Extra) + } + } + // nolint mcpAny, err := anypb.New(resource) if err != nil { @@ -223,3 +234,35 @@ func generate(proxy *model.Proxy, configs []cfg.Config, w *model.WatchedResource } return resources, model.DefaultXdsLogDetails, nil } + +// addExtraToUnknownFields adds the Extra map to the Resource's unknown fields +// We use field number 100 (which is not defined in the proto) to store the Extra data +func addExtraToUnknownFields(resource *mcp.Resource, extra map[string]any) error { + // Serialize Extra to JSON + extraJSON, err := json.Marshal(extra) + if err != nil { + return err + } + + // Use field number 100 (arbitrary high number not used in the proto definition) + // Resource proto only has field 1 (metadata) and field 2 (body), so 100 is safe + // Field 100, wire type 2 (length-delimited for bytes/string) + const extraFieldNumber = 100 + + // Encode the field: tag (field number + wire type) + length + data + tag := protowire.EncodeTag(extraFieldNumber, protowire.BytesType) + unknownData := protowire.AppendVarint(nil, uint64(tag)) + unknownData = protowire.AppendBytes(unknownData, extraJSON) + + // Get the ProtoReflect interface to access unknown fields + resourceReflect := resource.ProtoReflect() + + // Append to existing unknown fields + existingUnknown := resourceReflect.GetUnknown() + resourceReflect.SetUnknown(append(existingUnknown, unknownData...)) + + log.Debugf("[addExtraToUnknownFields] Added %d bytes to Resource unknown fields (field %d)", len(unknownData), extraFieldNumber) + log.Debugf("[addExtraToUnknownFields] Extra JSON: %s", string(extraJSON)) + log.Debugf("[addExtraToUnknownFields] Unknown data (hex): %x", unknownData) + return nil +}