diff --git a/app/kuma-dp/cmd/run.go b/app/kuma-dp/cmd/run.go index ed43e6ca8b49..3028ef4d6cb6 100644 --- a/app/kuma-dp/cmd/run.go +++ b/app/kuma-dp/cmd/run.go @@ -17,6 +17,7 @@ import ( "github.com/kumahq/kuma/app/kuma-dp/pkg/dataplane/envoy" "github.com/kumahq/kuma/app/kuma-dp/pkg/dataplane/meshmetrics" "github.com/kumahq/kuma/app/kuma-dp/pkg/dataplane/metrics" + "github.com/kumahq/kuma/app/kuma-dp/pkg/dataplane/readiness" kuma_cmd "github.com/kumahq/kuma/pkg/cmd" "github.com/kumahq/kuma/pkg/config" kumadp "github.com/kumahq/kuma/pkg/config/app/kuma-dp" @@ -183,6 +184,7 @@ func newRunCmd(opts kuma_cmd.RunCmdOpts, rootCtx *RootContext) *cobra.Command { bootstrap, kumaSidecarConfiguration, err := rootCtx.BootstrapGenerator(gracefulCtx, opts.Config.ControlPlane.URL, opts.Config, envoy.BootstrapParams{ Dataplane: opts.Dataplane, DNSPort: cfg.DNS.EnvoyDNSPort, + ReadinessPort: cfg.Dataplane.ReadinessPort, EnvoyVersion: *envoyVersion, Workdir: cfg.DataplaneRuntime.SocketDir, DynamicMetadata: rootCtx.BootstrapDynamicMetadata, @@ -236,6 +238,15 @@ func newRunCmd(opts kuma_cmd.RunCmdOpts, rootCtx *RootContext) *cobra.Command { observabilityComponents := setupObservability(kumaSidecarConfiguration, bootstrap, cfg) components = append(components, observabilityComponents...) + + var readinessReporter *readiness.Reporter + if cfg.Dataplane.ReadinessPort > 0 { + readinessReporter = readiness.NewReporter( + bootstrap.GetAdmin().GetAddress().GetSocketAddress().GetAddress(), + cfg.Dataplane.ReadinessPort) + components = append(components, readinessReporter) + } + if err := rootCtx.ComponentManager.Add(components...); err != nil { return err } @@ -265,6 +276,9 @@ func newRunCmd(opts kuma_cmd.RunCmdOpts, rootCtx *RootContext) *cobra.Command { if draining { runLog.Info("already drained, exit immediately") } else { + if readinessReporter != nil { + readinessReporter.Terminating() + } runLog.Info("draining Envoy connections") if err := envoyComponent.FailHealthchecks(); err != nil { runLog.Error(err, "could not drain connections") diff --git a/app/kuma-dp/pkg/dataplane/envoy/envoy.go b/app/kuma-dp/pkg/dataplane/envoy/envoy.go index 6a5a4722f459..4cc7c74b7db0 100644 --- a/app/kuma-dp/pkg/dataplane/envoy/envoy.go +++ b/app/kuma-dp/pkg/dataplane/envoy/envoy.go @@ -30,6 +30,7 @@ var runLog = core.Log.WithName("kuma-dp").WithName("run").WithName("envoy") type BootstrapParams struct { Dataplane rest.Resource DNSPort uint32 + ReadinessPort uint32 EnvoyVersion EnvoyVersion DynamicMetadata map[string]string Workdir string diff --git a/app/kuma-dp/pkg/dataplane/envoy/remote_bootstrap.go b/app/kuma-dp/pkg/dataplane/envoy/remote_bootstrap.go index a18d02eeb0fd..f3c727b380bd 100644 --- a/app/kuma-dp/pkg/dataplane/envoy/remote_bootstrap.go +++ b/app/kuma-dp/pkg/dataplane/envoy/remote_bootstrap.go @@ -179,6 +179,7 @@ func (b *remoteBootstrap) requestForBootstrap(ctx context.Context, client *http. }, DynamicMetadata: params.DynamicMetadata, DNSPort: params.DNSPort, + ReadinessPort: params.ReadinessPort, OperatingSystem: b.operatingSystem, Features: b.features, Resources: resources, diff --git a/app/kuma-dp/pkg/dataplane/readiness/component.go b/app/kuma-dp/pkg/dataplane/readiness/component.go new file mode 100644 index 000000000000..4544fb31b0c7 --- /dev/null +++ b/app/kuma-dp/pkg/dataplane/readiness/component.go @@ -0,0 +1,111 @@ +package readiness + +import ( + "context" + "fmt" + "net" + "net/http" + "sync/atomic" + "time" + + "github.com/asaskevich/govalidator" + "github.com/bakito/go-log-logr-adapter/adapter" + + "github.com/kumahq/kuma/pkg/core" + "github.com/kumahq/kuma/pkg/core/runtime/component" +) + +const ( + pathPrefixReady = "/ready" + stateReady = "READY" + stateTerminating = "TERMINATING" +) + +// Reporter reports the health status of this Kuma Dataplane Proxy +type Reporter struct { + localListenAddr string + localListenPort uint32 + isTerminating atomic.Bool +} + +var logger = core.Log.WithName("readiness") + +func NewReporter(localIPAddr string, localListenPort uint32) *Reporter { + return &Reporter{ + localListenPort: localListenPort, + localListenAddr: localIPAddr, + } +} + +func (r *Reporter) Start(stop <-chan struct{}) error { + protocol := "tcp" + addr := r.localListenAddr + if govalidator.IsIPv6(addr) { + protocol = "tcp6" + addr = fmt.Sprintf("[%s]", addr) + } + lis, err := net.Listen(protocol, fmt.Sprintf("%s:%d", addr, r.localListenPort)) + if err != nil { + return err + } + + defer func() { + _ = lis.Close() + }() + + logger.Info("starting readiness reporter", "addr", lis.Addr().String()) + + mux := http.NewServeMux() + mux.HandleFunc(pathPrefixReady, r.handleReadiness) + server := &http.Server{ + ReadHeaderTimeout: time.Second, + Handler: mux, + ErrorLog: adapter.ToStd(logger), + } + + errCh := make(chan error) + go func() { + if err := server.Serve(lis); err != nil { + errCh <- err + } + }() + + select { + case err := <-errCh: + return err + case <-stop: + logger.Info("stopping readiness reporter") + return server.Shutdown(context.Background()) + } +} + +func (r *Reporter) Terminating() { + r.isTerminating.Store(true) +} + +func (r *Reporter) handleReadiness(writer http.ResponseWriter, req *http.Request) { + state := stateReady + stateHTTPStatus := http.StatusOK + if r.isTerminating.Load() { + state = stateTerminating + stateHTTPStatus = http.StatusServiceUnavailable + } + + stateBytes := []byte(state) + writer.Header().Set("content-type", "text/plain") + writer.Header().Set("content-length", fmt.Sprintf("%d", len(stateBytes))) + writer.Header().Set("cache-control", "no-cache, max-age=0") + writer.Header().Set("x-powered-by", "kuma-dp") + writer.WriteHeader(stateHTTPStatus) + _, err := writer.Write(stateBytes) + logger.V(1).Info("responding readiness state", "state", state, "client", req.RemoteAddr) + if err != nil { + logger.Info("[WARNING] could not write response", "err", err) + } +} + +func (r *Reporter) NeedLeaderElection() bool { + return false +} + +var _ component.Component = &Reporter{} diff --git a/pkg/config/app/kuma-dp/config.go b/pkg/config/app/kuma-dp/config.go index acae6eb98c3b..dd18dcd41208 100644 --- a/pkg/config/app/kuma-dp/config.go +++ b/pkg/config/app/kuma-dp/config.go @@ -25,10 +25,11 @@ var DefaultConfig = func() Config { }, }, Dataplane: Dataplane{ - Mesh: "", - Name: "", // Dataplane name must be set explicitly - DrainTime: config_types.Duration{Duration: 30 * time.Second}, - ProxyType: "dataplane", + Mesh: "", + Name: "", // Dataplane name must be set explicitly + DrainTime: config_types.Duration{Duration: 30 * time.Second}, + ProxyType: "dataplane", + ReadinessPort: 9902, }, DataplaneRuntime: DataplaneRuntime{ BinaryPath: "envoy", @@ -132,6 +133,8 @@ type Dataplane struct { ProxyType string `json:"proxyType,omitempty" envconfig:"kuma_dataplane_proxy_type"` // Drain time for listeners. DrainTime config_types.Duration `json:"drainTime,omitempty" envconfig:"kuma_dataplane_drain_time"` + // Port that exposes kuma-dp readiness status on localhost, set this value to 0 to provide readiness by "/ready" endpoint from Envoy adminAPI + ReadinessPort uint32 `json:"readinessPort,omitempty" envconfig:"kuma_readiness_port"` } func (d *Dataplane) PostProcess() error { @@ -305,6 +308,10 @@ func (d *Dataplane) Validate() error { errs = multierr.Append(errs, errors.Errorf(".DrainTime must be positive")) } + if d.ReadinessPort > 65353 { + return errors.New(".ReadinessPort has to be in [0, 65353] range") + } + return errs } diff --git a/pkg/config/app/kuma-dp/testdata/default-config.golden.yaml b/pkg/config/app/kuma-dp/testdata/default-config.golden.yaml index 7b5d28d3b918..6eaf688c13ed 100644 --- a/pkg/config/app/kuma-dp/testdata/default-config.golden.yaml +++ b/pkg/config/app/kuma-dp/testdata/default-config.golden.yaml @@ -8,6 +8,7 @@ controlPlane: dataplane: drainTime: 30s proxyType: dataplane + readinessPort: 9902 dataplaneRuntime: binaryPath: envoy dynamicConfiguration: diff --git a/pkg/core/xds/metadata.go b/pkg/core/xds/metadata.go index 955359db3a55..f39bfb8c24a1 100644 --- a/pkg/core/xds/metadata.go +++ b/pkg/core/xds/metadata.go @@ -21,6 +21,7 @@ const ( // Supported Envoy node metadata fields. FieldDataplaneAdminPort = "dataplane.admin.port" FieldDataplaneAdminAddress = "dataplane.admin.address" + FieldDataplaneReadinessPort = "dataplane.readinessReporter.port" FieldDataplaneDNSPort = "dataplane.dns.port" FieldDataplaneDataplaneResource = "dataplane.resource" FieldDynamicMetadata = "dynamicMetadata" @@ -52,6 +53,7 @@ type DataplaneMetadata struct { Resource model.Resource AdminPort uint32 AdminAddress string + ReadinessPort uint32 DNSPort uint32 DynamicMetadata map[string]string ProxyType mesh_proto.ProxyType @@ -113,6 +115,13 @@ func (m *DataplaneMetadata) GetAdminPort() uint32 { return m.AdminPort } +func (m *DataplaneMetadata) GetReadinessPort() uint32 { + if m == nil { + return 0 + } + return m.ReadinessPort +} + func (m *DataplaneMetadata) GetAdminAddress() string { if m == nil { return "" @@ -154,6 +163,7 @@ func DataplaneMetadataFromXdsMetadata(xdsMetadata *structpb.Struct) *DataplaneMe } metadata.AdminPort = uint32Metadata(xdsMetadata, FieldDataplaneAdminPort) metadata.AdminAddress = xdsMetadata.Fields[FieldDataplaneAdminAddress].GetStringValue() + metadata.ReadinessPort = uint32Metadata(xdsMetadata, FieldDataplaneReadinessPort) metadata.DNSPort = uint32Metadata(xdsMetadata, FieldDataplaneDNSPort) if value := xdsMetadata.Fields[FieldDataplaneDataplaneResource]; value != nil { res, err := rest.YAML.UnmarshalCore([]byte(value.GetStringValue())) diff --git a/pkg/core/xds/metadata_test.go b/pkg/core/xds/metadata_test.go index 3cfb168ebddf..060d19023c29 100644 --- a/pkg/core/xds/metadata_test.go +++ b/pkg/core/xds/metadata_test.go @@ -42,6 +42,11 @@ var _ = Describe("DataplaneMetadataFromXdsMetadata", func() { StringValue: "8000", }, }, + "dataplane.readinessReporter.port": { + Kind: &structpb.Value_StringValue{ + StringValue: "9300", + }, + }, "systemCaPath": { Kind: &structpb.Value_StringValue{ StringValue: "/etc/certs/cert.pem", @@ -50,9 +55,10 @@ var _ = Describe("DataplaneMetadataFromXdsMetadata", func() { }, }, expected: xds.DataplaneMetadata{ - AdminPort: 1234, - DNSPort: 8000, - SystemCaPath: "/etc/certs/cert.pem", + AdminPort: 1234, + DNSPort: 8000, + SystemCaPath: "/etc/certs/cert.pem", + ReadinessPort: 9300, }, }), Entry("should ignore dependencies version provided through metadata if version is not set at all", testCase{ diff --git a/pkg/xds/bootstrap/generator.go b/pkg/xds/bootstrap/generator.go index def46fb59a35..54d7543af857 100644 --- a/pkg/xds/bootstrap/generator.go +++ b/pkg/xds/bootstrap/generator.go @@ -106,6 +106,7 @@ func (b *bootstrapGenerator) Generate(ctx context.Context, request types.Bootstr }, DynamicMetadata: request.DynamicMetadata, DNSPort: request.DNSPort, + ReadinessPort: request.ReadinessPort, ProxyType: request.ProxyType, Features: request.Features, Resources: request.Resources, diff --git a/pkg/xds/bootstrap/parameters.go b/pkg/xds/bootstrap/parameters.go index c6a8fe67d93e..680538446f0a 100644 --- a/pkg/xds/bootstrap/parameters.go +++ b/pkg/xds/bootstrap/parameters.go @@ -30,6 +30,7 @@ type configParameters struct { Service string AdminAddress string AdminPort uint32 + ReadinessPort uint32 AdminAccessLogPath string XdsHost string XdsPort uint32 diff --git a/pkg/xds/bootstrap/template_v3.go b/pkg/xds/bootstrap/template_v3.go index 523873d8d5d9..58938b8e3324 100644 --- a/pkg/xds/bootstrap/template_v3.go +++ b/pkg/xds/bootstrap/template_v3.go @@ -337,6 +337,9 @@ func genConfig(parameters configParameters, proxyConfig xds.Proxy, enableReloada if parameters.DNSPort != 0 { res.Node.Metadata.Fields[core_xds.FieldDataplaneDNSPort] = util_proto.MustNewValueForStruct(strconv.Itoa(int(parameters.DNSPort))) } + if parameters.ReadinessPort != 0 { + res.Node.Metadata.Fields[core_xds.FieldDataplaneReadinessPort] = util_proto.MustNewValueForStruct(strconv.Itoa(int(parameters.ReadinessPort))) + } if parameters.ProxyType != "" { res.Node.Metadata.Fields[core_xds.FieldDataplaneProxyType] = util_proto.MustNewValueForStruct(parameters.ProxyType) } diff --git a/pkg/xds/bootstrap/types/bootstrap_request.go b/pkg/xds/bootstrap/types/bootstrap_request.go index 89d5521f172e..77015b794f7d 100644 --- a/pkg/xds/bootstrap/types/bootstrap_request.go +++ b/pkg/xds/bootstrap/types/bootstrap_request.go @@ -13,6 +13,7 @@ type BootstrapRequest struct { CaCert string `json:"caCert"` DynamicMetadata map[string]string `json:"dynamicMetadata"` DNSPort uint32 `json:"dnsPort,omitempty"` + ReadinessPort uint32 `json:"readinessPort,omitempty"` OperatingSystem string `json:"operatingSystem"` Features []string `json:"features"` Resources ProxyResources `json:"resources"` diff --git a/pkg/xds/envoy/names/resource_names.go b/pkg/xds/envoy/names/resource_names.go index 0d9a98fedcec..2f361a17505b 100644 --- a/pkg/xds/envoy/names/resource_names.go +++ b/pkg/xds/envoy/names/resource_names.go @@ -65,6 +65,10 @@ func GetMetricsHijackerClusterName() string { return Join("kuma", "metrics", "hijacker") } +func GetDPPReadinessClusterName() string { + return Join("kuma", "readiness") +} + func GetInternalClusterNamePrefix() string { return "_" } diff --git a/pkg/xds/generator/admin_proxy_generator.go b/pkg/xds/generator/admin_proxy_generator.go index aec6c33e4dd6..3a5fb5d1ea10 100644 --- a/pkg/xds/generator/admin_proxy_generator.go +++ b/pkg/xds/generator/admin_proxy_generator.go @@ -28,6 +28,10 @@ var staticEndpointPaths = []*envoy_common.StaticEndpointPath{ } var staticTlsEndpointPaths = []*envoy_common.StaticEndpointPath{ + { + Path: "/ready", + RewritePath: "/ready", + }, { Path: "/", RewritePath: "/", @@ -53,6 +57,7 @@ func (g AdminProxyGenerator) Generate(ctx context.Context, _ *core_xds.ResourceS } adminPort := proxy.Metadata.GetAdminPort() + readinessPort := proxy.Metadata.GetReadinessPort() // We assume that Admin API must be available on a loopback interface (while users // can override the default value `127.0.0.1` in the Bootstrap Server section of `kuma-cp` config, // the only reasonable alternatives are `::1`, `0.0.0.0` or `::`). @@ -60,6 +65,7 @@ func (g AdminProxyGenerator) Generate(ctx context.Context, _ *core_xds.ResourceS // since it would allow a malicious user to manipulate that value and use Prometheus endpoint // as a gateway to another host. envoyAdminClusterName := envoy_names.GetEnvoyAdminClusterName() + dppReadinessClusterName := envoy_names.GetDPPReadinessClusterName() adminAddress := proxy.Metadata.GetAdminAddress() if _, ok := adminAddressAllowedValues[adminAddress]; !ok { var allowedAddresses []string @@ -74,7 +80,8 @@ func (g AdminProxyGenerator) Generate(ctx context.Context, _ *core_xds.ResourceS case "::": adminAddress = "::1" } - cluster, err := envoy_clusters.NewClusterBuilder(proxy.APIVersion, envoyAdminClusterName). + + envoyAdminCluster, err := envoy_clusters.NewClusterBuilder(proxy.APIVersion, envoyAdminClusterName). Configure(envoy_clusters.ProvidedEndpointCluster( govalidator.IsIPv6(adminAddress), core_xds.Endpoint{Target: adminAddress, Port: adminPort})). @@ -84,12 +91,30 @@ func (g AdminProxyGenerator) Generate(ctx context.Context, _ *core_xds.ResourceS return nil, err } - resources := core_xds.NewResourceSet() + assignReadinessPort := func(se *envoy_common.StaticEndpointPath) { + if readinessPort > 0 { + // we only have /ready for now, so assign it to the readiness cluster directly + se.ClusterName = dppReadinessClusterName + } else { + // we keep the previous behavior if readinessPort is not set + // this can happen when an existing DPP is connecting to this CP, it does not have this metadata + se.ClusterName = envoyAdminClusterName + } + } for _, se := range staticEndpointPaths { - se.ClusterName = envoyAdminClusterName + assignReadinessPort(se) + } + for _, se := range staticTlsEndpointPaths { + switch se.Path { + case "/ready": + assignReadinessPort(se) + default: + se.ClusterName = envoyAdminClusterName + } } + resources := core_xds.NewResourceSet() // We bind admin to 127.0.0.1 by default, creating another listener with same address and port will result in error. if g.getAddress(proxy) != adminAddress { filterChains := []envoy_listeners.ListenerBuilderOpt{ @@ -97,9 +122,6 @@ func (g AdminProxyGenerator) Generate(ctx context.Context, _ *core_xds.ResourceS Configure(envoy_listeners.StaticEndpoints(envoy_names.GetAdminListenerName(), staticEndpointPaths)), ), } - for _, se := range staticTlsEndpointPaths { - se.ClusterName = envoyAdminClusterName - } filterChains = append(filterChains, envoy_listeners.FilterChain(envoy_listeners.NewFilterChainBuilder(proxy.APIVersion, envoy_common.AnonymousResource). Configure(envoy_listeners.MatchTransportProtocol("tls")). Configure(envoy_listeners.StaticEndpoints(envoy_names.GetAdminListenerName(), staticTlsEndpointPaths)). @@ -122,10 +144,30 @@ func (g AdminProxyGenerator) Generate(ctx context.Context, _ *core_xds.ResourceS } resources.Add(&core_xds.Resource{ - Name: cluster.GetName(), + Name: envoyAdminCluster.GetName(), Origin: OriginAdmin, - Resource: cluster, + Resource: envoyAdminCluster, }) + + if readinessPort > 0 { + adminAddr := proxy.Metadata.GetAdminAddress() + readinessCluster, err := envoy_clusters.NewClusterBuilder(proxy.APIVersion, dppReadinessClusterName). + Configure(envoy_clusters.ProvidedEndpointCluster( + govalidator.IsIPv6(adminAddr), + core_xds.Endpoint{Target: adminAddr, Port: readinessPort})). + Configure(envoy_clusters.DefaultTimeout()). + Build() + if err != nil { + return nil, err + } + + resources.Add(&core_xds.Resource{ + Name: readinessCluster.GetName(), + Origin: OriginAdmin, + Resource: readinessCluster, + }) + } + return resources, nil } diff --git a/pkg/xds/generator/admin_proxy_generator_test.go b/pkg/xds/generator/admin_proxy_generator_test.go index 694e90de1e30..f9fe4e021f58 100644 --- a/pkg/xds/generator/admin_proxy_generator_test.go +++ b/pkg/xds/generator/admin_proxy_generator_test.go @@ -26,6 +26,7 @@ var _ = Describe("AdminProxyGenerator", func() { dataplaneFile string expected string adminAddress string + readinessPort uint32 } DescribeTable("should generate envoy config", @@ -49,9 +50,11 @@ var _ = Describe("AdminProxyGenerator", func() { } proxy := &xds.Proxy{ + Id: *xds.BuildProxyId("default", "test-admin-dpp"), Metadata: &xds.DataplaneMetadata{ - AdminPort: 9901, - AdminAddress: given.adminAddress, + AdminPort: 9901, + AdminAddress: given.adminAddress, + ReadinessPort: given.readinessPort, }, EnvoyAdminMTLSCerts: xds.ServerSideMTLSCerts{ CaPEM: []byte("caPEM"), @@ -93,16 +96,29 @@ var _ = Describe("AdminProxyGenerator", func() { expected: "03.envoy-config.golden.yaml", adminAddress: "::1", }), - Entry("should generate admin resources, unspecified IPv4", testCase{ + Entry("should generate admin resources, unspecified IPv4, readiness port 0", testCase{ dataplaneFile: "04.dataplane.input.yaml", expected: "04.envoy-config.golden.yaml", adminAddress: "0.0.0.0", + readinessPort: 0, }), Entry("should generate admin resources, unspecified IPv6", testCase{ dataplaneFile: "05.dataplane.input.yaml", expected: "05.envoy-config.golden.yaml", adminAddress: "::", }), + Entry("should generate admin resources, IPv4 with readiness port 9902", testCase{ + dataplaneFile: "04.dataplane.input.yaml", + expected: "06.envoy-config.golden.yaml", + adminAddress: "127.0.0.1", + readinessPort: 9902, + }), + Entry("should generate admin resources, IPv6 with readiness port 9400", testCase{ + dataplaneFile: "05.dataplane.input.yaml", + expected: "07.envoy-config.golden.yaml", + adminAddress: "::1", + readinessPort: 9400, + }), ) It("should return error when admin address is not allowed", func() { @@ -117,6 +133,7 @@ var _ = Describe("AdminProxyGenerator", func() { } proxy := &xds.Proxy{ + Id: *xds.BuildProxyId("default", "test-admin-dpp"), Metadata: &xds.DataplaneMetadata{ AdminPort: 9901, AdminAddress: "192.168.0.1", // it's not allowed to use such address diff --git a/pkg/xds/generator/testdata/admin/01.envoy-config.golden.yaml b/pkg/xds/generator/testdata/admin/01.envoy-config.golden.yaml index a92bf4b35d52..b7f238467ac0 100644 --- a/pkg/xds/generator/testdata/admin/01.envoy-config.golden.yaml +++ b/pkg/xds/generator/testdata/admin/01.envoy-config.golden.yaml @@ -62,6 +62,11 @@ resources: - '*' name: kuma:envoy:admin routes: + - match: + prefix: /ready + route: + cluster: kuma:envoy:admin + prefixRewrite: /ready - match: prefix: / route: diff --git a/pkg/xds/generator/testdata/admin/02.envoy-config.golden.yaml b/pkg/xds/generator/testdata/admin/02.envoy-config.golden.yaml index a92bf4b35d52..b7f238467ac0 100644 --- a/pkg/xds/generator/testdata/admin/02.envoy-config.golden.yaml +++ b/pkg/xds/generator/testdata/admin/02.envoy-config.golden.yaml @@ -62,6 +62,11 @@ resources: - '*' name: kuma:envoy:admin routes: + - match: + prefix: /ready + route: + cluster: kuma:envoy:admin + prefixRewrite: /ready - match: prefix: / route: diff --git a/pkg/xds/generator/testdata/admin/03.envoy-config.golden.yaml b/pkg/xds/generator/testdata/admin/03.envoy-config.golden.yaml index 5690585acbd9..2a614cd23da0 100644 --- a/pkg/xds/generator/testdata/admin/03.envoy-config.golden.yaml +++ b/pkg/xds/generator/testdata/admin/03.envoy-config.golden.yaml @@ -62,6 +62,11 @@ resources: - '*' name: kuma:envoy:admin routes: + - match: + prefix: /ready + route: + cluster: kuma:envoy:admin + prefixRewrite: /ready - match: prefix: / route: diff --git a/pkg/xds/generator/testdata/admin/04.envoy-config.golden.yaml b/pkg/xds/generator/testdata/admin/04.envoy-config.golden.yaml index a92bf4b35d52..b7f238467ac0 100644 --- a/pkg/xds/generator/testdata/admin/04.envoy-config.golden.yaml +++ b/pkg/xds/generator/testdata/admin/04.envoy-config.golden.yaml @@ -62,6 +62,11 @@ resources: - '*' name: kuma:envoy:admin routes: + - match: + prefix: /ready + route: + cluster: kuma:envoy:admin + prefixRewrite: /ready - match: prefix: / route: diff --git a/pkg/xds/generator/testdata/admin/05.envoy-config.golden.yaml b/pkg/xds/generator/testdata/admin/05.envoy-config.golden.yaml index 5690585acbd9..2a614cd23da0 100644 --- a/pkg/xds/generator/testdata/admin/05.envoy-config.golden.yaml +++ b/pkg/xds/generator/testdata/admin/05.envoy-config.golden.yaml @@ -62,6 +62,11 @@ resources: - '*' name: kuma:envoy:admin routes: + - match: + prefix: /ready + route: + cluster: kuma:envoy:admin + prefixRewrite: /ready - match: prefix: / route: diff --git a/pkg/xds/generator/testdata/admin/06.envoy-config.golden.yaml b/pkg/xds/generator/testdata/admin/06.envoy-config.golden.yaml new file mode 100644 index 000000000000..2a87f2d228e6 --- /dev/null +++ b/pkg/xds/generator/testdata/admin/06.envoy-config.golden.yaml @@ -0,0 +1,115 @@ +resources: +- name: kuma:envoy:admin + resource: + '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster + altStatName: kuma_envoy_admin + connectTimeout: 5s + loadAssignment: + clusterName: kuma:envoy:admin + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: 127.0.0.1 + portValue: 9901 + name: kuma:envoy:admin + type: STATIC +- name: kuma:readiness + resource: + '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster + altStatName: kuma_readiness + connectTimeout: 5s + loadAssignment: + clusterName: kuma:readiness + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: 127.0.0.1 + portValue: 9902 + name: kuma:readiness + type: STATIC +- name: kuma:envoy:admin + resource: + '@type': type.googleapis.com/envoy.config.listener.v3.Listener + address: + socketAddress: + address: 192.168.0.1 + portValue: 9901 + enableReusePort: false + filterChains: + - filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + routeConfig: + validateClusters: false + virtualHosts: + - domains: + - '*' + name: kuma:envoy:admin + routes: + - match: + prefix: /ready + route: + cluster: kuma:readiness + prefixRewrite: /ready + statPrefix: kuma_envoy_admin + - filterChainMatch: + transportProtocol: tls + filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + routeConfig: + validateClusters: false + virtualHosts: + - domains: + - '*' + name: kuma:envoy:admin + routes: + - match: + prefix: /ready + route: + cluster: kuma:readiness + prefixRewrite: /ready + - match: + prefix: / + route: + cluster: kuma:envoy:admin + prefixRewrite: / + statPrefix: kuma_envoy_admin + transportSocket: + name: envoy.transport_sockets.tls + typedConfig: + '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext + commonTlsContext: + tlsCertificates: + - certificateChain: + inlineBytes: Y2VydFBFTQ== + privateKey: + inlineBytes: a2V5UEVN + validationContext: + matchTypedSubjectAltNames: + - matcher: + exact: kuma-cp + sanType: DNS + trustedCa: + inlineBytes: Y2FQRU0= + requireClientCertificate: true + listenerFilters: + - name: envoy.filters.listener.tls_inspector + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector + name: kuma:envoy:admin + trafficDirection: INBOUND diff --git a/pkg/xds/generator/testdata/admin/07.envoy-config.golden.yaml b/pkg/xds/generator/testdata/admin/07.envoy-config.golden.yaml new file mode 100644 index 000000000000..5bc73a119b25 --- /dev/null +++ b/pkg/xds/generator/testdata/admin/07.envoy-config.golden.yaml @@ -0,0 +1,115 @@ +resources: +- name: kuma:envoy:admin + resource: + '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster + altStatName: kuma_envoy_admin + connectTimeout: 5s + loadAssignment: + clusterName: kuma:envoy:admin + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: ::1 + portValue: 9901 + name: kuma:envoy:admin + type: STATIC +- name: kuma:readiness + resource: + '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster + altStatName: kuma_readiness + connectTimeout: 5s + loadAssignment: + clusterName: kuma:readiness + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: ::1 + portValue: 9400 + name: kuma:readiness + type: STATIC +- name: kuma:envoy:admin + resource: + '@type': type.googleapis.com/envoy.config.listener.v3.Listener + address: + socketAddress: + address: 192.168.0.1 + portValue: 9901 + enableReusePort: false + filterChains: + - filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + routeConfig: + validateClusters: false + virtualHosts: + - domains: + - '*' + name: kuma:envoy:admin + routes: + - match: + prefix: /ready + route: + cluster: kuma:readiness + prefixRewrite: /ready + statPrefix: kuma_envoy_admin + - filterChainMatch: + transportProtocol: tls + filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + routeConfig: + validateClusters: false + virtualHosts: + - domains: + - '*' + name: kuma:envoy:admin + routes: + - match: + prefix: /ready + route: + cluster: kuma:readiness + prefixRewrite: /ready + - match: + prefix: / + route: + cluster: kuma:envoy:admin + prefixRewrite: / + statPrefix: kuma_envoy_admin + transportSocket: + name: envoy.transport_sockets.tls + typedConfig: + '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext + commonTlsContext: + tlsCertificates: + - certificateChain: + inlineBytes: Y2VydFBFTQ== + privateKey: + inlineBytes: a2V5UEVN + validationContext: + matchTypedSubjectAltNames: + - matcher: + exact: kuma-cp + sanType: DNS + trustedCa: + inlineBytes: Y2FQRU0= + requireClientCertificate: true + listenerFilters: + - name: envoy.filters.listener.tls_inspector + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector + name: kuma:envoy:admin + trafficDirection: INBOUND diff --git a/pkg/xds/generator/testdata/profile-source/1-envoy-config.golden.yaml b/pkg/xds/generator/testdata/profile-source/1-envoy-config.golden.yaml index 2824f329f05d..616c46d556e2 100644 --- a/pkg/xds/generator/testdata/profile-source/1-envoy-config.golden.yaml +++ b/pkg/xds/generator/testdata/profile-source/1-envoy-config.golden.yaml @@ -243,6 +243,11 @@ resources: - '*' name: kuma:envoy:admin routes: + - match: + prefix: /ready + route: + cluster: kuma:envoy:admin + prefixRewrite: /ready - match: prefix: / route: diff --git a/pkg/xds/generator/testdata/profile-source/2-envoy-config.golden.yaml b/pkg/xds/generator/testdata/profile-source/2-envoy-config.golden.yaml index acee53a91a0c..9457362fb2d2 100644 --- a/pkg/xds/generator/testdata/profile-source/2-envoy-config.golden.yaml +++ b/pkg/xds/generator/testdata/profile-source/2-envoy-config.golden.yaml @@ -286,6 +286,11 @@ resources: - '*' name: kuma:envoy:admin routes: + - match: + prefix: /ready + route: + cluster: kuma:envoy:admin + prefixRewrite: /ready - match: prefix: / route: diff --git a/pkg/xds/generator/testdata/profile-source/3-envoy-config.golden.yaml b/pkg/xds/generator/testdata/profile-source/3-envoy-config.golden.yaml index ac486382d788..52e20200822e 100644 --- a/pkg/xds/generator/testdata/profile-source/3-envoy-config.golden.yaml +++ b/pkg/xds/generator/testdata/profile-source/3-envoy-config.golden.yaml @@ -288,6 +288,11 @@ resources: - '*' name: kuma:envoy:admin routes: + - match: + prefix: /ready + route: + cluster: kuma:envoy:admin + prefixRewrite: /ready - match: prefix: / route: diff --git a/pkg/xds/generator/testdata/profile-source/4-envoy-config.golden.yaml b/pkg/xds/generator/testdata/profile-source/4-envoy-config.golden.yaml index 471d0b6fa5a7..04922e7fdf0d 100644 --- a/pkg/xds/generator/testdata/profile-source/4-envoy-config.golden.yaml +++ b/pkg/xds/generator/testdata/profile-source/4-envoy-config.golden.yaml @@ -331,6 +331,11 @@ resources: - '*' name: kuma:envoy:admin routes: + - match: + prefix: /ready + route: + cluster: kuma:envoy:admin + prefixRewrite: /ready - match: prefix: / route: