From 9a8e3aa38af6130ecefad17718189ebc6bb91329 Mon Sep 17 00:00:00 2001 From: Jacob Bohanon Date: Mon, 24 Jun 2024 15:57:21 -0400 Subject: [PATCH] [1.17] Fully default gwparams (#9677) * commentary in deployer * cleanup deployer_test * cleanup inner-GG values.yaml * move proxy container secCtx to default GwP * move envoy container resources to GwP * commentary on internal chart values * remove readiness port value * cleanup and todos for values * remove serviceAccount config * helm tests * oops test focus * remove autoscaling from public facing GwParams * fix broken ggv2 template * kube e2e test * maybe don't commit a panic * more cleanup inner-GG values.yaml * test container sec ctx because pod sec ctx is never set * try deploying the right stuff this time * add changelog * add changelog * commentary * reserve autoscaling field in GwParams, other cleanup * reorder proto * fix nullable defaults in 43-gwp * codegen * rename some stuff * maybe actually run the test * fix the stupid name --------- Co-authored-by: Lawrence Gadban Co-authored-by: soloio-bulldozer[bot] <48420018+soloio-bulldozer[bot]@users.noreply.github.com> --- .github/workflows/pr-kubernetes-tests.yaml | 4 +- .../v1.17.0-rc7/fully-default-gwparams.yaml | 7 + docs/content/reference/values.txt | 27 +- .../gloo/crds/gateway.gloo.solo.io_crds.yaml | 28 +- install/helm/gloo/generate/values.go | 17 +- .../gloo/templates/43-gatewayparameters.yaml | 51 ++- install/helm/gloo/values-template.yaml | 14 + install/test/k8sgateway_test.go | 59 +++- .../api/v1alpha1/gateway_parameters.proto | 4 +- projects/gateway2/deployer/deployer.go | 37 ++- projects/gateway2/deployer/deployer_test.go | 9 +- projects/gateway2/deployer/merge.go | 28 +- projects/gateway2/deployer/values.go | 13 +- projects/gateway2/deployer/values_helpers.go | 60 ++-- .../helm/gloo-gateway/templates/_helpers.tpl | 12 - .../templates/gateway/proxy-deployment.yaml | 22 +- .../gateway2/helm/gloo-gateway/values.yaml | 59 ++-- .../v1alpha1/gateway_parameters.pb.equal.go | 10 - .../v1alpha1/gateway_parameters.pb.go | 299 +++++++++--------- .../v1alpha1/gateway_parameters.pb.hash.go | 20 -- ...efault_gatewayparameters_deployer_suite.go | 55 ++++ .../kubernetes/e2e/features/deployer/suite.go | 19 +- .../deployer/testdata/basic-gateway.yaml | 13 + .../deployer/testdata/deployer-provision.yaml | 16 +- ...ters.yaml => gateway-with-parameters.yaml} | 7 +- .../kubernetes/e2e/features/deployer/types.go | 3 +- ..._minimal_default_gatewayparameters_test.go | 51 +++ ...minimal_default_gatewayparameters_tests.go | 14 + ...l-default-gatewayparameters-test-helm.yaml | 47 +++ 29 files changed, 611 insertions(+), 394 deletions(-) create mode 100644 changelog/v1.17.0-rc7/fully-default-gwparams.yaml create mode 100644 test/kubernetes/e2e/features/deployer/minimal_default_gatewayparameters_deployer_suite.go create mode 100644 test/kubernetes/e2e/features/deployer/testdata/basic-gateway.yaml rename test/kubernetes/e2e/features/deployer/testdata/{gateway-parameters.yaml => gateway-with-parameters.yaml} (83%) create mode 100644 test/kubernetes/e2e/tests/k8s_gw_minimal_default_gatewayparameters_test.go create mode 100644 test/kubernetes/e2e/tests/k8s_gw_minimal_default_gatewayparameters_tests.go create mode 100644 test/kubernetes/e2e/tests/manifests/k8s-gateway-minimal-default-gatewayparameters-test-helm.yaml diff --git a/.github/workflows/pr-kubernetes-tests.yaml b/.github/workflows/pr-kubernetes-tests.yaml index de2f7ba99b8..da2134d5dc4 100644 --- a/.github/workflows/pr-kubernetes-tests.yaml +++ b/.github/workflows/pr-kubernetes-tests.yaml @@ -59,7 +59,7 @@ jobs: # May 14th: ~ minutes execution time (see load_balancing_tests.md) - cluster-name: 'cluster-two' go-test-args: '-v -timeout=25m' - go-test-run-regex: '^TestK8sGateway$$/^Deployer$$|^TestK8sGateway$$/^RouteOptions$$|^TestK8sGateway$$/^VirtualHostOptions$$|^TestK8sGateway$$/^Upstreams$$|^TestK8sGateway$$/^HeadlessSvc$$|^TestK8sGateway$$/^PortRouting$$' + go-test-run-regex: '^TestK8sGateway$$/^Deployer$$|^TestK8sGateway$$/^RouteOptions$$|^TestK8sGateway$$/^VirtualHostOptions$$|^TestK8sGateway$$/^Upstreams$$|^TestK8sGateway$$/^HeadlessSvc$$|^TestK8sGateway$$/^PortRouting$$|^TestK8sGatewayMinimalDefaultGatewayParameters$$' # May 14th: ~ minutes execution time (see load_balancing_tests.md) - cluster-name: 'cluster-three' @@ -112,4 +112,4 @@ jobs: cluster-name: ${{ matrix.test.cluster-name }} test-args: ${{ matrix.test.go-test-args }} run-regex: ${{ matrix.test.go-test-run-regex }} - istio-version: ${{ steps.dotenv.outputs.istio_version }} \ No newline at end of file + istio-version: ${{ steps.dotenv.outputs.istio_version }} diff --git a/changelog/v1.17.0-rc7/fully-default-gwparams.yaml b/changelog/v1.17.0-rc7/fully-default-gwparams.yaml new file mode 100644 index 00000000000..1140062b43c --- /dev/null +++ b/changelog/v1.17.0-rc7/fully-default-gwparams.yaml @@ -0,0 +1,7 @@ +changelog: + - type: FIX + issueLink: https://github.com/solo-io/solo-projects/issues/6381 + resolvesIssue: false + description: >- + Move remaining non-user-facing default values for dynamically provisioned gateway proxies from internal helm chart + to main Gloo Gateway helm chart. This allows features like Security Context to be configured/disabled. diff --git a/docs/content/reference/values.txt b/docs/content/reference/values.txt index 939af0a27c2..dae9670ad3a 100644 --- a/docs/content/reference/values.txt +++ b/docs/content/reference/values.txt @@ -11,8 +11,31 @@ |kubeGateway.gatewayParameters.glooGateway.envoyContainer.image.variant|string||Specifies the version of the data-plane containers to deploy. Can take the values 'standard', 'fips', 'distroless', 'fips-distroless'. Defaults to standard. (The 'fips' and 'fips-distroless' variants are an Enterprise-only feature)| |kubeGateway.gatewayParameters.glooGateway.envoyContainer.image.fipsDigest|string||[Deprecated] Use 'variant=fips' and 'digest=...' instead. The hash digest of the container's fips image, ie. sha256:12345.... Only consumed if fips=true| |kubeGateway.gatewayParameters.glooGateway.envoyContainer.image.fips|bool||[Deprecated] Use 'variant=fips' instead. If true, deploys a version of the data-plane containers that is built with FIPS-compliant crypto libraries. (Enterprise-only feature)| -|kubeGateway.gatewayParameters.glooGateway.proxyDeployment.replicas|int32|1|number of instances to deploy.| -|kubeGateway.gatewayParameters.glooGateway.service.type|string|LoadBalancer|K8s service type| +|kubeGateway.gatewayParameters.glooGateway.envoyContainer.securityContext.capabilities.add[]|string||| +|kubeGateway.gatewayParameters.glooGateway.envoyContainer.securityContext.capabilities.drop[]|string||| +|kubeGateway.gatewayParameters.glooGateway.envoyContainer.securityContext.privileged|bool||| +|kubeGateway.gatewayParameters.glooGateway.envoyContainer.securityContext.seLinuxOptions.user|string||| +|kubeGateway.gatewayParameters.glooGateway.envoyContainer.securityContext.seLinuxOptions.role|string||| +|kubeGateway.gatewayParameters.glooGateway.envoyContainer.securityContext.seLinuxOptions.type|string||| +|kubeGateway.gatewayParameters.glooGateway.envoyContainer.securityContext.seLinuxOptions.level|string||| +|kubeGateway.gatewayParameters.glooGateway.envoyContainer.securityContext.windowsOptions.gmsaCredentialSpecName|string||| +|kubeGateway.gatewayParameters.glooGateway.envoyContainer.securityContext.windowsOptions.gmsaCredentialSpec|string||| +|kubeGateway.gatewayParameters.glooGateway.envoyContainer.securityContext.windowsOptions.runAsUserName|string||| +|kubeGateway.gatewayParameters.glooGateway.envoyContainer.securityContext.windowsOptions.hostProcess|bool||| +|kubeGateway.gatewayParameters.glooGateway.envoyContainer.securityContext.runAsUser|int64|10101|| +|kubeGateway.gatewayParameters.glooGateway.envoyContainer.securityContext.runAsGroup|int64||| +|kubeGateway.gatewayParameters.glooGateway.envoyContainer.securityContext.runAsNonRoot|bool|true|| +|kubeGateway.gatewayParameters.glooGateway.envoyContainer.securityContext.readOnlyRootFilesystem|bool|true|| +|kubeGateway.gatewayParameters.glooGateway.envoyContainer.securityContext.allowPrivilegeEscalation|bool|false|| +|kubeGateway.gatewayParameters.glooGateway.envoyContainer.securityContext.procMount|string||| +|kubeGateway.gatewayParameters.glooGateway.envoyContainer.securityContext.seccompProfile.type|string||| +|kubeGateway.gatewayParameters.glooGateway.envoyContainer.securityContext.seccompProfile.localhostProfile|string||| +|kubeGateway.gatewayParameters.glooGateway.envoyContainer.resources.limits.memory|string||amount of memory| +|kubeGateway.gatewayParameters.glooGateway.envoyContainer.resources.limits.cpu|string||amount of CPUs| +|kubeGateway.gatewayParameters.glooGateway.envoyContainer.resources.requests.memory|string||amount of memory| +|kubeGateway.gatewayParameters.glooGateway.envoyContainer.resources.requests.cpu|string||amount of CPUs| +|kubeGateway.gatewayParameters.glooGateway.proxyDeployment.replicas|int32|1|number of instances to deploy. If set to null, a default of 1 will be imposed.| +|kubeGateway.gatewayParameters.glooGateway.service.type|string|LoadBalancer|K8s service type. If set to null, a default of LoadBalancer will be imposed.| |kubeGateway.gatewayParameters.glooGateway.sdsContainer.image.tag|string||The image tag for the container.| |kubeGateway.gatewayParameters.glooGateway.sdsContainer.image.repository|string|sds|The image repository (name) for the container.| |kubeGateway.gatewayParameters.glooGateway.sdsContainer.image.digest|string||The hash digest of the container's image, ie. sha256:12345....| diff --git a/install/helm/gloo/crds/gateway.gloo.solo.io_crds.yaml b/install/helm/gloo/crds/gateway.gloo.solo.io_crds.yaml index 8ca07ed9bf9..91f5920fbd0 100644 --- a/install/helm/gloo/crds/gateway.gloo.solo.io_crds.yaml +++ b/install/helm/gloo/crds/gateway.gloo.solo.io_crds.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - crd.solo.io/specHash: e074048f8ccd27da + crd.solo.io/specHash: c30098945b4c73d8 labels: app: gloo-gateway app.kubernetes.io/name: gloo-gateway @@ -57,32 +57,6 @@ spec: properties: kube: properties: - autoscaling: - properties: - horizontalPodAutoscaler: - properties: - maxReplicas: - maximum: 4294967295 - minimum: 0 - nullable: true - type: integer - minReplicas: - maximum: 4294967295 - minimum: 0 - nullable: true - type: integer - targetCpuUtilizationPercentage: - maximum: 4294967295 - minimum: 0 - nullable: true - type: integer - targetMemoryUtilizationPercentage: - maximum: 4294967295 - minimum: 0 - nullable: true - type: integer - type: object - type: object deployment: properties: replicas: diff --git a/install/helm/gloo/generate/values.go b/install/helm/gloo/generate/values.go index 225212451e1..f6ee58cb4c7 100644 --- a/install/helm/gloo/generate/values.go +++ b/install/helm/gloo/generate/values.go @@ -331,11 +331,11 @@ type Istio struct { } type ProvisionedDeployment struct { - Replicas *int32 `json:"replicas,omitempty" desc:"number of instances to deploy."` + Replicas *int32 `json:"replicas,omitempty" desc:"number of instances to deploy. If set to null, a default of 1 will be imposed."` } type ProvisionedService struct { - Type *string `json:"type,omitempty" desc:"K8s service type"` + Type *string `json:"type,omitempty" desc:"K8s service type. If set to null, a default of LoadBalancer will be imposed."` } type SecurityOpts struct { @@ -351,6 +351,15 @@ type SecurityContext struct { *SecurityOpts } +// GatewayParamsSecurityContext is a passthrough struct that provides the corev1.SecurityContext without +// exposing the SecurityOpts/MergePolicy. MergePolicy is irrelevant to the GatewayParameters case because +// there is already a default and merge behavior defined. The "default" GatewayParameters are expected to +// be the base config, which is where a default policy can defined; each gwapi.Gateway can have specific +// GatewayParameters which can then override/merge into the default policy +type GatewayParamsSecurityContext struct { + *corev1.SecurityContext +} + type GlooDeployment struct { XdsPort *int `json:"xdsPort,omitempty" desc:"port where gloo serves xDS API to Envoy."` RestXdsPort *uint32 `json:"restXdsPort,omitempty" desc:"port where gloo serves REST xDS API to Envoy."` @@ -786,7 +795,9 @@ type Mtls struct { } type EnvoyContainer struct { - Image *Image `json:"image,omitempty"` + Image *Image `json:"image,omitempty"` + SecurityContext *GatewayParamsSecurityContext `json:"securityContext,omitempty" desc:"securityContext for envoy proxy container."` + Resources *ResourceRequirements `json:"resources,omitempty" desc:"Resource requirements for envoy proxy container."` } type SdsContainer struct { diff --git a/install/helm/gloo/templates/43-gatewayparameters.yaml b/install/helm/gloo/templates/43-gatewayparameters.yaml index a43a1426ce5..035435e2454 100644 --- a/install/helm/gloo/templates/43-gatewayparameters.yaml +++ b/install/helm/gloo/templates/43-gatewayparameters.yaml @@ -1,4 +1,5 @@ {{- if .Values.kubeGateway.enabled -}} +{{- $global := .Values.global -}} kind: GatewayParameters apiVersion: gateway.gloo.solo.io/v1alpha1 metadata: @@ -8,19 +9,47 @@ metadata: namespace: {{ .Release.Namespace }} spec: kube: -{{- if .Values.kubeGateway.gatewayParameters }} -{{- if .Values.kubeGateway.gatewayParameters.glooGateway }} -{{- $gg := .Values.kubeGateway.gatewayParameters.glooGateway -}} -{{- $global := .Values.global }} +{{- $gg := dict -}} +{{- if .Values.kubeGateway.gatewayParameters -}} +{{- if .Values.kubeGateway.gatewayParameters.glooGateway -}} +{{- $gg = .Values.kubeGateway.gatewayParameters.glooGateway -}} +{{- end }}{{/* if .Values.kubeGateway.gatewayParameters.glooGateway */}} +{{- end }}{{/* if .Values.kubeGateway.gatewayParameters */}} +{{- $replicas := 1 -}} +{{- if $gg.proxyDeployment -}} +{{- if $gg.proxyDeployment.replicas -}} +{{- $replicas = $gg.proxyDeployment.replicas -}} +{{- end -}}{{/* if $gg.proxyDeployment.replicas */}} +{{- end }}{{/* if $gg.proxyDeployment */}} deployment: - replicas: {{ $gg.proxyDeployment.replicas }} -{{- if $gg.service }} - service: - type: {{ $gg.service.type }} + replicas: {{ $replicas }} +{{- $serviceType := "LoadBalancer" -}} +{{- if $gg.service -}} +{{- if $gg.service.type -}} +{{- $serviceType = $gg.service.type -}} +{{- end -}}{{/* if $gg.service.type */}} {{- end }}{{/* if $gg.service */}} + service: + type: {{ $serviceType }} envoyContainer: image: - {{- merge $gg.envoyContainer.image $global.image | include "gloo-gateway.gatewayParametersImage" | nindent 8 }} + {{- $envoyImage := dict -}} + {{- if $gg.envoyContainer -}} + {{- if $gg.envoyContainer.image -}} + {{- $envoyImage = $gg.envoyContainer.image -}} + {{- end -}}{{/* if $gg.envoyContainer.image */}} + {{- end }}{{/* if $gg.envoyContainer */}} + {{- merge $envoyImage $global.image | include "gloo-gateway.gatewayParametersImage" | nindent 8 }} +{{- if $gg.envoyContainer -}} +{{- if $gg.envoyContainer.securityContext }} + securityContext: + {{- toYaml $gg.envoyContainer.securityContext | nindent 8 }} +{{- end }}{{/* if $gg.envoyContainer.securityContext */}} +{{- if $gg.envoyContainer.resources }} + resources: + {{- toYaml $gg.envoyContainer.resources | nindent 8 }} +{{- end }}{{/* if $gg.envoyContainer.resources */}} +{{- end }}{{/* if $gg.envoyContainer */}} podTemplate: extraLabels: {{- include "gloo-gateway.constLabels" . | nindent 8 }} @@ -61,6 +90,4 @@ spec: istioMetaClusterId: {{ $gg.istio.istioProxyContainer.istioMetaClusterId }} {{- end }}{{/* if and $gg.istio.istioProxyContainer (not $gg.istio.customSidecars) */}} {{- end }}{{/* if $gg.sdsContainer */}} -{{- end }}{{/* if .Values.kubeGateway.gatewayParameters.glooGateway */}} -{{- end }}{{/* if .Values.kubeGateway.gatewayParameters */}} -{{- end }}{{/* if .Values.kubeGateway.enabled */}} \ No newline at end of file +{{- end }}{{/* if .Values.kubeGateway.enabled */}} diff --git a/install/helm/gloo/values-template.yaml b/install/helm/gloo/values-template.yaml index 062e057ddf0..019362ddea7 100644 --- a/install/helm/gloo/values-template.yaml +++ b/install/helm/gloo/values-template.yaml @@ -12,8 +12,22 @@ kubeGateway: envoyContainer: image: repository: gloo-envoy-wrapper + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 10101 + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + # If proxyDeployment or proxyDeployment.replicas are null, a default of 1 will be + # imposed by the template. proxyDeployment: replicas: 1 + # If service or service.type are null, a default of LoadBalancer will be + # imposed by the template. service: type: LoadBalancer sdsContainer: diff --git a/install/test/k8sgateway_test.go b/install/test/k8sgateway_test.go index 5cb725f8a3a..0192898415e 100644 --- a/install/test/k8sgateway_test.go +++ b/install/test/k8sgateway_test.go @@ -78,11 +78,19 @@ var _ = Describe("Kubernetes Gateway API integration", func() { Expect(gwpKube.GetEnvoyContainer().GetImage().GetRegistry().GetValue()).To(Equal("quay.io/solo-io")) Expect(gwpKube.GetEnvoyContainer().GetImage().GetRepository().GetValue()).To(Equal("gloo-envoy-wrapper")) Expect(gwpKube.GetEnvoyContainer().GetImage().GetTag().GetValue()).To(Equal(version)) + Expect(gwpKube.GetEnvoyContainer().GetSecurityContext().GetAllowPrivilegeEscalation()).To(BeFalse()) + Expect(gwpKube.GetEnvoyContainer().GetSecurityContext().GetReadOnlyRootFilesystem()).To(BeTrue()) + Expect(gwpKube.GetEnvoyContainer().GetSecurityContext().GetRunAsNonRoot()).To(BeTrue()) + Expect(gwpKube.GetEnvoyContainer().GetSecurityContext().GetRunAsUser()).To(Equal(int64(10101))) + Expect(gwpKube.GetEnvoyContainer().GetSecurityContext().GetCapabilities().GetDrop()).To(ContainElement("ALL")) + Expect(gwpKube.GetEnvoyContainer().GetSecurityContext().GetCapabilities().GetAdd()).To(ContainElement("NET_BIND_SERVICE")) + Expect(gwpKube.GetEnvoyContainer().GetResources()).To(BeNil()) Expect(gwpKube.GetIstio().GetIstioProxyContainer().GetImage().GetPullPolicy()).To(Equal(kube.Image_IfNotPresent)) Expect(gwpKube.GetIstio().GetIstioProxyContainer().GetImage().GetRegistry().GetValue()).To(Equal("docker.io/istio")) Expect(gwpKube.GetIstio().GetIstioProxyContainer().GetImage().GetRepository().GetValue()).To(Equal("proxyv2")) Expect(gwpKube.GetIstio().GetIstioProxyContainer().GetImage().GetTag().GetValue()).To(Equal("1.22.0")) + Expect(gwpKube.GetIstio().GetIstioProxyContainer().GetSecurityContext()).To(BeNil()) Expect(gwpKube.GetIstio().GetIstioProxyContainer().GetLogLevel().GetValue()).To(Equal("warning")) Expect(gwpKube.GetIstio().GetIstioProxyContainer().GetIstioDiscoveryAddress().GetValue()).To(Equal("istiod.istio-system.svc:15012")) Expect(gwpKube.GetIstio().GetIstioProxyContainer().GetIstioMetaMeshId().GetValue()).To(Equal("cluster.local")) @@ -94,14 +102,21 @@ var _ = Describe("Kubernetes Gateway API integration", func() { Expect(gwpKube.GetSdsContainer().GetImage().GetRegistry().GetValue()).To(Equal("quay.io/solo-io")) Expect(gwpKube.GetSdsContainer().GetImage().GetRepository().GetValue()).To(Equal("sds")) Expect(gwpKube.GetSdsContainer().GetImage().GetTag().GetValue()).To(Equal(version)) + Expect(gwpKube.GetSdsContainer().GetSecurityContext()).To(BeNil()) Expect(gwpKube.GetSdsContainer().GetBootstrap().GetLogLevel().GetValue()).To(Equal("info")) + Expect(gwpKube.GetSdsContainer().GetResources()).To(BeNil()) Expect(gwpKube.GetService().GetType()).To(Equal(kube.Service_LoadBalancer)) }) When("overrides are set", func() { + var ( + sdsRequests = map[string]string{"memory": "101Mi", "cpu": "201m"} + sdsLimits = map[string]string{"memory": "301Mi", "cpu": "401m"} + envoyRequests = map[string]string{"memory": "102Mi", "cpu": "202m"} + envoyLimits = map[string]string{"memory": "302Mi", "cpu": "402m"} + ) BeforeEach(func() { - sdsVals := []string{"101Mi", "201m", "301Mi", "401m"} extraValuesArgs := []string{ "global.image.variant=standard", "global.image.tag=global-override-tag", @@ -112,6 +127,12 @@ var _ = Describe("Kubernetes Gateway API integration", func() { "kubeGateway.gatewayParameters.glooGateway.envoyContainer.image.registry=envoy-override-registry", "kubeGateway.gatewayParameters.glooGateway.envoyContainer.image.repository=envoy-override-repository", "kubeGateway.gatewayParameters.glooGateway.envoyContainer.image.pullPolicy=Always", + "kubeGateway.gatewayParameters.glooGateway.envoyContainer.securityContext.runAsNonRoot=null", + "kubeGateway.gatewayParameters.glooGateway.envoyContainer.securityContext.runAsUser=777", + fmt.Sprintf("kubeGateway.gatewayParameters.glooGateway.envoyContainer.resources.requests.memory=%s", envoyRequests["memory"]), + fmt.Sprintf("kubeGateway.gatewayParameters.glooGateway.envoyContainer.resources.requests.cpu=%s", envoyRequests["cpu"]), + fmt.Sprintf("kubeGateway.gatewayParameters.glooGateway.envoyContainer.resources.limits.memory=%s", envoyLimits["memory"]), + fmt.Sprintf("kubeGateway.gatewayParameters.glooGateway.envoyContainer.resources.limits.cpu=%s", envoyLimits["cpu"]), "kubeGateway.gatewayParameters.glooGateway.proxyDeployment.replicas=5", "kubeGateway.gatewayParameters.glooGateway.service.type=ClusterIP", "kubeGateway.gatewayParameters.glooGateway.sdsContainer.image.tag=sds-override-tag", @@ -119,16 +140,18 @@ var _ = Describe("Kubernetes Gateway API integration", func() { "kubeGateway.gatewayParameters.glooGateway.sdsContainer.image.repository=sds-override-repository", "kubeGateway.gatewayParameters.glooGateway.sdsContainer.image.pullPolicy=Never", "kubeGateway.gatewayParameters.glooGateway.sdsContainer.logLevel=debug", + "kubeGateway.gatewayParameters.glooGateway.sdsContainer.securityContext.runAsNonRoot=null", "kubeGateway.gatewayParameters.glooGateway.sdsContainer.securityContext.runAsUser=999", - fmt.Sprintf("kubeGateway.gatewayParameters.glooGateway.sdsContainer.sdsResources.requests.memory=%s", sdsVals[0]), - fmt.Sprintf("kubeGateway.gatewayParameters.glooGateway.sdsContainer.sdsResources.requests.cpu=%s", sdsVals[1]), - fmt.Sprintf("kubeGateway.gatewayParameters.glooGateway.sdsContainer.sdsResources.limits.memory=%s", sdsVals[2]), - fmt.Sprintf("kubeGateway.gatewayParameters.glooGateway.sdsContainer.sdsResources.limits.cpu=%s", sdsVals[3]), + fmt.Sprintf("kubeGateway.gatewayParameters.glooGateway.sdsContainer.sdsResources.requests.memory=%s", sdsRequests["memory"]), + fmt.Sprintf("kubeGateway.gatewayParameters.glooGateway.sdsContainer.sdsResources.requests.cpu=%s", sdsRequests["cpu"]), + fmt.Sprintf("kubeGateway.gatewayParameters.glooGateway.sdsContainer.sdsResources.limits.memory=%s", sdsLimits["memory"]), + fmt.Sprintf("kubeGateway.gatewayParameters.glooGateway.sdsContainer.sdsResources.limits.cpu=%s", sdsLimits["cpu"]), "kubeGateway.gatewayParameters.glooGateway.istio.istioProxyContainer.image.tag=istio-override-tag", "kubeGateway.gatewayParameters.glooGateway.istio.istioProxyContainer.image.registry=istio-override-registry", "kubeGateway.gatewayParameters.glooGateway.istio.istioProxyContainer.image.repository=istio-override-repository", "kubeGateway.gatewayParameters.glooGateway.istio.istioProxyContainer.image.pullPolicy=Never", "kubeGateway.gatewayParameters.glooGateway.istio.istioProxyContainer.logLevel=debug", + "kubeGateway.gatewayParameters.glooGateway.istio.istioProxyContainer.securityContext.runAsNonRoot=null", "kubeGateway.gatewayParameters.glooGateway.istio.istioProxyContainer.securityContext.runAsUser=888", "global.istioIntegration.enabled=true", } @@ -154,11 +177,28 @@ var _ = Describe("Kubernetes Gateway API integration", func() { Expect(gwpKube.GetEnvoyContainer().GetImage().GetRegistry().GetValue()).To(Equal("envoy-override-registry")) Expect(gwpKube.GetEnvoyContainer().GetImage().GetRepository().GetValue()).To(Equal("envoy-override-repository")) Expect(gwpKube.GetEnvoyContainer().GetImage().GetTag().GetValue()).To(Equal("envoy-override-tag")) + // We specified non-null override for runAsUser and null override for runAsNonRoot. We expect runAsUser to be overridden, + // runAsNonRoot to be missing (nil) and the rest to be rendered from defaults. + Expect(gwpKube.GetEnvoyContainer().GetSecurityContext().GetAllowPrivilegeEscalation()).To(BeFalse()) + Expect(gwpKube.GetEnvoyContainer().GetSecurityContext().GetReadOnlyRootFilesystem()).To(BeTrue()) + Expect(gwpKube.GetEnvoyContainer().GetSecurityContext().RunAsNonRoot).To(BeNil()) // Not using getter here as it masks nil as false + Expect(gwpKube.GetEnvoyContainer().GetSecurityContext().GetRunAsUser()).To(Equal(int64(777))) + Expect(gwpKube.GetEnvoyContainer().GetSecurityContext().GetCapabilities().GetDrop()).To(ContainElement("ALL")) + Expect(gwpKube.GetEnvoyContainer().GetSecurityContext().GetCapabilities().GetAdd()).To(ContainElement("NET_BIND_SERVICE")) + Expect(gwpKube.GetEnvoyContainer().GetResources().GetRequests()).To(matchers.ContainMapElements(envoyRequests)) + Expect(gwpKube.GetEnvoyContainer().GetResources().GetLimits()).To(matchers.ContainMapElements(envoyLimits)) Expect(gwpKube.GetIstio().GetIstioProxyContainer().GetImage().GetPullPolicy()).To(Equal(kube.Image_Never)) Expect(gwpKube.GetIstio().GetIstioProxyContainer().GetImage().GetRegistry().GetValue()).To(Equal("istio-override-registry")) Expect(gwpKube.GetIstio().GetIstioProxyContainer().GetImage().GetRepository().GetValue()).To(Equal("istio-override-repository")) Expect(gwpKube.GetIstio().GetIstioProxyContainer().GetImage().GetTag().GetValue()).To(Equal("istio-override-tag")) + // We specified non-null override for runAsUser and null override for runAsNonRoot. We expect runAsUser to be overridden, + // runAsNonRoot to be missing (nil) and the rest to be nil since there are no defaults. + Expect(gwpKube.GetIstio().GetIstioProxyContainer().GetSecurityContext().AllowPrivilegeEscalation).To(BeNil()) // Not using getter here as it masks nil as false + Expect(gwpKube.GetIstio().GetIstioProxyContainer().GetSecurityContext().ReadOnlyRootFilesystem).To(BeNil()) // Not using getter here as it masks nil as false + Expect(gwpKube.GetIstio().GetIstioProxyContainer().GetSecurityContext().RunAsNonRoot).To(BeNil()) // Not using getter here as it masks nil as false + Expect(gwpKube.GetIstio().GetIstioProxyContainer().GetSecurityContext().GetRunAsUser()).To(Equal(int64(888))) + Expect(gwpKube.GetIstio().GetIstioProxyContainer().GetSecurityContext().GetCapabilities()).To(BeNil()) Expect(gwpKube.GetIstio().GetIstioProxyContainer().GetLogLevel().GetValue()).To(Equal("debug")) Expect(gwpKube.GetIstio().GetIstioProxyContainer().GetIstioDiscoveryAddress().GetValue()).To(Equal("istiod.istio-system.svc:15012")) Expect(gwpKube.GetIstio().GetIstioProxyContainer().GetIstioMetaMeshId().GetValue()).To(Equal("cluster.local")) @@ -170,7 +210,16 @@ var _ = Describe("Kubernetes Gateway API integration", func() { Expect(gwpKube.GetSdsContainer().GetImage().GetRegistry().GetValue()).To(Equal("sds-override-registry")) Expect(gwpKube.GetSdsContainer().GetImage().GetRepository().GetValue()).To(Equal("sds-override-repository")) Expect(gwpKube.GetSdsContainer().GetImage().GetTag().GetValue()).To(Equal("sds-override-tag")) + // We specified non-null override for runAsUser and null override for runAsNonRoot. We expect runAsUser to be overridden, + // runAsNonRoot to be missing (nil) and the rest to be nil since there are no defaults. + Expect(gwpKube.GetSdsContainer().GetSecurityContext().AllowPrivilegeEscalation).To(BeNil()) // Not using getter here as it masks nil as false + Expect(gwpKube.GetSdsContainer().GetSecurityContext().ReadOnlyRootFilesystem).To(BeNil()) // Not using getter here as it masks nil as false + Expect(gwpKube.GetSdsContainer().GetSecurityContext().RunAsNonRoot).To(BeNil()) // Not using getter here as it masks nil as false + Expect(gwpKube.GetSdsContainer().GetSecurityContext().GetRunAsUser()).To(Equal(int64(999))) + Expect(gwpKube.GetSdsContainer().GetSecurityContext().GetCapabilities()).To(BeNil()) Expect(gwpKube.GetSdsContainer().GetBootstrap().GetLogLevel().GetValue()).To(Equal("debug")) + Expect(gwpKube.GetSdsContainer().GetResources().GetRequests()).To(matchers.ContainMapElements(sdsRequests)) + Expect(gwpKube.GetSdsContainer().GetResources().GetLimits()).To(matchers.ContainMapElements(sdsLimits)) Expect(gwpKube.GetService().GetType()).To(Equal(kube.Service_ClusterIP)) }) diff --git a/projects/gateway2/api/v1alpha1/gateway_parameters.proto b/projects/gateway2/api/v1alpha1/gateway_parameters.proto index fb52af674ef..d5d0c11a753 100644 --- a/projects/gateway2/api/v1alpha1/gateway_parameters.proto +++ b/projects/gateway2/api/v1alpha1/gateway_parameters.proto @@ -57,8 +57,10 @@ message KubernetesProxyConfig { // the network. kube.gateway.gloo.solo.io.Service service = 4; + // NOTE: Not used currently // Autoscaling configuration. - kube.gateway.gloo.solo.io.Autoscaling autoscaling = 5; + // kube.gateway.gloo.solo.io.Autoscaling autoscaling = 5; + reserved 5; // Istio integration configuration. IstioIntegration istio = 6; diff --git a/projects/gateway2/deployer/deployer.go b/projects/gateway2/deployer/deployer.go index 9f66f8fd96e..f1e3e727c93 100644 --- a/projects/gateway2/deployer/deployer.go +++ b/projects/gateway2/deployer/deployer.go @@ -108,11 +108,12 @@ func (d *Deployer) GetGvksToWatch(ctx context.Context) ([]schema.GroupVersionKin Namespace: "default", }, } + // TODO(Law): these must be set explicitly as we don't have defaults for them + // and the internal template isn't robust enough. + // This should be empty eventually -- the template must be resilient against nil-pointers + // i.e. don't add stuff here! vals := map[string]any{ "gateway": map[string]any{ - "serviceAccount": map[string]any{ - "create": true, - }, "istio": map[string]any{ "enabled": false, }, @@ -157,7 +158,8 @@ func (d *Deployer) renderChartToObjects(gw *api.Gateway, vals map[string]any) ([ return objs, nil } -// Gets the GatewayParameters object (if any) associated with a given Gateway. +// getGatewayParametersForGateway reuturns the a merged GatewayParameters object resulting from the default GwParams object and +// the GwParam object specifically associated with the given Gateway (if one exists). func (d *Deployer) getGatewayParametersForGateway(ctx context.Context, gw *api.Gateway) (*v1alpha1.GatewayParameters, error) { logger := log.FromContext(ctx) @@ -282,12 +284,18 @@ func (d *Deployer) getValues(gw *api.Gateway, gwParam *v1alpha1.GatewayParameter istioContainerConfig := istioConfig.GetIstioProxyContainer() // deployment values - autoscalingVals := getAutoscalingValues(kubeProxyConfig.GetAutoscaling()) - vals.Gateway.Autoscaling = autoscalingVals - if autoscalingVals == nil && deployConfig.GetReplicas() != nil { - replicas := deployConfig.GetReplicas().GetValue() - vals.Gateway.ReplicaCount = &replicas - } + replicas := deployConfig.GetReplicas().GetValue() + vals.Gateway.ReplicaCount = &replicas + + // TODO: The follow stanza has been commented out as autoscaling support has been removed. + // see https://github.com/solo-io/solo-projects/issues/5948 for more info. + // + // autoscalingVals := getAutoscalingValues(kubeProxyConfig.GetAutoscaling()) + // vals.Gateway.Autoscaling = autoscalingVals + // if autoscalingVals == nil && deployConfig.GetReplicas() != nil { + // replicas := deployConfig.GetReplicas().GetValue() + // vals.Gateway.ReplicaCount = &replicas + // } // service values vals.Gateway.Service = getServiceValues(svcConfig) @@ -354,6 +362,15 @@ func (d *Deployer) Render(name, ns string, vals map[string]any) ([]client.Object return objs, nil } +// GetObjsToDeploy does the following: +// +// * performs GatewayParameters lookup/merging etc to get a final set of helm values +// +// * use those helm values to render the internal `gloo-gateway` helm chart into k8s objects +// +// * sets ownerRefs on all generated objects +// +// * returns the objects to be deployed by the caller func (d *Deployer) GetObjsToDeploy(ctx context.Context, gw *api.Gateway) ([]client.Object, error) { gwParam, err := d.getGatewayParametersForGateway(ctx, gw) if err != nil { diff --git a/projects/gateway2/deployer/deployer_test.go b/projects/gateway2/deployer/deployer_test.go index 4dbebddba46..923432f7663 100644 --- a/projects/gateway2/deployer/deployer_test.go +++ b/projects/gateway2/deployer/deployer_test.go @@ -8,7 +8,6 @@ import ( _ "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3" "github.com/golang/protobuf/ptypes/wrappers" . "github.com/onsi/ginkgo/v2" - "github.com/onsi/gomega" . "github.com/onsi/gomega" "github.com/onsi/gomega/types" "github.com/solo-io/gloo/pkg/version" @@ -44,9 +43,7 @@ type testBootstrap struct { envoy_config_bootstrap.Bootstrap } -func (t *testBootstrap) SetMetadata(meta *core.Metadata) { - return -} +func (t *testBootstrap) SetMetadata(meta *core.Metadata) {} func (t *testBootstrap) Equal(_ any) bool { return false @@ -560,14 +557,14 @@ var _ = Describe("Deployer", func() { logLevelsMap := expectedGwp.GetEnvoyContainer().GetBootstrap().GetComponentLogLevels() levels := []types.GomegaMatcher{} for k, v := range logLevelsMap { - levels = append(levels, gomega.ContainSubstring(fmt.Sprintf("%s:%s", k, v))) + levels = append(levels, ContainSubstring(fmt.Sprintf("%s:%s", k, v))) } argsMatchers := []interface{}{ "--log-level", expectedGwp.GetEnvoyContainer().GetBootstrap().GetLogLevel().GetValue(), "--component-log-level", - gomega.And(levels...), + And(levels...), } Expect(objs.findDeployment(defaultNamespace, defaultDeploymentName).Spec.Template.Spec.Containers[0].Args).To(ContainElements( diff --git a/projects/gateway2/deployer/merge.go b/projects/gateway2/deployer/merge.go index 8fad9e99d0b..83e52c20921 100644 --- a/projects/gateway2/deployer/merge.go +++ b/projects/gateway2/deployer/merge.go @@ -78,7 +78,9 @@ func deepMergeGatewayParameters(dst, src *v1alpha1.GatewayParameters) *v1alpha1. dstKube.Service = deepMergeService(dstKube.GetService(), srcKube.GetService()) - dstKube.Autoscaling = deepMergeAutoscaling(dstKube.GetAutoscaling(), srcKube.GetAutoscaling()) + // TODO: removed until autoscaling reimplemented + // see: https://github.com/solo-io/solo-projects/issues/5948 + // dstKube.Autoscaling = deepMergeAutoscaling(dstKube.GetAutoscaling(), srcKube.GetAutoscaling()) dstKube.SdsContainer = deepMergeSdsContainer(dstKube.GetSdsContainer(), srcKube.GetSdsContainer()) dstKube.Istio = deepMergeIstioIntegration(dstKube.GetIstio(), srcKube.GetIstio()) @@ -329,20 +331,22 @@ func deepMergeService(dst, src *kube.Service) *kube.Service { return dst } -func deepMergeAutoscaling(dst, src *kube.Autoscaling) *kube.Autoscaling { - // nil src override means just use dst - if src == nil { - return dst - } +// TODO: removing until autoscaling reimplemented +// see: https://github.com/solo-io/solo-projects/issues/5948 +// func deepMergeAutoscaling(dst, src *kube.Autoscaling) *kube.Autoscaling { +// // nil src override means just use dst +// if src == nil { +// return dst +// } - if dst == nil { - return src - } +// if dst == nil { +// return src +// } - dst.HorizontalPodAutoscaler = deepMergeHorizontalPodAutoscaler(dst.GetHorizontalPodAutoscaler(), src.GetHorizontalPodAutoscaler()) +// dst.HorizontalPodAutoscaler = deepMergeHorizontalPodAutoscaler(dst.GetHorizontalPodAutoscaler(), src.GetHorizontalPodAutoscaler()) - return dst -} +// return dst +// } func deepMergeHorizontalPodAutoscaler(dst, src *kube.HorizontalPodAutoscaler) *kube.HorizontalPodAutoscaler { // nil src override means just use dst diff --git a/projects/gateway2/deployer/values.go b/projects/gateway2/deployer/values.go index e84e9c8ed33..ca4b3ae553e 100644 --- a/projects/gateway2/deployer/values.go +++ b/projects/gateway2/deployer/values.go @@ -22,9 +22,7 @@ type helmGateway struct { ReplicaCount *uint32 `json:"replicaCount,omitempty"` Autoscaling *helmAutoscaling `json:"autoscaling,omitempty"` Ports []helmPort `json:"ports,omitempty"` - // TODO: This is unused - ReadinessPort *uint16 `json:"readinessPort,omitempty"` - Service *helmService `json:"service,omitempty"` + Service *helmService `json:"service,omitempty"` // pod template values ExtraPodAnnotations map[string]string `json:"extraPodAnnotations,omitempty"` @@ -51,9 +49,6 @@ type helmGateway struct { // xds values Xds *helmXds `json:"xds,omitempty"` - - // serviceaccount values - ServiceAccount *helmServiceAccount `json:"serviceAccount,omitempty"` } // helmPort represents a Gateway Listener port @@ -120,9 +115,3 @@ type helmIstioContainer struct { IstioMetaMeshId *string `json:"istioMetaMeshId,omitempty"` IstioMetaClusterId *string `json:"istioMetaClusterId,omitempty"` } - -type helmServiceAccount struct { - Create *bool `json:"create,omitempty"` - Name *string `json:"name,omitempty"` - Annotations map[string]string `json:"annotations,omitempty"` -} diff --git a/projects/gateway2/deployer/values_helpers.go b/projects/gateway2/deployer/values_helpers.go index 383bd0b5830..93d1bee41ee 100644 --- a/projects/gateway2/deployer/values_helpers.go +++ b/projects/gateway2/deployer/values_helpers.go @@ -51,36 +51,38 @@ func getPortsValues(gw *api.Gateway) []helmPort { return gwPorts } +// TODO: Removing until autoscaling is re-added. +// See: https://github.com/solo-io/solo-projects/issues/5948 // Convert autoscaling values from GatewayParameters into helm values to be used by the deployer. -func getAutoscalingValues(autoscaling *v1alpha1kube.Autoscaling) *helmAutoscaling { - hpaConfig := autoscaling.GetHorizontalPodAutoscaler() - if hpaConfig == nil { - return nil - } - - trueVal := true - autoscalingVals := &helmAutoscaling{ - Enabled: &trueVal, - } - if hpaConfig.GetMinReplicas() != nil { - minReplicas := hpaConfig.GetMinReplicas().GetValue() - autoscalingVals.MinReplicas = &minReplicas - } - if hpaConfig.GetMaxReplicas() != nil { - maxReplicas := hpaConfig.GetMaxReplicas().GetValue() - autoscalingVals.MaxReplicas = &maxReplicas - } - if hpaConfig.GetTargetCpuUtilizationPercentage() != nil { - cpuPercent := hpaConfig.GetTargetCpuUtilizationPercentage().GetValue() - autoscalingVals.TargetCPUUtilizationPercentage = &cpuPercent - } - if hpaConfig.GetTargetMemoryUtilizationPercentage() != nil { - memPercent := hpaConfig.GetTargetMemoryUtilizationPercentage().GetValue() - autoscalingVals.TargetMemoryUtilizationPercentage = &memPercent - } - - return autoscalingVals -} +// func getAutoscalingValues(autoscaling *v1alpha1kube.Autoscaling) *helmAutoscaling { +// hpaConfig := autoscaling.GetHorizontalPodAutoscaler() +// if hpaConfig == nil { +// return nil +// } + +// trueVal := true +// autoscalingVals := &helmAutoscaling{ +// Enabled: &trueVal, +// } +// if hpaConfig.GetMinReplicas() != nil { +// minReplicas := hpaConfig.GetMinReplicas().GetValue() +// autoscalingVals.MinReplicas = &minReplicas +// } +// if hpaConfig.GetMaxReplicas() != nil { +// maxReplicas := hpaConfig.GetMaxReplicas().GetValue() +// autoscalingVals.MaxReplicas = &maxReplicas +// } +// if hpaConfig.GetTargetCpuUtilizationPercentage() != nil { +// cpuPercent := hpaConfig.GetTargetCpuUtilizationPercentage().GetValue() +// autoscalingVals.TargetCPUUtilizationPercentage = &cpuPercent +// } +// if hpaConfig.GetTargetMemoryUtilizationPercentage() != nil { +// memPercent := hpaConfig.GetTargetMemoryUtilizationPercentage().GetValue() +// autoscalingVals.TargetMemoryUtilizationPercentage = &memPercent +// } + +// return autoscalingVals +// } // Convert service values from GatewayParameters into helm values to be used by the deployer. func getServiceValues(svcConfig *v1alpha1kube.Service) *helmService { diff --git a/projects/gateway2/helm/gloo-gateway/templates/_helpers.tpl b/projects/gateway2/helm/gloo-gateway/templates/_helpers.tpl index abb2e48f2e7..c9cdf8554da 100644 --- a/projects/gateway2/helm/gloo-gateway/templates/_helpers.tpl +++ b/projects/gateway2/helm/gloo-gateway/templates/_helpers.tpl @@ -65,18 +65,6 @@ app.kubernetes.io/instance: {{ .Release.Name }} gateway.networking.k8s.io/gateway-name: {{ .Release.Name }} {{- end }} -{{/* -Create the name of the service account to use -*/}} -{{- define "gloo-gateway.gateway.serviceAccountName" -}} -{{- if .Values.gateway.serviceAccount.create }} -{{- default (include "gloo-gateway.gateway.fullname" .) .Values.gateway.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.gateway.serviceAccount.name }} -{{- end }} -{{- end }} - - {{/* Return a container image value as a string */}} diff --git a/projects/gateway2/helm/gloo-gateway/templates/gateway/proxy-deployment.yaml b/projects/gateway2/helm/gloo-gateway/templates/gateway/proxy-deployment.yaml index 9db57334d0d..4d02dc1e0c1 100644 --- a/projects/gateway2/helm/gloo-gateway/templates/gateway/proxy-deployment.yaml +++ b/projects/gateway2/helm/gloo-gateway/templates/gateway/proxy-deployment.yaml @@ -29,13 +29,17 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "gloo-gateway.gateway.serviceAccountName" . }} + serviceAccountName: {{ include "gloo-gateway.gateway.fullname" . }} + {{- if $gateway.podSecurityContext }} securityContext: {{- toYaml $gateway.podSecurityContext | nindent 8 }} + {{- end }} containers: - name: {{ .Chart.Name }} + {{- if $gateway.securityContext }} securityContext: - {{- toYaml $gateway.securityContext | nindent 12 }} + {{- toYaml $gateway.securityContext | nindent 10 }} + {{- end }} args: - "--disable-hot-restart" - "--service-node" @@ -79,8 +83,10 @@ spec: initialDelaySeconds: 3 periodSeconds: 10 failureThreshold: 3 +{{- if $gateway.resources }} resources: {{- toYaml $gateway.resources | nindent 12 }} +{{- end }} {{/* if $gateway.resources */}} {{- if $gateway.istio.enabled }} - name: sds image: "{{ template "gloo-gateway.gateway.image" $gateway.sdsContainer.image }}" @@ -255,21 +261,15 @@ spec: - name: workload-certs emptyDir: {} {{- end }} {{/* if $gateway.istio.enabled */}} -{{- if $gateway.serviceAccount.create }} --- apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "gloo-gateway.gateway.serviceAccountName" . }} + name: {{ include "gloo-gateway.gateway.fullname" . }} labels: {{- include "gloo-gateway.gateway.constLabels" . | nindent 4 }} {{- include "gloo-gateway.gateway.labels" . | nindent 4 }} - {{- with $gateway.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} automountServiceAccountToken: false -{{- end }} {{/* if $gateway.serviceAccount.create */}} --- apiVersion: v1 kind: Service @@ -318,9 +318,9 @@ data: role: gloo-kube-gateway-api~{{ $gateway.gatewayNamespace }}~{{ $gateway.gatewayNamespace }}-{{ $gateway.gatewayName | default (include "gloo-gateway.gateway.fullname" .) }} static_resources: listeners: - - name: read_config_listener + - name: readiness_listener address: - socket_address: { address: 0.0.0.0, port_value: {{ $gateway.readinessPort }} } + socket_address: { address: 0.0.0.0, port_value: 8082 } filter_chains: - filters: - name: envoy.filters.network.http_connection_manager diff --git a/projects/gateway2/helm/gloo-gateway/values.yaml b/projects/gateway2/helm/gloo-gateway/values.yaml index 36db347db6e..fd88f369237 100644 --- a/projects/gateway2/helm/gloo-gateway/values.yaml +++ b/projects/gateway2/helm/gloo-gateway/values.yaml @@ -1,47 +1,38 @@ -# Default values for gloo-gateway. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. +# These values represent configurable values for the dynamic proxy chart +# They are not intended to be actual "defaults," rather they are just placeholder values +# meant to allow rendering of the chart/template, as the real values will come from: +# * The control plane +# * The `Gateway` resource driving the proxy provisioning +# * A (possibly merged) GatewayParameters object translated to helm values +# The actual defaults for these values should come from the "default GatewayParameters" object +# See: (/gloo/install/helm/gloo/templates/43-gatewayparameters.yaml) +# TODO: This file/workflow can be shored up via https://github.com/solo-io/solo-projects/issues/6417 gateway: - nameOverride: "" - fullnameOverride: "" - gatewayName: "" - gatewayNamespace: "" + # xds values actually come from the control plane xds: host: "" port: 8080 + + # actual default set in default GatewayParam proxyDeployment.replicas replicaCount: 1 - resources: {} - autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 + + # actual default set in default GatewayParam service.type service: type: LoadBalancer - readinessPort: 8082 - # ports should come from the Gateway + + # list of ports actually come from the Gateway resource driving this proxy ports: - port: 80 targetPort: 80 protocol: TCP name: http - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 10101 - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" + + # leftover autoscaling config; not actually wired up for public use yet + # see: https://github.com/solo-io/solo-projects/issues/5948 + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 diff --git a/projects/gateway2/pkg/api/gateway.gloo.solo.io/v1alpha1/gateway_parameters.pb.equal.go b/projects/gateway2/pkg/api/gateway.gloo.solo.io/v1alpha1/gateway_parameters.pb.equal.go index 37fbab2df8b..f710c697ca9 100644 --- a/projects/gateway2/pkg/api/gateway.gloo.solo.io/v1alpha1/gateway_parameters.pb.equal.go +++ b/projects/gateway2/pkg/api/gateway.gloo.solo.io/v1alpha1/gateway_parameters.pb.equal.go @@ -149,16 +149,6 @@ func (m *KubernetesProxyConfig) Equal(that interface{}) bool { } } - if h, ok := interface{}(m.GetAutoscaling()).(equality.Equalizer); ok { - if !h.Equal(target.GetAutoscaling()) { - return false - } - } else { - if !proto.Equal(m.GetAutoscaling(), target.GetAutoscaling()) { - return false - } - } - if h, ok := interface{}(m.GetIstio()).(equality.Equalizer); ok { if !h.Equal(target.GetIstio()) { return false diff --git a/projects/gateway2/pkg/api/gateway.gloo.solo.io/v1alpha1/gateway_parameters.pb.go b/projects/gateway2/pkg/api/gateway.gloo.solo.io/v1alpha1/gateway_parameters.pb.go index 6a7e974da01..f3ef31157d3 100644 --- a/projects/gateway2/pkg/api/gateway.gloo.solo.io/v1alpha1/gateway_parameters.pb.go +++ b/projects/gateway2/pkg/api/gateway.gloo.solo.io/v1alpha1/gateway_parameters.pb.go @@ -141,8 +141,6 @@ type KubernetesProxyConfig struct { // Configuration for the Kubernetes Service that exposes the Envoy proxy over // the network. Service *kube.Service `protobuf:"bytes,4,opt,name=service,proto3" json:"service,omitempty"` - // Autoscaling configuration. - Autoscaling *kube.Autoscaling `protobuf:"bytes,5,opt,name=autoscaling,proto3" json:"autoscaling,omitempty"` // Istio integration configuration. Istio *IstioIntegration `protobuf:"bytes,6,opt,name=istio,proto3" json:"istio,omitempty"` } @@ -221,13 +219,6 @@ func (x *KubernetesProxyConfig) GetService() *kube.Service { return nil } -func (x *KubernetesProxyConfig) GetAutoscaling() *kube.Autoscaling { - if x != nil { - return x.Autoscaling - } - return nil -} - func (x *KubernetesProxyConfig) GetIstio() *IstioIntegration { if x != nil { return x.Istio @@ -871,7 +862,7 @@ var file_github_com_solo_io_gloo_projects_gateway2_api_v1alpha1_gateway_paramete 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x48, 0x00, 0x52, 0x0b, 0x73, 0x65, 0x6c, 0x66, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x64, 0x42, 0x12, 0x0a, 0x10, 0x65, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x5f, - 0x74, 0x79, 0x70, 0x65, 0x22, 0x92, 0x04, 0x0a, 0x15, 0x4b, 0x75, 0x62, 0x65, 0x72, 0x6e, 0x65, + 0x74, 0x79, 0x70, 0x65, 0x22, 0xce, 0x03, 0x0a, 0x15, 0x4b, 0x75, 0x62, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x65, 0x73, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x47, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x6c, 0x6f, 0x79, 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x67, 0x6c, 0x6f, @@ -895,132 +886,128 @@ var file_github_com_solo_io_gloo_projects_gateway2_api_v1alpha1_gateway_paramete 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x6b, 0x75, 0x62, 0x65, 0x2e, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x12, 0x48, 0x0a, 0x0b, 0x61, 0x75, 0x74, 0x6f, 0x73, 0x63, 0x61, 0x6c, 0x69, 0x6e, 0x67, 0x18, - 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x6b, 0x75, 0x62, 0x65, 0x2e, 0x67, 0x61, 0x74, - 0x65, 0x77, 0x61, 0x79, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, - 0x6f, 0x2e, 0x41, 0x75, 0x74, 0x6f, 0x73, 0x63, 0x61, 0x6c, 0x69, 0x6e, 0x67, 0x52, 0x0b, 0x61, - 0x75, 0x74, 0x6f, 0x73, 0x63, 0x61, 0x6c, 0x69, 0x6e, 0x67, 0x12, 0x3c, 0x0a, 0x05, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x61, 0x74, 0x65, + 0x12, 0x3c, 0x0a, 0x05, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x26, 0x2e, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, + 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x49, 0x6e, 0x74, 0x65, + 0x67, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x42, 0x0f, + 0x0a, 0x0d, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x4a, + 0x04, 0x08, 0x05, 0x10, 0x06, 0x22, 0x4b, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x44, 0x65, + 0x70, 0x6c, 0x6f, 0x79, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x38, 0x0a, 0x08, 0x72, 0x65, 0x70, 0x6c, + 0x69, 0x63, 0x61, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, + 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x08, 0x72, 0x65, 0x70, 0x6c, 0x69, 0x63, + 0x61, 0x73, 0x22, 0xab, 0x02, 0x0a, 0x0e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x43, 0x6f, 0x6e, 0x74, + 0x61, 0x69, 0x6e, 0x65, 0x72, 0x12, 0x42, 0x0a, 0x09, 0x62, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, + 0x61, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x61, 0x74, 0x65, 0x77, + 0x61, 0x79, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, + 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x52, 0x09, + 0x62, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x12, 0x36, 0x0a, 0x05, 0x69, 0x6d, 0x61, + 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x6b, 0x75, 0x62, 0x65, 0x2e, + 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, + 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x52, 0x05, 0x69, 0x6d, 0x61, 0x67, + 0x65, 0x12, 0x4e, 0x0a, 0x10, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x63, 0x6f, + 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x6b, 0x38, + 0x73, 0x2e, 0x69, 0x6f, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x31, + 0x2e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, + 0x52, 0x0f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, + 0x74, 0x12, 0x4d, 0x0a, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x6b, 0x75, 0x62, 0x65, 0x2e, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, - 0x2e, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x49, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x52, 0x05, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x42, 0x0f, 0x0a, 0x0d, 0x77, 0x6f, 0x72, 0x6b, - 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x22, 0x4b, 0x0a, 0x0f, 0x50, 0x72, 0x6f, - 0x78, 0x79, 0x44, 0x65, 0x70, 0x6c, 0x6f, 0x79, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x38, 0x0a, 0x08, - 0x72, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x08, 0x72, 0x65, - 0x70, 0x6c, 0x69, 0x63, 0x61, 0x73, 0x22, 0xab, 0x02, 0x0a, 0x0e, 0x45, 0x6e, 0x76, 0x6f, 0x79, - 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x12, 0x42, 0x0a, 0x09, 0x62, 0x6f, 0x6f, - 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, + 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, + 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, + 0x22, 0x82, 0x02, 0x0a, 0x0e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, + 0x72, 0x61, 0x70, 0x12, 0x39, 0x0a, 0x09, 0x6c, 0x6f, 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x56, + 0x61, 0x6c, 0x75, 0x65, 0x52, 0x08, 0x6c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x6e, + 0x0a, 0x14, 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x5f, 0x6c, 0x6f, 0x67, 0x5f, + 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, - 0x61, 0x70, 0x52, 0x09, 0x62, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x12, 0x36, 0x0a, - 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x6b, + 0x61, 0x70, 0x2e, 0x43, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x4c, 0x6f, 0x67, 0x4c, + 0x65, 0x76, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x12, 0x63, 0x6f, 0x6d, 0x70, + 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x73, 0x1a, 0x45, + 0x0a, 0x17, 0x43, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x4c, 0x6f, 0x67, 0x4c, 0x65, + 0x76, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, + 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xb4, 0x01, 0x0a, 0x10, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x49, + 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x58, 0x0a, 0x15, 0x69, 0x73, + 0x74, 0x69, 0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, + 0x6e, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x61, 0x74, 0x65, + 0x77, 0x61, 0x79, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, + 0x2e, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x52, + 0x13, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x74, 0x61, + 0x69, 0x6e, 0x65, 0x72, 0x12, 0x46, 0x0a, 0x0f, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x5f, 0x73, + 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1d, 0x2e, + 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, + 0x76, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x52, 0x0e, 0x63, 0x75, + 0x73, 0x74, 0x6f, 0x6d, 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x73, 0x22, 0xa7, 0x02, 0x0a, + 0x0c, 0x53, 0x64, 0x73, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x12, 0x36, 0x0a, + 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x6b, 0x75, 0x62, 0x65, 0x2e, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x52, 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x12, 0x4e, 0x0a, 0x10, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, - 0x79, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x79, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x52, 0x0f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x4d, 0x0a, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x6b, 0x75, 0x62, 0x65, 0x2e, + 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x6b, 0x75, 0x62, 0x65, 0x2e, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x73, 0x22, 0x82, 0x02, 0x0a, 0x0e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x42, 0x6f, - 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x12, 0x39, 0x0a, 0x09, 0x6c, 0x6f, 0x67, 0x5f, 0x6c, - 0x65, 0x76, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, - 0x69, 0x6e, 0x67, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x08, 0x6c, 0x6f, 0x67, 0x4c, 0x65, 0x76, - 0x65, 0x6c, 0x12, 0x6e, 0x0a, 0x14, 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x5f, - 0x6c, 0x6f, 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x3c, 0x2e, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, - 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x42, 0x6f, 0x6f, - 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x2e, 0x43, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, - 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x12, - 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, - 0x6c, 0x73, 0x1a, 0x45, 0x0a, 0x17, 0x43, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x4c, - 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, - 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, - 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xb4, 0x01, 0x0a, 0x10, 0x49, 0x73, - 0x74, 0x69, 0x6f, 0x49, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x58, - 0x0a, 0x15, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x63, 0x6f, - 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, - 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, - 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, - 0x6e, 0x65, 0x72, 0x52, 0x13, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, - 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x12, 0x46, 0x0a, 0x0f, 0x63, 0x75, 0x73, 0x74, - 0x6f, 0x6d, 0x5f, 0x73, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x1d, 0x2e, 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x63, - 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, - 0x52, 0x0e, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x73, - 0x22, 0xa7, 0x02, 0x0a, 0x0c, 0x53, 0x64, 0x73, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, - 0x72, 0x12, 0x36, 0x0a, 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x20, 0x2e, 0x6b, 0x75, 0x62, 0x65, 0x2e, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, - 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x49, 0x6d, 0x61, - 0x67, 0x65, 0x52, 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x12, 0x4e, 0x0a, 0x10, 0x73, 0x65, 0x63, - 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2e, 0x61, 0x70, 0x69, - 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, - 0x79, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x52, 0x0f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, - 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x4d, 0x0a, 0x09, 0x72, 0x65, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x6b, - 0x75, 0x62, 0x65, 0x2e, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, - 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x09, 0x72, - 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x40, 0x0a, 0x09, 0x62, 0x6f, 0x6f, 0x74, - 0x73, 0x74, 0x72, 0x61, 0x70, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x61, - 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, - 0x69, 0x6f, 0x2e, 0x53, 0x64, 0x73, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x52, - 0x09, 0x62, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x22, 0x49, 0x0a, 0x0c, 0x53, 0x64, - 0x73, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x12, 0x39, 0x0a, 0x09, 0x6c, 0x6f, - 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, - 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x08, 0x6c, 0x6f, 0x67, - 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x22, 0x94, 0x04, 0x0a, 0x0e, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x43, - 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x12, 0x36, 0x0a, 0x05, 0x69, 0x6d, 0x61, 0x67, - 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x6b, 0x75, 0x62, 0x65, 0x2e, 0x67, - 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, - 0x2e, 0x69, 0x6f, 0x2e, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x52, 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, - 0x12, 0x4e, 0x0a, 0x10, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x63, 0x6f, 0x6e, - 0x74, 0x65, 0x78, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x6b, 0x38, 0x73, - 0x2e, 0x69, 0x6f, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x31, 0x2e, - 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x52, - 0x0f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, - 0x12, 0x4d, 0x0a, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x6b, 0x75, 0x62, 0x65, 0x2e, 0x67, 0x61, 0x74, 0x65, 0x77, + 0x72, 0x63, 0x65, 0x73, 0x12, 0x40, 0x0a, 0x09, 0x62, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, + 0x70, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, + 0x79, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x53, + 0x64, 0x73, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x52, 0x09, 0x62, 0x6f, 0x6f, + 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x22, 0x49, 0x0a, 0x0c, 0x53, 0x64, 0x73, 0x42, 0x6f, 0x6f, + 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x12, 0x39, 0x0a, 0x09, 0x6c, 0x6f, 0x67, 0x5f, 0x6c, 0x65, + 0x76, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x69, + 0x6e, 0x67, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x08, 0x6c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, + 0x6c, 0x22, 0x94, 0x04, 0x0a, 0x0e, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x43, 0x6f, 0x6e, 0x74, 0x61, + 0x69, 0x6e, 0x65, 0x72, 0x12, 0x36, 0x0a, 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x6b, 0x75, 0x62, 0x65, 0x2e, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, - 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, - 0x65, 0x6e, 0x74, 0x73, 0x52, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, - 0x39, 0x0a, 0x09, 0x6c, 0x6f, 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x56, 0x61, 0x6c, 0x75, 0x65, - 0x52, 0x08, 0x6c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x54, 0x0a, 0x17, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x5f, 0x61, 0x64, - 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, - 0x72, 0x69, 0x6e, 0x67, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x15, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, - 0x12, 0x49, 0x0a, 0x12, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x5f, 0x6d, - 0x65, 0x73, 0x68, 0x5f, 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, - 0x74, 0x72, 0x69, 0x6e, 0x67, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0f, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x4d, 0x65, 0x74, 0x61, 0x4d, 0x65, 0x73, 0x68, 0x49, 0x64, 0x12, 0x4f, 0x0a, 0x15, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, - 0x72, 0x5f, 0x69, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, - 0x69, 0x6e, 0x67, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x4d, - 0x65, 0x74, 0x61, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x49, 0x64, 0x22, 0x19, 0x0a, 0x17, - 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, - 0x73, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x42, 0x59, 0xb8, 0xf5, 0x04, 0x01, 0xc0, 0xf5, 0x04, - 0x01, 0x5a, 0x4f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x6f, - 0x6c, 0x6f, 0x2d, 0x69, 0x6f, 0x2f, 0x67, 0x6c, 0x6f, 0x6f, 0x2f, 0x70, 0x72, 0x6f, 0x6a, 0x65, - 0x63, 0x74, 0x73, 0x2f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x32, 0x2f, 0x70, 0x6b, 0x67, - 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x67, 0x6c, 0x6f, - 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x49, 0x6d, 0x61, 0x67, 0x65, 0x52, 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x12, 0x4e, 0x0a, 0x10, + 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2e, + 0x61, 0x70, 0x69, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x63, 0x75, + 0x72, 0x69, 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x52, 0x0f, 0x73, 0x65, 0x63, + 0x75, 0x72, 0x69, 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x4d, 0x0a, 0x09, + 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x2f, 0x2e, 0x6b, 0x75, 0x62, 0x65, 0x2e, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x67, + 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x52, 0x65, 0x73, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, + 0x52, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x39, 0x0a, 0x09, 0x6c, + 0x6f, 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x08, 0x6c, 0x6f, + 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x54, 0x0a, 0x17, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, + 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, + 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, + 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x15, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x44, 0x69, 0x73, 0x63, + 0x6f, 0x76, 0x65, 0x72, 0x79, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x49, 0x0a, 0x12, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x5f, 0x6d, 0x65, 0x73, 0x68, 0x5f, + 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, + 0x67, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0f, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x4d, 0x65, 0x74, + 0x61, 0x4d, 0x65, 0x73, 0x68, 0x49, 0x64, 0x12, 0x4f, 0x0a, 0x15, 0x69, 0x73, 0x74, 0x69, 0x6f, + 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x69, 0x64, + 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x56, + 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x4d, 0x65, 0x74, 0x61, 0x43, + 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x49, 0x64, 0x22, 0x19, 0x0a, 0x17, 0x47, 0x61, 0x74, 0x65, + 0x77, 0x61, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x53, 0x74, 0x61, + 0x74, 0x75, 0x73, 0x42, 0x59, 0xb8, 0xf5, 0x04, 0x01, 0xc0, 0xf5, 0x04, 0x01, 0x5a, 0x4f, 0x67, + 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x6f, 0x6c, 0x6f, 0x2d, 0x69, + 0x6f, 0x2f, 0x67, 0x6c, 0x6f, 0x6f, 0x2f, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, + 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x32, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x61, 0x70, 0x69, + 0x2f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, + 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1051,13 +1038,12 @@ var file_github_com_solo_io_gloo_projects_gateway2_api_v1alpha1_gateway_paramete (*empty.Empty)(nil), // 11: google.protobuf.Empty (*kube.Pod)(nil), // 12: kube.gateway.gloo.solo.io.Pod (*kube.Service)(nil), // 13: kube.gateway.gloo.solo.io.Service - (*kube.Autoscaling)(nil), // 14: kube.gateway.gloo.solo.io.Autoscaling - (*wrappers.UInt32Value)(nil), // 15: google.protobuf.UInt32Value - (*kube.Image)(nil), // 16: kube.gateway.gloo.solo.io.Image - (*v1.SecurityContext)(nil), // 17: k8s.io.api.core.v1.SecurityContext - (*kube.ResourceRequirements)(nil), // 18: kube.gateway.gloo.solo.io.ResourceRequirements - (*wrappers.StringValue)(nil), // 19: google.protobuf.StringValue - (*v1.Container)(nil), // 20: k8s.io.api.core.v1.Container + (*wrappers.UInt32Value)(nil), // 14: google.protobuf.UInt32Value + (*kube.Image)(nil), // 15: kube.gateway.gloo.solo.io.Image + (*v1.SecurityContext)(nil), // 16: k8s.io.api.core.v1.SecurityContext + (*kube.ResourceRequirements)(nil), // 17: kube.gateway.gloo.solo.io.ResourceRequirements + (*wrappers.StringValue)(nil), // 18: google.protobuf.StringValue + (*v1.Container)(nil), // 19: k8s.io.api.core.v1.Container } var file_github_com_solo_io_gloo_projects_gateway2_api_v1alpha1_gateway_parameters_proto_depIdxs = []int32{ 1, // 0: gateway.gloo.solo.io.GatewayParametersSpec.kube:type_name -> gateway.gloo.solo.io.KubernetesProxyConfig @@ -1067,34 +1053,33 @@ var file_github_com_solo_io_gloo_projects_gateway2_api_v1alpha1_gateway_paramete 6, // 4: gateway.gloo.solo.io.KubernetesProxyConfig.sds_container:type_name -> gateway.gloo.solo.io.SdsContainer 12, // 5: gateway.gloo.solo.io.KubernetesProxyConfig.pod_template:type_name -> kube.gateway.gloo.solo.io.Pod 13, // 6: gateway.gloo.solo.io.KubernetesProxyConfig.service:type_name -> kube.gateway.gloo.solo.io.Service - 14, // 7: gateway.gloo.solo.io.KubernetesProxyConfig.autoscaling:type_name -> kube.gateway.gloo.solo.io.Autoscaling - 5, // 8: gateway.gloo.solo.io.KubernetesProxyConfig.istio:type_name -> gateway.gloo.solo.io.IstioIntegration - 15, // 9: gateway.gloo.solo.io.ProxyDeployment.replicas:type_name -> google.protobuf.UInt32Value - 4, // 10: gateway.gloo.solo.io.EnvoyContainer.bootstrap:type_name -> gateway.gloo.solo.io.EnvoyBootstrap - 16, // 11: gateway.gloo.solo.io.EnvoyContainer.image:type_name -> kube.gateway.gloo.solo.io.Image - 17, // 12: gateway.gloo.solo.io.EnvoyContainer.security_context:type_name -> k8s.io.api.core.v1.SecurityContext - 18, // 13: gateway.gloo.solo.io.EnvoyContainer.resources:type_name -> kube.gateway.gloo.solo.io.ResourceRequirements - 19, // 14: gateway.gloo.solo.io.EnvoyBootstrap.log_level:type_name -> google.protobuf.StringValue - 10, // 15: gateway.gloo.solo.io.EnvoyBootstrap.component_log_levels:type_name -> gateway.gloo.solo.io.EnvoyBootstrap.ComponentLogLevelsEntry - 8, // 16: gateway.gloo.solo.io.IstioIntegration.istio_proxy_container:type_name -> gateway.gloo.solo.io.IstioContainer - 20, // 17: gateway.gloo.solo.io.IstioIntegration.custom_sidecars:type_name -> k8s.io.api.core.v1.Container - 16, // 18: gateway.gloo.solo.io.SdsContainer.image:type_name -> kube.gateway.gloo.solo.io.Image - 17, // 19: gateway.gloo.solo.io.SdsContainer.security_context:type_name -> k8s.io.api.core.v1.SecurityContext - 18, // 20: gateway.gloo.solo.io.SdsContainer.resources:type_name -> kube.gateway.gloo.solo.io.ResourceRequirements - 7, // 21: gateway.gloo.solo.io.SdsContainer.bootstrap:type_name -> gateway.gloo.solo.io.SdsBootstrap - 19, // 22: gateway.gloo.solo.io.SdsBootstrap.log_level:type_name -> google.protobuf.StringValue - 16, // 23: gateway.gloo.solo.io.IstioContainer.image:type_name -> kube.gateway.gloo.solo.io.Image - 17, // 24: gateway.gloo.solo.io.IstioContainer.security_context:type_name -> k8s.io.api.core.v1.SecurityContext - 18, // 25: gateway.gloo.solo.io.IstioContainer.resources:type_name -> kube.gateway.gloo.solo.io.ResourceRequirements - 19, // 26: gateway.gloo.solo.io.IstioContainer.log_level:type_name -> google.protobuf.StringValue - 19, // 27: gateway.gloo.solo.io.IstioContainer.istio_discovery_address:type_name -> google.protobuf.StringValue - 19, // 28: gateway.gloo.solo.io.IstioContainer.istio_meta_mesh_id:type_name -> google.protobuf.StringValue - 19, // 29: gateway.gloo.solo.io.IstioContainer.istio_meta_cluster_id:type_name -> google.protobuf.StringValue - 30, // [30:30] is the sub-list for method output_type - 30, // [30:30] is the sub-list for method input_type - 30, // [30:30] is the sub-list for extension type_name - 30, // [30:30] is the sub-list for extension extendee - 0, // [0:30] is the sub-list for field type_name + 5, // 7: gateway.gloo.solo.io.KubernetesProxyConfig.istio:type_name -> gateway.gloo.solo.io.IstioIntegration + 14, // 8: gateway.gloo.solo.io.ProxyDeployment.replicas:type_name -> google.protobuf.UInt32Value + 4, // 9: gateway.gloo.solo.io.EnvoyContainer.bootstrap:type_name -> gateway.gloo.solo.io.EnvoyBootstrap + 15, // 10: gateway.gloo.solo.io.EnvoyContainer.image:type_name -> kube.gateway.gloo.solo.io.Image + 16, // 11: gateway.gloo.solo.io.EnvoyContainer.security_context:type_name -> k8s.io.api.core.v1.SecurityContext + 17, // 12: gateway.gloo.solo.io.EnvoyContainer.resources:type_name -> kube.gateway.gloo.solo.io.ResourceRequirements + 18, // 13: gateway.gloo.solo.io.EnvoyBootstrap.log_level:type_name -> google.protobuf.StringValue + 10, // 14: gateway.gloo.solo.io.EnvoyBootstrap.component_log_levels:type_name -> gateway.gloo.solo.io.EnvoyBootstrap.ComponentLogLevelsEntry + 8, // 15: gateway.gloo.solo.io.IstioIntegration.istio_proxy_container:type_name -> gateway.gloo.solo.io.IstioContainer + 19, // 16: gateway.gloo.solo.io.IstioIntegration.custom_sidecars:type_name -> k8s.io.api.core.v1.Container + 15, // 17: gateway.gloo.solo.io.SdsContainer.image:type_name -> kube.gateway.gloo.solo.io.Image + 16, // 18: gateway.gloo.solo.io.SdsContainer.security_context:type_name -> k8s.io.api.core.v1.SecurityContext + 17, // 19: gateway.gloo.solo.io.SdsContainer.resources:type_name -> kube.gateway.gloo.solo.io.ResourceRequirements + 7, // 20: gateway.gloo.solo.io.SdsContainer.bootstrap:type_name -> gateway.gloo.solo.io.SdsBootstrap + 18, // 21: gateway.gloo.solo.io.SdsBootstrap.log_level:type_name -> google.protobuf.StringValue + 15, // 22: gateway.gloo.solo.io.IstioContainer.image:type_name -> kube.gateway.gloo.solo.io.Image + 16, // 23: gateway.gloo.solo.io.IstioContainer.security_context:type_name -> k8s.io.api.core.v1.SecurityContext + 17, // 24: gateway.gloo.solo.io.IstioContainer.resources:type_name -> kube.gateway.gloo.solo.io.ResourceRequirements + 18, // 25: gateway.gloo.solo.io.IstioContainer.log_level:type_name -> google.protobuf.StringValue + 18, // 26: gateway.gloo.solo.io.IstioContainer.istio_discovery_address:type_name -> google.protobuf.StringValue + 18, // 27: gateway.gloo.solo.io.IstioContainer.istio_meta_mesh_id:type_name -> google.protobuf.StringValue + 18, // 28: gateway.gloo.solo.io.IstioContainer.istio_meta_cluster_id:type_name -> google.protobuf.StringValue + 29, // [29:29] is the sub-list for method output_type + 29, // [29:29] is the sub-list for method input_type + 29, // [29:29] is the sub-list for extension type_name + 29, // [29:29] is the sub-list for extension extendee + 0, // [0:29] is the sub-list for field type_name } func init() { diff --git a/projects/gateway2/pkg/api/gateway.gloo.solo.io/v1alpha1/gateway_parameters.pb.hash.go b/projects/gateway2/pkg/api/gateway.gloo.solo.io/v1alpha1/gateway_parameters.pb.hash.go index 9dba3ac6043..3336ef50696 100644 --- a/projects/gateway2/pkg/api/gateway.gloo.solo.io/v1alpha1/gateway_parameters.pb.hash.go +++ b/projects/gateway2/pkg/api/gateway.gloo.solo.io/v1alpha1/gateway_parameters.pb.hash.go @@ -182,26 +182,6 @@ func (m *KubernetesProxyConfig) Hash(hasher hash.Hash64) (uint64, error) { } } - if h, ok := interface{}(m.GetAutoscaling()).(safe_hasher.SafeHasher); ok { - if _, err = hasher.Write([]byte("Autoscaling")); err != nil { - return 0, err - } - if _, err = h.Hash(hasher); err != nil { - return 0, err - } - } else { - if fieldValue, err := hashstructure.Hash(m.GetAutoscaling(), nil); err != nil { - return 0, err - } else { - if _, err = hasher.Write([]byte("Autoscaling")); err != nil { - return 0, err - } - if err := binary.Write(hasher, binary.LittleEndian, fieldValue); err != nil { - return 0, err - } - } - } - if h, ok := interface{}(m.GetIstio()).(safe_hasher.SafeHasher); ok { if _, err = hasher.Write([]byte("Istio")); err != nil { return 0, err diff --git a/test/kubernetes/e2e/features/deployer/minimal_default_gatewayparameters_deployer_suite.go b/test/kubernetes/e2e/features/deployer/minimal_default_gatewayparameters_deployer_suite.go new file mode 100644 index 00000000000..f8178cc742b --- /dev/null +++ b/test/kubernetes/e2e/features/deployer/minimal_default_gatewayparameters_deployer_suite.go @@ -0,0 +1,55 @@ +package deployer + +import ( + "context" + + "github.com/stretchr/testify/suite" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/solo-io/gloo/test/kubernetes/e2e" +) + +var _ e2e.NewSuiteFunc = NewMinimalDefaultGatewayParametersTestingSuite + +// minimalDefaultGatewayParametersDeployerSuite tests the "deployer" feature in situations where users have applied `null` values +// to as many of the helm values controlling the default GatewayParameters for the gloo-gateway GatewayClass as possible. +// The "deployer" code can be found here: /projects/gateway2/deployer +type minimalDefaultGatewayParametersDeployerSuite struct { + suite.Suite + + ctx context.Context + + // testInstallation contains all the metadata/utilities necessary to execute a series of tests + // against an installation of Gloo Gateway + testInstallation *e2e.TestInstallation +} + +func NewMinimalDefaultGatewayParametersTestingSuite(ctx context.Context, testInst *e2e.TestInstallation) suite.TestingSuite { + return &minimalDefaultGatewayParametersDeployerSuite{ + ctx: ctx, + testInstallation: testInst, + } +} + +func (s *minimalDefaultGatewayParametersDeployerSuite) TestConfigureProxiesFromGatewayParameters() { + s.T().Cleanup(func() { + err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, gwParametersManifestFile) + s.NoError(err, "can delete basic gateway manifest") + s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, gwParams, proxyService, proxyDeployment) + }) + + err := s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, gwParametersManifestFile) + s.Require().NoError(err, "can apply basic gateway manifest") + s.testInstallation.Assertions.EventuallyObjectsExist(s.ctx, gwParams, proxyService, proxyDeployment) + + deployment, err := s.testInstallation.ClusterContext.Clientset.AppsV1().Deployments(proxyDeployment.GetNamespace()).Get(s.ctx, proxyDeployment.GetName(), metav1.GetOptions{}) + s.Require().NoError(err, "can get deployment") + s.Require().Len(deployment.Spec.Template.Spec.Containers, 1) + secCtx := deployment.Spec.Template.Spec.Containers[0].SecurityContext + s.Require().NotNil(secCtx) + s.Require().Nil(secCtx.RunAsUser) + s.Require().NotNil(secCtx.RunAsNonRoot) + s.Require().False(*secCtx.RunAsNonRoot) + s.Require().NotNil(secCtx.AllowPrivilegeEscalation) + s.Require().True(*secCtx.AllowPrivilegeEscalation) +} diff --git a/test/kubernetes/e2e/features/deployer/suite.go b/test/kubernetes/e2e/features/deployer/suite.go index a087e8a404c..cbbf8913b87 100644 --- a/test/kubernetes/e2e/features/deployer/suite.go +++ b/test/kubernetes/e2e/features/deployer/suite.go @@ -5,8 +5,6 @@ import ( "time" "github.com/onsi/gomega" - "github.com/solo-io/solo-kit/pkg/api/v1/clients" - "github.com/solo-io/solo-kit/pkg/api/v1/resources" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/suite" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -16,7 +14,6 @@ import ( "github.com/solo-io/gloo/pkg/utils/envoyutils/admincli" "github.com/solo-io/gloo/pkg/utils/kubeutils" "github.com/solo-io/gloo/projects/gloo/pkg/syncer/setup" - "github.com/solo-io/gloo/test/helpers" "github.com/solo-io/gloo/test/kubernetes/e2e" "github.com/solo-io/gloo/test/kubernetes/testutils/runtime" ) @@ -45,12 +42,16 @@ func NewTestingSuite(ctx context.Context, testInst *e2e.TestInstallation) suite. func (s *testingSuite) TestProvisionDeploymentAndService() { s.T().Cleanup(func() { err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, deployerProvisionManifestFile) - s.NoError(err, "can delete manifest") + s.NoError(err, "can delete deployer provision manifest") + err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, basicGatewayManifestFile) + s.NoError(err, "can delete basic gateway manifest") s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, proxyService, proxyDeployment) }) err := s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, deployerProvisionManifestFile) - s.Require().NoError(err, "can apply manifest") + s.Require().NoError(err, "can apply deployer provision manifest") + err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, basicGatewayManifestFile) + s.Require().NoError(err, "can apply basic gateway manifest") s.testInstallation.Assertions.EventuallyObjectsExist(s.ctx, proxyService, proxyDeployment) } @@ -67,10 +68,10 @@ func (s *testingSuite) TestConfigureProxiesFromGatewayParameters() { err := s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, deployerProvisionManifestFile) s.Require().NoError(err, "can apply manifest") - s.testInstallation.Assertions.EventuallyObjectsExist(s.ctx, proxyService, proxyDeployment) err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, gwParametersManifestFile) s.Require().NoError(err, "can apply manifest") + s.testInstallation.Assertions.EventuallyObjectsExist(s.ctx, proxyService, proxyDeployment) s.testInstallation.Assertions.EventuallyObjectsExist(s.ctx, gwParams) s.testInstallation.Assertions.EventuallyRunningReplicas(s.ctx, proxyDeployment.ObjectMeta, gomega.Equal(1)) @@ -116,12 +117,6 @@ func (s *testingSuite) TestSelfManagedGateway() { s.testInstallation.Assertions.ConsistentlyObjectsNotExist(s.ctx, proxyService, proxyDeployment) } -func (s *testingSuite) getterForMeta(meta *metav1.ObjectMeta) helpers.InputResourceGetter { - return func() (resources.InputResource, error) { - return s.testInstallation.ResourceClients.RouteOptionClient().Read(meta.GetNamespace(), meta.GetName(), clients.ReadOpts{}) - } -} - func serverInfoLogLevelAssertion(testInstallation *e2e.TestInstallation, expectedLogLevel, expectedComponentLogLevel string) func(ctx context.Context, adminClient *admincli.Client) { return func(ctx context.Context, adminClient *admincli.Client) { testInstallation.Assertions.Gomega.Eventually(func(g gomega.Gomega) { diff --git a/test/kubernetes/e2e/features/deployer/testdata/basic-gateway.yaml b/test/kubernetes/e2e/features/deployer/testdata/basic-gateway.yaml new file mode 100644 index 00000000000..07b901d5def --- /dev/null +++ b/test/kubernetes/e2e/features/deployer/testdata/basic-gateway.yaml @@ -0,0 +1,13 @@ +kind: Gateway +apiVersion: gateway.networking.k8s.io/v1 +metadata: + name: gw +spec: + gatewayClassName: gloo-gateway + listeners: + - protocol: HTTP + port: 8080 + name: http + allowedRoutes: + namespaces: + from: Same diff --git a/test/kubernetes/e2e/features/deployer/testdata/deployer-provision.yaml b/test/kubernetes/e2e/features/deployer/testdata/deployer-provision.yaml index 1445cd66226..c7514d1ddd5 100644 --- a/test/kubernetes/e2e/features/deployer/testdata/deployer-provision.yaml +++ b/test/kubernetes/e2e/features/deployer/testdata/deployer-provision.yaml @@ -1,17 +1,3 @@ -kind: Gateway -apiVersion: gateway.networking.k8s.io/v1 -metadata: - name: gw -spec: - gatewayClassName: gloo-gateway - listeners: - - protocol: HTTP - port: 8080 - name: http - allowedRoutes: - namespaces: - from: Same ---- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: @@ -50,4 +36,4 @@ spec: image: nginx:stable ports: - containerPort: 80 - name: http-web-svc \ No newline at end of file + name: http-web-svc diff --git a/test/kubernetes/e2e/features/deployer/testdata/gateway-parameters.yaml b/test/kubernetes/e2e/features/deployer/testdata/gateway-with-parameters.yaml similarity index 83% rename from test/kubernetes/e2e/features/deployer/testdata/gateway-parameters.yaml rename to test/kubernetes/e2e/features/deployer/testdata/gateway-with-parameters.yaml index af44853699b..948e8b9dcf8 100644 --- a/test/kubernetes/e2e/features/deployer/testdata/gateway-parameters.yaml +++ b/test/kubernetes/e2e/features/deployer/testdata/gateway-with-parameters.yaml @@ -32,4 +32,9 @@ spec: logLevel: debug componentLogLevels: upstream: debug - connection: trace \ No newline at end of file + connection: trace + securityContext: + runAsUser: null + runAsNonRoot: false + allowPrivilegeEscalation: true + diff --git a/test/kubernetes/e2e/features/deployer/types.go b/test/kubernetes/e2e/features/deployer/types.go index 923a3713c18..0815f7cb8d5 100644 --- a/test/kubernetes/e2e/features/deployer/types.go +++ b/test/kubernetes/e2e/features/deployer/types.go @@ -12,7 +12,8 @@ import ( ) var ( - gwParametersManifestFile = filepath.Join(util.MustGetThisDir(), "testdata", "gateway-parameters.yaml") + gwParametersManifestFile = filepath.Join(util.MustGetThisDir(), "testdata", "gateway-with-parameters.yaml") + basicGatewayManifestFile = filepath.Join(util.MustGetThisDir(), "testdata", "basic-gateway.yaml") deployerProvisionManifestFile = filepath.Join(util.MustGetThisDir(), "testdata", "deployer-provision.yaml") istioGatewayParametersManifestFile = filepath.Join(util.MustGetThisDir(), "testdata", "istio-gateway-parameters.yaml") selfManagedGatewayManifestFile = filepath.Join(util.MustGetThisDir(), "testdata", "self-managed-gateway.yaml") diff --git a/test/kubernetes/e2e/tests/k8s_gw_minimal_default_gatewayparameters_test.go b/test/kubernetes/e2e/tests/k8s_gw_minimal_default_gatewayparameters_test.go new file mode 100644 index 00000000000..d899c37855b --- /dev/null +++ b/test/kubernetes/e2e/tests/k8s_gw_minimal_default_gatewayparameters_test.go @@ -0,0 +1,51 @@ +package tests_test + +import ( + "context" + "path/filepath" + "testing" + "time" + + "github.com/solo-io/gloo/pkg/utils/env" + "github.com/solo-io/gloo/test/kube2e/helper" + "github.com/solo-io/gloo/test/kubernetes/e2e" + . "github.com/solo-io/gloo/test/kubernetes/e2e/tests" + "github.com/solo-io/gloo/test/kubernetes/testutils/gloogateway" + "github.com/solo-io/gloo/test/testutils" + "github.com/solo-io/skv2/codegen/util" +) + +// TestK8sGatewayMinimalDefaultGatewayParameters is the function which executes a series of tests against a given installation +// which is expected to have all user-facing options set to null in helm values +func TestK8sGatewayMinimalDefaultGatewayParameters(t *testing.T) { + ctx := context.Background() + testInstallation := e2e.CreateTestInstallation( + t, + &gloogateway.Context{ + InstallNamespace: env.GetOrDefault(testutils.InstallNamespace, "k8s-gateway-minimal-default-gatewayparameters-test"), + ValuesManifestFile: filepath.Join(util.MustGetThisDir(), "manifests", "k8s-gateway-minimal-default-gatewayparameters-test-helm.yaml"), + ValidationAlwaysAccept: false, + }, + ) + + testHelper := e2e.MustTestHelper(ctx, testInstallation) + + // We register the cleanup function _before_ we actually perform the installation. + // This allows us to uninstall Gloo Gateway, in case the original installation only completed partially + t.Cleanup(func() { + if t.Failed() { + testInstallation.PreFailHandler(ctx) + } + + testInstallation.UninstallGlooGateway(ctx, func(ctx context.Context) error { + return testHelper.UninstallGlooAll() + }) + }) + + // Install Gloo Gateway + testInstallation.InstallGlooGateway(ctx, func(ctx context.Context) error { + return testHelper.InstallGloo(ctx, helper.GATEWAY, 5*time.Minute, helper.ExtraArgs("--values", testInstallation.Metadata.ValuesManifestFile)) + }) + + KubeGatewayMinimalDefaultGatewayParametersSuiteRunner().Run(ctx, t, testInstallation) +} diff --git a/test/kubernetes/e2e/tests/k8s_gw_minimal_default_gatewayparameters_tests.go b/test/kubernetes/e2e/tests/k8s_gw_minimal_default_gatewayparameters_tests.go new file mode 100644 index 00000000000..305b32fa315 --- /dev/null +++ b/test/kubernetes/e2e/tests/k8s_gw_minimal_default_gatewayparameters_tests.go @@ -0,0 +1,14 @@ +package tests + +import ( + "github.com/solo-io/gloo/test/kubernetes/e2e" + "github.com/solo-io/gloo/test/kubernetes/e2e/features/deployer" +) + +func KubeGatewayMinimalDefaultGatewayParametersSuiteRunner() e2e.SuiteRunner { + kubeGatewayMinimalDefaultGatewayParametersSuiteRunner := e2e.NewSuiteRunner(false) + + kubeGatewayMinimalDefaultGatewayParametersSuiteRunner.Register("Deployer", deployer.NewMinimalDefaultGatewayParametersTestingSuite) + + return kubeGatewayMinimalDefaultGatewayParametersSuiteRunner +} diff --git a/test/kubernetes/e2e/tests/manifests/k8s-gateway-minimal-default-gatewayparameters-test-helm.yaml b/test/kubernetes/e2e/tests/manifests/k8s-gateway-minimal-default-gatewayparameters-test-helm.yaml new file mode 100644 index 00000000000..b355808189d --- /dev/null +++ b/test/kubernetes/e2e/tests/manifests/k8s-gateway-minimal-default-gatewayparameters-test-helm.yaml @@ -0,0 +1,47 @@ +global: + image: + pullPolicy: IfNotPresent + # Note: glooRbac.namespaced settings are not supported with Gloo Gateway https://github.com/solo-io/solo-projects/issues/6064 + # Gateway API fundamentally expects HTTPRoutes and Gateways in any namespace and cross-namespace references to be supported + # Currently we are explicitly disabled namespaced roles for Gloo Gateway tests, but this can be left unset. + glooRbac: + namespaced: false +settings: + # Gloo Gateway requires access to namespaces outside of the install namespace to watch and create Gateway resources + # singleNamespace=false must be set for namespace watch to work correctly. See: https://github.com/solo-io/solo-projects/issues/6058 + singleNamespace: false + create: true + invalidConfigPolicy: + replaceInvalidRoutes: true + invalidRouteResponseCode: 404 + invalidRouteResponseBody: Gloo Gateway has invalid configuration. +gateway: + persistProxySpec: false + logLevel: info + validation: + allowWarnings: true + alwaysAcceptResources: false + # skipping delete validation due to flakes per https://github.com/solo-io/solo-projects/issues/6272 + webhook: + skipDeleteValidationResources: + - upstreams +kubeGateway: + # This is the field that enables the K8s Gateway Integration in Gloo Gateway + enabled: true + gatewayParameters: + # We are testing the behavior of the deployer when users null out fields on this object + # We expect the deployment to be created but to fail to deploy a running proxy due to the missing + # envoy image name. + glooGateway: null +gloo: + logLevel: info + disableLeaderElection: true + deployment: + replicas: 1 + livenessProbeEnabled: true +gatewayProxies: + gatewayProxy: + healthyPanicThreshold: 0 +# Disable discovery, not recommended for production +discovery: + enabled: false