Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion api/v1alpha1/shared_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -394,7 +394,7 @@ type KubernetesServiceSpec struct {
}

// LogLevel defines a log level for Envoy Gateway and EnvoyProxy system logs.
// +kubebuilder:validation:Enum=trace;debug;info;warn;error
// +kubebuilder:validation:Enum=trace;debug;info;warn;error;off;critical
type LogLevel string

const (
Expand All @@ -412,6 +412,12 @@ const (

// LogLevelError defines the "Error" logging level.
LogLevelError LogLevel = "error"

// LogLevelOff disables logging.
LogLevelOff LogLevel = "off"

// LogLevelCritical defines the "critical" logging level.
LogLevelCritical LogLevel = "critical"
)

// XDSTranslatorHook defines the types of hooks that an Envoy Gateway extension may support
Expand Down
26 changes: 26 additions & 0 deletions api/v1alpha1/validation/envoyproxy_validate_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -918,6 +918,22 @@ func TestGetEnvoyProxyDefaultComponentLevel(t *testing.T) {
},
expected: egv1a1.LogLevelInfo,
},
{
logging: egv1a1.ProxyLogging{
Level: map[egv1a1.ProxyLogComponent]egv1a1.LogLevel{
egv1a1.LogComponentDefault: egv1a1.LogLevelOff,
},
},
expected: egv1a1.LogLevelOff,
},
{
logging: egv1a1.ProxyLogging{
Level: map[egv1a1.ProxyLogComponent]egv1a1.LogLevel{
egv1a1.LogComponentDefault: egv1a1.LogLevelCritical,
},
},
expected: egv1a1.LogLevelCritical,
},
}

for _, tc := range cases {
Expand Down Expand Up @@ -975,6 +991,16 @@ func TestGetEnvoyProxyComponentLevelArgs(t *testing.T) {
},
expected: "admin:warn,filter:debug",
},
{
logging: egv1a1.ProxyLogging{
Level: map[egv1a1.ProxyLogComponent]egv1a1.LogLevel{
egv1a1.LogComponentDefault: egv1a1.LogLevelInfo,
egv1a1.LogComponentAdmin: egv1a1.LogLevelOff,
egv1a1.LogComponentFilter: egv1a1.LogLevelCritical,
},
},
expected: "admin:off,filter:critical",
},
}

for _, tc := range cases {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -759,6 +759,8 @@ spec:
- info
- warn
- error
- "off"
- critical
Comment on lines +762 to +763

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Regenerate helm goldens after CRD changes

When gen-check runs, it invokes helm-template, which rewrites the rendered test/helm/gateway-crds-helm/*.out.yaml files from this template. These new enum entries are now present in the chart template, but a repo search (rg '"off"' test/helm/gateway-crds-helm) shows the gateway-crds-helm goldens were not updated, so CI will leave a dirty tree and fail until the rendered outputs are regenerated.

Useful? React with 👍 / 👎.

type: string
default:
default: warn
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -758,6 +758,8 @@ spec:
- info
- warn
- error
- "off"
- critical
type: string
default:
default: warn
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -454,6 +454,16 @@ func TestDeployment(t *testing.T) {
},
bootstrap: `test bootstrap config`,
},
{
caseName: "component-level-off",
infra: newTestInfra(),
deploy: nil,
proxyLogging: map[egv1a1.ProxyLogComponent]egv1a1.LogLevel{
egv1a1.LogComponentDefault: egv1a1.LogLevelOff,
egv1a1.LogComponentFilter: egv1a1.LogLevelCritical,
},
bootstrap: `test bootstrap config`,
},
{
caseName: "disable-prometheus",
infra: newTestInfra(),
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,239 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
name: envoy-default-37a8eec1
namespace: envoy-gateway-system
ownerReferences:
- apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
name: envoy-gateway-class
uid: test-owner-reference-uid-for-gatewayclass
spec:
progressDeadlineSeconds: 600
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
strategy:
type: RollingUpdate
template:
metadata:
annotations:
prometheus.io/path: /stats/prometheus
prometheus.io/port: "19001"
prometheus.io/scrape: "true"
labels:
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
spec:
automountServiceAccountToken: false
containers:
- args:
- --service-cluster
- default
- --service-node
- $(ENVOY_POD_NAME)
- --config-yaml
- test bootstrap config
- --log-level
- "off"
- --cpuset-threads
- --drain-strategy
- immediate
- --component-log-level
- filter:critical
- --drain-time-s
- "60"
command:
- envoy
env:
- name: ENVOY_POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: ENVOY_SERVICE_ZONE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
image: docker.io/envoyproxy/envoy:distroless-dev
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
httpGet:
path: /shutdown/ready
port: 19002
scheme: HTTP
livenessProbe:
failureThreshold: 3
httpGet:
path: /ready
port: 19003
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: envoy
ports:
- containerPort: 19001
name: metrics
protocol: TCP
- containerPort: 19003
name: readiness
protocol: TCP
readinessProbe:
failureThreshold: 1
httpGet:
path: /ready
port: 19003
scheme: HTTP
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
seccompProfile:
type: RuntimeDefault
startupProbe:
failureThreshold: 30
httpGet:
path: /ready
port: 19003
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /certs
name: certs
readOnly: true
- mountPath: /sds
name: sds
- args:
- envoy
- shutdown-manager
command:
- envoy-gateway
env:
- name: ENVOY_POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: ENVOY_SERVICE_ZONE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
image: docker.io/envoyproxy/gateway-dev:latest
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- envoy-gateway
- envoy
- shutdown
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 19002
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: shutdown-manager
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 19002
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 10m
memory: 32Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
seccompProfile:
type: RuntimeDefault
startupProbe:
failureThreshold: 30
httpGet:
path: /healthz
port: 19002
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
serviceAccountName: envoy-default-37a8eec1
terminationGracePeriodSeconds: 360
volumes:
- name: certs
secret:
defaultMode: 420
secretName: envoy
- configMap:
defaultMode: 420
items:
- key: xds-trusted-ca.json
path: xds-trusted-ca.json
- key: xds-certificate.json
path: xds-certificate.json
name: envoy-default-37a8eec1
optional: false
name: sds
status: {}
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Added support for setting the log level to `off` and `critical` for the Envoy Proxy.
2 changes: 2 additions & 0 deletions site/content/en/latest/api/extension_types.md
Original file line number Diff line number Diff line change
Expand Up @@ -4103,6 +4103,8 @@ _Appears in:_
| `info` | LogLevelInfo defines the "Info" logging level.<br /> |
| `warn` | LogLevelWarn defines the "Warn" logging level.<br /> |
| `error` | LogLevelError defines the "Error" logging level.<br /> |
| `off` | LogLevelOff disables logging.<br /> |
| `critical` | LogLevelCritical defines the "critical" logging level.<br /> |


#### Lua
Expand Down
2 changes: 2 additions & 0 deletions test/helm/gateway-crds-helm/all.out.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -34373,6 +34373,8 @@ spec:
- info
- warn
- error
- "off"
- critical
type: string
default:
default: warn
Expand Down
2 changes: 2 additions & 0 deletions test/helm/gateway-crds-helm/e2e.out.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10311,6 +10311,8 @@ spec:
- info
- warn
- error
- "off"
- critical
type: string
default:
default: warn
Expand Down
2 changes: 2 additions & 0 deletions test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10311,6 +10311,8 @@ spec:
- info
- warn
- error
- "off"
- critical
type: string
default:
default: warn
Expand Down
Loading