diff --git a/internal/gatewayapi/listener.go b/internal/gatewayapi/listener.go index c088de59b8..a75694e431 100644 --- a/internal/gatewayapi/listener.go +++ b/internal/gatewayapi/listener.go @@ -702,31 +702,67 @@ func (t *Translator) processProxyReadyListener(xdsIR *ir.Xds, envoyProxy *egv1a1 } func (t *Translator) processProxyObservability(gwCtx *GatewayContext, xdsIR *ir.Xds, proxyInfra *ir.ProxyInfra, resources *resource.Resources) { - var err error + var ( + err error + warnings []error + ) envoyProxy := proxyInfra.Config + // Invalid telemetry backendRefs must not degrade the Gateway. Instead, the affected telemetry feature is skipped and a warning msg is added + // on the EnvoyProxy status. xdsIR.AccessLog, err = t.processAccessLog(gwCtx, envoyProxy, resources) if err != nil { - status.UpdateGatewayStatusNotAccepted(gwCtx.Gateway, gwapiv1.GatewayReasonInvalidParameters, - fmt.Sprintf("Invalid access log backendRefs in the referenced EnvoyProxy: %v", err)) - return + warnings = append(warnings, fmt.Errorf("invalid access log backendRefs in the referenced EnvoyProxy: %w", err)) } xdsIR.Tracing, err = t.processTracing(gwCtx, envoyProxy, t.MergeGateways, resources) if err != nil { - status.UpdateGatewayStatusNotAccepted(gwCtx.Gateway, gwapiv1.GatewayReasonInvalidParameters, - fmt.Sprintf("Invalid tracing backendRefs in the referenced EnvoyProxy: %v", err)) - return + warnings = append(warnings, fmt.Errorf("invalid tracing backendRefs in the referenced EnvoyProxy: %w", err)) } var resolvedSinks []ir.ResolvedMetricSink xdsIR.Metrics, resolvedSinks, err = t.processMetrics(gwCtx, envoyProxy, resources) if err != nil { - status.UpdateGatewayStatusNotAccepted(gwCtx.Gateway, gwapiv1.GatewayReasonInvalidParameters, - fmt.Sprintf("Invalid metrics backendRefs in the referenced EnvoyProxy: %v", err)) + warnings = append(warnings, fmt.Errorf("invalid metrics backendRefs in the referenced EnvoyProxy: %w", err)) + } else { + proxyInfra.ResolvedMetricSinks = resolvedSinks + } + + if len(warnings) > 0 { + msg := utilerrors.NewAggregate(warnings).Error() + t.Logger.Info("skipping invalid telemetry configuration in the referenced EnvoyProxy", + "namespace", gwCtx.Namespace, "name", gwCtx.Name, "warning", msg) + t.setEnvoyProxyObservabilityWarning(gwCtx, resources, msg) + } +} + +// setEnvoyProxyObservabilityWarning adds telemetry misconfigurations as a warning on the +// EnvoyProxy status. The EnvoyProxy remains Accepted so that the Gateway keeps running, +// only the affected telemetry feature is skipped. +func (t *Translator) setEnvoyProxyObservabilityWarning(gwCtx *GatewayContext, resources *resource.Resources, msg string) { + warning := fmt.Sprintf("EnvoyProxy has been accepted, but the following telemetry configuration was ignored: %s", msg) + + // EnvoyProxy attached directly to the Gateway via its infrastructure parametersRef. + if gwCtx.envoyProxyFromGateway && gwCtx.envoyProxy != nil { + ancestor := &gwapiv1.ParentReference{ + Group: GroupPtr(gwapiv1.GroupName), + Kind: KindPtr(resource.KindGateway), + Name: gwapiv1.ObjectName(gwCtx.Name), + Namespace: NamespacePtr(gwCtx.Namespace), + } + status.UpdateEnvoyProxyStatusAccepted(gwCtx.envoyProxy, ancestor, egv1a1.EnvoyProxyReasonAccepted, warning) return } - proxyInfra.ResolvedMetricSinks = resolvedSinks + + // EnvoyProxy inherited from the GatewayClass parametersRef. + if ep := resources.EnvoyProxyForGatewayClass; ep != nil && resources.GatewayClass != nil { + ancestor := &gwapiv1.ParentReference{ + Group: GroupPtr(gwapiv1.GroupName), + Kind: KindPtr(resource.KindGatewayClass), + Name: gwapiv1.ObjectName(resources.GatewayClass.Name), + } + status.UpdateEnvoyProxyStatusAccepted(ep, ancestor, egv1a1.EnvoyProxyReasonAccepted, warning) + } } func (t *Translator) processInfraIRListener(listener *ListenerContext, infraIR resource.InfraIRMap, irKey string, servicePort *protocolPort, containerPort int32) { @@ -815,7 +851,11 @@ func (t *Translator) processAccessLog(gwCtx *GatewayContext, envoyproxy *egv1a1. validExprs = append(validExprs, expr) } if len(errs) > 0 { - return nil, utilerrors.NewAggregate(errs) + // Per the AccessLog API, invalid CEL match expressions are ignored: + // only the invalid ones are dropped, the rest of the config is kept. + t.Logger.Info("ignoring invalid CEL match expressions in the EnvoyProxy access log configuration", + "namespace", envoyproxy.Namespace, "name", envoyproxy.Name, + "error", utilerrors.NewAggregate(errs).Error()) } if len(accessLog.Sinks) == 0 { diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-backend-invalid.in.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-backend-invalid.in.yaml index bcf970f3b5..6ae2e4a6ec 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-backend-invalid.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-backend-invalid.in.yaml @@ -1,3 +1,15 @@ +gatewayClass: + apiVersion: gateway.networking.k8s.io/v1 + kind: GatewayClass + metadata: + name: envoy-gateway-class + spec: + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: test + namespace: envoy-gateway-system envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-backend-invalid.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-backend-invalid.out.yaml index a8c079dc66..13ef3706b6 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-backend-invalid.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-backend-invalid.out.yaml @@ -1,3 +1,111 @@ +envoyProxyForGatewayClass: + apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: EnvoyProxy + metadata: + name: test + namespace: envoy-gateway-system + spec: + logging: {} + provider: + kubernetes: + envoyDeployment: + container: + env: + - name: env_a + value: env_a_value + - name: env_b + value: env_b_name + image: envoyproxy/envoy:distroless-dev + resources: + requests: + cpu: 100m + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + runAsUser: 2000 + pod: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: cloud.google.com/gke-nodepool + operator: In + values: + - router-node + annotations: + key1: val1 + key2: val2 + securityContext: + fsGroup: 2000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 3000 + runAsUser: 1000 + tolerations: + - effect: NoSchedule + key: node-type + operator: Exists + value: router + volumes: + - name: certs + secret: + secretName: envoy-cert + replicas: 2 + envoyService: + type: LoadBalancer + type: Kubernetes + telemetry: + accessLog: + settings: + - format: + text: | + [%START_TIME%] "%REQ(:METHOD)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"\n + type: Text + sinks: + - file: + path: /dev/stdout + type: File + - openTelemetry: + backendRefs: + - name: service-not-found + namespace: monitoring + port: 4317 + resourceAttributes: + k8s.cluster.name: cluster-1 + type: OpenTelemetry + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: GatewayClass + name: envoy-gateway-class + conditions: + - lastTransitionTime: null + message: 'EnvoyProxy has been accepted, but the following telemetry configuration + was ignored: invalid access log backendRefs in the referenced EnvoyProxy: + service monitoring/service-not-found not found' + reason: Accepted + status: "True" + type: Accepted +gatewayClass: + apiVersion: gateway.networking.k8s.io/v1 + kind: GatewayClass + metadata: + name: envoy-gateway-class + spec: + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: test + namespace: envoy-gateway-system + status: + conditions: + - lastTransitionTime: null + message: Valid GatewayClass + reason: Accepted + status: "True" + type: Accepted gateways: - apiVersion: gateway.networking.k8s.io/v1 kind: Gateway @@ -14,13 +122,6 @@ gateways: port: 80 protocol: HTTP status: - conditions: - - lastTransitionTime: null - message: 'Invalid access log backendRefs in the referenced EnvoyProxy: service - monitoring/service-not-found not found' - reason: InvalidParameters - status: "False" - type: Accepted listeners: - attachedRoutes: 0 conditions: @@ -123,7 +224,20 @@ infraIR: resourceAttributes: k8s.cluster.name: cluster-1 type: OpenTelemetry - status: {} + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: GatewayClass + name: envoy-gateway-class + conditions: + - lastTransitionTime: null + message: 'EnvoyProxy has been accepted, but the following telemetry + configuration was ignored: invalid access log backendRefs in the referenced + EnvoyProxy: service monitoring/service-not-found not found' + reason: Accepted + status: "True" + type: Accepted listeners: - name: envoy-gateway/gateway-1/http ports: diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.in.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.in.yaml index 4f4736c040..8d11f6ca2f 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.in.yaml @@ -1,3 +1,15 @@ +gatewayClass: + apiVersion: gateway.networking.k8s.io/v1 + kind: GatewayClass + metadata: + name: envoy-gateway-class + spec: + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: test + namespace: envoy-gateway-system envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.out.yaml index 6b43f06264..69604f4c1c 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.out.yaml @@ -1,3 +1,110 @@ +envoyProxyForGatewayClass: + apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: EnvoyProxy + metadata: + name: test + namespace: envoy-gateway-system + spec: + logging: {} + provider: + kubernetes: + envoyDeployment: + container: + env: + - name: env_a + value: env_a_value + - name: env_b + value: env_b_name + image: envoyproxy/envoy:distroless-dev + resources: + requests: + cpu: 100m + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + runAsUser: 2000 + pod: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: cloud.google.com/gke-nodepool + operator: In + values: + - router-node + annotations: + key1: val1 + key2: val2 + securityContext: + fsGroup: 2000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 3000 + runAsUser: 1000 + tolerations: + - effect: NoSchedule + key: node-type + operator: Exists + value: router + volumes: + - name: certs + secret: + secretName: envoy-cert + replicas: 2 + envoyService: + type: LoadBalancer + type: Kubernetes + telemetry: + accessLog: + settings: + - format: + text: | + [%START_TIME%] "%REQ(:METHOD)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"\n + type: Text + matches: + - response.code >= 400 + - )++++ + sinks: + - file: + path: /dev/stdout + type: File + - openTelemetry: + host: otel-collector.monitoring.svc.cluster.local + port: 4317 + resourceAttributes: + k8s.cluster.name: cluster-1 + type: OpenTelemetry + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: GatewayClass + name: envoy-gateway-class + conditions: + - lastTransitionTime: null + message: EnvoyProxy has been accepted. + reason: Accepted + status: "True" + type: Accepted +gatewayClass: + apiVersion: gateway.networking.k8s.io/v1 + kind: GatewayClass + metadata: + name: envoy-gateway-class + spec: + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: test + namespace: envoy-gateway-system + status: + conditions: + - lastTransitionTime: null + message: Valid GatewayClass + reason: Accepted + status: "True" + type: Accepted gateways: - apiVersion: gateway.networking.k8s.io/v1 kind: Gateway @@ -14,13 +121,6 @@ gateways: port: 80 protocol: HTTP status: - conditions: - - lastTransitionTime: null - message: 'Invalid access log backendRefs in the referenced EnvoyProxy: invalid - CEL expression: )++++' - reason: InvalidParameters - status: "False" - type: Accepted listeners: - attachedRoutes: 0 conditions: @@ -124,7 +224,18 @@ infraIR: resourceAttributes: k8s.cluster.name: cluster-1 type: OpenTelemetry - status: {} + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: GatewayClass + name: envoy-gateway-class + conditions: + - lastTransitionTime: null + message: EnvoyProxy has been accepted. + reason: Accepted + status: "True" + type: Accepted listeners: - name: envoy-gateway/gateway-1/http ports: @@ -143,6 +254,36 @@ infraIR: namespace: envoy-gateway-system xdsIR: envoy-gateway/gateway-1: + accessLog: + openTelemetry: + - authority: otel-collector.monitoring.svc.cluster.local + celMatches: + - response.code >= 400 + destination: + metadata: + kind: EnvoyProxy + name: test + namespace: envoy-gateway-system + name: accesslog_otel_0_1 + settings: + - addressType: FQDN + endpoints: + - host: otel-collector.monitoring.svc.cluster.local + port: 4317 + name: accesslog_otel_0_1/backend/-1 + protocol: GRPC + weight: 1 + resourceAttributes: + - key: k8s.cluster.name + value: cluster-1 + text: | + [%START_TIME%] "%REQ(:METHOD)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"\n + text: + - celMatches: + - response.code >= 400 + format: | + [%START_TIME%] "%REQ(:METHOD)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"\n + path: /dev/stdout globalResources: proxyServiceCluster: metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-gateway-tracing-backend-invalid.in.yaml b/internal/gatewayapi/testdata/envoyproxy-gateway-tracing-backend-invalid.in.yaml new file mode 100644 index 0000000000..ea131415fa --- /dev/null +++ b/internal/gatewayapi/testdata/envoyproxy-gateway-tracing-backend-invalid.in.yaml @@ -0,0 +1,45 @@ +envoyProxiesForGateways: +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: EnvoyProxy + metadata: + namespace: envoy-gateway + name: test + spec: + telemetry: + tracing: + samplingRate: 100 + provider: + backendRefs: + - name: service-not-found + namespace: monitoring + port: 4317 + type: OpenTelemetry + provider: + type: Kubernetes + kubernetes: + envoyService: + type: LoadBalancer + envoyDeployment: + replicas: 2 + container: + image: "envoyproxy/envoy:distroless-dev" +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + namespace: envoy-gateway + name: gateway-1 + spec: + gatewayClassName: envoy-gateway-class + listeners: + - name: http + protocol: HTTP + port: 80 + allowedRoutes: + namespaces: + from: Same + infrastructure: + parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: test diff --git a/internal/gatewayapi/testdata/envoyproxy-gateway-tracing-backend-invalid.out.yaml b/internal/gatewayapi/testdata/envoyproxy-gateway-tracing-backend-invalid.out.yaml new file mode 100644 index 0000000000..2cfc253d1e --- /dev/null +++ b/internal/gatewayapi/testdata/envoyproxy-gateway-tracing-backend-invalid.out.yaml @@ -0,0 +1,192 @@ +envoyProxiesForGateways: +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: EnvoyProxy + metadata: + name: test + namespace: envoy-gateway + spec: + logging: {} + provider: + kubernetes: + envoyDeployment: + container: + image: envoyproxy/envoy:distroless-dev + replicas: 2 + envoyService: + type: LoadBalancer + type: Kubernetes + telemetry: + tracing: + provider: + backendRefs: + - name: service-not-found + namespace: monitoring + port: 4317 + type: OpenTelemetry + samplingRate: 100 + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + conditions: + - lastTransitionTime: null + message: 'EnvoyProxy has been accepted, but the following telemetry configuration + was ignored: invalid tracing backendRefs in the referenced EnvoyProxy: service + monitoring/service-not-found not found' + reason: Accepted + status: "True" + type: Accepted +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + name: gateway-1 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + infrastructure: + parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: test + listeners: + - allowedRoutes: + namespaces: + from: Same + name: http + port: 80 + protocol: HTTP + status: + listeners: + - attachedRoutes: 0 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: http + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute +infraIR: + envoy-gateway/gateway-1: + proxy: + config: + apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: EnvoyProxy + metadata: + name: test + namespace: envoy-gateway + spec: + logging: {} + provider: + kubernetes: + envoyDeployment: + container: + image: envoyproxy/envoy:distroless-dev + replicas: 2 + envoyService: + type: LoadBalancer + type: Kubernetes + telemetry: + tracing: + provider: + backendRefs: + - name: service-not-found + namespace: monitoring + port: 4317 + type: OpenTelemetry + samplingRate: 100 + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + conditions: + - lastTransitionTime: null + message: 'EnvoyProxy has been accepted, but the following telemetry + configuration was ignored: invalid tracing backendRefs in the referenced + EnvoyProxy: service monitoring/service-not-found not found' + reason: Accepted + status: "True" + type: Accepted + listeners: + - name: envoy-gateway/gateway-1/http + ports: + - containerPort: 10080 + name: http-80 + protocol: HTTP + servicePort: 80 + metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-1 + gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway + ownerReference: + kind: GatewayClass + name: envoy-gateway-class + name: envoy-gateway/gateway-1 + namespace: envoy-gateway-system +xdsIR: + envoy-gateway/gateway-1: + accessLog: + json: + - path: /dev/stdout + globalResources: + proxyServiceCluster: + metadata: + kind: Service + name: envoy-envoy-gateway-gateway-1-196ae069 + namespace: envoy-gateway-system + sectionName: "8080" + name: envoy-gateway/gateway-1 + settings: + - addressType: IP + endpoints: + - host: 7.6.5.4 + port: 8080 + zone: zone1 + metadata: + kind: Service + name: envoy-envoy-gateway-gateway-1-196ae069 + namespace: envoy-gateway-system + sectionName: "8080" + name: envoy-gateway/gateway-1 + protocol: TCP + http: + - address: 0.0.0.0 + externalPort: 80 + hostnames: + - '*' + metadata: + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http + name: envoy-gateway/gateway-1/http + path: + escapedSlashesAction: UnescapeAndRedirect + mergeSlashes: true + port: 10080 + readyListener: + address: 0.0.0.0 + ipFamily: IPv4 + path: /ready + port: 19003 diff --git a/internal/gatewayapi/testdata/envoyproxy-metric-backend-invalid.in.yaml b/internal/gatewayapi/testdata/envoyproxy-metric-backend-invalid.in.yaml index c8faf616ea..7ada253dea 100644 --- a/internal/gatewayapi/testdata/envoyproxy-metric-backend-invalid.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-metric-backend-invalid.in.yaml @@ -1,3 +1,15 @@ +gatewayClass: + apiVersion: gateway.networking.k8s.io/v1 + kind: GatewayClass + metadata: + name: envoy-gateway-class + spec: + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: test + namespace: envoy-gateway-system envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy diff --git a/internal/gatewayapi/testdata/envoyproxy-metric-backend-invalid.out.yaml b/internal/gatewayapi/testdata/envoyproxy-metric-backend-invalid.out.yaml index c8dddd3ee3..bb1e842a94 100644 --- a/internal/gatewayapi/testdata/envoyproxy-metric-backend-invalid.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-metric-backend-invalid.out.yaml @@ -1,3 +1,101 @@ +envoyProxyForGatewayClass: + apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: EnvoyProxy + metadata: + name: test + namespace: envoy-gateway-system + spec: + logging: {} + provider: + kubernetes: + envoyDeployment: + container: + env: + - name: env_a + value: env_a_value + - name: env_b + value: env_b_name + image: envoyproxy/envoy:distroless-dev + resources: + requests: + cpu: 100m + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + runAsUser: 2000 + pod: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: cloud.google.com/gke-nodepool + operator: In + values: + - router-node + annotations: + key1: val1 + key2: val2 + securityContext: + fsGroup: 2000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 3000 + runAsUser: 1000 + tolerations: + - effect: NoSchedule + key: node-type + operator: Exists + value: router + volumes: + - name: certs + secret: + secretName: envoy-cert + replicas: 2 + envoyService: + type: LoadBalancer + type: Kubernetes + telemetry: + metrics: + sinks: + - openTelemetry: + backendRefs: + - name: service-not-found + namespace: monitoring + port: 4317 + type: OpenTelemetry + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: GatewayClass + name: envoy-gateway-class + conditions: + - lastTransitionTime: null + message: 'EnvoyProxy has been accepted, but the following telemetry configuration + was ignored: invalid metrics backendRefs in the referenced EnvoyProxy: service + monitoring/service-not-found not found' + reason: Accepted + status: "True" + type: Accepted +gatewayClass: + apiVersion: gateway.networking.k8s.io/v1 + kind: GatewayClass + metadata: + name: envoy-gateway-class + spec: + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: test + namespace: envoy-gateway-system + status: + conditions: + - lastTransitionTime: null + message: Valid GatewayClass + reason: Accepted + status: "True" + type: Accepted gateways: - apiVersion: gateway.networking.k8s.io/v1 kind: Gateway @@ -14,13 +112,6 @@ gateways: port: 80 protocol: HTTP status: - conditions: - - lastTransitionTime: null - message: 'Invalid metrics backendRefs in the referenced EnvoyProxy: service - monitoring/service-not-found not found' - reason: InvalidParameters - status: "False" - type: Accepted listeners: - attachedRoutes: 0 conditions: @@ -113,7 +204,20 @@ infraIR: namespace: monitoring port: 4317 type: OpenTelemetry - status: {} + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: GatewayClass + name: envoy-gateway-class + conditions: + - lastTransitionTime: null + message: 'EnvoyProxy has been accepted, but the following telemetry + configuration was ignored: invalid metrics backendRefs in the referenced + EnvoyProxy: service monitoring/service-not-found not found' + reason: Accepted + status: "True" + type: Accepted listeners: - name: envoy-gateway/gateway-1/http ports: diff --git a/internal/gatewayapi/testdata/envoyproxy-tracing-backend-invalid.in.yaml b/internal/gatewayapi/testdata/envoyproxy-tracing-backend-invalid.in.yaml index 508ecb83b1..e41a1b0d7a 100644 --- a/internal/gatewayapi/testdata/envoyproxy-tracing-backend-invalid.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-tracing-backend-invalid.in.yaml @@ -1,3 +1,15 @@ +gatewayClass: + apiVersion: gateway.networking.k8s.io/v1 + kind: GatewayClass + metadata: + name: envoy-gateway-class + spec: + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: test + namespace: envoy-gateway-system envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy diff --git a/internal/gatewayapi/testdata/envoyproxy-tracing-backend-invalid.out.yaml b/internal/gatewayapi/testdata/envoyproxy-tracing-backend-invalid.out.yaml index 628d32d490..f1b341822c 100644 --- a/internal/gatewayapi/testdata/envoyproxy-tracing-backend-invalid.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-tracing-backend-invalid.out.yaml @@ -1,3 +1,101 @@ +envoyProxyForGatewayClass: + apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: EnvoyProxy + metadata: + name: test + namespace: envoy-gateway-system + spec: + logging: {} + provider: + kubernetes: + envoyDeployment: + container: + env: + - name: env_a + value: env_a_value + - name: env_b + value: env_b_name + image: envoyproxy/envoy:distroless-dev + resources: + requests: + cpu: 100m + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + runAsUser: 2000 + pod: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: cloud.google.com/gke-nodepool + operator: In + values: + - router-node + annotations: + key1: val1 + key2: val2 + securityContext: + fsGroup: 2000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 3000 + runAsUser: 1000 + tolerations: + - effect: NoSchedule + key: node-type + operator: Exists + value: router + volumes: + - name: certs + secret: + secretName: envoy-cert + replicas: 2 + envoyService: + type: LoadBalancer + type: Kubernetes + telemetry: + tracing: + provider: + backendRefs: + - name: service-not-found + namespace: monitoring + port: 4317 + type: OpenTelemetry + samplingRate: 100 + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: GatewayClass + name: envoy-gateway-class + conditions: + - lastTransitionTime: null + message: 'EnvoyProxy has been accepted, but the following telemetry configuration + was ignored: invalid tracing backendRefs in the referenced EnvoyProxy: service + monitoring/service-not-found not found' + reason: Accepted + status: "True" + type: Accepted +gatewayClass: + apiVersion: gateway.networking.k8s.io/v1 + kind: GatewayClass + metadata: + name: envoy-gateway-class + spec: + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: test + namespace: envoy-gateway-system + status: + conditions: + - lastTransitionTime: null + message: Valid GatewayClass + reason: Accepted + status: "True" + type: Accepted gateways: - apiVersion: gateway.networking.k8s.io/v1 kind: Gateway @@ -14,13 +112,6 @@ gateways: port: 80 protocol: HTTP status: - conditions: - - lastTransitionTime: null - message: 'Invalid tracing backendRefs in the referenced EnvoyProxy: service - monitoring/service-not-found not found' - reason: InvalidParameters - status: "False" - type: Accepted listeners: - attachedRoutes: 0 conditions: @@ -113,7 +204,20 @@ infraIR: port: 4317 type: OpenTelemetry samplingRate: 100 - status: {} + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: GatewayClass + name: envoy-gateway-class + conditions: + - lastTransitionTime: null + message: 'EnvoyProxy has been accepted, but the following telemetry + configuration was ignored: invalid tracing backendRefs in the referenced + EnvoyProxy: service monitoring/service-not-found not found' + reason: Accepted + status: "True" + type: Accepted listeners: - name: envoy-gateway/gateway-1/http ports: