From aefd361ef92370c7dcb005b55e02479b913c9c7e Mon Sep 17 00:00:00 2001 From: yy Date: Mon, 24 Jul 2023 16:38:11 +0800 Subject: [PATCH 1/7] add service outlier detection Signed-off-by: yy add changelog Signed-off-by: yy add global outlier detection Signed-off-by: yangyang add global outlier detection Signed-off-by: yangyang add global outlier detection Signed-off-by: yangyang add make generate file Signed-off-by: yangyang fix Signed-off-by: yangyang --- apis/projectcontour/v1/detailedconditions.go | 4 + apis/projectcontour/v1/httpproxy.go | 72 +++++ .../v1/zz_generated.deepcopy.go | 55 ++++ apis/projectcontour/v1alpha1/contourconfig.go | 5 + .../v1alpha1/zz_generated.deepcopy.go | 5 + changelogs/unreleased/5575-yangyy93-minor.md | 3 + cmd/contour/serve.go | 3 + cmd/contour/servecontext.go | 1 + examples/contour/01-crds.yaml | 297 ++++++++++++++++++ examples/render/contour-deployment.yaml | 297 ++++++++++++++++++ .../render/contour-gateway-provisioner.yaml | 297 ++++++++++++++++++ examples/render/contour-gateway.yaml | 297 ++++++++++++++++++ examples/render/contour.yaml | 297 ++++++++++++++++++ internal/dag/dag.go | 15 + internal/dag/httpproxy_processor.go | 11 + internal/dag/policy.go | 76 +++++ internal/dag/policy_test.go | 154 +++++++++ internal/envoy/cluster.go | 27 ++ internal/envoy/v3/cluster.go | 49 +++ internal/envoy/v3/cluster_test.go | 104 ++++++ internal/protobuf/helpers.go | 5 + pkg/config/parameters.go | 4 + .../docs/main/config/api-reference.html | 266 ++++++++++++++-- 23 files changed, 2315 insertions(+), 29 deletions(-) create mode 100644 changelogs/unreleased/5575-yangyy93-minor.md diff --git a/apis/projectcontour/v1/detailedconditions.go b/apis/projectcontour/v1/detailedconditions.go index d7ac6e13856..2a2ebe08977 100644 --- a/apis/projectcontour/v1/detailedconditions.go +++ b/apis/projectcontour/v1/detailedconditions.go @@ -158,6 +158,10 @@ const ( // with an HTTPProxy resource which is not part of a delegation chain. ConditionTypeOrphanedError = "Orphaned" + // ConditionTypeOutlierDetectionError describes an error condition with + // an HTTPProxy Outlier Detection issue. + ConditionTypeOutlierDetectionError = "OutlierDetectionError" + // ConditionTypePrefixReplaceError describes an error condition with // an HTTPProxy path prefix replacement issue. ConditionTypePrefixReplaceError = "PrefixReplaceError" diff --git a/apis/projectcontour/v1/httpproxy.go b/apis/projectcontour/v1/httpproxy.go index 498be837a8b..9f1ce3bd626 100644 --- a/apis/projectcontour/v1/httpproxy.go +++ b/apis/projectcontour/v1/httpproxy.go @@ -1036,6 +1036,78 @@ type Service struct { // Slow start will gradually increase amount of traffic to a newly added endpoint. // +optional SlowStartPolicy *SlowStartPolicy `json:"slowStartPolicy,omitempty"` + // The policy for managing outlier detection on a service. + // If not specified, the global OutlierDetection policy will be used. + // +optional + OutlierDetection *OutlierDetection `json:"outlierDetection,omitempty"` +} + +// OutlierDetection defines the configuration for outlier detection on a service. +type OutlierDetection struct { + // Disabled configures the Service to not use + // the default global OutlierDetection policy defined by the Contour configuration. + // Defaults to false. + // +optional + Disabled bool `json:"disabled,omitempty" yaml:"disabled,omitempty"` + + // ConsecutiveServerErrors defines The number of consecutive server-side error responses before a consecutive 5xx ejection occurs. + // When the backend host encounters consecutive + // errors greater than or equal to ConsecutiveServerErrors, it will be + // ejected from the load balancing pool. + // for HTTP services, a 5xx counts as an error and for TCP services + // connection failures and connection timeouts count as an error. + // It can be disabled by setting the value to 0. + // Defaults to 5. + // +optional + ConsecutiveServerErrors *uint32 `json:"consecutiveServerErrors,omitempty" yaml:"consecutiveServerErrors,omitempty"` + + // Interval is the interval at which host status is evaluated. + // Defaults to 10s. + // +optional + // +kubebuilder:validation:Pattern=`^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$` + Interval *string `json:"interval,omitempty" yaml:"interval,omitempty"` + + // BaseEjectionTime is the base time that a host is ejected for. + // A host will remain ejected for a period of time equal to the + // product of the ejection base duration and the number of times the host has been ejected. + // Defaults to 30s. + // +optional + // +kubebuilder:validation:Pattern=`^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$` + BaseEjectionTime *string `json:"baseEjectionTime,omitempty" yaml:"baseEjectionTime,omitempty"` + + // MaxEjectionTime is the maximum time a host will be ejected for. + // After this amount of time, a host will be returned to normal operation. + // If not specified, the default value (300s) or BaseEjectionTime value is applied, whatever is larger. + // Defaults to 300s. + // +optional + // +kubebuilder:validation:Pattern=`^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$` + MaxEjectionTime *string `json:"maxEjectionTime,omitempty" yaml:"maxEjectionTime,omitempty"` + + // SplitExternalLocalOriginErrors defines whether to split the local origin errors from the external origin errors. + // Defaults to false. + // +optional + // +kubebuilder:default=false + SplitExternalLocalOriginErrors bool `json:"splitExternalLocalOriginErrors" yaml:"splitExternalLocalOriginErrors,omitempty"` + + // ConsecutiveLocalOriginFailure defines the number of consecutive local origin failures before a consecutive local origin ejection occurs. + // Parameters take effect only when SplitExternalLocalOriginErrors is true. + // Defaults to 5. + // +optional + ConsecutiveLocalOriginFailure *uint32 `json:"consecutiveLocalOriginFailure,omitempty" yaml:"consecutiveLocalOriginFailure,omitempty"` + + // MaxEjectionPercent is the max percentage of hosts in the load balancing pool for the upstream service that can be ejected. + // But will eject at least one host regardless of the value here. + // Defaults to 10%. + // +optional + // +kubebuilder:validation:Maximum=100 + MaxEjectionPercent *uint32 `json:"maxEjectionPercent,omitempty" yaml:"maxEjectionPercent,omitempty"` + + // MaxEjectionTimeJitter is The maximum amount of jitter to add to the ejection time, + // in order to prevent a ‘thundering herd’ effect where all proxies try to reconnect to host at the same time. + // Defaults to 0s. + // +optional + // +kubebuilder:validation:Pattern=`^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$` + MaxEjectionTimeJitter *string `json:"maxEjectionTimeJitter,omitempty" yaml:"maxEjectionTimeJitter,omitempty"` } // HTTPHealthCheckPolicy defines health checks on the upstream service. diff --git a/apis/projectcontour/v1/zz_generated.deepcopy.go b/apis/projectcontour/v1/zz_generated.deepcopy.go index 3c3537ef24e..88e948739ea 100644 --- a/apis/projectcontour/v1/zz_generated.deepcopy.go +++ b/apis/projectcontour/v1/zz_generated.deepcopy.go @@ -766,6 +766,56 @@ func (in *MatchCondition) DeepCopy() *MatchCondition { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OutlierDetection) DeepCopyInto(out *OutlierDetection) { + *out = *in + if in.ConsecutiveServerErrors != nil { + in, out := &in.ConsecutiveServerErrors, &out.ConsecutiveServerErrors + *out = new(uint32) + **out = **in + } + if in.Interval != nil { + in, out := &in.Interval, &out.Interval + *out = new(string) + **out = **in + } + if in.BaseEjectionTime != nil { + in, out := &in.BaseEjectionTime, &out.BaseEjectionTime + *out = new(string) + **out = **in + } + if in.MaxEjectionTime != nil { + in, out := &in.MaxEjectionTime, &out.MaxEjectionTime + *out = new(string) + **out = **in + } + if in.ConsecutiveLocalOriginFailure != nil { + in, out := &in.ConsecutiveLocalOriginFailure, &out.ConsecutiveLocalOriginFailure + *out = new(uint32) + **out = **in + } + if in.MaxEjectionPercent != nil { + in, out := &in.MaxEjectionPercent, &out.MaxEjectionPercent + *out = new(uint32) + **out = **in + } + if in.MaxEjectionTimeJitter != nil { + in, out := &in.MaxEjectionTimeJitter, &out.MaxEjectionTimeJitter + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutlierDetection. +func (in *OutlierDetection) DeepCopy() *OutlierDetection { + if in == nil { + return nil + } + out := new(OutlierDetection) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PathRewritePolicy) DeepCopyInto(out *PathRewritePolicy) { *out = *in @@ -1179,6 +1229,11 @@ func (in *Service) DeepCopyInto(out *Service) { *out = new(SlowStartPolicy) **out = **in } + if in.OutlierDetection != nil { + in, out := &in.OutlierDetection, &out.OutlierDetection + *out = new(OutlierDetection) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Service. diff --git a/apis/projectcontour/v1alpha1/contourconfig.go b/apis/projectcontour/v1alpha1/contourconfig.go index 015bcb8b6e2..79eac0f2680 100644 --- a/apis/projectcontour/v1alpha1/contourconfig.go +++ b/apis/projectcontour/v1alpha1/contourconfig.go @@ -85,6 +85,11 @@ type ContourConfigurationSpec struct { // Tracing defines properties for exporting trace data to OpenTelemetry. Tracing *TracingConfig `json:"tracing,omitempty"` + // GlobalOutlierDetection defines the configuration for outlier detection on all services. + // If defined, this will be used as the default for all services. + // +optional + GlobalOutlierDetection *contour_api_v1.OutlierDetection `json:"outlierDetection,omitempty"` + // FeatureFlags defines toggle to enable new contour features. // Available toggles are: // useEndpointSlices - configures contour to fetch endpoint data diff --git a/apis/projectcontour/v1alpha1/zz_generated.deepcopy.go b/apis/projectcontour/v1alpha1/zz_generated.deepcopy.go index 883fb38a893..a5a446e83ec 100644 --- a/apis/projectcontour/v1alpha1/zz_generated.deepcopy.go +++ b/apis/projectcontour/v1alpha1/zz_generated.deepcopy.go @@ -199,6 +199,11 @@ func (in *ContourConfigurationSpec) DeepCopyInto(out *ContourConfigurationSpec) *out = new(TracingConfig) (*in).DeepCopyInto(*out) } + if in.GlobalOutlierDetection != nil { + in, out := &in.GlobalOutlierDetection, &out.GlobalOutlierDetection + *out = new(v1.OutlierDetection) + (*in).DeepCopyInto(*out) + } if in.FeatureFlags != nil { in, out := &in.FeatureFlags, &out.FeatureFlags *out = make(FeatureFlags, len(*in)) diff --git a/changelogs/unreleased/5575-yangyy93-minor.md b/changelogs/unreleased/5575-yangyy93-minor.md new file mode 100644 index 00000000000..fb452b0646c --- /dev/null +++ b/changelogs/unreleased/5575-yangyy93-minor.md @@ -0,0 +1,3 @@ +## Add outlier detection related configuration detection for services + +Add [outlier detection](https://www.envoyproxy.io/docs/envoy/v1.26.3/intro/arch_overview/upstream/outlier#arch-overview-outlier-detection) related configuration detection for services, including consecutiveServerErrors and localOriginal errors, and passive health checks can be performed on clusters. diff --git a/cmd/contour/serve.go b/cmd/contour/serve.go index 6b9e90eedb2..44b4bc22c24 100644 --- a/cmd/contour/serve.go +++ b/cmd/contour/serve.go @@ -560,6 +560,7 @@ func (s *Server) doServe() error { globalRateLimitService: contourConfiguration.RateLimitService, maxRequestsPerConnection: contourConfiguration.Envoy.Cluster.MaxRequestsPerConnection, perConnectionBufferLimitBytes: contourConfiguration.Envoy.Cluster.PerConnectionBufferLimitBytes, + globalOutlierDetection: contourConfiguration.GlobalOutlierDetection, }) // Build the core Kubernetes event handler. @@ -1117,6 +1118,7 @@ type dagBuilderConfig struct { maxRequestsPerConnection *uint32 perConnectionBufferLimitBytes *uint32 globalRateLimitService *contour_api_v1alpha1.RateLimitServiceConfig + globalOutlierDetection *contour_api_v1.OutlierDetection } func (s *Server) getDAGBuilder(dbc dagBuilderConfig) *dag.Builder { @@ -1209,6 +1211,7 @@ func (s *Server) getDAGBuilder(dbc dagBuilderConfig) *dag.Builder { GlobalRateLimitService: dbc.globalRateLimitService, PerConnectionBufferLimitBytes: dbc.perConnectionBufferLimitBytes, SetSourceMetadataOnRoutes: true, + GlobalOutlierDetection: dbc.globalOutlierDetection, }, } diff --git a/cmd/contour/servecontext.go b/cmd/contour/servecontext.go index 7d14c2a94f4..03af5653391 100644 --- a/cmd/contour/servecontext.go +++ b/cmd/contour/servecontext.go @@ -590,6 +590,7 @@ func (ctx *serveContext) convertToContourConfigurationSpec() contour_api_v1alpha Policy: policy, Metrics: &contourMetrics, Tracing: tracingConfig, + GlobalOutlierDetection: ctx.Config.GlobalOutlierDetection, FeatureFlags: ctx.Config.FeatureFlags, } diff --git a/examples/contour/01-crds.yaml b/examples/contour/01-crds.yaml index 783ff7574f5..49db3a22531 100644 --- a/examples/contour/01-crds.yaml +++ b/examples/contour/01-crds.yaml @@ -666,6 +666,76 @@ spec: type: string type: object type: object + outlierDetection: + description: GlobalOutlierDetection defines the configuration for + outlier detection on all services. If defined, this will be used + as the default for all services. + properties: + baseEjectionTime: + description: BaseEjectionTime is the base time that a host is + ejected for. A host will remain ejected for a period of time + equal to the product of the ejection base duration and the number + of times the host has been ejected. Defaults to 30s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + consecutiveLocalOriginFailure: + description: ConsecutiveLocalOriginFailure defines the number + of consecutive local origin failures before a consecutive local + origin ejection occurs. Parameters take effect only when SplitExternalLocalOriginErrors + is true. Defaults to 5. + format: int32 + type: integer + consecutiveServerErrors: + description: ConsecutiveServerErrors defines The number of consecutive + server-side error responses before a consecutive 5xx ejection + occurs. When the backend host encounters consecutive errors + greater than or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. for HTTP services, a 5xx + counts as an error and for TCP services connection failures + and connection timeouts count as an error. It can be disabled + by setting the value to 0. Defaults to 5. + format: int32 + type: integer + disabled: + description: Disabled configures the Service to not use the default + global OutlierDetection policy defined by the Contour configuration. + Defaults to false. + type: boolean + interval: + description: Interval is the interval at which host status is + evaluated. Defaults to 10s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionPercent: + description: MaxEjectionPercent is the max percentage of hosts + in the load balancing pool for the upstream service that can + be ejected. But will eject at least one host regardless of the + value here. Defaults to 10%. + format: int32 + maximum: 100 + type: integer + maxEjectionTime: + description: MaxEjectionTime is the maximum time a host will be + ejected for. After this amount of time, a host will be returned + to normal operation. If not specified, the default value (300s) + or BaseEjectionTime value is applied, whatever is larger. Defaults + to 300s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionTimeJitter: + description: MaxEjectionTimeJitter is The maximum amount of jitter + to add to the ejection time, in order to prevent a ‘thundering + herd’ effect where all proxies try to reconnect to host at the + same time. Defaults to 0s. + pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + splitExternalLocalOriginErrors: + default: false + description: SplitExternalLocalOriginErrors defines whether to + split the local origin errors from the external origin errors. + Defaults to false. + type: boolean + type: object policy: description: Policy specifies default policy applied if not overridden by the user @@ -4150,6 +4220,79 @@ spec: type: string type: object type: object + outlierDetection: + description: GlobalOutlierDetection defines the configuration + for outlier detection on all services. If defined, this will + be used as the default for all services. + properties: + baseEjectionTime: + description: BaseEjectionTime is the base time that a host + is ejected for. A host will remain ejected for a period + of time equal to the product of the ejection base duration + and the number of times the host has been ejected. Defaults + to 30s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + consecutiveLocalOriginFailure: + description: ConsecutiveLocalOriginFailure defines the number + of consecutive local origin failures before a consecutive + local origin ejection occurs. Parameters take effect only + when SplitExternalLocalOriginErrors is true. Defaults to + 5. + format: int32 + type: integer + consecutiveServerErrors: + description: ConsecutiveServerErrors defines The number of + consecutive server-side error responses before a consecutive + 5xx ejection occurs. When the backend host encounters consecutive + errors greater than or equal to ConsecutiveServerErrors, + it will be ejected from the load balancing pool. for HTTP + services, a 5xx counts as an error and for TCP services + connection failures and connection timeouts count as an + error. It can be disabled by setting the value to 0. Defaults + to 5. + format: int32 + type: integer + disabled: + description: Disabled configures the Service to not use the + default global OutlierDetection policy defined by the Contour + configuration. Defaults to false. + type: boolean + interval: + description: Interval is the interval at which host status + is evaluated. Defaults to 10s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionPercent: + description: MaxEjectionPercent is the max percentage of hosts + in the load balancing pool for the upstream service that + can be ejected. But will eject at least one host regardless + of the value here. Defaults to 10%. + format: int32 + maximum: 100 + type: integer + maxEjectionTime: + description: MaxEjectionTime is the maximum time a host will + be ejected for. After this amount of time, a host will be + returned to normal operation. If not specified, the default + value (300s) or BaseEjectionTime value is applied, whatever + is larger. Defaults to 300s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionTimeJitter: + description: MaxEjectionTimeJitter is The maximum amount of + jitter to add to the ejection time, in order to prevent + a ‘thundering herd’ effect where all proxies try to reconnect + to host at the same time. Defaults to 0s. + pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + splitExternalLocalOriginErrors: + default: false + description: SplitExternalLocalOriginErrors defines whether + to split the local origin errors from the external origin + errors. Defaults to false. + type: boolean + type: object policy: description: Policy specifies default policy applied if not overridden by the user @@ -6282,6 +6425,83 @@ spec: up corresponding endpoints which contain the ips to route. type: string + outlierDetection: + description: The policy for managing outlier detection + on a service. If not specified, the global OutlierDetection + policy will be used. + properties: + baseEjectionTime: + description: BaseEjectionTime is the base time that + a host is ejected for. A host will remain ejected + for a period of time equal to the product of the + ejection base duration and the number of times the + host has been ejected. Defaults to 30s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + consecutiveLocalOriginFailure: + description: ConsecutiveLocalOriginFailure defines + the number of consecutive local origin failures + before a consecutive local origin ejection occurs. + Parameters take effect only when SplitExternalLocalOriginErrors + is true. Defaults to 5. + format: int32 + type: integer + consecutiveServerErrors: + description: ConsecutiveServerErrors defines The number + of consecutive server-side error responses before + a consecutive 5xx ejection occurs. When the backend + host encounters consecutive errors greater than + or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. for HTTP services, + a 5xx counts as an error and for TCP services connection + failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. Defaults + to 5. + format: int32 + type: integer + disabled: + description: Disabled configures the Service to not + use the default global OutlierDetection policy defined + by the Contour configuration. Defaults to false. + type: boolean + interval: + description: Interval is the interval at which host + status is evaluated. Defaults to 10s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionPercent: + description: MaxEjectionPercent is the max percentage + of hosts in the load balancing pool for the upstream + service that can be ejected. But will eject at least + one host regardless of the value here. Defaults + to 10%. + format: int32 + maximum: 100 + type: integer + maxEjectionTime: + description: MaxEjectionTime is the maximum time a + host will be ejected for. After this amount of time, + a host will be returned to normal operation. If + not specified, the default value (300s) or BaseEjectionTime + value is applied, whatever is larger. Defaults to + 300s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionTimeJitter: + description: MaxEjectionTimeJitter is The maximum + amount of jitter to add to the ejection time, in + order to prevent a ‘thundering herd’ effect where + all proxies try to reconnect to host at the same + time. Defaults to 0s. + pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + splitExternalLocalOriginErrors: + default: false + description: SplitExternalLocalOriginErrors defines + whether to split the local origin errors from the + external origin errors. Defaults to false. + type: boolean + type: object port: description: Port (defined as Integer) to proxy traffic to since a service can have multiple defined. @@ -6679,6 +6899,83 @@ spec: traffic. Names defined here will be used to look up corresponding endpoints which contain the ips to route. type: string + outlierDetection: + description: The policy for managing outlier detection on + a service. If not specified, the global OutlierDetection + policy will be used. + properties: + baseEjectionTime: + description: BaseEjectionTime is the base time that + a host is ejected for. A host will remain ejected + for a period of time equal to the product of the ejection + base duration and the number of times the host has + been ejected. Defaults to 30s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + consecutiveLocalOriginFailure: + description: ConsecutiveLocalOriginFailure defines the + number of consecutive local origin failures before + a consecutive local origin ejection occurs. Parameters + take effect only when SplitExternalLocalOriginErrors + is true. Defaults to 5. + format: int32 + type: integer + consecutiveServerErrors: + description: ConsecutiveServerErrors defines The number + of consecutive server-side error responses before + a consecutive 5xx ejection occurs. When the backend + host encounters consecutive errors greater than or + equal to ConsecutiveServerErrors, it will be ejected + from the load balancing pool. for HTTP services, a + 5xx counts as an error and for TCP services connection + failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. Defaults + to 5. + format: int32 + type: integer + disabled: + description: Disabled configures the Service to not + use the default global OutlierDetection policy defined + by the Contour configuration. Defaults to false. + type: boolean + interval: + description: Interval is the interval at which host + status is evaluated. Defaults to 10s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionPercent: + description: MaxEjectionPercent is the max percentage + of hosts in the load balancing pool for the upstream + service that can be ejected. But will eject at least + one host regardless of the value here. Defaults to + 10%. + format: int32 + maximum: 100 + type: integer + maxEjectionTime: + description: MaxEjectionTime is the maximum time a host + will be ejected for. After this amount of time, a + host will be returned to normal operation. If not + specified, the default value (300s) or BaseEjectionTime + value is applied, whatever is larger. Defaults to + 300s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionTimeJitter: + description: MaxEjectionTimeJitter is The maximum amount + of jitter to add to the ejection time, in order to + prevent a ‘thundering herd’ effect where all proxies + try to reconnect to host at the same time. Defaults + to 0s. + pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + splitExternalLocalOriginErrors: + default: false + description: SplitExternalLocalOriginErrors defines + whether to split the local origin errors from the + external origin errors. Defaults to false. + type: boolean + type: object port: description: Port (defined as Integer) to proxy traffic to since a service can have multiple defined. diff --git a/examples/render/contour-deployment.yaml b/examples/render/contour-deployment.yaml index 2020135a384..172573590fe 100644 --- a/examples/render/contour-deployment.yaml +++ b/examples/render/contour-deployment.yaml @@ -885,6 +885,76 @@ spec: type: string type: object type: object + outlierDetection: + description: GlobalOutlierDetection defines the configuration for + outlier detection on all services. If defined, this will be used + as the default for all services. + properties: + baseEjectionTime: + description: BaseEjectionTime is the base time that a host is + ejected for. A host will remain ejected for a period of time + equal to the product of the ejection base duration and the number + of times the host has been ejected. Defaults to 30s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + consecutiveLocalOriginFailure: + description: ConsecutiveLocalOriginFailure defines the number + of consecutive local origin failures before a consecutive local + origin ejection occurs. Parameters take effect only when SplitExternalLocalOriginErrors + is true. Defaults to 5. + format: int32 + type: integer + consecutiveServerErrors: + description: ConsecutiveServerErrors defines The number of consecutive + server-side error responses before a consecutive 5xx ejection + occurs. When the backend host encounters consecutive errors + greater than or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. for HTTP services, a 5xx + counts as an error and for TCP services connection failures + and connection timeouts count as an error. It can be disabled + by setting the value to 0. Defaults to 5. + format: int32 + type: integer + disabled: + description: Disabled configures the Service to not use the default + global OutlierDetection policy defined by the Contour configuration. + Defaults to false. + type: boolean + interval: + description: Interval is the interval at which host status is + evaluated. Defaults to 10s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionPercent: + description: MaxEjectionPercent is the max percentage of hosts + in the load balancing pool for the upstream service that can + be ejected. But will eject at least one host regardless of the + value here. Defaults to 10%. + format: int32 + maximum: 100 + type: integer + maxEjectionTime: + description: MaxEjectionTime is the maximum time a host will be + ejected for. After this amount of time, a host will be returned + to normal operation. If not specified, the default value (300s) + or BaseEjectionTime value is applied, whatever is larger. Defaults + to 300s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionTimeJitter: + description: MaxEjectionTimeJitter is The maximum amount of jitter + to add to the ejection time, in order to prevent a ‘thundering + herd’ effect where all proxies try to reconnect to host at the + same time. Defaults to 0s. + pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + splitExternalLocalOriginErrors: + default: false + description: SplitExternalLocalOriginErrors defines whether to + split the local origin errors from the external origin errors. + Defaults to false. + type: boolean + type: object policy: description: Policy specifies default policy applied if not overridden by the user @@ -4369,6 +4439,79 @@ spec: type: string type: object type: object + outlierDetection: + description: GlobalOutlierDetection defines the configuration + for outlier detection on all services. If defined, this will + be used as the default for all services. + properties: + baseEjectionTime: + description: BaseEjectionTime is the base time that a host + is ejected for. A host will remain ejected for a period + of time equal to the product of the ejection base duration + and the number of times the host has been ejected. Defaults + to 30s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + consecutiveLocalOriginFailure: + description: ConsecutiveLocalOriginFailure defines the number + of consecutive local origin failures before a consecutive + local origin ejection occurs. Parameters take effect only + when SplitExternalLocalOriginErrors is true. Defaults to + 5. + format: int32 + type: integer + consecutiveServerErrors: + description: ConsecutiveServerErrors defines The number of + consecutive server-side error responses before a consecutive + 5xx ejection occurs. When the backend host encounters consecutive + errors greater than or equal to ConsecutiveServerErrors, + it will be ejected from the load balancing pool. for HTTP + services, a 5xx counts as an error and for TCP services + connection failures and connection timeouts count as an + error. It can be disabled by setting the value to 0. Defaults + to 5. + format: int32 + type: integer + disabled: + description: Disabled configures the Service to not use the + default global OutlierDetection policy defined by the Contour + configuration. Defaults to false. + type: boolean + interval: + description: Interval is the interval at which host status + is evaluated. Defaults to 10s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionPercent: + description: MaxEjectionPercent is the max percentage of hosts + in the load balancing pool for the upstream service that + can be ejected. But will eject at least one host regardless + of the value here. Defaults to 10%. + format: int32 + maximum: 100 + type: integer + maxEjectionTime: + description: MaxEjectionTime is the maximum time a host will + be ejected for. After this amount of time, a host will be + returned to normal operation. If not specified, the default + value (300s) or BaseEjectionTime value is applied, whatever + is larger. Defaults to 300s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionTimeJitter: + description: MaxEjectionTimeJitter is The maximum amount of + jitter to add to the ejection time, in order to prevent + a ‘thundering herd’ effect where all proxies try to reconnect + to host at the same time. Defaults to 0s. + pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + splitExternalLocalOriginErrors: + default: false + description: SplitExternalLocalOriginErrors defines whether + to split the local origin errors from the external origin + errors. Defaults to false. + type: boolean + type: object policy: description: Policy specifies default policy applied if not overridden by the user @@ -6501,6 +6644,83 @@ spec: up corresponding endpoints which contain the ips to route. type: string + outlierDetection: + description: The policy for managing outlier detection + on a service. If not specified, the global OutlierDetection + policy will be used. + properties: + baseEjectionTime: + description: BaseEjectionTime is the base time that + a host is ejected for. A host will remain ejected + for a period of time equal to the product of the + ejection base duration and the number of times the + host has been ejected. Defaults to 30s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + consecutiveLocalOriginFailure: + description: ConsecutiveLocalOriginFailure defines + the number of consecutive local origin failures + before a consecutive local origin ejection occurs. + Parameters take effect only when SplitExternalLocalOriginErrors + is true. Defaults to 5. + format: int32 + type: integer + consecutiveServerErrors: + description: ConsecutiveServerErrors defines The number + of consecutive server-side error responses before + a consecutive 5xx ejection occurs. When the backend + host encounters consecutive errors greater than + or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. for HTTP services, + a 5xx counts as an error and for TCP services connection + failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. Defaults + to 5. + format: int32 + type: integer + disabled: + description: Disabled configures the Service to not + use the default global OutlierDetection policy defined + by the Contour configuration. Defaults to false. + type: boolean + interval: + description: Interval is the interval at which host + status is evaluated. Defaults to 10s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionPercent: + description: MaxEjectionPercent is the max percentage + of hosts in the load balancing pool for the upstream + service that can be ejected. But will eject at least + one host regardless of the value here. Defaults + to 10%. + format: int32 + maximum: 100 + type: integer + maxEjectionTime: + description: MaxEjectionTime is the maximum time a + host will be ejected for. After this amount of time, + a host will be returned to normal operation. If + not specified, the default value (300s) or BaseEjectionTime + value is applied, whatever is larger. Defaults to + 300s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionTimeJitter: + description: MaxEjectionTimeJitter is The maximum + amount of jitter to add to the ejection time, in + order to prevent a ‘thundering herd’ effect where + all proxies try to reconnect to host at the same + time. Defaults to 0s. + pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + splitExternalLocalOriginErrors: + default: false + description: SplitExternalLocalOriginErrors defines + whether to split the local origin errors from the + external origin errors. Defaults to false. + type: boolean + type: object port: description: Port (defined as Integer) to proxy traffic to since a service can have multiple defined. @@ -6898,6 +7118,83 @@ spec: traffic. Names defined here will be used to look up corresponding endpoints which contain the ips to route. type: string + outlierDetection: + description: The policy for managing outlier detection on + a service. If not specified, the global OutlierDetection + policy will be used. + properties: + baseEjectionTime: + description: BaseEjectionTime is the base time that + a host is ejected for. A host will remain ejected + for a period of time equal to the product of the ejection + base duration and the number of times the host has + been ejected. Defaults to 30s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + consecutiveLocalOriginFailure: + description: ConsecutiveLocalOriginFailure defines the + number of consecutive local origin failures before + a consecutive local origin ejection occurs. Parameters + take effect only when SplitExternalLocalOriginErrors + is true. Defaults to 5. + format: int32 + type: integer + consecutiveServerErrors: + description: ConsecutiveServerErrors defines The number + of consecutive server-side error responses before + a consecutive 5xx ejection occurs. When the backend + host encounters consecutive errors greater than or + equal to ConsecutiveServerErrors, it will be ejected + from the load balancing pool. for HTTP services, a + 5xx counts as an error and for TCP services connection + failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. Defaults + to 5. + format: int32 + type: integer + disabled: + description: Disabled configures the Service to not + use the default global OutlierDetection policy defined + by the Contour configuration. Defaults to false. + type: boolean + interval: + description: Interval is the interval at which host + status is evaluated. Defaults to 10s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionPercent: + description: MaxEjectionPercent is the max percentage + of hosts in the load balancing pool for the upstream + service that can be ejected. But will eject at least + one host regardless of the value here. Defaults to + 10%. + format: int32 + maximum: 100 + type: integer + maxEjectionTime: + description: MaxEjectionTime is the maximum time a host + will be ejected for. After this amount of time, a + host will be returned to normal operation. If not + specified, the default value (300s) or BaseEjectionTime + value is applied, whatever is larger. Defaults to + 300s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionTimeJitter: + description: MaxEjectionTimeJitter is The maximum amount + of jitter to add to the ejection time, in order to + prevent a ‘thundering herd’ effect where all proxies + try to reconnect to host at the same time. Defaults + to 0s. + pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + splitExternalLocalOriginErrors: + default: false + description: SplitExternalLocalOriginErrors defines + whether to split the local origin errors from the + external origin errors. Defaults to false. + type: boolean + type: object port: description: Port (defined as Integer) to proxy traffic to since a service can have multiple defined. diff --git a/examples/render/contour-gateway-provisioner.yaml b/examples/render/contour-gateway-provisioner.yaml index f0065dfc379..23ffabe3a3e 100644 --- a/examples/render/contour-gateway-provisioner.yaml +++ b/examples/render/contour-gateway-provisioner.yaml @@ -677,6 +677,76 @@ spec: type: string type: object type: object + outlierDetection: + description: GlobalOutlierDetection defines the configuration for + outlier detection on all services. If defined, this will be used + as the default for all services. + properties: + baseEjectionTime: + description: BaseEjectionTime is the base time that a host is + ejected for. A host will remain ejected for a period of time + equal to the product of the ejection base duration and the number + of times the host has been ejected. Defaults to 30s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + consecutiveLocalOriginFailure: + description: ConsecutiveLocalOriginFailure defines the number + of consecutive local origin failures before a consecutive local + origin ejection occurs. Parameters take effect only when SplitExternalLocalOriginErrors + is true. Defaults to 5. + format: int32 + type: integer + consecutiveServerErrors: + description: ConsecutiveServerErrors defines The number of consecutive + server-side error responses before a consecutive 5xx ejection + occurs. When the backend host encounters consecutive errors + greater than or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. for HTTP services, a 5xx + counts as an error and for TCP services connection failures + and connection timeouts count as an error. It can be disabled + by setting the value to 0. Defaults to 5. + format: int32 + type: integer + disabled: + description: Disabled configures the Service to not use the default + global OutlierDetection policy defined by the Contour configuration. + Defaults to false. + type: boolean + interval: + description: Interval is the interval at which host status is + evaluated. Defaults to 10s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionPercent: + description: MaxEjectionPercent is the max percentage of hosts + in the load balancing pool for the upstream service that can + be ejected. But will eject at least one host regardless of the + value here. Defaults to 10%. + format: int32 + maximum: 100 + type: integer + maxEjectionTime: + description: MaxEjectionTime is the maximum time a host will be + ejected for. After this amount of time, a host will be returned + to normal operation. If not specified, the default value (300s) + or BaseEjectionTime value is applied, whatever is larger. Defaults + to 300s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionTimeJitter: + description: MaxEjectionTimeJitter is The maximum amount of jitter + to add to the ejection time, in order to prevent a ‘thundering + herd’ effect where all proxies try to reconnect to host at the + same time. Defaults to 0s. + pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + splitExternalLocalOriginErrors: + default: false + description: SplitExternalLocalOriginErrors defines whether to + split the local origin errors from the external origin errors. + Defaults to false. + type: boolean + type: object policy: description: Policy specifies default policy applied if not overridden by the user @@ -4161,6 +4231,79 @@ spec: type: string type: object type: object + outlierDetection: + description: GlobalOutlierDetection defines the configuration + for outlier detection on all services. If defined, this will + be used as the default for all services. + properties: + baseEjectionTime: + description: BaseEjectionTime is the base time that a host + is ejected for. A host will remain ejected for a period + of time equal to the product of the ejection base duration + and the number of times the host has been ejected. Defaults + to 30s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + consecutiveLocalOriginFailure: + description: ConsecutiveLocalOriginFailure defines the number + of consecutive local origin failures before a consecutive + local origin ejection occurs. Parameters take effect only + when SplitExternalLocalOriginErrors is true. Defaults to + 5. + format: int32 + type: integer + consecutiveServerErrors: + description: ConsecutiveServerErrors defines The number of + consecutive server-side error responses before a consecutive + 5xx ejection occurs. When the backend host encounters consecutive + errors greater than or equal to ConsecutiveServerErrors, + it will be ejected from the load balancing pool. for HTTP + services, a 5xx counts as an error and for TCP services + connection failures and connection timeouts count as an + error. It can be disabled by setting the value to 0. Defaults + to 5. + format: int32 + type: integer + disabled: + description: Disabled configures the Service to not use the + default global OutlierDetection policy defined by the Contour + configuration. Defaults to false. + type: boolean + interval: + description: Interval is the interval at which host status + is evaluated. Defaults to 10s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionPercent: + description: MaxEjectionPercent is the max percentage of hosts + in the load balancing pool for the upstream service that + can be ejected. But will eject at least one host regardless + of the value here. Defaults to 10%. + format: int32 + maximum: 100 + type: integer + maxEjectionTime: + description: MaxEjectionTime is the maximum time a host will + be ejected for. After this amount of time, a host will be + returned to normal operation. If not specified, the default + value (300s) or BaseEjectionTime value is applied, whatever + is larger. Defaults to 300s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionTimeJitter: + description: MaxEjectionTimeJitter is The maximum amount of + jitter to add to the ejection time, in order to prevent + a ‘thundering herd’ effect where all proxies try to reconnect + to host at the same time. Defaults to 0s. + pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + splitExternalLocalOriginErrors: + default: false + description: SplitExternalLocalOriginErrors defines whether + to split the local origin errors from the external origin + errors. Defaults to false. + type: boolean + type: object policy: description: Policy specifies default policy applied if not overridden by the user @@ -6293,6 +6436,83 @@ spec: up corresponding endpoints which contain the ips to route. type: string + outlierDetection: + description: The policy for managing outlier detection + on a service. If not specified, the global OutlierDetection + policy will be used. + properties: + baseEjectionTime: + description: BaseEjectionTime is the base time that + a host is ejected for. A host will remain ejected + for a period of time equal to the product of the + ejection base duration and the number of times the + host has been ejected. Defaults to 30s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + consecutiveLocalOriginFailure: + description: ConsecutiveLocalOriginFailure defines + the number of consecutive local origin failures + before a consecutive local origin ejection occurs. + Parameters take effect only when SplitExternalLocalOriginErrors + is true. Defaults to 5. + format: int32 + type: integer + consecutiveServerErrors: + description: ConsecutiveServerErrors defines The number + of consecutive server-side error responses before + a consecutive 5xx ejection occurs. When the backend + host encounters consecutive errors greater than + or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. for HTTP services, + a 5xx counts as an error and for TCP services connection + failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. Defaults + to 5. + format: int32 + type: integer + disabled: + description: Disabled configures the Service to not + use the default global OutlierDetection policy defined + by the Contour configuration. Defaults to false. + type: boolean + interval: + description: Interval is the interval at which host + status is evaluated. Defaults to 10s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionPercent: + description: MaxEjectionPercent is the max percentage + of hosts in the load balancing pool for the upstream + service that can be ejected. But will eject at least + one host regardless of the value here. Defaults + to 10%. + format: int32 + maximum: 100 + type: integer + maxEjectionTime: + description: MaxEjectionTime is the maximum time a + host will be ejected for. After this amount of time, + a host will be returned to normal operation. If + not specified, the default value (300s) or BaseEjectionTime + value is applied, whatever is larger. Defaults to + 300s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionTimeJitter: + description: MaxEjectionTimeJitter is The maximum + amount of jitter to add to the ejection time, in + order to prevent a ‘thundering herd’ effect where + all proxies try to reconnect to host at the same + time. Defaults to 0s. + pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + splitExternalLocalOriginErrors: + default: false + description: SplitExternalLocalOriginErrors defines + whether to split the local origin errors from the + external origin errors. Defaults to false. + type: boolean + type: object port: description: Port (defined as Integer) to proxy traffic to since a service can have multiple defined. @@ -6690,6 +6910,83 @@ spec: traffic. Names defined here will be used to look up corresponding endpoints which contain the ips to route. type: string + outlierDetection: + description: The policy for managing outlier detection on + a service. If not specified, the global OutlierDetection + policy will be used. + properties: + baseEjectionTime: + description: BaseEjectionTime is the base time that + a host is ejected for. A host will remain ejected + for a period of time equal to the product of the ejection + base duration and the number of times the host has + been ejected. Defaults to 30s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + consecutiveLocalOriginFailure: + description: ConsecutiveLocalOriginFailure defines the + number of consecutive local origin failures before + a consecutive local origin ejection occurs. Parameters + take effect only when SplitExternalLocalOriginErrors + is true. Defaults to 5. + format: int32 + type: integer + consecutiveServerErrors: + description: ConsecutiveServerErrors defines The number + of consecutive server-side error responses before + a consecutive 5xx ejection occurs. When the backend + host encounters consecutive errors greater than or + equal to ConsecutiveServerErrors, it will be ejected + from the load balancing pool. for HTTP services, a + 5xx counts as an error and for TCP services connection + failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. Defaults + to 5. + format: int32 + type: integer + disabled: + description: Disabled configures the Service to not + use the default global OutlierDetection policy defined + by the Contour configuration. Defaults to false. + type: boolean + interval: + description: Interval is the interval at which host + status is evaluated. Defaults to 10s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionPercent: + description: MaxEjectionPercent is the max percentage + of hosts in the load balancing pool for the upstream + service that can be ejected. But will eject at least + one host regardless of the value here. Defaults to + 10%. + format: int32 + maximum: 100 + type: integer + maxEjectionTime: + description: MaxEjectionTime is the maximum time a host + will be ejected for. After this amount of time, a + host will be returned to normal operation. If not + specified, the default value (300s) or BaseEjectionTime + value is applied, whatever is larger. Defaults to + 300s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionTimeJitter: + description: MaxEjectionTimeJitter is The maximum amount + of jitter to add to the ejection time, in order to + prevent a ‘thundering herd’ effect where all proxies + try to reconnect to host at the same time. Defaults + to 0s. + pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + splitExternalLocalOriginErrors: + default: false + description: SplitExternalLocalOriginErrors defines + whether to split the local origin errors from the + external origin errors. Defaults to false. + type: boolean + type: object port: description: Port (defined as Integer) to proxy traffic to since a service can have multiple defined. diff --git a/examples/render/contour-gateway.yaml b/examples/render/contour-gateway.yaml index f4a9db215f3..dd88d67930c 100644 --- a/examples/render/contour-gateway.yaml +++ b/examples/render/contour-gateway.yaml @@ -888,6 +888,76 @@ spec: type: string type: object type: object + outlierDetection: + description: GlobalOutlierDetection defines the configuration for + outlier detection on all services. If defined, this will be used + as the default for all services. + properties: + baseEjectionTime: + description: BaseEjectionTime is the base time that a host is + ejected for. A host will remain ejected for a period of time + equal to the product of the ejection base duration and the number + of times the host has been ejected. Defaults to 30s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + consecutiveLocalOriginFailure: + description: ConsecutiveLocalOriginFailure defines the number + of consecutive local origin failures before a consecutive local + origin ejection occurs. Parameters take effect only when SplitExternalLocalOriginErrors + is true. Defaults to 5. + format: int32 + type: integer + consecutiveServerErrors: + description: ConsecutiveServerErrors defines The number of consecutive + server-side error responses before a consecutive 5xx ejection + occurs. When the backend host encounters consecutive errors + greater than or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. for HTTP services, a 5xx + counts as an error and for TCP services connection failures + and connection timeouts count as an error. It can be disabled + by setting the value to 0. Defaults to 5. + format: int32 + type: integer + disabled: + description: Disabled configures the Service to not use the default + global OutlierDetection policy defined by the Contour configuration. + Defaults to false. + type: boolean + interval: + description: Interval is the interval at which host status is + evaluated. Defaults to 10s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionPercent: + description: MaxEjectionPercent is the max percentage of hosts + in the load balancing pool for the upstream service that can + be ejected. But will eject at least one host regardless of the + value here. Defaults to 10%. + format: int32 + maximum: 100 + type: integer + maxEjectionTime: + description: MaxEjectionTime is the maximum time a host will be + ejected for. After this amount of time, a host will be returned + to normal operation. If not specified, the default value (300s) + or BaseEjectionTime value is applied, whatever is larger. Defaults + to 300s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionTimeJitter: + description: MaxEjectionTimeJitter is The maximum amount of jitter + to add to the ejection time, in order to prevent a ‘thundering + herd’ effect where all proxies try to reconnect to host at the + same time. Defaults to 0s. + pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + splitExternalLocalOriginErrors: + default: false + description: SplitExternalLocalOriginErrors defines whether to + split the local origin errors from the external origin errors. + Defaults to false. + type: boolean + type: object policy: description: Policy specifies default policy applied if not overridden by the user @@ -4372,6 +4442,79 @@ spec: type: string type: object type: object + outlierDetection: + description: GlobalOutlierDetection defines the configuration + for outlier detection on all services. If defined, this will + be used as the default for all services. + properties: + baseEjectionTime: + description: BaseEjectionTime is the base time that a host + is ejected for. A host will remain ejected for a period + of time equal to the product of the ejection base duration + and the number of times the host has been ejected. Defaults + to 30s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + consecutiveLocalOriginFailure: + description: ConsecutiveLocalOriginFailure defines the number + of consecutive local origin failures before a consecutive + local origin ejection occurs. Parameters take effect only + when SplitExternalLocalOriginErrors is true. Defaults to + 5. + format: int32 + type: integer + consecutiveServerErrors: + description: ConsecutiveServerErrors defines The number of + consecutive server-side error responses before a consecutive + 5xx ejection occurs. When the backend host encounters consecutive + errors greater than or equal to ConsecutiveServerErrors, + it will be ejected from the load balancing pool. for HTTP + services, a 5xx counts as an error and for TCP services + connection failures and connection timeouts count as an + error. It can be disabled by setting the value to 0. Defaults + to 5. + format: int32 + type: integer + disabled: + description: Disabled configures the Service to not use the + default global OutlierDetection policy defined by the Contour + configuration. Defaults to false. + type: boolean + interval: + description: Interval is the interval at which host status + is evaluated. Defaults to 10s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionPercent: + description: MaxEjectionPercent is the max percentage of hosts + in the load balancing pool for the upstream service that + can be ejected. But will eject at least one host regardless + of the value here. Defaults to 10%. + format: int32 + maximum: 100 + type: integer + maxEjectionTime: + description: MaxEjectionTime is the maximum time a host will + be ejected for. After this amount of time, a host will be + returned to normal operation. If not specified, the default + value (300s) or BaseEjectionTime value is applied, whatever + is larger. Defaults to 300s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionTimeJitter: + description: MaxEjectionTimeJitter is The maximum amount of + jitter to add to the ejection time, in order to prevent + a ‘thundering herd’ effect where all proxies try to reconnect + to host at the same time. Defaults to 0s. + pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + splitExternalLocalOriginErrors: + default: false + description: SplitExternalLocalOriginErrors defines whether + to split the local origin errors from the external origin + errors. Defaults to false. + type: boolean + type: object policy: description: Policy specifies default policy applied if not overridden by the user @@ -6504,6 +6647,83 @@ spec: up corresponding endpoints which contain the ips to route. type: string + outlierDetection: + description: The policy for managing outlier detection + on a service. If not specified, the global OutlierDetection + policy will be used. + properties: + baseEjectionTime: + description: BaseEjectionTime is the base time that + a host is ejected for. A host will remain ejected + for a period of time equal to the product of the + ejection base duration and the number of times the + host has been ejected. Defaults to 30s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + consecutiveLocalOriginFailure: + description: ConsecutiveLocalOriginFailure defines + the number of consecutive local origin failures + before a consecutive local origin ejection occurs. + Parameters take effect only when SplitExternalLocalOriginErrors + is true. Defaults to 5. + format: int32 + type: integer + consecutiveServerErrors: + description: ConsecutiveServerErrors defines The number + of consecutive server-side error responses before + a consecutive 5xx ejection occurs. When the backend + host encounters consecutive errors greater than + or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. for HTTP services, + a 5xx counts as an error and for TCP services connection + failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. Defaults + to 5. + format: int32 + type: integer + disabled: + description: Disabled configures the Service to not + use the default global OutlierDetection policy defined + by the Contour configuration. Defaults to false. + type: boolean + interval: + description: Interval is the interval at which host + status is evaluated. Defaults to 10s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionPercent: + description: MaxEjectionPercent is the max percentage + of hosts in the load balancing pool for the upstream + service that can be ejected. But will eject at least + one host regardless of the value here. Defaults + to 10%. + format: int32 + maximum: 100 + type: integer + maxEjectionTime: + description: MaxEjectionTime is the maximum time a + host will be ejected for. After this amount of time, + a host will be returned to normal operation. If + not specified, the default value (300s) or BaseEjectionTime + value is applied, whatever is larger. Defaults to + 300s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionTimeJitter: + description: MaxEjectionTimeJitter is The maximum + amount of jitter to add to the ejection time, in + order to prevent a ‘thundering herd’ effect where + all proxies try to reconnect to host at the same + time. Defaults to 0s. + pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + splitExternalLocalOriginErrors: + default: false + description: SplitExternalLocalOriginErrors defines + whether to split the local origin errors from the + external origin errors. Defaults to false. + type: boolean + type: object port: description: Port (defined as Integer) to proxy traffic to since a service can have multiple defined. @@ -6901,6 +7121,83 @@ spec: traffic. Names defined here will be used to look up corresponding endpoints which contain the ips to route. type: string + outlierDetection: + description: The policy for managing outlier detection on + a service. If not specified, the global OutlierDetection + policy will be used. + properties: + baseEjectionTime: + description: BaseEjectionTime is the base time that + a host is ejected for. A host will remain ejected + for a period of time equal to the product of the ejection + base duration and the number of times the host has + been ejected. Defaults to 30s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + consecutiveLocalOriginFailure: + description: ConsecutiveLocalOriginFailure defines the + number of consecutive local origin failures before + a consecutive local origin ejection occurs. Parameters + take effect only when SplitExternalLocalOriginErrors + is true. Defaults to 5. + format: int32 + type: integer + consecutiveServerErrors: + description: ConsecutiveServerErrors defines The number + of consecutive server-side error responses before + a consecutive 5xx ejection occurs. When the backend + host encounters consecutive errors greater than or + equal to ConsecutiveServerErrors, it will be ejected + from the load balancing pool. for HTTP services, a + 5xx counts as an error and for TCP services connection + failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. Defaults + to 5. + format: int32 + type: integer + disabled: + description: Disabled configures the Service to not + use the default global OutlierDetection policy defined + by the Contour configuration. Defaults to false. + type: boolean + interval: + description: Interval is the interval at which host + status is evaluated. Defaults to 10s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionPercent: + description: MaxEjectionPercent is the max percentage + of hosts in the load balancing pool for the upstream + service that can be ejected. But will eject at least + one host regardless of the value here. Defaults to + 10%. + format: int32 + maximum: 100 + type: integer + maxEjectionTime: + description: MaxEjectionTime is the maximum time a host + will be ejected for. After this amount of time, a + host will be returned to normal operation. If not + specified, the default value (300s) or BaseEjectionTime + value is applied, whatever is larger. Defaults to + 300s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionTimeJitter: + description: MaxEjectionTimeJitter is The maximum amount + of jitter to add to the ejection time, in order to + prevent a ‘thundering herd’ effect where all proxies + try to reconnect to host at the same time. Defaults + to 0s. + pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + splitExternalLocalOriginErrors: + default: false + description: SplitExternalLocalOriginErrors defines + whether to split the local origin errors from the + external origin errors. Defaults to false. + type: boolean + type: object port: description: Port (defined as Integer) to proxy traffic to since a service can have multiple defined. diff --git a/examples/render/contour.yaml b/examples/render/contour.yaml index 3f24568201b..173ee01acf1 100644 --- a/examples/render/contour.yaml +++ b/examples/render/contour.yaml @@ -885,6 +885,76 @@ spec: type: string type: object type: object + outlierDetection: + description: GlobalOutlierDetection defines the configuration for + outlier detection on all services. If defined, this will be used + as the default for all services. + properties: + baseEjectionTime: + description: BaseEjectionTime is the base time that a host is + ejected for. A host will remain ejected for a period of time + equal to the product of the ejection base duration and the number + of times the host has been ejected. Defaults to 30s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + consecutiveLocalOriginFailure: + description: ConsecutiveLocalOriginFailure defines the number + of consecutive local origin failures before a consecutive local + origin ejection occurs. Parameters take effect only when SplitExternalLocalOriginErrors + is true. Defaults to 5. + format: int32 + type: integer + consecutiveServerErrors: + description: ConsecutiveServerErrors defines The number of consecutive + server-side error responses before a consecutive 5xx ejection + occurs. When the backend host encounters consecutive errors + greater than or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. for HTTP services, a 5xx + counts as an error and for TCP services connection failures + and connection timeouts count as an error. It can be disabled + by setting the value to 0. Defaults to 5. + format: int32 + type: integer + disabled: + description: Disabled configures the Service to not use the default + global OutlierDetection policy defined by the Contour configuration. + Defaults to false. + type: boolean + interval: + description: Interval is the interval at which host status is + evaluated. Defaults to 10s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionPercent: + description: MaxEjectionPercent is the max percentage of hosts + in the load balancing pool for the upstream service that can + be ejected. But will eject at least one host regardless of the + value here. Defaults to 10%. + format: int32 + maximum: 100 + type: integer + maxEjectionTime: + description: MaxEjectionTime is the maximum time a host will be + ejected for. After this amount of time, a host will be returned + to normal operation. If not specified, the default value (300s) + or BaseEjectionTime value is applied, whatever is larger. Defaults + to 300s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionTimeJitter: + description: MaxEjectionTimeJitter is The maximum amount of jitter + to add to the ejection time, in order to prevent a ‘thundering + herd’ effect where all proxies try to reconnect to host at the + same time. Defaults to 0s. + pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + splitExternalLocalOriginErrors: + default: false + description: SplitExternalLocalOriginErrors defines whether to + split the local origin errors from the external origin errors. + Defaults to false. + type: boolean + type: object policy: description: Policy specifies default policy applied if not overridden by the user @@ -4369,6 +4439,79 @@ spec: type: string type: object type: object + outlierDetection: + description: GlobalOutlierDetection defines the configuration + for outlier detection on all services. If defined, this will + be used as the default for all services. + properties: + baseEjectionTime: + description: BaseEjectionTime is the base time that a host + is ejected for. A host will remain ejected for a period + of time equal to the product of the ejection base duration + and the number of times the host has been ejected. Defaults + to 30s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + consecutiveLocalOriginFailure: + description: ConsecutiveLocalOriginFailure defines the number + of consecutive local origin failures before a consecutive + local origin ejection occurs. Parameters take effect only + when SplitExternalLocalOriginErrors is true. Defaults to + 5. + format: int32 + type: integer + consecutiveServerErrors: + description: ConsecutiveServerErrors defines The number of + consecutive server-side error responses before a consecutive + 5xx ejection occurs. When the backend host encounters consecutive + errors greater than or equal to ConsecutiveServerErrors, + it will be ejected from the load balancing pool. for HTTP + services, a 5xx counts as an error and for TCP services + connection failures and connection timeouts count as an + error. It can be disabled by setting the value to 0. Defaults + to 5. + format: int32 + type: integer + disabled: + description: Disabled configures the Service to not use the + default global OutlierDetection policy defined by the Contour + configuration. Defaults to false. + type: boolean + interval: + description: Interval is the interval at which host status + is evaluated. Defaults to 10s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionPercent: + description: MaxEjectionPercent is the max percentage of hosts + in the load balancing pool for the upstream service that + can be ejected. But will eject at least one host regardless + of the value here. Defaults to 10%. + format: int32 + maximum: 100 + type: integer + maxEjectionTime: + description: MaxEjectionTime is the maximum time a host will + be ejected for. After this amount of time, a host will be + returned to normal operation. If not specified, the default + value (300s) or BaseEjectionTime value is applied, whatever + is larger. Defaults to 300s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionTimeJitter: + description: MaxEjectionTimeJitter is The maximum amount of + jitter to add to the ejection time, in order to prevent + a ‘thundering herd’ effect where all proxies try to reconnect + to host at the same time. Defaults to 0s. + pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + splitExternalLocalOriginErrors: + default: false + description: SplitExternalLocalOriginErrors defines whether + to split the local origin errors from the external origin + errors. Defaults to false. + type: boolean + type: object policy: description: Policy specifies default policy applied if not overridden by the user @@ -6501,6 +6644,83 @@ spec: up corresponding endpoints which contain the ips to route. type: string + outlierDetection: + description: The policy for managing outlier detection + on a service. If not specified, the global OutlierDetection + policy will be used. + properties: + baseEjectionTime: + description: BaseEjectionTime is the base time that + a host is ejected for. A host will remain ejected + for a period of time equal to the product of the + ejection base duration and the number of times the + host has been ejected. Defaults to 30s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + consecutiveLocalOriginFailure: + description: ConsecutiveLocalOriginFailure defines + the number of consecutive local origin failures + before a consecutive local origin ejection occurs. + Parameters take effect only when SplitExternalLocalOriginErrors + is true. Defaults to 5. + format: int32 + type: integer + consecutiveServerErrors: + description: ConsecutiveServerErrors defines The number + of consecutive server-side error responses before + a consecutive 5xx ejection occurs. When the backend + host encounters consecutive errors greater than + or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. for HTTP services, + a 5xx counts as an error and for TCP services connection + failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. Defaults + to 5. + format: int32 + type: integer + disabled: + description: Disabled configures the Service to not + use the default global OutlierDetection policy defined + by the Contour configuration. Defaults to false. + type: boolean + interval: + description: Interval is the interval at which host + status is evaluated. Defaults to 10s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionPercent: + description: MaxEjectionPercent is the max percentage + of hosts in the load balancing pool for the upstream + service that can be ejected. But will eject at least + one host regardless of the value here. Defaults + to 10%. + format: int32 + maximum: 100 + type: integer + maxEjectionTime: + description: MaxEjectionTime is the maximum time a + host will be ejected for. After this amount of time, + a host will be returned to normal operation. If + not specified, the default value (300s) or BaseEjectionTime + value is applied, whatever is larger. Defaults to + 300s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionTimeJitter: + description: MaxEjectionTimeJitter is The maximum + amount of jitter to add to the ejection time, in + order to prevent a ‘thundering herd’ effect where + all proxies try to reconnect to host at the same + time. Defaults to 0s. + pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + splitExternalLocalOriginErrors: + default: false + description: SplitExternalLocalOriginErrors defines + whether to split the local origin errors from the + external origin errors. Defaults to false. + type: boolean + type: object port: description: Port (defined as Integer) to proxy traffic to since a service can have multiple defined. @@ -6898,6 +7118,83 @@ spec: traffic. Names defined here will be used to look up corresponding endpoints which contain the ips to route. type: string + outlierDetection: + description: The policy for managing outlier detection on + a service. If not specified, the global OutlierDetection + policy will be used. + properties: + baseEjectionTime: + description: BaseEjectionTime is the base time that + a host is ejected for. A host will remain ejected + for a period of time equal to the product of the ejection + base duration and the number of times the host has + been ejected. Defaults to 30s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + consecutiveLocalOriginFailure: + description: ConsecutiveLocalOriginFailure defines the + number of consecutive local origin failures before + a consecutive local origin ejection occurs. Parameters + take effect only when SplitExternalLocalOriginErrors + is true. Defaults to 5. + format: int32 + type: integer + consecutiveServerErrors: + description: ConsecutiveServerErrors defines The number + of consecutive server-side error responses before + a consecutive 5xx ejection occurs. When the backend + host encounters consecutive errors greater than or + equal to ConsecutiveServerErrors, it will be ejected + from the load balancing pool. for HTTP services, a + 5xx counts as an error and for TCP services connection + failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. Defaults + to 5. + format: int32 + type: integer + disabled: + description: Disabled configures the Service to not + use the default global OutlierDetection policy defined + by the Contour configuration. Defaults to false. + type: boolean + interval: + description: Interval is the interval at which host + status is evaluated. Defaults to 10s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionPercent: + description: MaxEjectionPercent is the max percentage + of hosts in the load balancing pool for the upstream + service that can be ejected. But will eject at least + one host regardless of the value here. Defaults to + 10%. + format: int32 + maximum: 100 + type: integer + maxEjectionTime: + description: MaxEjectionTime is the maximum time a host + will be ejected for. After this amount of time, a + host will be returned to normal operation. If not + specified, the default value (300s) or BaseEjectionTime + value is applied, whatever is larger. Defaults to + 300s. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + maxEjectionTimeJitter: + description: MaxEjectionTimeJitter is The maximum amount + of jitter to add to the ejection time, in order to + prevent a ‘thundering herd’ effect where all proxies + try to reconnect to host at the same time. Defaults + to 0s. + pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ + type: string + splitExternalLocalOriginErrors: + default: false + description: SplitExternalLocalOriginErrors defines + whether to split the local origin errors from the + external origin errors. Defaults to false. + type: boolean + type: object port: description: Port (defined as Integer) to proxy traffic to since a service can have multiple defined. diff --git a/internal/dag/dag.go b/internal/dag/dag.go index aea888e4b16..6d80421d099 100644 --- a/internal/dag/dag.go +++ b/internal/dag/dag.go @@ -1040,6 +1040,9 @@ type Cluster struct { // PerConnectionBufferLimitBytes defines the soft limit on size of the cluster’s new connection read and write buffers. PerConnectionBufferLimitBytes *uint32 + + // OutlierDetection defines how to detect unhealthy hosts in the cluster, and evict them. + OutlierDetectionPolicy *OutlierDetectionPolicy } // WeightedService represents the load balancing weight of a @@ -1260,3 +1263,15 @@ type SlowStartConfig struct { func (s *SlowStartConfig) String() string { return fmt.Sprintf("%s%f%d", s.Window.String(), s.Aggression, s.MinWeightPercent) } + +// OutlierDetectionPolicy holds configuration for outlier detection. +type OutlierDetectionPolicy struct { + ConsecutiveServerErrors uint32 + Interval time.Duration + BaseEjectionTime time.Duration + MaxEjectionTime time.Duration + SplitExternalLocalOriginErrors bool + ConsecutiveLocalOriginFailure uint32 + MaxEjectionPercent uint32 + MaxEjectionTimeJitter time.Duration +} diff --git a/internal/dag/httpproxy_processor.go b/internal/dag/httpproxy_processor.go index 255a1fa0b71..df6a70389a8 100644 --- a/internal/dag/httpproxy_processor.go +++ b/internal/dag/httpproxy_processor.go @@ -112,6 +112,9 @@ type HTTPProxyProcessor struct { // configurable and off by default in order to support the feature // without requiring all existing test cases to change. SetSourceMetadataOnRoutes bool + + // GlobalOutlierDetection defines route-service's Global Outlier Detection configuration. + GlobalOutlierDetection *contour_api_v1.OutlierDetection } // Run translates HTTPProxies into DAG objects and @@ -981,6 +984,13 @@ func (p *HTTPProxyProcessor) computeRoutes( return nil } + outlierDetection, err := outlierDetectionPolicy(p.GlobalOutlierDetection, service.OutlierDetection) + if err != nil { + validCond.AddErrorf(contour_api_v1.ConditionTypeOutlierDetectionError, "OutlierDetectionInvalid", + "%s on outlier detection", err) + return nil + } + var clientCertSecret *Secret if p.ClientCertificate != nil { // Since the client certificate is configured by admin, explicit delegation is not required. @@ -1026,6 +1036,7 @@ func (p *HTTPProxyProcessor) computeRoutes( SlowStartConfig: slowStart, MaxRequestsPerConnection: p.MaxRequestsPerConnection, PerConnectionBufferLimitBytes: p.PerConnectionBufferLimitBytes, + OutlierDetectionPolicy: outlierDetection, } if service.Mirror && len(r.MirrorPolicies) > 0 { validCond.AddError(contour_api_v1.ConditionTypeServiceError, "OnlyOneMirror", diff --git a/internal/dag/policy.go b/internal/dag/policy.go index 97c57d2cf08..7cf5d9d31a6 100644 --- a/internal/dag/policy.go +++ b/internal/dag/policy.go @@ -809,3 +809,79 @@ func loadBalancerRequestHashPolicies(lbp *contour_api_v1.LoadBalancerPolicy, val } } + +func mergeOutlierDetectionPolicy(globalOutlierDetection, serviceOutlierDetection *contour_api_v1.OutlierDetection) *contour_api_v1.OutlierDetection { + if serviceOutlierDetection == nil { + if globalOutlierDetection == nil || globalOutlierDetection.Disabled { + return nil + } + return globalOutlierDetection + } + + if serviceOutlierDetection.Disabled { + return nil + } + + return serviceOutlierDetection +} + +func outlierDetectionPolicy(globalOutlierDetection, serviceOutlierDetection *contour_api_v1.OutlierDetection) (*OutlierDetectionPolicy, error) { + outlierDetection := mergeOutlierDetectionPolicy(globalOutlierDetection, serviceOutlierDetection) + + if outlierDetection == nil { + return nil, nil + } + + out := &OutlierDetectionPolicy{ + SplitExternalLocalOriginErrors: outlierDetection.SplitExternalLocalOriginErrors, + } + + var err error + var interval, baseEjectionTime, maxEjectionTime, maxEjectionTimeJitter time.Duration + + if outlierDetection.Interval != nil { + interval, err = time.ParseDuration(ref.Val(outlierDetection.Interval, "10s")) + if err != nil { + return nil, fmt.Errorf("error parsing interval: %w", err) + } + out.Interval = interval + } + + if outlierDetection.BaseEjectionTime != nil { + baseEjectionTime, err = time.ParseDuration(ref.Val(outlierDetection.BaseEjectionTime, "30s")) + if err != nil { + return nil, fmt.Errorf("error parsing baseEjectionTime: %w", err) + } + out.BaseEjectionTime = baseEjectionTime + } + + if outlierDetection.MaxEjectionTime != nil { + maxEjectionTime, err = time.ParseDuration(ref.Val(outlierDetection.MaxEjectionTime, "300s")) + if err != nil { + return nil, fmt.Errorf("error parsing maxEjectionTime: %w", err) + } + out.MaxEjectionTime = maxEjectionTime + } + + if outlierDetection.ConsecutiveServerErrors != nil { + out.ConsecutiveServerErrors = ref.Val(outlierDetection.ConsecutiveServerErrors, 5) + } + + if outlierDetection.ConsecutiveLocalOriginFailure != nil { + out.ConsecutiveLocalOriginFailure = ref.Val(outlierDetection.ConsecutiveLocalOriginFailure, 5) + } + + if outlierDetection.MaxEjectionPercent != nil { + out.MaxEjectionPercent = ref.Val(outlierDetection.MaxEjectionPercent, 10) + } + + if outlierDetection.MaxEjectionTimeJitter != nil { + maxEjectionTimeJitter, err = time.ParseDuration(ref.Val(outlierDetection.MaxEjectionTimeJitter, "0s")) + if err != nil { + return nil, fmt.Errorf("error parsing maxEjectionTimeJitter: %w", err) + } + out.MaxEjectionTimeJitter = maxEjectionTimeJitter + } + + return out, nil +} diff --git a/internal/dag/policy_test.go b/internal/dag/policy_test.go index 6daf9e7a969..3c8d7714105 100644 --- a/internal/dag/policy_test.go +++ b/internal/dag/policy_test.go @@ -21,6 +21,7 @@ import ( "time" contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/internal/timeout" "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" @@ -1271,6 +1272,159 @@ func TestValidateHeaderAlteration(t *testing.T) { } } +func TestMergeOutlierDetectionPolicy(t *testing.T) { + tests := map[string]struct { + globalPolicy *contour_api_v1.OutlierDetection + servicePolicy *contour_api_v1.OutlierDetection + want *contour_api_v1.OutlierDetection + }{ + "globalPolicy is nil and servicePolicy is nil": { + globalPolicy: nil, + servicePolicy: nil, + want: nil, + }, + "globalPolicy is nil and servicePolicy is not nil and servicePolicy is enabled": { + globalPolicy: nil, + servicePolicy: &contour_api_v1.OutlierDetection{}, + want: &contour_api_v1.OutlierDetection{}, + }, + "globalPolicy is nil and servicePolicy is not nil and servicePolicy is disabled": { + globalPolicy: nil, + servicePolicy: &contour_api_v1.OutlierDetection{ + Disabled: true, + }, + want: nil, + }, + "globalPolicy is not nil and globalPolicy is enabled and servicePolicy is nil": { + globalPolicy: &contour_api_v1.OutlierDetection{}, + servicePolicy: nil, + want: &contour_api_v1.OutlierDetection{}, + }, + "globalPolicy is not nil and globalPolicy is disabled and servicePolicy is nil": { + globalPolicy: &contour_api_v1.OutlierDetection{ + Disabled: true, + }, + servicePolicy: nil, + want: nil, + }, + "globalPolicy is not nil and globalPolicy is enabled and servicePolicy is not nil and servicePolicy is enabled": { + globalPolicy: &contour_api_v1.OutlierDetection{ + ConsecutiveServerErrors: ref.To(uint32(5)), + }, + servicePolicy: &contour_api_v1.OutlierDetection{ + ConsecutiveServerErrors: ref.To(uint32(10)), + }, + want: &contour_api_v1.OutlierDetection{ + ConsecutiveServerErrors: ref.To(uint32(10)), + }, + }, + "globalPolicy is not nil and globalPolicy is enabled and servicePolicy is not nil and servicePolicy is disabled": { + globalPolicy: &contour_api_v1.OutlierDetection{ + ConsecutiveServerErrors: ref.To(uint32(5)), + }, + servicePolicy: &contour_api_v1.OutlierDetection{ + Disabled: true, + }, + want: nil, + }, + "globalPolicy is not nil and globalPolicy is disabled and servicePolicy is not nil and servicePolicy is enabled": { + globalPolicy: &contour_api_v1.OutlierDetection{ + Disabled: true, + }, + servicePolicy: &contour_api_v1.OutlierDetection{ + ConsecutiveServerErrors: ref.To(uint32(10)), + }, + want: &contour_api_v1.OutlierDetection{ + ConsecutiveServerErrors: ref.To(uint32(10)), + }, + }, + } + for name, test := range tests { + t.Run(name, func(t *testing.T) { + got := mergeOutlierDetectionPolicy(test.globalPolicy, test.servicePolicy) + assert.Equal(t, test.want, got) + }) + } +} + +func TestOutlierDetectionPolicy(t *testing.T) { + tests := map[string]struct { + in *contour_api_v1.OutlierDetection + want *OutlierDetectionPolicy + wantErr bool + }{ + "nil": { + in: nil, + want: nil, + }, + "empty": { + in: &contour_api_v1.OutlierDetection{}, + want: &OutlierDetectionPolicy{}, + }, + "consecutive server errors": { + in: &contour_api_v1.OutlierDetection{ + ConsecutiveServerErrors: ref.To(uint32(5)), + }, + want: &OutlierDetectionPolicy{ + ConsecutiveServerErrors: 5, + }, + }, + "interval no unit": { + in: &contour_api_v1.OutlierDetection{ + Interval: ref.To("10"), + }, + want: nil, + wantErr: true, + }, + "interval bad unit": { + in: &contour_api_v1.OutlierDetection{ + Interval: ref.To("10f"), + }, + want: nil, + wantErr: true, + }, + "interval good": { + in: &contour_api_v1.OutlierDetection{ + Interval: ref.To("10s"), + }, + want: &OutlierDetectionPolicy{ + Interval: 10 * time.Second, + }, + }, + "normal": { + in: &contour_api_v1.OutlierDetection{ + ConsecutiveServerErrors: ref.To(uint32(5)), + Interval: ref.To("10s"), + BaseEjectionTime: ref.To("30s"), + MaxEjectionTime: ref.To("300s"), + SplitExternalLocalOriginErrors: true, + ConsecutiveLocalOriginFailure: ref.To(uint32(3)), + MaxEjectionPercent: ref.To(uint32(50)), + }, + want: &OutlierDetectionPolicy{ + ConsecutiveServerErrors: 5, + Interval: 10 * time.Second, + BaseEjectionTime: 30 * time.Second, + MaxEjectionTime: 300 * time.Second, + SplitExternalLocalOriginErrors: true, + ConsecutiveLocalOriginFailure: 3, + MaxEjectionPercent: 50, + }, + }, + } + for name, tc := range tests { + t.Run(name, func(t *testing.T) { + got, gotErr := outlierDetectionPolicy(nil, tc.in) + if tc.wantErr { + assert.Error(t, gotErr) + } else { + assert.Equal(t, tc.want, got) + assert.NoError(t, gotErr) + } + }) + } +} + func TestExtractHeaderValue(t *testing.T) { tests := map[string]string{ "%REQ(X-Header-Name)%": "X-Header-Name", diff --git a/internal/envoy/cluster.go b/internal/envoy/cluster.go index e6d4bf94fbe..03bf24543ea 100644 --- a/internal/envoy/cluster.go +++ b/internal/envoy/cluster.go @@ -46,6 +46,33 @@ func Clustername(cluster *dag.Cluster) string { } buf += hc.Path } + if od := cluster.OutlierDetectionPolicy; od != nil { + if od.ConsecutiveServerErrors > 0 { + buf += strconv.Itoa(int(od.ConsecutiveServerErrors)) + } + if od.Interval > 0 { + buf += od.Interval.String() + } + if od.BaseEjectionTime > 0 { + buf += od.BaseEjectionTime.String() + } + if od.MaxEjectionTime > 0 { + buf += od.MaxEjectionTime.String() + } + if od.MaxEjectionPercent > 0 { + buf += strconv.Itoa(int(od.MaxEjectionPercent)) + } + buf += strconv.FormatBool(od.SplitExternalLocalOriginErrors) + if od.SplitExternalLocalOriginErrors { + buf += strconv.Itoa(int(od.ConsecutiveLocalOriginFailure)) + } + if od.MaxEjectionPercent > 0 { + buf += strconv.Itoa(int(od.MaxEjectionPercent)) + } + if od.MaxEjectionTimeJitter > 0 { + buf += od.MaxEjectionTimeJitter.String() + } + } if uv := cluster.UpstreamValidation; uv != nil { buf += uv.CACertificate.Object.ObjectMeta.Name buf += uv.SubjectName diff --git a/internal/envoy/v3/cluster.go b/internal/envoy/v3/cluster.go index e39beedadee..6580ed55709 100644 --- a/internal/envoy/v3/cluster.go +++ b/internal/envoy/v3/cluster.go @@ -138,6 +138,10 @@ func Cluster(c *dag.Cluster) *envoy_cluster_v3.Cluster { } } + if c.OutlierDetectionPolicy != nil { + cluster.OutlierDetection = outlierDetection(c.OutlierDetectionPolicy) + } + return cluster } @@ -372,3 +376,48 @@ func slowStartConfig(slowStartConfig *dag.SlowStartConfig) *envoy_cluster_v3.Clu }, } } + +func outlierDetection(policy *dag.OutlierDetectionPolicy) *envoy_cluster_v3.OutlierDetection { + out := &envoy_cluster_v3.OutlierDetection{ + EnforcingConsecutive_5Xx: protobuf.UInt32Zero(), + EnforcingSuccessRate: protobuf.UInt32Zero(), + EnforcingConsecutiveGatewayFailure: protobuf.UInt32Zero(), + } + if policy.ConsecutiveServerErrors > 0 { + out.Consecutive_5Xx = protobuf.UInt32OrNil(policy.ConsecutiveServerErrors) + out.EnforcingConsecutive_5Xx = protobuf.UInt32OrNil(100) + } + + if policy.Interval > 0 { + out.Interval = durationpb.New(policy.Interval) + } + + if policy.BaseEjectionTime > 0 { + out.BaseEjectionTime = durationpb.New(policy.BaseEjectionTime) + } + + if policy.MaxEjectionTime > 0 { + out.MaxEjectionTime = durationpb.New(policy.MaxEjectionTime) + } + + if policy.MaxEjectionPercent > 0 { + out.MaxEjectionPercent = protobuf.UInt32OrNil(policy.MaxEjectionPercent) + } + + if policy.SplitExternalLocalOriginErrors { + out.SplitExternalLocalOriginErrors = true + if policy.ConsecutiveLocalOriginFailure > 0 { + out.ConsecutiveLocalOriginFailure = protobuf.UInt32OrNil(policy.ConsecutiveLocalOriginFailure) + } else { + // Default to 5 if not specified + out.ConsecutiveLocalOriginFailure = protobuf.UInt32OrNil(5) + } + out.EnforcingLocalOriginSuccessRate = protobuf.UInt32Zero() + } + + if policy.MaxEjectionTimeJitter > 0 { + out.MaxEjectionTimeJitter = durationpb.New(policy.MaxEjectionTimeJitter) + } + + return out +} diff --git a/internal/envoy/v3/cluster_test.go b/internal/envoy/v3/cluster_test.go index 42ebd5b108e..eb69d3478c2 100644 --- a/internal/envoy/v3/cluster_test.go +++ b/internal/envoy/v3/cluster_test.go @@ -721,6 +721,110 @@ func TestCluster(t *testing.T) { }, }, }, + "outlier detection only server error": { + cluster: &dag.Cluster{ + Upstream: service(s1), + OutlierDetectionPolicy: &dag.OutlierDetectionPolicy{ + ConsecutiveServerErrors: 5, + }, + }, + want: &envoy_cluster_v3.Cluster{ + Name: "default/kuard/443/9edb41b67b", + AltStatName: "default_kuard_443", + ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: ConfigSource("contour"), + ServiceName: "default/kuard/http", + }, + OutlierDetection: &envoy_cluster_v3.OutlierDetection{ + Consecutive_5Xx: wrapperspb.UInt32(5), + EnforcingSuccessRate: wrapperspb.UInt32(0), + EnforcingConsecutiveGatewayFailure: wrapperspb.UInt32(0), + EnforcingConsecutive_5Xx: wrapperspb.UInt32(100), + }, + }, + }, + "outlier detection split local origin error": { + cluster: &dag.Cluster{ + Upstream: service(s1), + OutlierDetectionPolicy: &dag.OutlierDetectionPolicy{ + ConsecutiveServerErrors: 5, + SplitExternalLocalOriginErrors: true, + }, + }, + want: &envoy_cluster_v3.Cluster{ + Name: "default/kuard/443/3bebc12a28", + AltStatName: "default_kuard_443", + ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: ConfigSource("contour"), + ServiceName: "default/kuard/http", + }, + OutlierDetection: &envoy_cluster_v3.OutlierDetection{ + Consecutive_5Xx: wrapperspb.UInt32(5), + EnforcingSuccessRate: wrapperspb.UInt32(0), + EnforcingConsecutiveGatewayFailure: wrapperspb.UInt32(0), + EnforcingConsecutive_5Xx: wrapperspb.UInt32(100), + SplitExternalLocalOriginErrors: true, + ConsecutiveLocalOriginFailure: wrapperspb.UInt32(5), + EnforcingLocalOriginSuccessRate: wrapperspb.UInt32(0), + }, + }, + }, + "outlier detection split local origin error and consecutive local origin failure": { + cluster: &dag.Cluster{ + Upstream: service(s1), + OutlierDetectionPolicy: &dag.OutlierDetectionPolicy{ + ConsecutiveServerErrors: 5, + SplitExternalLocalOriginErrors: true, + ConsecutiveLocalOriginFailure: 10, + }, + }, + want: &envoy_cluster_v3.Cluster{ + Name: "default/kuard/443/880ee463fa", + AltStatName: "default_kuard_443", + ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: ConfigSource("contour"), + ServiceName: "default/kuard/http", + }, + OutlierDetection: &envoy_cluster_v3.OutlierDetection{ + Consecutive_5Xx: wrapperspb.UInt32(5), + EnforcingSuccessRate: wrapperspb.UInt32(0), + EnforcingConsecutiveGatewayFailure: wrapperspb.UInt32(0), + EnforcingConsecutive_5Xx: wrapperspb.UInt32(100), + SplitExternalLocalOriginErrors: true, + ConsecutiveLocalOriginFailure: wrapperspb.UInt32(10), + EnforcingLocalOriginSuccessRate: wrapperspb.UInt32(0), + }, + }, + }, + "outlier detection only local origin error": { + cluster: &dag.Cluster{ + Upstream: service(s1), + OutlierDetectionPolicy: &dag.OutlierDetectionPolicy{ + SplitExternalLocalOriginErrors: true, + ConsecutiveLocalOriginFailure: 10, + }, + }, + want: &envoy_cluster_v3.Cluster{ + Name: "default/kuard/443/011e0937a7", + AltStatName: "default_kuard_443", + ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: ConfigSource("contour"), + ServiceName: "default/kuard/http", + }, + OutlierDetection: &envoy_cluster_v3.OutlierDetection{ + EnforcingSuccessRate: wrapperspb.UInt32(0), + EnforcingConsecutiveGatewayFailure: wrapperspb.UInt32(0), + EnforcingConsecutive_5Xx: wrapperspb.UInt32(0), + SplitExternalLocalOriginErrors: true, + ConsecutiveLocalOriginFailure: wrapperspb.UInt32(10), + EnforcingLocalOriginSuccessRate: wrapperspb.UInt32(0), + }, + }, + }, } for name, tc := range tests { diff --git a/internal/protobuf/helpers.go b/internal/protobuf/helpers.go index 837d839ae26..c8e647c3fc1 100644 --- a/internal/protobuf/helpers.go +++ b/internal/protobuf/helpers.go @@ -42,6 +42,11 @@ func UInt32OrNil(val uint32) *wrapperspb.UInt32Value { } } +// UInt32Zero returns a wrapped UInt32Value with a value of 0. +func UInt32Zero() *wrapperspb.UInt32Value { + return wrapperspb.UInt32(0) +} + // AsMessages casts the given slice of values (that implement the proto.Message // interface) to a slice of proto.Message. If the length of the slice is 0, it // returns nil. diff --git a/pkg/config/parameters.go b/pkg/config/parameters.go index 10179cc1668..ca1c2f3063f 100644 --- a/pkg/config/parameters.go +++ b/pkg/config/parameters.go @@ -675,6 +675,10 @@ type Parameters struct { // Tracing holds the relevant configuration for exporting trace data to OpenTelemetry. Tracing *Tracing `yaml:"tracing,omitempty"` + // GlobalOutlierDetection defines the configuration for outlier detection on all services. + // If defined, this will be used as the default for all services. + GlobalOutlierDetection *contour_api_v1.OutlierDetection `yaml:"outlierDetection,omitempty"` + // FeatureFlags defines toggle to enable new contour features. // available toggles are // useEndpointSlices - configures contour to fetch endpoint data diff --git a/site/content/docs/main/config/api-reference.html b/site/content/docs/main/config/api-reference.html index 2c5bc508f24..b180c7995a9 100644 --- a/site/content/docs/main/config/api-reference.html +++ b/site/content/docs/main/config/api-reference.html @@ -277,7 +277,7 @@

AuthorizationPolicy

(Appears on: -AuthorizationServer, +AuthorizationServer, Route)

@@ -328,7 +328,7 @@

AuthorizationServer

(Appears on: -VirtualHost, +VirtualHost, ContourConfigurationSpec)

@@ -812,7 +812,7 @@

CookieRewritePolicy

(Appears on: -Route, +Route, Service)

@@ -903,9 +903,9 @@

DetailedCondition

(Appears on: -HTTPProxyStatus, -TLSCertificateDelegationStatus, -ContourConfigurationStatus, +HTTPProxyStatus, +TLSCertificateDelegationStatus, +ContourConfigurationStatus, ExtensionServiceStatus)

@@ -1226,7 +1226,7 @@

GlobalRateLimitPolicy

(Appears on: -RateLimitPolicy, +RateLimitPolicy, RateLimitServiceConfig)

@@ -1880,7 +1880,7 @@

HeaderMatchCondition

(Appears on: -MatchCondition, +MatchCondition, RequestHeaderValueMatchDescriptor)

@@ -2048,7 +2048,7 @@

HeaderValue

(Appears on: -HeadersPolicy, +HeadersPolicy, LocalRateLimitPolicy)

@@ -2092,7 +2092,7 @@

HeadersPolicy

(Appears on: -Route, +Route, Service)

@@ -2144,7 +2144,7 @@

IPFilterPolicy

(Appears on: -Route, +Route, VirtualHost)

@@ -2440,8 +2440,8 @@

LoadBalancerPolicy

(Appears on: -Route, -TCPProxy, +Route, +TCPProxy, ExtensionServiceSpec)

@@ -2588,7 +2588,7 @@

MatchCondition

(Appears on: -Include, +Include, Route)

@@ -2676,6 +2676,166 @@

MatchCondition +

OutlierDetection +

+

+(Appears on: +Service, +ContourConfigurationSpec) +

+

+

OutlierDetection defines the configuration for outlier detection on a service.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+disabled +
+ +bool + +		 +(Optional) +

Disabled configures the Service to not use +the default global OutlierDetection policy defined by the Contour configuration. +Defaults to false.

+
+consecutiveServerErrors +
+ +uint32 + +		 +(Optional) +

ConsecutiveServerErrors defines The number of consecutive server-side error responses before a consecutive 5xx ejection occurs. +When the backend host encounters consecutive +errors greater than or equal to ConsecutiveServerErrors, it will be +ejected from the load balancing pool. +for HTTP services, a 5xx counts as an error and for TCP services +connection failures and connection timeouts count as an error. +It can be disabled by setting the value to 0. +Defaults to 5.

+
+interval +
+ +string + +		 +(Optional) +

Interval is the interval at which host status is evaluated. +Defaults to 10s.

+
+baseEjectionTime +
+ +string + +		 +(Optional) +

BaseEjectionTime is the base time that a host is ejected for. +A host will remain ejected for a period of time equal to the +product of the ejection base duration and the number of times the host has been ejected. +Defaults to 30s.

+
+maxEjectionTime +
+ +string + +		 +(Optional) +

MaxEjectionTime is the maximum time a host will be ejected for. +After this amount of time, a host will be returned to normal operation. +If not specified, the default value (300s) or BaseEjectionTime value is applied, whatever is larger. +Defaults to 300s.

+
+splitExternalLocalOriginErrors +
+ +bool + +		 +(Optional) +

SplitExternalLocalOriginErrors defines whether to split the local origin errors from the external origin errors. +Defaults to false.

+
+consecutiveLocalOriginFailure +
+ +uint32 + +		 +(Optional) +

ConsecutiveLocalOriginFailure defines the number of consecutive local origin failures before a consecutive local origin ejection occurs. +Parameters take effect only when SplitExternalLocalOriginErrors is true. +Defaults to 5.

+
+maxEjectionPercent +
+ +uint32 + +		 +(Optional) +

MaxEjectionPercent is the max percentage of hosts in the load balancing pool for the upstream service that can be ejected. +But will eject at least one host regardless of the value here. +Defaults to 10%.

+
+maxEjectionTimeJitter +
+ +string + +		 +(Optional) +

MaxEjectionTimeJitter is The maximum amount of jitter to add to the ejection time, +in order to prevent a ‘thundering herd’ effect where all proxies try to reconnect to host at the same time. +Defaults to 0s.

+

PathRewritePolicy

@@ -3002,7 +3162,7 @@

RateLimitPolicy

(Appears on: -Route, +Route, VirtualHost)

@@ -3863,7 +4023,7 @@

Service

(Appears on: -Route, +Route, TCPProxy)

@@ -4036,6 +4196,22 @@

Service

Slow start will gradually increase amount of traffic to a newly added endpoint.

+ + +outlierDetection +
+ + +OutlierDetection + + + + +(Optional) +

The policy for managing outlier detection on a service. +If not specified, the global OutlierDetection policy will be used.

+ +

SlowStartPolicy @@ -4598,7 +4774,7 @@

TimeoutPolicy

(Appears on: -Route, +Route, ExtensionServiceSpec)

@@ -4667,8 +4843,8 @@

UpstreamValidation

(Appears on: -RemoteJWKS, -Service, +RemoteJWKS, +Service, ExtensionServiceSpec)

@@ -5135,6 +5311,22 @@

ContourConfiguration +outlierDetection +
+ + +OutlierDetection + + + + +(Optional) +

GlobalOutlierDetection defines the configuration for outlier detection on all services. +If defined, this will be used as the default for all services.

+ + + + featureFlags
@@ -5677,7 +5869,7 @@

ContourConfiguratio

(Appears on: -ContourConfiguration, +ContourConfiguration, ContourDeploymentSpec)

@@ -5895,6 +6087,22 @@

ContourConfiguratio +outlierDetection +
+ + +OutlierDetection + + + + +(Optional) +

GlobalOutlierDetection defines the configuration for outlier detection on all services. +If defined, this will be used as the default for all services.

+ + + + featureFlags
@@ -6340,7 +6548,7 @@

DeploymentSettings

(Appears on: -ContourSettings, +ContourSettings, EnvoySettings)

@@ -7697,7 +7905,7 @@

HealthConfig

(Appears on: -ContourConfigurationSpec, +ContourConfigurationSpec, EnvoyConfig)

@@ -7788,7 +7996,7 @@

LogLevel (string alias)

(Appears on: -ContourSettings, +ContourSettings, EnvoySettings)

@@ -7828,7 +8036,7 @@

MetricsConfig

(Appears on: -ContourConfigurationSpec, +ContourConfigurationSpec, EnvoyConfig)

@@ -7948,10 +8156,10 @@

NamespacedName

(Appears on: -EnvoyConfig, -GatewayConfig, -HTTPProxyConfig, -RateLimitServiceConfig, +EnvoyConfig, +GatewayConfig, +HTTPProxyConfig, +RateLimitServiceConfig, TracingConfig)

@@ -8188,7 +8396,7 @@

NodePlacement

(Appears on: -ContourSettings, +ContourSettings, EnvoySettings)

From b1767bd46cca142aadc727b76ab9a1784a135de5 Mon Sep 17 00:00:00 2001 From: yangyang Date: Mon, 4 Dec 2023 10:26:04 +0800 Subject: [PATCH 2/7] update api-reference.html Signed-off-by: yangyang --- .../docs/main/config/api-reference.html | 60 +++++++++---------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/site/content/docs/main/config/api-reference.html b/site/content/docs/main/config/api-reference.html index b180c7995a9..95563ff4154 100644 --- a/site/content/docs/main/config/api-reference.html +++ b/site/content/docs/main/config/api-reference.html @@ -277,7 +277,7 @@

AuthorizationPolicy

(Appears on: -AuthorizationServer, +AuthorizationServer, Route)

@@ -328,7 +328,7 @@

AuthorizationServer

(Appears on: -VirtualHost, +VirtualHost, ContourConfigurationSpec)

@@ -812,7 +812,7 @@

CookieRewritePolicy

(Appears on: -Route, +Route, Service)

@@ -903,9 +903,9 @@

DetailedCondition

(Appears on: -HTTPProxyStatus, -TLSCertificateDelegationStatus, -ContourConfigurationStatus, +HTTPProxyStatus, +TLSCertificateDelegationStatus, +ContourConfigurationStatus, ExtensionServiceStatus)

@@ -1226,7 +1226,7 @@

GlobalRateLimitPolicy

(Appears on: -RateLimitPolicy, +RateLimitPolicy, RateLimitServiceConfig)

@@ -1880,7 +1880,7 @@

HeaderMatchCondition

(Appears on: -MatchCondition, +MatchCondition, RequestHeaderValueMatchDescriptor)

@@ -2048,7 +2048,7 @@

HeaderValue

(Appears on: -HeadersPolicy, +HeadersPolicy, LocalRateLimitPolicy)

@@ -2092,7 +2092,7 @@

HeadersPolicy

(Appears on: -Route, +Route, Service)

@@ -2144,7 +2144,7 @@

IPFilterPolicy

(Appears on: -Route, +Route, VirtualHost)

@@ -2440,8 +2440,8 @@

LoadBalancerPolicy

(Appears on: -Route, -TCPProxy, +Route, +TCPProxy, ExtensionServiceSpec)

@@ -2588,7 +2588,7 @@

MatchCondition

(Appears on: -Include, +Include, Route)

@@ -2680,7 +2680,7 @@

OutlierDetection

(Appears on: -Service, +Service, ContourConfigurationSpec)

@@ -3162,7 +3162,7 @@

RateLimitPolicy

(Appears on: -Route, +Route, VirtualHost)

@@ -4023,7 +4023,7 @@

Service

(Appears on: -Route, +Route, TCPProxy)

@@ -4774,7 +4774,7 @@

TimeoutPolicy

(Appears on: -Route, +Route, ExtensionServiceSpec)

@@ -4843,8 +4843,8 @@

UpstreamValidation

(Appears on: -RemoteJWKS, -Service, +RemoteJWKS, +Service, ExtensionServiceSpec)

@@ -5869,7 +5869,7 @@

ContourConfiguratio

(Appears on: -ContourConfiguration, +ContourConfiguration, ContourDeploymentSpec)

@@ -6548,7 +6548,7 @@

DeploymentSettings

(Appears on: -ContourSettings, +ContourSettings, EnvoySettings)

@@ -7905,7 +7905,7 @@

HealthConfig

(Appears on: -ContourConfigurationSpec, +ContourConfigurationSpec, EnvoyConfig)

@@ -7996,7 +7996,7 @@

LogLevel (string alias)

(Appears on: -ContourSettings, +ContourSettings, EnvoySettings)

@@ -8036,7 +8036,7 @@

MetricsConfig

(Appears on: -ContourConfigurationSpec, +ContourConfigurationSpec, EnvoyConfig)

@@ -8156,10 +8156,10 @@

NamespacedName

(Appears on: -EnvoyConfig, -GatewayConfig, -HTTPProxyConfig, -RateLimitServiceConfig, +EnvoyConfig, +GatewayConfig, +HTTPProxyConfig, +RateLimitServiceConfig, TracingConfig)

@@ -8396,7 +8396,7 @@

NodePlacement

(Appears on: -ContourSettings, +ContourSettings, EnvoySettings)

From 2b9111fe46b6ce540c84e5b51d1392e4cf0d56ed Mon Sep 17 00:00:00 2001 From: yangyang Date: Fri, 22 Dec 2023 18:05:52 +0800 Subject: [PATCH 3/7] update Signed-off-by: yangyang --- internal/dag/policy.go | 59 +++++++--------- internal/dag/policy_test.go | 25 +++---- internal/envoy/v3/cluster.go | 40 +++-------- internal/envoy/v3/cluster_test.go | 113 +++++++++++------------------- 4 files changed, 84 insertions(+), 153 deletions(-) diff --git a/internal/dag/policy.go b/internal/dag/policy.go index 7cf5d9d31a6..a86197549ee 100644 --- a/internal/dag/policy.go +++ b/internal/dag/policy.go @@ -837,50 +837,39 @@ func outlierDetectionPolicy(globalOutlierDetection, serviceOutlierDetection *con } var err error - var interval, baseEjectionTime, maxEjectionTime, maxEjectionTimeJitter time.Duration - - if outlierDetection.Interval != nil { - interval, err = time.ParseDuration(ref.Val(outlierDetection.Interval, "10s")) - if err != nil { - return nil, fmt.Errorf("error parsing interval: %w", err) - } - out.Interval = interval + out.Interval, err = time.ParseDuration(ref.Val(outlierDetection.Interval, "10s")) + if err != nil { + return nil, fmt.Errorf("error parsing interval: %w", err) } - - if outlierDetection.BaseEjectionTime != nil { - baseEjectionTime, err = time.ParseDuration(ref.Val(outlierDetection.BaseEjectionTime, "30s")) - if err != nil { - return nil, fmt.Errorf("error parsing baseEjectionTime: %w", err) - } - out.BaseEjectionTime = baseEjectionTime + if out.Interval == 0 { + return nil, fmt.Errorf("interval must be greater than 0s") } - if outlierDetection.MaxEjectionTime != nil { - maxEjectionTime, err = time.ParseDuration(ref.Val(outlierDetection.MaxEjectionTime, "300s")) - if err != nil { - return nil, fmt.Errorf("error parsing maxEjectionTime: %w", err) - } - out.MaxEjectionTime = maxEjectionTime + out.BaseEjectionTime, err = time.ParseDuration(ref.Val(outlierDetection.BaseEjectionTime, "30s")) + if err != nil { + return nil, fmt.Errorf("error parsing baseEjectionTime: %w", err) } - - if outlierDetection.ConsecutiveServerErrors != nil { - out.ConsecutiveServerErrors = ref.Val(outlierDetection.ConsecutiveServerErrors, 5) + if out.BaseEjectionTime == 0 { + return nil, fmt.Errorf("baseEjectionTime must be greater than 0s") } - if outlierDetection.ConsecutiveLocalOriginFailure != nil { - out.ConsecutiveLocalOriginFailure = ref.Val(outlierDetection.ConsecutiveLocalOriginFailure, 5) + out.MaxEjectionTime, err = time.ParseDuration(ref.Val(outlierDetection.MaxEjectionTime, "300s")) + if err != nil { + return nil, fmt.Errorf("error parsing maxEjectionTime: %w", err) } - - if outlierDetection.MaxEjectionPercent != nil { - out.MaxEjectionPercent = ref.Val(outlierDetection.MaxEjectionPercent, 10) + if out.MaxEjectionTime < out.BaseEjectionTime { + return nil, fmt.Errorf("maxEjectionTime cannot be smaller than baseEjectionTime") } - if outlierDetection.MaxEjectionTimeJitter != nil { - maxEjectionTimeJitter, err = time.ParseDuration(ref.Val(outlierDetection.MaxEjectionTimeJitter, "0s")) - if err != nil { - return nil, fmt.Errorf("error parsing maxEjectionTimeJitter: %w", err) - } - out.MaxEjectionTimeJitter = maxEjectionTimeJitter + out.ConsecutiveServerErrors = ref.Val(outlierDetection.ConsecutiveServerErrors, 5) + + out.ConsecutiveLocalOriginFailure = ref.Val(outlierDetection.ConsecutiveLocalOriginFailure, 5) + + out.MaxEjectionPercent = ref.Val(outlierDetection.MaxEjectionPercent, 10) + + out.MaxEjectionTimeJitter, err = time.ParseDuration(ref.Val(outlierDetection.MaxEjectionTimeJitter, "0s")) + if err != nil { + return nil, fmt.Errorf("error parsing maxEjectionTimeJitter: %w", err) } return out, nil diff --git a/internal/dag/policy_test.go b/internal/dag/policy_test.go index 3c8d7714105..ebd279fcc03 100644 --- a/internal/dag/policy_test.go +++ b/internal/dag/policy_test.go @@ -1358,15 +1358,16 @@ func TestOutlierDetectionPolicy(t *testing.T) { want: nil, }, "empty": { - in: &contour_api_v1.OutlierDetection{}, - want: &OutlierDetectionPolicy{}, - }, - "consecutive server errors": { - in: &contour_api_v1.OutlierDetection{ - ConsecutiveServerErrors: ref.To(uint32(5)), - }, + in: &contour_api_v1.OutlierDetection{}, want: &OutlierDetectionPolicy{ - ConsecutiveServerErrors: 5, + ConsecutiveServerErrors: 5, + Interval: 10 * time.Second, + BaseEjectionTime: 30 * time.Second, + MaxEjectionTime: 300 * time.Second, + SplitExternalLocalOriginErrors: false, + ConsecutiveLocalOriginFailure: 5, + MaxEjectionPercent: 10, + MaxEjectionTimeJitter: 0, }, }, "interval no unit": { @@ -1383,14 +1384,6 @@ func TestOutlierDetectionPolicy(t *testing.T) { want: nil, wantErr: true, }, - "interval good": { - in: &contour_api_v1.OutlierDetection{ - Interval: ref.To("10s"), - }, - want: &OutlierDetectionPolicy{ - Interval: 10 * time.Second, - }, - }, "normal": { in: &contour_api_v1.OutlierDetection{ ConsecutiveServerErrors: ref.To(uint32(5)), diff --git a/internal/envoy/v3/cluster.go b/internal/envoy/v3/cluster.go index 6580ed55709..e7a43034376 100644 --- a/internal/envoy/v3/cluster.go +++ b/internal/envoy/v3/cluster.go @@ -382,42 +382,20 @@ func outlierDetection(policy *dag.OutlierDetectionPolicy) *envoy_cluster_v3.Outl EnforcingConsecutive_5Xx: protobuf.UInt32Zero(), EnforcingSuccessRate: protobuf.UInt32Zero(), EnforcingConsecutiveGatewayFailure: protobuf.UInt32Zero(), + EnforcingLocalOriginSuccessRate: protobuf.UInt32Zero(), + Interval: durationpb.New(policy.Interval), + BaseEjectionTime: durationpb.New(policy.BaseEjectionTime), + MaxEjectionTime: durationpb.New(policy.MaxEjectionTime), + MaxEjectionPercent: protobuf.UInt32OrNil(policy.MaxEjectionPercent), + SplitExternalLocalOriginErrors: policy.SplitExternalLocalOriginErrors, + ConsecutiveLocalOriginFailure: protobuf.UInt32OrNil(policy.ConsecutiveLocalOriginFailure), + MaxEjectionTimeJitter: durationpb.New(policy.MaxEjectionTimeJitter), } + if policy.ConsecutiveServerErrors > 0 { out.Consecutive_5Xx = protobuf.UInt32OrNil(policy.ConsecutiveServerErrors) out.EnforcingConsecutive_5Xx = protobuf.UInt32OrNil(100) } - if policy.Interval > 0 { - out.Interval = durationpb.New(policy.Interval) - } - - if policy.BaseEjectionTime > 0 { - out.BaseEjectionTime = durationpb.New(policy.BaseEjectionTime) - } - - if policy.MaxEjectionTime > 0 { - out.MaxEjectionTime = durationpb.New(policy.MaxEjectionTime) - } - - if policy.MaxEjectionPercent > 0 { - out.MaxEjectionPercent = protobuf.UInt32OrNil(policy.MaxEjectionPercent) - } - - if policy.SplitExternalLocalOriginErrors { - out.SplitExternalLocalOriginErrors = true - if policy.ConsecutiveLocalOriginFailure > 0 { - out.ConsecutiveLocalOriginFailure = protobuf.UInt32OrNil(policy.ConsecutiveLocalOriginFailure) - } else { - // Default to 5 if not specified - out.ConsecutiveLocalOriginFailure = protobuf.UInt32OrNil(5) - } - out.EnforcingLocalOriginSuccessRate = protobuf.UInt32Zero() - } - - if policy.MaxEjectionTimeJitter > 0 { - out.MaxEjectionTimeJitter = durationpb.New(policy.MaxEjectionTimeJitter) - } - return out } diff --git a/internal/envoy/v3/cluster_test.go b/internal/envoy/v3/cluster_test.go index eb69d3478c2..ecb71441c61 100644 --- a/internal/envoy/v3/cluster_test.go +++ b/internal/envoy/v3/cluster_test.go @@ -721,15 +721,22 @@ func TestCluster(t *testing.T) { }, }, }, - "outlier detection only server error": { + "outlier detection ConsecutiveServerErrors is 0": { cluster: &dag.Cluster{ Upstream: service(s1), OutlierDetectionPolicy: &dag.OutlierDetectionPolicy{ - ConsecutiveServerErrors: 5, + ConsecutiveServerErrors: 0, + Interval: 10 * time.Second, + BaseEjectionTime: 30 * time.Second, + MaxEjectionTime: 300 * time.Second, + SplitExternalLocalOriginErrors: false, + ConsecutiveLocalOriginFailure: 5, + MaxEjectionPercent: 10, + MaxEjectionTimeJitter: 0, }, }, want: &envoy_cluster_v3.Cluster{ - Name: "default/kuard/443/9edb41b67b", + Name: "default/kuard/443/e08d8f1af7", AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ @@ -737,23 +744,36 @@ func TestCluster(t *testing.T) { ServiceName: "default/kuard/http", }, OutlierDetection: &envoy_cluster_v3.OutlierDetection{ - Consecutive_5Xx: wrapperspb.UInt32(5), - EnforcingSuccessRate: wrapperspb.UInt32(0), - EnforcingConsecutiveGatewayFailure: wrapperspb.UInt32(0), - EnforcingConsecutive_5Xx: wrapperspb.UInt32(100), + EnforcingConsecutive_5Xx: protobuf.UInt32Zero(), + EnforcingSuccessRate: protobuf.UInt32Zero(), + EnforcingConsecutiveGatewayFailure: protobuf.UInt32Zero(), + EnforcingLocalOriginSuccessRate: protobuf.UInt32Zero(), + Interval: durationpb.New(10 * time.Second), + BaseEjectionTime: durationpb.New(30 * time.Second), + MaxEjectionTime: durationpb.New(300 * time.Second), + MaxEjectionPercent: protobuf.UInt32OrNil(10), + SplitExternalLocalOriginErrors: false, + ConsecutiveLocalOriginFailure: protobuf.UInt32OrNil(5), + MaxEjectionTimeJitter: durationpb.New(0), }, }, }, - "outlier detection split local origin error": { + "outlier detection ConsecutiveServerErrors greater than 0": { cluster: &dag.Cluster{ Upstream: service(s1), OutlierDetectionPolicy: &dag.OutlierDetectionPolicy{ ConsecutiveServerErrors: 5, - SplitExternalLocalOriginErrors: true, + Interval: 10 * time.Second, + BaseEjectionTime: 30 * time.Second, + MaxEjectionTime: 300 * time.Second, + SplitExternalLocalOriginErrors: false, + ConsecutiveLocalOriginFailure: 5, + MaxEjectionPercent: 10, + MaxEjectionTimeJitter: 0, }, }, want: &envoy_cluster_v3.Cluster{ - Name: "default/kuard/443/3bebc12a28", + Name: "default/kuard/443/447b5c0802", AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ @@ -761,67 +781,18 @@ func TestCluster(t *testing.T) { ServiceName: "default/kuard/http", }, OutlierDetection: &envoy_cluster_v3.OutlierDetection{ - Consecutive_5Xx: wrapperspb.UInt32(5), - EnforcingSuccessRate: wrapperspb.UInt32(0), - EnforcingConsecutiveGatewayFailure: wrapperspb.UInt32(0), - EnforcingConsecutive_5Xx: wrapperspb.UInt32(100), - SplitExternalLocalOriginErrors: true, - ConsecutiveLocalOriginFailure: wrapperspb.UInt32(5), - EnforcingLocalOriginSuccessRate: wrapperspb.UInt32(0), - }, - }, - }, - "outlier detection split local origin error and consecutive local origin failure": { - cluster: &dag.Cluster{ - Upstream: service(s1), - OutlierDetectionPolicy: &dag.OutlierDetectionPolicy{ - ConsecutiveServerErrors: 5, - SplitExternalLocalOriginErrors: true, - ConsecutiveLocalOriginFailure: 10, - }, - }, - want: &envoy_cluster_v3.Cluster{ - Name: "default/kuard/443/880ee463fa", - AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), - ServiceName: "default/kuard/http", - }, - OutlierDetection: &envoy_cluster_v3.OutlierDetection{ - Consecutive_5Xx: wrapperspb.UInt32(5), - EnforcingSuccessRate: wrapperspb.UInt32(0), - EnforcingConsecutiveGatewayFailure: wrapperspb.UInt32(0), - EnforcingConsecutive_5Xx: wrapperspb.UInt32(100), - SplitExternalLocalOriginErrors: true, - ConsecutiveLocalOriginFailure: wrapperspb.UInt32(10), - EnforcingLocalOriginSuccessRate: wrapperspb.UInt32(0), - }, - }, - }, - "outlier detection only local origin error": { - cluster: &dag.Cluster{ - Upstream: service(s1), - OutlierDetectionPolicy: &dag.OutlierDetectionPolicy{ - SplitExternalLocalOriginErrors: true, - ConsecutiveLocalOriginFailure: 10, - }, - }, - want: &envoy_cluster_v3.Cluster{ - Name: "default/kuard/443/011e0937a7", - AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), - ServiceName: "default/kuard/http", - }, - OutlierDetection: &envoy_cluster_v3.OutlierDetection{ - EnforcingSuccessRate: wrapperspb.UInt32(0), - EnforcingConsecutiveGatewayFailure: wrapperspb.UInt32(0), - EnforcingConsecutive_5Xx: wrapperspb.UInt32(0), - SplitExternalLocalOriginErrors: true, - ConsecutiveLocalOriginFailure: wrapperspb.UInt32(10), - EnforcingLocalOriginSuccessRate: wrapperspb.UInt32(0), + EnforcingConsecutive_5Xx: protobuf.UInt32OrNil(100), + EnforcingSuccessRate: protobuf.UInt32Zero(), + EnforcingConsecutiveGatewayFailure: protobuf.UInt32Zero(), + EnforcingLocalOriginSuccessRate: protobuf.UInt32Zero(), + Consecutive_5Xx: protobuf.UInt32OrNil(5), + Interval: durationpb.New(10 * time.Second), + BaseEjectionTime: durationpb.New(30 * time.Second), + MaxEjectionTime: durationpb.New(300 * time.Second), + MaxEjectionPercent: protobuf.UInt32OrNil(10), + SplitExternalLocalOriginErrors: false, + ConsecutiveLocalOriginFailure: protobuf.UInt32OrNil(5), + MaxEjectionTimeJitter: durationpb.New(0), }, }, }, From 096857db58719f128d0f1ff2bedfe8236de88c55 Mon Sep 17 00:00:00 2001 From: yangyang Date: Fri, 2 Feb 2024 15:28:21 +0800 Subject: [PATCH 4/7] resolve code conflicts Signed-off-by: yangyang --- examples/contour/01-crds.yaml | 349 ++++---- examples/render/contour-deployment.yaml | 765 ++++++++++++++---- .../render/contour-gateway-provisioner.yaml | 349 ++++---- examples/render/contour-gateway.yaml | 765 ++++++++++++++---- examples/render/contour.yaml | 765 ++++++++++++++---- .../docs/main/config/api-reference.html | 268 +++++- 6 files changed, 2356 insertions(+), 905 deletions(-) diff --git a/examples/contour/01-crds.yaml b/examples/contour/01-crds.yaml index d51313a7552..4238b94c974 100644 --- a/examples/contour/01-crds.yaml +++ b/examples/contour/01-crds.yaml @@ -807,72 +807,76 @@ spec: type: object type: object outlierDetection: - description: GlobalOutlierDetection defines the configuration for - outlier detection on all services. If defined, this will be used - as the default for all services. + description: |- + GlobalOutlierDetection defines the configuration for outlier detection on all services. + If defined, this will be used as the default for all services. properties: baseEjectionTime: - description: BaseEjectionTime is the base time that a host is - ejected for. A host will remain ejected for a period of time - equal to the product of the ejection base duration and the number - of times the host has been ejected. Defaults to 30s. + description: |- + BaseEjectionTime is the base time that a host is ejected for. + A host will remain ejected for a period of time equal to the + product of the ejection base duration and the number of times the host has been ejected. + Defaults to 30s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string consecutiveLocalOriginFailure: - description: ConsecutiveLocalOriginFailure defines the number - of consecutive local origin failures before a consecutive local - origin ejection occurs. Parameters take effect only when SplitExternalLocalOriginErrors - is true. Defaults to 5. + description: |- + ConsecutiveLocalOriginFailure defines the number of consecutive local origin failures before a consecutive local origin ejection occurs. + Parameters take effect only when SplitExternalLocalOriginErrors is true. + Defaults to 5. format: int32 type: integer consecutiveServerErrors: - description: ConsecutiveServerErrors defines The number of consecutive - server-side error responses before a consecutive 5xx ejection - occurs. When the backend host encounters consecutive errors - greater than or equal to ConsecutiveServerErrors, it will be - ejected from the load balancing pool. for HTTP services, a 5xx - counts as an error and for TCP services connection failures - and connection timeouts count as an error. It can be disabled - by setting the value to 0. Defaults to 5. + description: |- + ConsecutiveServerErrors defines The number of consecutive server-side error responses before a consecutive 5xx ejection occurs. + When the backend host encounters consecutive + errors greater than or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. + for HTTP services, a 5xx counts as an error and for TCP services + connection failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. + Defaults to 5. format: int32 type: integer disabled: - description: Disabled configures the Service to not use the default - global OutlierDetection policy defined by the Contour configuration. + description: |- + Disabled configures the Service to not use + the default global OutlierDetection policy defined by the Contour configuration. Defaults to false. type: boolean interval: - description: Interval is the interval at which host status is - evaluated. Defaults to 10s. + description: |- + Interval is the interval at which host status is evaluated. + Defaults to 10s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionPercent: - description: MaxEjectionPercent is the max percentage of hosts - in the load balancing pool for the upstream service that can - be ejected. But will eject at least one host regardless of the - value here. Defaults to 10%. + description: |- + MaxEjectionPercent is the max percentage of hosts in the load balancing pool for the upstream service that can be ejected. + But will eject at least one host regardless of the value here. + Defaults to 10%. format: int32 maximum: 100 type: integer maxEjectionTime: - description: MaxEjectionTime is the maximum time a host will be - ejected for. After this amount of time, a host will be returned - to normal operation. If not specified, the default value (300s) - or BaseEjectionTime value is applied, whatever is larger. Defaults - to 300s. + description: |- + MaxEjectionTime is the maximum time a host will be ejected for. + After this amount of time, a host will be returned to normal operation. + If not specified, the default value (300s) or BaseEjectionTime value is applied, whatever is larger. + Defaults to 300s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionTimeJitter: - description: MaxEjectionTimeJitter is The maximum amount of jitter - to add to the ejection time, in order to prevent a ‘thundering - herd’ effect where all proxies try to reconnect to host at the - same time. Defaults to 0s. + description: |- + MaxEjectionTimeJitter is The maximum amount of jitter to add to the ejection time, + in order to prevent a ‘thundering herd’ effect where all proxies try to reconnect to host at the same time. + Defaults to 0s. pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string splitExternalLocalOriginErrors: default: false - description: SplitExternalLocalOriginErrors defines whether to - split the local origin errors from the external origin errors. + description: |- + SplitExternalLocalOriginErrors defines whether to split the local origin errors from the external origin errors. Defaults to false. type: boolean type: object @@ -4558,76 +4562,77 @@ spec: type: object type: object outlierDetection: - description: GlobalOutlierDetection defines the configuration - for outlier detection on all services. If defined, this will - be used as the default for all services. + description: |- + GlobalOutlierDetection defines the configuration for outlier detection on all services. + If defined, this will be used as the default for all services. properties: baseEjectionTime: - description: BaseEjectionTime is the base time that a host - is ejected for. A host will remain ejected for a period - of time equal to the product of the ejection base duration - and the number of times the host has been ejected. Defaults - to 30s. + description: |- + BaseEjectionTime is the base time that a host is ejected for. + A host will remain ejected for a period of time equal to the + product of the ejection base duration and the number of times the host has been ejected. + Defaults to 30s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string consecutiveLocalOriginFailure: - description: ConsecutiveLocalOriginFailure defines the number - of consecutive local origin failures before a consecutive - local origin ejection occurs. Parameters take effect only - when SplitExternalLocalOriginErrors is true. Defaults to - 5. + description: |- + ConsecutiveLocalOriginFailure defines the number of consecutive local origin failures before a consecutive local origin ejection occurs. + Parameters take effect only when SplitExternalLocalOriginErrors is true. + Defaults to 5. format: int32 type: integer consecutiveServerErrors: - description: ConsecutiveServerErrors defines The number of - consecutive server-side error responses before a consecutive - 5xx ejection occurs. When the backend host encounters consecutive - errors greater than or equal to ConsecutiveServerErrors, - it will be ejected from the load balancing pool. for HTTP - services, a 5xx counts as an error and for TCP services - connection failures and connection timeouts count as an - error. It can be disabled by setting the value to 0. Defaults - to 5. + description: |- + ConsecutiveServerErrors defines The number of consecutive server-side error responses before a consecutive 5xx ejection occurs. + When the backend host encounters consecutive + errors greater than or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. + for HTTP services, a 5xx counts as an error and for TCP services + connection failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. + Defaults to 5. format: int32 type: integer disabled: - description: Disabled configures the Service to not use the - default global OutlierDetection policy defined by the Contour - configuration. Defaults to false. + description: |- + Disabled configures the Service to not use + the default global OutlierDetection policy defined by the Contour configuration. + Defaults to false. type: boolean interval: - description: Interval is the interval at which host status - is evaluated. Defaults to 10s. + description: |- + Interval is the interval at which host status is evaluated. + Defaults to 10s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionPercent: - description: MaxEjectionPercent is the max percentage of hosts - in the load balancing pool for the upstream service that - can be ejected. But will eject at least one host regardless - of the value here. Defaults to 10%. + description: |- + MaxEjectionPercent is the max percentage of hosts in the load balancing pool for the upstream service that can be ejected. + But will eject at least one host regardless of the value here. + Defaults to 10%. format: int32 maximum: 100 type: integer maxEjectionTime: - description: MaxEjectionTime is the maximum time a host will - be ejected for. After this amount of time, a host will be - returned to normal operation. If not specified, the default - value (300s) or BaseEjectionTime value is applied, whatever - is larger. Defaults to 300s. + description: |- + MaxEjectionTime is the maximum time a host will be ejected for. + After this amount of time, a host will be returned to normal operation. + If not specified, the default value (300s) or BaseEjectionTime value is applied, whatever is larger. + Defaults to 300s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionTimeJitter: - description: MaxEjectionTimeJitter is The maximum amount of - jitter to add to the ejection time, in order to prevent - a ‘thundering herd’ effect where all proxies try to reconnect - to host at the same time. Defaults to 0s. + description: |- + MaxEjectionTimeJitter is The maximum amount of jitter to add to the ejection time, + in order to prevent a ‘thundering herd’ effect where all proxies try to reconnect to host at the same time. + Defaults to 0s. pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string splitExternalLocalOriginErrors: default: false - description: SplitExternalLocalOriginErrors defines whether - to split the local origin errors from the external origin - errors. Defaults to false. + description: |- + SplitExternalLocalOriginErrors defines whether to split the local origin errors from the external origin errors. + Defaults to false. type: boolean type: object policy: @@ -6806,80 +6811,77 @@ spec: Names defined here will be used to look up corresponding endpoints which contain the ips to route. type: string outlierDetection: - description: The policy for managing outlier detection - on a service. If not specified, the global OutlierDetection - policy will be used. + description: |- + The policy for managing outlier detection on a service. + If not specified, the global OutlierDetection policy will be used. properties: baseEjectionTime: - description: BaseEjectionTime is the base time that - a host is ejected for. A host will remain ejected - for a period of time equal to the product of the - ejection base duration and the number of times the - host has been ejected. Defaults to 30s. + description: |- + BaseEjectionTime is the base time that a host is ejected for. + A host will remain ejected for a period of time equal to the + product of the ejection base duration and the number of times the host has been ejected. + Defaults to 30s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string consecutiveLocalOriginFailure: - description: ConsecutiveLocalOriginFailure defines - the number of consecutive local origin failures - before a consecutive local origin ejection occurs. - Parameters take effect only when SplitExternalLocalOriginErrors - is true. Defaults to 5. + description: |- + ConsecutiveLocalOriginFailure defines the number of consecutive local origin failures before a consecutive local origin ejection occurs. + Parameters take effect only when SplitExternalLocalOriginErrors is true. + Defaults to 5. format: int32 type: integer consecutiveServerErrors: - description: ConsecutiveServerErrors defines The number - of consecutive server-side error responses before - a consecutive 5xx ejection occurs. When the backend - host encounters consecutive errors greater than - or equal to ConsecutiveServerErrors, it will be - ejected from the load balancing pool. for HTTP services, - a 5xx counts as an error and for TCP services connection - failures and connection timeouts count as an error. - It can be disabled by setting the value to 0. Defaults - to 5. + description: |- + ConsecutiveServerErrors defines The number of consecutive server-side error responses before a consecutive 5xx ejection occurs. + When the backend host encounters consecutive + errors greater than or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. + for HTTP services, a 5xx counts as an error and for TCP services + connection failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. + Defaults to 5. format: int32 type: integer disabled: - description: Disabled configures the Service to not - use the default global OutlierDetection policy defined - by the Contour configuration. Defaults to false. + description: |- + Disabled configures the Service to not use + the default global OutlierDetection policy defined by the Contour configuration. + Defaults to false. type: boolean interval: - description: Interval is the interval at which host - status is evaluated. Defaults to 10s. + description: |- + Interval is the interval at which host status is evaluated. + Defaults to 10s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionPercent: - description: MaxEjectionPercent is the max percentage - of hosts in the load balancing pool for the upstream - service that can be ejected. But will eject at least - one host regardless of the value here. Defaults - to 10%. + description: |- + MaxEjectionPercent is the max percentage of hosts in the load balancing pool for the upstream service that can be ejected. + But will eject at least one host regardless of the value here. + Defaults to 10%. format: int32 maximum: 100 type: integer maxEjectionTime: - description: MaxEjectionTime is the maximum time a - host will be ejected for. After this amount of time, - a host will be returned to normal operation. If - not specified, the default value (300s) or BaseEjectionTime - value is applied, whatever is larger. Defaults to - 300s. + description: |- + MaxEjectionTime is the maximum time a host will be ejected for. + After this amount of time, a host will be returned to normal operation. + If not specified, the default value (300s) or BaseEjectionTime value is applied, whatever is larger. + Defaults to 300s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionTimeJitter: - description: MaxEjectionTimeJitter is The maximum - amount of jitter to add to the ejection time, in - order to prevent a ‘thundering herd’ effect where - all proxies try to reconnect to host at the same - time. Defaults to 0s. + description: |- + MaxEjectionTimeJitter is The maximum amount of jitter to add to the ejection time, + in order to prevent a ‘thundering herd’ effect where all proxies try to reconnect to host at the same time. + Defaults to 0s. pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string splitExternalLocalOriginErrors: default: false - description: SplitExternalLocalOriginErrors defines - whether to split the local origin errors from the - external origin errors. Defaults to false. + description: |- + SplitExternalLocalOriginErrors defines whether to split the local origin errors from the external origin errors. + Defaults to false. type: boolean type: object port: @@ -7291,80 +7293,77 @@ spec: Names defined here will be used to look up corresponding endpoints which contain the ips to route. type: string outlierDetection: - description: The policy for managing outlier detection on - a service. If not specified, the global OutlierDetection - policy will be used. + description: |- + The policy for managing outlier detection on a service. + If not specified, the global OutlierDetection policy will be used. properties: baseEjectionTime: - description: BaseEjectionTime is the base time that - a host is ejected for. A host will remain ejected - for a period of time equal to the product of the ejection - base duration and the number of times the host has - been ejected. Defaults to 30s. + description: |- + BaseEjectionTime is the base time that a host is ejected for. + A host will remain ejected for a period of time equal to the + product of the ejection base duration and the number of times the host has been ejected. + Defaults to 30s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string consecutiveLocalOriginFailure: - description: ConsecutiveLocalOriginFailure defines the - number of consecutive local origin failures before - a consecutive local origin ejection occurs. Parameters - take effect only when SplitExternalLocalOriginErrors - is true. Defaults to 5. + description: |- + ConsecutiveLocalOriginFailure defines the number of consecutive local origin failures before a consecutive local origin ejection occurs. + Parameters take effect only when SplitExternalLocalOriginErrors is true. + Defaults to 5. format: int32 type: integer consecutiveServerErrors: - description: ConsecutiveServerErrors defines The number - of consecutive server-side error responses before - a consecutive 5xx ejection occurs. When the backend - host encounters consecutive errors greater than or - equal to ConsecutiveServerErrors, it will be ejected - from the load balancing pool. for HTTP services, a - 5xx counts as an error and for TCP services connection - failures and connection timeouts count as an error. - It can be disabled by setting the value to 0. Defaults - to 5. + description: |- + ConsecutiveServerErrors defines The number of consecutive server-side error responses before a consecutive 5xx ejection occurs. + When the backend host encounters consecutive + errors greater than or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. + for HTTP services, a 5xx counts as an error and for TCP services + connection failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. + Defaults to 5. format: int32 type: integer disabled: - description: Disabled configures the Service to not - use the default global OutlierDetection policy defined - by the Contour configuration. Defaults to false. + description: |- + Disabled configures the Service to not use + the default global OutlierDetection policy defined by the Contour configuration. + Defaults to false. type: boolean interval: - description: Interval is the interval at which host - status is evaluated. Defaults to 10s. + description: |- + Interval is the interval at which host status is evaluated. + Defaults to 10s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionPercent: - description: MaxEjectionPercent is the max percentage - of hosts in the load balancing pool for the upstream - service that can be ejected. But will eject at least - one host regardless of the value here. Defaults to - 10%. + description: |- + MaxEjectionPercent is the max percentage of hosts in the load balancing pool for the upstream service that can be ejected. + But will eject at least one host regardless of the value here. + Defaults to 10%. format: int32 maximum: 100 type: integer maxEjectionTime: - description: MaxEjectionTime is the maximum time a host - will be ejected for. After this amount of time, a - host will be returned to normal operation. If not - specified, the default value (300s) or BaseEjectionTime - value is applied, whatever is larger. Defaults to - 300s. + description: |- + MaxEjectionTime is the maximum time a host will be ejected for. + After this amount of time, a host will be returned to normal operation. + If not specified, the default value (300s) or BaseEjectionTime value is applied, whatever is larger. + Defaults to 300s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionTimeJitter: - description: MaxEjectionTimeJitter is The maximum amount - of jitter to add to the ejection time, in order to - prevent a ‘thundering herd’ effect where all proxies - try to reconnect to host at the same time. Defaults - to 0s. + description: |- + MaxEjectionTimeJitter is The maximum amount of jitter to add to the ejection time, + in order to prevent a ‘thundering herd’ effect where all proxies try to reconnect to host at the same time. + Defaults to 0s. pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string splitExternalLocalOriginErrors: default: false - description: SplitExternalLocalOriginErrors defines - whether to split the local origin errors from the - external origin errors. Defaults to false. + description: |- + SplitExternalLocalOriginErrors defines whether to split the local origin errors from the external origin errors. + Defaults to false. type: boolean type: object port: diff --git a/examples/render/contour-deployment.yaml b/examples/render/contour-deployment.yaml index 4cec8ff4d42..2c040814d09 100644 --- a/examples/render/contour-deployment.yaml +++ b/examples/render/contour-deployment.yaml @@ -10,6 +10,7 @@ # examples/contour/02-role-contour.yaml # examples/contour/02-service-contour.yaml # examples/contour/02-service-envoy.yaml +# examples/contour/03-contour-gateway.yaml # examples/contour/03-contour.yaml # examples/deployment/03-envoy-deployment.yaml @@ -1026,72 +1027,76 @@ spec: type: object type: object outlierDetection: - description: GlobalOutlierDetection defines the configuration for - outlier detection on all services. If defined, this will be used - as the default for all services. + description: |- + GlobalOutlierDetection defines the configuration for outlier detection on all services. + If defined, this will be used as the default for all services. properties: baseEjectionTime: - description: BaseEjectionTime is the base time that a host is - ejected for. A host will remain ejected for a period of time - equal to the product of the ejection base duration and the number - of times the host has been ejected. Defaults to 30s. + description: |- + BaseEjectionTime is the base time that a host is ejected for. + A host will remain ejected for a period of time equal to the + product of the ejection base duration and the number of times the host has been ejected. + Defaults to 30s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string consecutiveLocalOriginFailure: - description: ConsecutiveLocalOriginFailure defines the number - of consecutive local origin failures before a consecutive local - origin ejection occurs. Parameters take effect only when SplitExternalLocalOriginErrors - is true. Defaults to 5. + description: |- + ConsecutiveLocalOriginFailure defines the number of consecutive local origin failures before a consecutive local origin ejection occurs. + Parameters take effect only when SplitExternalLocalOriginErrors is true. + Defaults to 5. format: int32 type: integer consecutiveServerErrors: - description: ConsecutiveServerErrors defines The number of consecutive - server-side error responses before a consecutive 5xx ejection - occurs. When the backend host encounters consecutive errors - greater than or equal to ConsecutiveServerErrors, it will be - ejected from the load balancing pool. for HTTP services, a 5xx - counts as an error and for TCP services connection failures - and connection timeouts count as an error. It can be disabled - by setting the value to 0. Defaults to 5. + description: |- + ConsecutiveServerErrors defines The number of consecutive server-side error responses before a consecutive 5xx ejection occurs. + When the backend host encounters consecutive + errors greater than or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. + for HTTP services, a 5xx counts as an error and for TCP services + connection failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. + Defaults to 5. format: int32 type: integer disabled: - description: Disabled configures the Service to not use the default - global OutlierDetection policy defined by the Contour configuration. + description: |- + Disabled configures the Service to not use + the default global OutlierDetection policy defined by the Contour configuration. Defaults to false. type: boolean interval: - description: Interval is the interval at which host status is - evaluated. Defaults to 10s. + description: |- + Interval is the interval at which host status is evaluated. + Defaults to 10s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionPercent: - description: MaxEjectionPercent is the max percentage of hosts - in the load balancing pool for the upstream service that can - be ejected. But will eject at least one host regardless of the - value here. Defaults to 10%. + description: |- + MaxEjectionPercent is the max percentage of hosts in the load balancing pool for the upstream service that can be ejected. + But will eject at least one host regardless of the value here. + Defaults to 10%. format: int32 maximum: 100 type: integer maxEjectionTime: - description: MaxEjectionTime is the maximum time a host will be - ejected for. After this amount of time, a host will be returned - to normal operation. If not specified, the default value (300s) - or BaseEjectionTime value is applied, whatever is larger. Defaults - to 300s. + description: |- + MaxEjectionTime is the maximum time a host will be ejected for. + After this amount of time, a host will be returned to normal operation. + If not specified, the default value (300s) or BaseEjectionTime value is applied, whatever is larger. + Defaults to 300s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionTimeJitter: - description: MaxEjectionTimeJitter is The maximum amount of jitter - to add to the ejection time, in order to prevent a ‘thundering - herd’ effect where all proxies try to reconnect to host at the - same time. Defaults to 0s. + description: |- + MaxEjectionTimeJitter is The maximum amount of jitter to add to the ejection time, + in order to prevent a ‘thundering herd’ effect where all proxies try to reconnect to host at the same time. + Defaults to 0s. pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string splitExternalLocalOriginErrors: default: false - description: SplitExternalLocalOriginErrors defines whether to - split the local origin errors from the external origin errors. + description: |- + SplitExternalLocalOriginErrors defines whether to split the local origin errors from the external origin errors. Defaults to false. type: boolean type: object @@ -4777,76 +4782,77 @@ spec: type: object type: object outlierDetection: - description: GlobalOutlierDetection defines the configuration - for outlier detection on all services. If defined, this will - be used as the default for all services. + description: |- + GlobalOutlierDetection defines the configuration for outlier detection on all services. + If defined, this will be used as the default for all services. properties: baseEjectionTime: - description: BaseEjectionTime is the base time that a host - is ejected for. A host will remain ejected for a period - of time equal to the product of the ejection base duration - and the number of times the host has been ejected. Defaults - to 30s. + description: |- + BaseEjectionTime is the base time that a host is ejected for. + A host will remain ejected for a period of time equal to the + product of the ejection base duration and the number of times the host has been ejected. + Defaults to 30s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string consecutiveLocalOriginFailure: - description: ConsecutiveLocalOriginFailure defines the number - of consecutive local origin failures before a consecutive - local origin ejection occurs. Parameters take effect only - when SplitExternalLocalOriginErrors is true. Defaults to - 5. + description: |- + ConsecutiveLocalOriginFailure defines the number of consecutive local origin failures before a consecutive local origin ejection occurs. + Parameters take effect only when SplitExternalLocalOriginErrors is true. + Defaults to 5. format: int32 type: integer consecutiveServerErrors: - description: ConsecutiveServerErrors defines The number of - consecutive server-side error responses before a consecutive - 5xx ejection occurs. When the backend host encounters consecutive - errors greater than or equal to ConsecutiveServerErrors, - it will be ejected from the load balancing pool. for HTTP - services, a 5xx counts as an error and for TCP services - connection failures and connection timeouts count as an - error. It can be disabled by setting the value to 0. Defaults - to 5. + description: |- + ConsecutiveServerErrors defines The number of consecutive server-side error responses before a consecutive 5xx ejection occurs. + When the backend host encounters consecutive + errors greater than or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. + for HTTP services, a 5xx counts as an error and for TCP services + connection failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. + Defaults to 5. format: int32 type: integer disabled: - description: Disabled configures the Service to not use the - default global OutlierDetection policy defined by the Contour - configuration. Defaults to false. + description: |- + Disabled configures the Service to not use + the default global OutlierDetection policy defined by the Contour configuration. + Defaults to false. type: boolean interval: - description: Interval is the interval at which host status - is evaluated. Defaults to 10s. + description: |- + Interval is the interval at which host status is evaluated. + Defaults to 10s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionPercent: - description: MaxEjectionPercent is the max percentage of hosts - in the load balancing pool for the upstream service that - can be ejected. But will eject at least one host regardless - of the value here. Defaults to 10%. + description: |- + MaxEjectionPercent is the max percentage of hosts in the load balancing pool for the upstream service that can be ejected. + But will eject at least one host regardless of the value here. + Defaults to 10%. format: int32 maximum: 100 type: integer maxEjectionTime: - description: MaxEjectionTime is the maximum time a host will - be ejected for. After this amount of time, a host will be - returned to normal operation. If not specified, the default - value (300s) or BaseEjectionTime value is applied, whatever - is larger. Defaults to 300s. + description: |- + MaxEjectionTime is the maximum time a host will be ejected for. + After this amount of time, a host will be returned to normal operation. + If not specified, the default value (300s) or BaseEjectionTime value is applied, whatever is larger. + Defaults to 300s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionTimeJitter: - description: MaxEjectionTimeJitter is The maximum amount of - jitter to add to the ejection time, in order to prevent - a ‘thundering herd’ effect where all proxies try to reconnect - to host at the same time. Defaults to 0s. + description: |- + MaxEjectionTimeJitter is The maximum amount of jitter to add to the ejection time, + in order to prevent a ‘thundering herd’ effect where all proxies try to reconnect to host at the same time. + Defaults to 0s. pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string splitExternalLocalOriginErrors: default: false - description: SplitExternalLocalOriginErrors defines whether - to split the local origin errors from the external origin - errors. Defaults to false. + description: |- + SplitExternalLocalOriginErrors defines whether to split the local origin errors from the external origin errors. + Defaults to false. type: boolean type: object policy: @@ -7025,80 +7031,77 @@ spec: Names defined here will be used to look up corresponding endpoints which contain the ips to route. type: string outlierDetection: - description: The policy for managing outlier detection - on a service. If not specified, the global OutlierDetection - policy will be used. + description: |- + The policy for managing outlier detection on a service. + If not specified, the global OutlierDetection policy will be used. properties: baseEjectionTime: - description: BaseEjectionTime is the base time that - a host is ejected for. A host will remain ejected - for a period of time equal to the product of the - ejection base duration and the number of times the - host has been ejected. Defaults to 30s. + description: |- + BaseEjectionTime is the base time that a host is ejected for. + A host will remain ejected for a period of time equal to the + product of the ejection base duration and the number of times the host has been ejected. + Defaults to 30s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string consecutiveLocalOriginFailure: - description: ConsecutiveLocalOriginFailure defines - the number of consecutive local origin failures - before a consecutive local origin ejection occurs. - Parameters take effect only when SplitExternalLocalOriginErrors - is true. Defaults to 5. + description: |- + ConsecutiveLocalOriginFailure defines the number of consecutive local origin failures before a consecutive local origin ejection occurs. + Parameters take effect only when SplitExternalLocalOriginErrors is true. + Defaults to 5. format: int32 type: integer consecutiveServerErrors: - description: ConsecutiveServerErrors defines The number - of consecutive server-side error responses before - a consecutive 5xx ejection occurs. When the backend - host encounters consecutive errors greater than - or equal to ConsecutiveServerErrors, it will be - ejected from the load balancing pool. for HTTP services, - a 5xx counts as an error and for TCP services connection - failures and connection timeouts count as an error. - It can be disabled by setting the value to 0. Defaults - to 5. + description: |- + ConsecutiveServerErrors defines The number of consecutive server-side error responses before a consecutive 5xx ejection occurs. + When the backend host encounters consecutive + errors greater than or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. + for HTTP services, a 5xx counts as an error and for TCP services + connection failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. + Defaults to 5. format: int32 type: integer disabled: - description: Disabled configures the Service to not - use the default global OutlierDetection policy defined - by the Contour configuration. Defaults to false. + description: |- + Disabled configures the Service to not use + the default global OutlierDetection policy defined by the Contour configuration. + Defaults to false. type: boolean interval: - description: Interval is the interval at which host - status is evaluated. Defaults to 10s. + description: |- + Interval is the interval at which host status is evaluated. + Defaults to 10s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionPercent: - description: MaxEjectionPercent is the max percentage - of hosts in the load balancing pool for the upstream - service that can be ejected. But will eject at least - one host regardless of the value here. Defaults - to 10%. + description: |- + MaxEjectionPercent is the max percentage of hosts in the load balancing pool for the upstream service that can be ejected. + But will eject at least one host regardless of the value here. + Defaults to 10%. format: int32 maximum: 100 type: integer maxEjectionTime: - description: MaxEjectionTime is the maximum time a - host will be ejected for. After this amount of time, - a host will be returned to normal operation. If - not specified, the default value (300s) or BaseEjectionTime - value is applied, whatever is larger. Defaults to - 300s. + description: |- + MaxEjectionTime is the maximum time a host will be ejected for. + After this amount of time, a host will be returned to normal operation. + If not specified, the default value (300s) or BaseEjectionTime value is applied, whatever is larger. + Defaults to 300s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionTimeJitter: - description: MaxEjectionTimeJitter is The maximum - amount of jitter to add to the ejection time, in - order to prevent a ‘thundering herd’ effect where - all proxies try to reconnect to host at the same - time. Defaults to 0s. + description: |- + MaxEjectionTimeJitter is The maximum amount of jitter to add to the ejection time, + in order to prevent a ‘thundering herd’ effect where all proxies try to reconnect to host at the same time. + Defaults to 0s. pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string splitExternalLocalOriginErrors: default: false - description: SplitExternalLocalOriginErrors defines - whether to split the local origin errors from the - external origin errors. Defaults to false. + description: |- + SplitExternalLocalOriginErrors defines whether to split the local origin errors from the external origin errors. + Defaults to false. type: boolean type: object port: @@ -7510,80 +7513,77 @@ spec: Names defined here will be used to look up corresponding endpoints which contain the ips to route. type: string outlierDetection: - description: The policy for managing outlier detection on - a service. If not specified, the global OutlierDetection - policy will be used. + description: |- + The policy for managing outlier detection on a service. + If not specified, the global OutlierDetection policy will be used. properties: baseEjectionTime: - description: BaseEjectionTime is the base time that - a host is ejected for. A host will remain ejected - for a period of time equal to the product of the ejection - base duration and the number of times the host has - been ejected. Defaults to 30s. + description: |- + BaseEjectionTime is the base time that a host is ejected for. + A host will remain ejected for a period of time equal to the + product of the ejection base duration and the number of times the host has been ejected. + Defaults to 30s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string consecutiveLocalOriginFailure: - description: ConsecutiveLocalOriginFailure defines the - number of consecutive local origin failures before - a consecutive local origin ejection occurs. Parameters - take effect only when SplitExternalLocalOriginErrors - is true. Defaults to 5. + description: |- + ConsecutiveLocalOriginFailure defines the number of consecutive local origin failures before a consecutive local origin ejection occurs. + Parameters take effect only when SplitExternalLocalOriginErrors is true. + Defaults to 5. format: int32 type: integer consecutiveServerErrors: - description: ConsecutiveServerErrors defines The number - of consecutive server-side error responses before - a consecutive 5xx ejection occurs. When the backend - host encounters consecutive errors greater than or - equal to ConsecutiveServerErrors, it will be ejected - from the load balancing pool. for HTTP services, a - 5xx counts as an error and for TCP services connection - failures and connection timeouts count as an error. - It can be disabled by setting the value to 0. Defaults - to 5. + description: |- + ConsecutiveServerErrors defines The number of consecutive server-side error responses before a consecutive 5xx ejection occurs. + When the backend host encounters consecutive + errors greater than or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. + for HTTP services, a 5xx counts as an error and for TCP services + connection failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. + Defaults to 5. format: int32 type: integer disabled: - description: Disabled configures the Service to not - use the default global OutlierDetection policy defined - by the Contour configuration. Defaults to false. + description: |- + Disabled configures the Service to not use + the default global OutlierDetection policy defined by the Contour configuration. + Defaults to false. type: boolean interval: - description: Interval is the interval at which host - status is evaluated. Defaults to 10s. + description: |- + Interval is the interval at which host status is evaluated. + Defaults to 10s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionPercent: - description: MaxEjectionPercent is the max percentage - of hosts in the load balancing pool for the upstream - service that can be ejected. But will eject at least - one host regardless of the value here. Defaults to - 10%. + description: |- + MaxEjectionPercent is the max percentage of hosts in the load balancing pool for the upstream service that can be ejected. + But will eject at least one host regardless of the value here. + Defaults to 10%. format: int32 maximum: 100 type: integer maxEjectionTime: - description: MaxEjectionTime is the maximum time a host - will be ejected for. After this amount of time, a - host will be returned to normal operation. If not - specified, the default value (300s) or BaseEjectionTime - value is applied, whatever is larger. Defaults to - 300s. + description: |- + MaxEjectionTime is the maximum time a host will be ejected for. + After this amount of time, a host will be returned to normal operation. + If not specified, the default value (300s) or BaseEjectionTime value is applied, whatever is larger. + Defaults to 300s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionTimeJitter: - description: MaxEjectionTimeJitter is The maximum amount - of jitter to add to the ejection time, in order to - prevent a ‘thundering herd’ effect where all proxies - try to reconnect to host at the same time. Defaults - to 0s. + description: |- + MaxEjectionTimeJitter is The maximum amount of jitter to add to the ejection time, + in order to prevent a ‘thundering herd’ effect where all proxies try to reconnect to host at the same time. + Defaults to 0s. pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string splitExternalLocalOriginErrors: default: false - description: SplitExternalLocalOriginErrors defines - whether to split the local origin errors from the - external origin errors. Defaults to false. + description: |- + SplitExternalLocalOriginErrors defines whether to split the local origin errors from the external origin errors. + Defaults to false. type: boolean type: object port: @@ -9312,6 +9312,421 @@ spec: app: envoy type: LoadBalancer +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gateway-contour-test + namespace: gateway-contour-test +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: gateway-contour-test + namespace: gateway-contour-test +rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: gateway-contour-test +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gateway-contour-test +subjects: + - kind: ServiceAccount + name: gateway-contour-test + namespace: gateway-contour-test +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: gateway-contour-test-rolebinding + namespace: gateway-contour-test +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: gateway-contour-test +subjects: + - kind: ServiceAccount + name: gateway-contour-test + namespace: gateway-contour-test +--- +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gateway-contour-test +rules: + - apiGroups: + - "" + resources: + - endpoints + - namespaces + - secrets + - services + verbs: + - get + - list + - watch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - grpcroutes + - httproutes + - referencegrants + - tcproutes + - tlsroutes + verbs: + - get + - list + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses/status + - gateways/status + - grpcroutes/status + - httproutes/status + - tcproutes/status + - tlsroutes/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - create + - get + - update + - apiGroups: + - projectcontour.io + resources: + - contourconfigurations + - extensionservices + - httpproxies + - tlscertificatedelegations + verbs: + - get + - list + - watch + - apiGroups: + - projectcontour.io + resources: + - contourconfigurations/status + - extensionservices/status + - httpproxies/status + verbs: + - create + - get + - update +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: contour + name: contour + namespace: gateway-contour-test +spec: + replicas: 1 + selector: + matchLabels: + app: contour + template: + metadata: + labels: + app: contour + spec: + containers: + - args: + - serve + - --incluster + - --xds-address=0.0.0.0 + - --xds-port=8001 + - --insecure + - --ingress-class-name=gateway-contour-up + - --root-namespaces=gateway-contour-test + - --config-path=/config/contour.yaml + command: ["contour"] + image: ghcr.io/projectcontour/contour:main + imagePullPolicy: Always + name: contour + ports: + - containerPort: 8001 + name: xds + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: 8000 + readinessProbe: + tcpSocket: + port: 8001 + initialDelaySeconds: 15 + periodSeconds: 10 + volumeMounts: + - name: contour-config + mountPath: /config + readOnly: true + env: + - name: CONTOUR_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + dnsPolicy: ClusterFirst + serviceAccountName: gateway-contour-test + volumes: + - name: contour-config + configMap: + name: contour + defaultMode: 0644 + items: + - key: contour.yaml + path: contour.yaml +--- +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: contour + namespace: gateway-contour-test +data: + contour.yaml: | + # + # server: + # determine which XDS Server implementation to utilize in Contour. + # xds-server-type: contour + # + # Specify the Gateway API configuration. + gateway: + controllerName: projectcontour.io/gateway-controller-test + # + # should contour expect to be running inside a k8s cluster + # incluster: true + # + # path to kubeconfig (if not running inside a k8s cluster) + # kubeconfig: /path/to/.kube/config + # + # Disable RFC-compliant behavior to strip "Content-Length" header if + # "Tranfer-Encoding: chunked" is also set. + # disableAllowChunkedLength: false + # + # Disable Envoy's non-standard merge_slashes path transformation option + # that strips duplicate slashes from request URLs. + # disableMergeSlashes: false + # + # Disable HTTPProxy permitInsecure field + disablePermitInsecure: false + tls: + # minimum TLS version that Contour will negotiate + # minimum-protocol-version: "1.2" + # TLS ciphers to be supported by Envoy TLS listeners when negotiating + # TLS 1.2. + # cipher-suites: + # - '[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]' + # - '[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]' + # - 'ECDHE-ECDSA-AES256-GCM-SHA384' + # - 'ECDHE-RSA-AES256-GCM-SHA384' + # Defines the Kubernetes name/namespace matching a secret to use + # as the fallback certificate when requests which don't match the + # SNI defined for a vhost. + fallback-certificate: + # name: fallback-secret-name + # namespace: projectcontour + envoy-client-certificate: + # name: envoy-client-cert-secret-name + # namespace: projectcontour + #### + # ExternalName Services are disabled by default due to CVE-2021-XXXXX + # You can re-enable them by setting this setting to `true`. + # This is not recommended without understanding the security implications. + # Please see the advisory at https://github.com/projectcontour/contour/security/advisories/GHSA-5ph6-qq5x-7jwc for the details. + # enableExternalNameService: false + ## + # Address to be placed in status.loadbalancer field of Ingress objects. + # May be either a literal IP address or a host name. + # The value will be placed directly into the relevant field inside the status.loadBalancer struct. + # ingress-status-address: local.projectcontour.io + ### Logging options + # Default setting + accesslog-format: envoy + # The default access log format is defined by Envoy but it can be customized by setting following variable. + # accesslog-format-string: "...\n" + # To enable JSON logging in Envoy + # accesslog-format: json + # accesslog-level: info + # The default fields that will be logged are specified below. + # To customise this list, just add or remove entries. + # The canonical list is available at + # https://godoc.org/github.com/projectcontour/contour/internal/envoy#JSONFields + # json-fields: + # - "@timestamp" + # - "authority" + # - "bytes_received" + # - "bytes_sent" + # - "downstream_local_address" + # - "downstream_remote_address" + # - "duration" + # - "method" + # - "path" + # - "protocol" + # - "request_id" + # - "requested_server_name" + # - "response_code" + # - "response_flags" + # - "uber_trace_id" + # - "upstream_cluster" + # - "upstream_host" + # - "upstream_local_address" + # - "upstream_service_time" + # - "user_agent" + # - "x_forwarded_for" + # - "grpc_status" + # - "grpc_status_number" + # + # default-http-versions: + # - "HTTP/2" + # - "HTTP/1.1" + # + # The following shows the default proxy timeout settings. + # timeouts: + # request-timeout: infinity + # connection-idle-timeout: 60s + # stream-idle-timeout: 5m + # max-connection-duration: infinity + # delayed-close-timeout: 1s + # connection-shutdown-grace-period: 5s + # connect-timeout: 2s + # + # Envoy cluster settings. + # cluster: + # configure the cluster dns lookup family + # valid options are: auto (default), v4, v6 + # dns-lookup-family: auto + # + # Envoy network settings. + # network: + # Configure the number of additional ingress proxy hops from the + # right side of the x-forwarded-for HTTP header to trust. + # num-trusted-hops: 0 + # Configure the port used to access the Envoy Admin interface. + # admin-port: 9001 + # + # Configure an optional global rate limit service. + # rateLimitService: + # Identifies the extension service defining the rate limit service, + # formatted as /. + # extensionService: projectcontour/ratelimit + # Defines the rate limit domain to pass to the rate limit service. + # Acts as a container for a set of rate limit definitions within + # the RLS. + # domain: contour + # Defines whether to allow requests to proceed when the rate limit + # service fails to respond with a valid rate limit decision within + # the timeout defined on the extension service. + # failOpen: false + # Defines whether to include the X-RateLimit headers X-RateLimit-Limit, + # X-RateLimit-Remaining, and X-RateLimit-Reset (as defined by the IETF + # Internet-Draft linked below), on responses to clients when the Rate + # Limit Service is consulted for a request. + # ref. https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html + # enableXRateLimitHeaders: false + # Defines whether to translate status code 429 to grpc code RESOURCE_EXHAUSTED + # instead of the default UNAVAILABLE + # enableResourceExhaustedCode: false + # + # Global Policy settings. + # policy: + # # Default headers to set on all requests (unless set/removed on the HTTPProxy object itself) + # request-headers: + # set: + # # example: the hostname of the Envoy instance that proxied the request + # X-Envoy-Hostname: %HOSTNAME% + # # example: add a l5d-dst-override header to instruct Linkerd what service the request is destined for + # l5d-dst-override: %CONTOUR_SERVICE_NAME%.%CONTOUR_NAMESPACE%.svc.cluster.local:%CONTOUR_SERVICE_PORT% + # # default headers to set on all responses (unless set/removed on the HTTPProxy object itself) + # response-headers: + # set: + # # example: Envoy flags that provide additional details about the response or connection + # X-Envoy-Response-Flags: %RESPONSE_FLAGS% + # + # metrics: + # contour: + # address: 0.0.0.0 + # port: 8000 + # server-certificate-path: /path/to/server-cert.pem + # server-key-path: /path/to/server-private-key.pem + # ca-certificate-path: /path/to/root-ca-for-client-validation.pem + # envoy: + # address: 0.0.0.0 + # port: 8002 + # server-certificate-path: /path/to/server-cert.pem + # server-key-path: /path/to/server-private-key.pem + # ca-certificate-path: /path/to/root-ca-for-client-validation.pem + # + # listener: + # connection-balancer: exact + # socket-options: + # tos: 64 + # traffic-class: 64 +--- +apiVersion: v1 +kind: Service +metadata: + name: contour + namespace: gateway-contour-test +spec: + ports: + - port: 8001 + name: xds + protocol: TCP + targetPort: 8001 + selector: + app: contour + type: ClusterIP + --- apiVersion: apps/v1 kind: Deployment diff --git a/examples/render/contour-gateway-provisioner.yaml b/examples/render/contour-gateway-provisioner.yaml index eba0e74545b..f8f8d765359 100644 --- a/examples/render/contour-gateway-provisioner.yaml +++ b/examples/render/contour-gateway-provisioner.yaml @@ -818,72 +818,76 @@ spec: type: object type: object outlierDetection: - description: GlobalOutlierDetection defines the configuration for - outlier detection on all services. If defined, this will be used - as the default for all services. + description: |- + GlobalOutlierDetection defines the configuration for outlier detection on all services. + If defined, this will be used as the default for all services. properties: baseEjectionTime: - description: BaseEjectionTime is the base time that a host is - ejected for. A host will remain ejected for a period of time - equal to the product of the ejection base duration and the number - of times the host has been ejected. Defaults to 30s. + description: |- + BaseEjectionTime is the base time that a host is ejected for. + A host will remain ejected for a period of time equal to the + product of the ejection base duration and the number of times the host has been ejected. + Defaults to 30s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string consecutiveLocalOriginFailure: - description: ConsecutiveLocalOriginFailure defines the number - of consecutive local origin failures before a consecutive local - origin ejection occurs. Parameters take effect only when SplitExternalLocalOriginErrors - is true. Defaults to 5. + description: |- + ConsecutiveLocalOriginFailure defines the number of consecutive local origin failures before a consecutive local origin ejection occurs. + Parameters take effect only when SplitExternalLocalOriginErrors is true. + Defaults to 5. format: int32 type: integer consecutiveServerErrors: - description: ConsecutiveServerErrors defines The number of consecutive - server-side error responses before a consecutive 5xx ejection - occurs. When the backend host encounters consecutive errors - greater than or equal to ConsecutiveServerErrors, it will be - ejected from the load balancing pool. for HTTP services, a 5xx - counts as an error and for TCP services connection failures - and connection timeouts count as an error. It can be disabled - by setting the value to 0. Defaults to 5. + description: |- + ConsecutiveServerErrors defines The number of consecutive server-side error responses before a consecutive 5xx ejection occurs. + When the backend host encounters consecutive + errors greater than or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. + for HTTP services, a 5xx counts as an error and for TCP services + connection failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. + Defaults to 5. format: int32 type: integer disabled: - description: Disabled configures the Service to not use the default - global OutlierDetection policy defined by the Contour configuration. + description: |- + Disabled configures the Service to not use + the default global OutlierDetection policy defined by the Contour configuration. Defaults to false. type: boolean interval: - description: Interval is the interval at which host status is - evaluated. Defaults to 10s. + description: |- + Interval is the interval at which host status is evaluated. + Defaults to 10s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionPercent: - description: MaxEjectionPercent is the max percentage of hosts - in the load balancing pool for the upstream service that can - be ejected. But will eject at least one host regardless of the - value here. Defaults to 10%. + description: |- + MaxEjectionPercent is the max percentage of hosts in the load balancing pool for the upstream service that can be ejected. + But will eject at least one host regardless of the value here. + Defaults to 10%. format: int32 maximum: 100 type: integer maxEjectionTime: - description: MaxEjectionTime is the maximum time a host will be - ejected for. After this amount of time, a host will be returned - to normal operation. If not specified, the default value (300s) - or BaseEjectionTime value is applied, whatever is larger. Defaults - to 300s. + description: |- + MaxEjectionTime is the maximum time a host will be ejected for. + After this amount of time, a host will be returned to normal operation. + If not specified, the default value (300s) or BaseEjectionTime value is applied, whatever is larger. + Defaults to 300s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionTimeJitter: - description: MaxEjectionTimeJitter is The maximum amount of jitter - to add to the ejection time, in order to prevent a ‘thundering - herd’ effect where all proxies try to reconnect to host at the - same time. Defaults to 0s. + description: |- + MaxEjectionTimeJitter is The maximum amount of jitter to add to the ejection time, + in order to prevent a ‘thundering herd’ effect where all proxies try to reconnect to host at the same time. + Defaults to 0s. pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string splitExternalLocalOriginErrors: default: false - description: SplitExternalLocalOriginErrors defines whether to - split the local origin errors from the external origin errors. + description: |- + SplitExternalLocalOriginErrors defines whether to split the local origin errors from the external origin errors. Defaults to false. type: boolean type: object @@ -4569,76 +4573,77 @@ spec: type: object type: object outlierDetection: - description: GlobalOutlierDetection defines the configuration - for outlier detection on all services. If defined, this will - be used as the default for all services. + description: |- + GlobalOutlierDetection defines the configuration for outlier detection on all services. + If defined, this will be used as the default for all services. properties: baseEjectionTime: - description: BaseEjectionTime is the base time that a host - is ejected for. A host will remain ejected for a period - of time equal to the product of the ejection base duration - and the number of times the host has been ejected. Defaults - to 30s. + description: |- + BaseEjectionTime is the base time that a host is ejected for. + A host will remain ejected for a period of time equal to the + product of the ejection base duration and the number of times the host has been ejected. + Defaults to 30s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string consecutiveLocalOriginFailure: - description: ConsecutiveLocalOriginFailure defines the number - of consecutive local origin failures before a consecutive - local origin ejection occurs. Parameters take effect only - when SplitExternalLocalOriginErrors is true. Defaults to - 5. + description: |- + ConsecutiveLocalOriginFailure defines the number of consecutive local origin failures before a consecutive local origin ejection occurs. + Parameters take effect only when SplitExternalLocalOriginErrors is true. + Defaults to 5. format: int32 type: integer consecutiveServerErrors: - description: ConsecutiveServerErrors defines The number of - consecutive server-side error responses before a consecutive - 5xx ejection occurs. When the backend host encounters consecutive - errors greater than or equal to ConsecutiveServerErrors, - it will be ejected from the load balancing pool. for HTTP - services, a 5xx counts as an error and for TCP services - connection failures and connection timeouts count as an - error. It can be disabled by setting the value to 0. Defaults - to 5. + description: |- + ConsecutiveServerErrors defines The number of consecutive server-side error responses before a consecutive 5xx ejection occurs. + When the backend host encounters consecutive + errors greater than or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. + for HTTP services, a 5xx counts as an error and for TCP services + connection failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. + Defaults to 5. format: int32 type: integer disabled: - description: Disabled configures the Service to not use the - default global OutlierDetection policy defined by the Contour - configuration. Defaults to false. + description: |- + Disabled configures the Service to not use + the default global OutlierDetection policy defined by the Contour configuration. + Defaults to false. type: boolean interval: - description: Interval is the interval at which host status - is evaluated. Defaults to 10s. + description: |- + Interval is the interval at which host status is evaluated. + Defaults to 10s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionPercent: - description: MaxEjectionPercent is the max percentage of hosts - in the load balancing pool for the upstream service that - can be ejected. But will eject at least one host regardless - of the value here. Defaults to 10%. + description: |- + MaxEjectionPercent is the max percentage of hosts in the load balancing pool for the upstream service that can be ejected. + But will eject at least one host regardless of the value here. + Defaults to 10%. format: int32 maximum: 100 type: integer maxEjectionTime: - description: MaxEjectionTime is the maximum time a host will - be ejected for. After this amount of time, a host will be - returned to normal operation. If not specified, the default - value (300s) or BaseEjectionTime value is applied, whatever - is larger. Defaults to 300s. + description: |- + MaxEjectionTime is the maximum time a host will be ejected for. + After this amount of time, a host will be returned to normal operation. + If not specified, the default value (300s) or BaseEjectionTime value is applied, whatever is larger. + Defaults to 300s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionTimeJitter: - description: MaxEjectionTimeJitter is The maximum amount of - jitter to add to the ejection time, in order to prevent - a ‘thundering herd’ effect where all proxies try to reconnect - to host at the same time. Defaults to 0s. + description: |- + MaxEjectionTimeJitter is The maximum amount of jitter to add to the ejection time, + in order to prevent a ‘thundering herd’ effect where all proxies try to reconnect to host at the same time. + Defaults to 0s. pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string splitExternalLocalOriginErrors: default: false - description: SplitExternalLocalOriginErrors defines whether - to split the local origin errors from the external origin - errors. Defaults to false. + description: |- + SplitExternalLocalOriginErrors defines whether to split the local origin errors from the external origin errors. + Defaults to false. type: boolean type: object policy: @@ -6817,80 +6822,77 @@ spec: Names defined here will be used to look up corresponding endpoints which contain the ips to route. type: string outlierDetection: - description: The policy for managing outlier detection - on a service. If not specified, the global OutlierDetection - policy will be used. + description: |- + The policy for managing outlier detection on a service. + If not specified, the global OutlierDetection policy will be used. properties: baseEjectionTime: - description: BaseEjectionTime is the base time that - a host is ejected for. A host will remain ejected - for a period of time equal to the product of the - ejection base duration and the number of times the - host has been ejected. Defaults to 30s. + description: |- + BaseEjectionTime is the base time that a host is ejected for. + A host will remain ejected for a period of time equal to the + product of the ejection base duration and the number of times the host has been ejected. + Defaults to 30s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string consecutiveLocalOriginFailure: - description: ConsecutiveLocalOriginFailure defines - the number of consecutive local origin failures - before a consecutive local origin ejection occurs. - Parameters take effect only when SplitExternalLocalOriginErrors - is true. Defaults to 5. + description: |- + ConsecutiveLocalOriginFailure defines the number of consecutive local origin failures before a consecutive local origin ejection occurs. + Parameters take effect only when SplitExternalLocalOriginErrors is true. + Defaults to 5. format: int32 type: integer consecutiveServerErrors: - description: ConsecutiveServerErrors defines The number - of consecutive server-side error responses before - a consecutive 5xx ejection occurs. When the backend - host encounters consecutive errors greater than - or equal to ConsecutiveServerErrors, it will be - ejected from the load balancing pool. for HTTP services, - a 5xx counts as an error and for TCP services connection - failures and connection timeouts count as an error. - It can be disabled by setting the value to 0. Defaults - to 5. + description: |- + ConsecutiveServerErrors defines The number of consecutive server-side error responses before a consecutive 5xx ejection occurs. + When the backend host encounters consecutive + errors greater than or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. + for HTTP services, a 5xx counts as an error and for TCP services + connection failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. + Defaults to 5. format: int32 type: integer disabled: - description: Disabled configures the Service to not - use the default global OutlierDetection policy defined - by the Contour configuration. Defaults to false. + description: |- + Disabled configures the Service to not use + the default global OutlierDetection policy defined by the Contour configuration. + Defaults to false. type: boolean interval: - description: Interval is the interval at which host - status is evaluated. Defaults to 10s. + description: |- + Interval is the interval at which host status is evaluated. + Defaults to 10s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionPercent: - description: MaxEjectionPercent is the max percentage - of hosts in the load balancing pool for the upstream - service that can be ejected. But will eject at least - one host regardless of the value here. Defaults - to 10%. + description: |- + MaxEjectionPercent is the max percentage of hosts in the load balancing pool for the upstream service that can be ejected. + But will eject at least one host regardless of the value here. + Defaults to 10%. format: int32 maximum: 100 type: integer maxEjectionTime: - description: MaxEjectionTime is the maximum time a - host will be ejected for. After this amount of time, - a host will be returned to normal operation. If - not specified, the default value (300s) or BaseEjectionTime - value is applied, whatever is larger. Defaults to - 300s. + description: |- + MaxEjectionTime is the maximum time a host will be ejected for. + After this amount of time, a host will be returned to normal operation. + If not specified, the default value (300s) or BaseEjectionTime value is applied, whatever is larger. + Defaults to 300s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionTimeJitter: - description: MaxEjectionTimeJitter is The maximum - amount of jitter to add to the ejection time, in - order to prevent a ‘thundering herd’ effect where - all proxies try to reconnect to host at the same - time. Defaults to 0s. + description: |- + MaxEjectionTimeJitter is The maximum amount of jitter to add to the ejection time, + in order to prevent a ‘thundering herd’ effect where all proxies try to reconnect to host at the same time. + Defaults to 0s. pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string splitExternalLocalOriginErrors: default: false - description: SplitExternalLocalOriginErrors defines - whether to split the local origin errors from the - external origin errors. Defaults to false. + description: |- + SplitExternalLocalOriginErrors defines whether to split the local origin errors from the external origin errors. + Defaults to false. type: boolean type: object port: @@ -7302,80 +7304,77 @@ spec: Names defined here will be used to look up corresponding endpoints which contain the ips to route. type: string outlierDetection: - description: The policy for managing outlier detection on - a service. If not specified, the global OutlierDetection - policy will be used. + description: |- + The policy for managing outlier detection on a service. + If not specified, the global OutlierDetection policy will be used. properties: baseEjectionTime: - description: BaseEjectionTime is the base time that - a host is ejected for. A host will remain ejected - for a period of time equal to the product of the ejection - base duration and the number of times the host has - been ejected. Defaults to 30s. + description: |- + BaseEjectionTime is the base time that a host is ejected for. + A host will remain ejected for a period of time equal to the + product of the ejection base duration and the number of times the host has been ejected. + Defaults to 30s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string consecutiveLocalOriginFailure: - description: ConsecutiveLocalOriginFailure defines the - number of consecutive local origin failures before - a consecutive local origin ejection occurs. Parameters - take effect only when SplitExternalLocalOriginErrors - is true. Defaults to 5. + description: |- + ConsecutiveLocalOriginFailure defines the number of consecutive local origin failures before a consecutive local origin ejection occurs. + Parameters take effect only when SplitExternalLocalOriginErrors is true. + Defaults to 5. format: int32 type: integer consecutiveServerErrors: - description: ConsecutiveServerErrors defines The number - of consecutive server-side error responses before - a consecutive 5xx ejection occurs. When the backend - host encounters consecutive errors greater than or - equal to ConsecutiveServerErrors, it will be ejected - from the load balancing pool. for HTTP services, a - 5xx counts as an error and for TCP services connection - failures and connection timeouts count as an error. - It can be disabled by setting the value to 0. Defaults - to 5. + description: |- + ConsecutiveServerErrors defines The number of consecutive server-side error responses before a consecutive 5xx ejection occurs. + When the backend host encounters consecutive + errors greater than or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. + for HTTP services, a 5xx counts as an error and for TCP services + connection failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. + Defaults to 5. format: int32 type: integer disabled: - description: Disabled configures the Service to not - use the default global OutlierDetection policy defined - by the Contour configuration. Defaults to false. + description: |- + Disabled configures the Service to not use + the default global OutlierDetection policy defined by the Contour configuration. + Defaults to false. type: boolean interval: - description: Interval is the interval at which host - status is evaluated. Defaults to 10s. + description: |- + Interval is the interval at which host status is evaluated. + Defaults to 10s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionPercent: - description: MaxEjectionPercent is the max percentage - of hosts in the load balancing pool for the upstream - service that can be ejected. But will eject at least - one host regardless of the value here. Defaults to - 10%. + description: |- + MaxEjectionPercent is the max percentage of hosts in the load balancing pool for the upstream service that can be ejected. + But will eject at least one host regardless of the value here. + Defaults to 10%. format: int32 maximum: 100 type: integer maxEjectionTime: - description: MaxEjectionTime is the maximum time a host - will be ejected for. After this amount of time, a - host will be returned to normal operation. If not - specified, the default value (300s) or BaseEjectionTime - value is applied, whatever is larger. Defaults to - 300s. + description: |- + MaxEjectionTime is the maximum time a host will be ejected for. + After this amount of time, a host will be returned to normal operation. + If not specified, the default value (300s) or BaseEjectionTime value is applied, whatever is larger. + Defaults to 300s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionTimeJitter: - description: MaxEjectionTimeJitter is The maximum amount - of jitter to add to the ejection time, in order to - prevent a ‘thundering herd’ effect where all proxies - try to reconnect to host at the same time. Defaults - to 0s. + description: |- + MaxEjectionTimeJitter is The maximum amount of jitter to add to the ejection time, + in order to prevent a ‘thundering herd’ effect where all proxies try to reconnect to host at the same time. + Defaults to 0s. pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string splitExternalLocalOriginErrors: default: false - description: SplitExternalLocalOriginErrors defines - whether to split the local origin errors from the - external origin errors. Defaults to false. + description: |- + SplitExternalLocalOriginErrors defines whether to split the local origin errors from the external origin errors. + Defaults to false. type: boolean type: object port: diff --git a/examples/render/contour-gateway.yaml b/examples/render/contour-gateway.yaml index c8dd482ee75..ce30a6775ca 100644 --- a/examples/render/contour-gateway.yaml +++ b/examples/render/contour-gateway.yaml @@ -10,6 +10,7 @@ # examples/contour/02-role-contour.yaml # examples/contour/02-service-contour.yaml # examples/contour/02-service-envoy.yaml +# examples/contour/03-contour-gateway.yaml # examples/contour/03-contour.yaml # examples/contour/03-envoy.yaml # examples/gateway/00-crds.yaml @@ -1029,72 +1030,76 @@ spec: type: object type: object outlierDetection: - description: GlobalOutlierDetection defines the configuration for - outlier detection on all services. If defined, this will be used - as the default for all services. + description: |- + GlobalOutlierDetection defines the configuration for outlier detection on all services. + If defined, this will be used as the default for all services. properties: baseEjectionTime: - description: BaseEjectionTime is the base time that a host is - ejected for. A host will remain ejected for a period of time - equal to the product of the ejection base duration and the number - of times the host has been ejected. Defaults to 30s. + description: |- + BaseEjectionTime is the base time that a host is ejected for. + A host will remain ejected for a period of time equal to the + product of the ejection base duration and the number of times the host has been ejected. + Defaults to 30s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string consecutiveLocalOriginFailure: - description: ConsecutiveLocalOriginFailure defines the number - of consecutive local origin failures before a consecutive local - origin ejection occurs. Parameters take effect only when SplitExternalLocalOriginErrors - is true. Defaults to 5. + description: |- + ConsecutiveLocalOriginFailure defines the number of consecutive local origin failures before a consecutive local origin ejection occurs. + Parameters take effect only when SplitExternalLocalOriginErrors is true. + Defaults to 5. format: int32 type: integer consecutiveServerErrors: - description: ConsecutiveServerErrors defines The number of consecutive - server-side error responses before a consecutive 5xx ejection - occurs. When the backend host encounters consecutive errors - greater than or equal to ConsecutiveServerErrors, it will be - ejected from the load balancing pool. for HTTP services, a 5xx - counts as an error and for TCP services connection failures - and connection timeouts count as an error. It can be disabled - by setting the value to 0. Defaults to 5. + description: |- + ConsecutiveServerErrors defines The number of consecutive server-side error responses before a consecutive 5xx ejection occurs. + When the backend host encounters consecutive + errors greater than or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. + for HTTP services, a 5xx counts as an error and for TCP services + connection failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. + Defaults to 5. format: int32 type: integer disabled: - description: Disabled configures the Service to not use the default - global OutlierDetection policy defined by the Contour configuration. + description: |- + Disabled configures the Service to not use + the default global OutlierDetection policy defined by the Contour configuration. Defaults to false. type: boolean interval: - description: Interval is the interval at which host status is - evaluated. Defaults to 10s. + description: |- + Interval is the interval at which host status is evaluated. + Defaults to 10s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionPercent: - description: MaxEjectionPercent is the max percentage of hosts - in the load balancing pool for the upstream service that can - be ejected. But will eject at least one host regardless of the - value here. Defaults to 10%. + description: |- + MaxEjectionPercent is the max percentage of hosts in the load balancing pool for the upstream service that can be ejected. + But will eject at least one host regardless of the value here. + Defaults to 10%. format: int32 maximum: 100 type: integer maxEjectionTime: - description: MaxEjectionTime is the maximum time a host will be - ejected for. After this amount of time, a host will be returned - to normal operation. If not specified, the default value (300s) - or BaseEjectionTime value is applied, whatever is larger. Defaults - to 300s. + description: |- + MaxEjectionTime is the maximum time a host will be ejected for. + After this amount of time, a host will be returned to normal operation. + If not specified, the default value (300s) or BaseEjectionTime value is applied, whatever is larger. + Defaults to 300s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionTimeJitter: - description: MaxEjectionTimeJitter is The maximum amount of jitter - to add to the ejection time, in order to prevent a ‘thundering - herd’ effect where all proxies try to reconnect to host at the - same time. Defaults to 0s. + description: |- + MaxEjectionTimeJitter is The maximum amount of jitter to add to the ejection time, + in order to prevent a ‘thundering herd’ effect where all proxies try to reconnect to host at the same time. + Defaults to 0s. pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string splitExternalLocalOriginErrors: default: false - description: SplitExternalLocalOriginErrors defines whether to - split the local origin errors from the external origin errors. + description: |- + SplitExternalLocalOriginErrors defines whether to split the local origin errors from the external origin errors. Defaults to false. type: boolean type: object @@ -4780,76 +4785,77 @@ spec: type: object type: object outlierDetection: - description: GlobalOutlierDetection defines the configuration - for outlier detection on all services. If defined, this will - be used as the default for all services. + description: |- + GlobalOutlierDetection defines the configuration for outlier detection on all services. + If defined, this will be used as the default for all services. properties: baseEjectionTime: - description: BaseEjectionTime is the base time that a host - is ejected for. A host will remain ejected for a period - of time equal to the product of the ejection base duration - and the number of times the host has been ejected. Defaults - to 30s. + description: |- + BaseEjectionTime is the base time that a host is ejected for. + A host will remain ejected for a period of time equal to the + product of the ejection base duration and the number of times the host has been ejected. + Defaults to 30s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string consecutiveLocalOriginFailure: - description: ConsecutiveLocalOriginFailure defines the number - of consecutive local origin failures before a consecutive - local origin ejection occurs. Parameters take effect only - when SplitExternalLocalOriginErrors is true. Defaults to - 5. + description: |- + ConsecutiveLocalOriginFailure defines the number of consecutive local origin failures before a consecutive local origin ejection occurs. + Parameters take effect only when SplitExternalLocalOriginErrors is true. + Defaults to 5. format: int32 type: integer consecutiveServerErrors: - description: ConsecutiveServerErrors defines The number of - consecutive server-side error responses before a consecutive - 5xx ejection occurs. When the backend host encounters consecutive - errors greater than or equal to ConsecutiveServerErrors, - it will be ejected from the load balancing pool. for HTTP - services, a 5xx counts as an error and for TCP services - connection failures and connection timeouts count as an - error. It can be disabled by setting the value to 0. Defaults - to 5. + description: |- + ConsecutiveServerErrors defines The number of consecutive server-side error responses before a consecutive 5xx ejection occurs. + When the backend host encounters consecutive + errors greater than or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. + for HTTP services, a 5xx counts as an error and for TCP services + connection failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. + Defaults to 5. format: int32 type: integer disabled: - description: Disabled configures the Service to not use the - default global OutlierDetection policy defined by the Contour - configuration. Defaults to false. + description: |- + Disabled configures the Service to not use + the default global OutlierDetection policy defined by the Contour configuration. + Defaults to false. type: boolean interval: - description: Interval is the interval at which host status - is evaluated. Defaults to 10s. + description: |- + Interval is the interval at which host status is evaluated. + Defaults to 10s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionPercent: - description: MaxEjectionPercent is the max percentage of hosts - in the load balancing pool for the upstream service that - can be ejected. But will eject at least one host regardless - of the value here. Defaults to 10%. + description: |- + MaxEjectionPercent is the max percentage of hosts in the load balancing pool for the upstream service that can be ejected. + But will eject at least one host regardless of the value here. + Defaults to 10%. format: int32 maximum: 100 type: integer maxEjectionTime: - description: MaxEjectionTime is the maximum time a host will - be ejected for. After this amount of time, a host will be - returned to normal operation. If not specified, the default - value (300s) or BaseEjectionTime value is applied, whatever - is larger. Defaults to 300s. + description: |- + MaxEjectionTime is the maximum time a host will be ejected for. + After this amount of time, a host will be returned to normal operation. + If not specified, the default value (300s) or BaseEjectionTime value is applied, whatever is larger. + Defaults to 300s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionTimeJitter: - description: MaxEjectionTimeJitter is The maximum amount of - jitter to add to the ejection time, in order to prevent - a ‘thundering herd’ effect where all proxies try to reconnect - to host at the same time. Defaults to 0s. + description: |- + MaxEjectionTimeJitter is The maximum amount of jitter to add to the ejection time, + in order to prevent a ‘thundering herd’ effect where all proxies try to reconnect to host at the same time. + Defaults to 0s. pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string splitExternalLocalOriginErrors: default: false - description: SplitExternalLocalOriginErrors defines whether - to split the local origin errors from the external origin - errors. Defaults to false. + description: |- + SplitExternalLocalOriginErrors defines whether to split the local origin errors from the external origin errors. + Defaults to false. type: boolean type: object policy: @@ -7028,80 +7034,77 @@ spec: Names defined here will be used to look up corresponding endpoints which contain the ips to route. type: string outlierDetection: - description: The policy for managing outlier detection - on a service. If not specified, the global OutlierDetection - policy will be used. + description: |- + The policy for managing outlier detection on a service. + If not specified, the global OutlierDetection policy will be used. properties: baseEjectionTime: - description: BaseEjectionTime is the base time that - a host is ejected for. A host will remain ejected - for a period of time equal to the product of the - ejection base duration and the number of times the - host has been ejected. Defaults to 30s. + description: |- + BaseEjectionTime is the base time that a host is ejected for. + A host will remain ejected for a period of time equal to the + product of the ejection base duration and the number of times the host has been ejected. + Defaults to 30s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string consecutiveLocalOriginFailure: - description: ConsecutiveLocalOriginFailure defines - the number of consecutive local origin failures - before a consecutive local origin ejection occurs. - Parameters take effect only when SplitExternalLocalOriginErrors - is true. Defaults to 5. + description: |- + ConsecutiveLocalOriginFailure defines the number of consecutive local origin failures before a consecutive local origin ejection occurs. + Parameters take effect only when SplitExternalLocalOriginErrors is true. + Defaults to 5. format: int32 type: integer consecutiveServerErrors: - description: ConsecutiveServerErrors defines The number - of consecutive server-side error responses before - a consecutive 5xx ejection occurs. When the backend - host encounters consecutive errors greater than - or equal to ConsecutiveServerErrors, it will be - ejected from the load balancing pool. for HTTP services, - a 5xx counts as an error and for TCP services connection - failures and connection timeouts count as an error. - It can be disabled by setting the value to 0. Defaults - to 5. + description: |- + ConsecutiveServerErrors defines The number of consecutive server-side error responses before a consecutive 5xx ejection occurs. + When the backend host encounters consecutive + errors greater than or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. + for HTTP services, a 5xx counts as an error and for TCP services + connection failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. + Defaults to 5. format: int32 type: integer disabled: - description: Disabled configures the Service to not - use the default global OutlierDetection policy defined - by the Contour configuration. Defaults to false. + description: |- + Disabled configures the Service to not use + the default global OutlierDetection policy defined by the Contour configuration. + Defaults to false. type: boolean interval: - description: Interval is the interval at which host - status is evaluated. Defaults to 10s. + description: |- + Interval is the interval at which host status is evaluated. + Defaults to 10s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionPercent: - description: MaxEjectionPercent is the max percentage - of hosts in the load balancing pool for the upstream - service that can be ejected. But will eject at least - one host regardless of the value here. Defaults - to 10%. + description: |- + MaxEjectionPercent is the max percentage of hosts in the load balancing pool for the upstream service that can be ejected. + But will eject at least one host regardless of the value here. + Defaults to 10%. format: int32 maximum: 100 type: integer maxEjectionTime: - description: MaxEjectionTime is the maximum time a - host will be ejected for. After this amount of time, - a host will be returned to normal operation. If - not specified, the default value (300s) or BaseEjectionTime - value is applied, whatever is larger. Defaults to - 300s. + description: |- + MaxEjectionTime is the maximum time a host will be ejected for. + After this amount of time, a host will be returned to normal operation. + If not specified, the default value (300s) or BaseEjectionTime value is applied, whatever is larger. + Defaults to 300s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionTimeJitter: - description: MaxEjectionTimeJitter is The maximum - amount of jitter to add to the ejection time, in - order to prevent a ‘thundering herd’ effect where - all proxies try to reconnect to host at the same - time. Defaults to 0s. + description: |- + MaxEjectionTimeJitter is The maximum amount of jitter to add to the ejection time, + in order to prevent a ‘thundering herd’ effect where all proxies try to reconnect to host at the same time. + Defaults to 0s. pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string splitExternalLocalOriginErrors: default: false - description: SplitExternalLocalOriginErrors defines - whether to split the local origin errors from the - external origin errors. Defaults to false. + description: |- + SplitExternalLocalOriginErrors defines whether to split the local origin errors from the external origin errors. + Defaults to false. type: boolean type: object port: @@ -7513,80 +7516,77 @@ spec: Names defined here will be used to look up corresponding endpoints which contain the ips to route. type: string outlierDetection: - description: The policy for managing outlier detection on - a service. If not specified, the global OutlierDetection - policy will be used. + description: |- + The policy for managing outlier detection on a service. + If not specified, the global OutlierDetection policy will be used. properties: baseEjectionTime: - description: BaseEjectionTime is the base time that - a host is ejected for. A host will remain ejected - for a period of time equal to the product of the ejection - base duration and the number of times the host has - been ejected. Defaults to 30s. + description: |- + BaseEjectionTime is the base time that a host is ejected for. + A host will remain ejected for a period of time equal to the + product of the ejection base duration and the number of times the host has been ejected. + Defaults to 30s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string consecutiveLocalOriginFailure: - description: ConsecutiveLocalOriginFailure defines the - number of consecutive local origin failures before - a consecutive local origin ejection occurs. Parameters - take effect only when SplitExternalLocalOriginErrors - is true. Defaults to 5. + description: |- + ConsecutiveLocalOriginFailure defines the number of consecutive local origin failures before a consecutive local origin ejection occurs. + Parameters take effect only when SplitExternalLocalOriginErrors is true. + Defaults to 5. format: int32 type: integer consecutiveServerErrors: - description: ConsecutiveServerErrors defines The number - of consecutive server-side error responses before - a consecutive 5xx ejection occurs. When the backend - host encounters consecutive errors greater than or - equal to ConsecutiveServerErrors, it will be ejected - from the load balancing pool. for HTTP services, a - 5xx counts as an error and for TCP services connection - failures and connection timeouts count as an error. - It can be disabled by setting the value to 0. Defaults - to 5. + description: |- + ConsecutiveServerErrors defines The number of consecutive server-side error responses before a consecutive 5xx ejection occurs. + When the backend host encounters consecutive + errors greater than or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. + for HTTP services, a 5xx counts as an error and for TCP services + connection failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. + Defaults to 5. format: int32 type: integer disabled: - description: Disabled configures the Service to not - use the default global OutlierDetection policy defined - by the Contour configuration. Defaults to false. + description: |- + Disabled configures the Service to not use + the default global OutlierDetection policy defined by the Contour configuration. + Defaults to false. type: boolean interval: - description: Interval is the interval at which host - status is evaluated. Defaults to 10s. + description: |- + Interval is the interval at which host status is evaluated. + Defaults to 10s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionPercent: - description: MaxEjectionPercent is the max percentage - of hosts in the load balancing pool for the upstream - service that can be ejected. But will eject at least - one host regardless of the value here. Defaults to - 10%. + description: |- + MaxEjectionPercent is the max percentage of hosts in the load balancing pool for the upstream service that can be ejected. + But will eject at least one host regardless of the value here. + Defaults to 10%. format: int32 maximum: 100 type: integer maxEjectionTime: - description: MaxEjectionTime is the maximum time a host - will be ejected for. After this amount of time, a - host will be returned to normal operation. If not - specified, the default value (300s) or BaseEjectionTime - value is applied, whatever is larger. Defaults to - 300s. + description: |- + MaxEjectionTime is the maximum time a host will be ejected for. + After this amount of time, a host will be returned to normal operation. + If not specified, the default value (300s) or BaseEjectionTime value is applied, whatever is larger. + Defaults to 300s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionTimeJitter: - description: MaxEjectionTimeJitter is The maximum amount - of jitter to add to the ejection time, in order to - prevent a ‘thundering herd’ effect where all proxies - try to reconnect to host at the same time. Defaults - to 0s. + description: |- + MaxEjectionTimeJitter is The maximum amount of jitter to add to the ejection time, + in order to prevent a ‘thundering herd’ effect where all proxies try to reconnect to host at the same time. + Defaults to 0s. pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string splitExternalLocalOriginErrors: default: false - description: SplitExternalLocalOriginErrors defines - whether to split the local origin errors from the - external origin errors. Defaults to false. + description: |- + SplitExternalLocalOriginErrors defines whether to split the local origin errors from the external origin errors. + Defaults to false. type: boolean type: object port: @@ -9315,6 +9315,421 @@ spec: app: envoy type: LoadBalancer +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gateway-contour-test + namespace: gateway-contour-test +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: gateway-contour-test + namespace: gateway-contour-test +rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: gateway-contour-test +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gateway-contour-test +subjects: + - kind: ServiceAccount + name: gateway-contour-test + namespace: gateway-contour-test +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: gateway-contour-test-rolebinding + namespace: gateway-contour-test +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: gateway-contour-test +subjects: + - kind: ServiceAccount + name: gateway-contour-test + namespace: gateway-contour-test +--- +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gateway-contour-test +rules: + - apiGroups: + - "" + resources: + - endpoints + - namespaces + - secrets + - services + verbs: + - get + - list + - watch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - grpcroutes + - httproutes + - referencegrants + - tcproutes + - tlsroutes + verbs: + - get + - list + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses/status + - gateways/status + - grpcroutes/status + - httproutes/status + - tcproutes/status + - tlsroutes/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - create + - get + - update + - apiGroups: + - projectcontour.io + resources: + - contourconfigurations + - extensionservices + - httpproxies + - tlscertificatedelegations + verbs: + - get + - list + - watch + - apiGroups: + - projectcontour.io + resources: + - contourconfigurations/status + - extensionservices/status + - httpproxies/status + verbs: + - create + - get + - update +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: contour + name: contour + namespace: gateway-contour-test +spec: + replicas: 1 + selector: + matchLabels: + app: contour + template: + metadata: + labels: + app: contour + spec: + containers: + - args: + - serve + - --incluster + - --xds-address=0.0.0.0 + - --xds-port=8001 + - --insecure + - --ingress-class-name=gateway-contour-up + - --root-namespaces=gateway-contour-test + - --config-path=/config/contour.yaml + command: ["contour"] + image: ghcr.io/projectcontour/contour:main + imagePullPolicy: Always + name: contour + ports: + - containerPort: 8001 + name: xds + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: 8000 + readinessProbe: + tcpSocket: + port: 8001 + initialDelaySeconds: 15 + periodSeconds: 10 + volumeMounts: + - name: contour-config + mountPath: /config + readOnly: true + env: + - name: CONTOUR_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + dnsPolicy: ClusterFirst + serviceAccountName: gateway-contour-test + volumes: + - name: contour-config + configMap: + name: contour + defaultMode: 0644 + items: + - key: contour.yaml + path: contour.yaml +--- +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: contour + namespace: gateway-contour-test +data: + contour.yaml: | + # + # server: + # determine which XDS Server implementation to utilize in Contour. + # xds-server-type: contour + # + # Specify the Gateway API configuration. + gateway: + controllerName: projectcontour.io/gateway-controller-test + # + # should contour expect to be running inside a k8s cluster + # incluster: true + # + # path to kubeconfig (if not running inside a k8s cluster) + # kubeconfig: /path/to/.kube/config + # + # Disable RFC-compliant behavior to strip "Content-Length" header if + # "Tranfer-Encoding: chunked" is also set. + # disableAllowChunkedLength: false + # + # Disable Envoy's non-standard merge_slashes path transformation option + # that strips duplicate slashes from request URLs. + # disableMergeSlashes: false + # + # Disable HTTPProxy permitInsecure field + disablePermitInsecure: false + tls: + # minimum TLS version that Contour will negotiate + # minimum-protocol-version: "1.2" + # TLS ciphers to be supported by Envoy TLS listeners when negotiating + # TLS 1.2. + # cipher-suites: + # - '[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]' + # - '[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]' + # - 'ECDHE-ECDSA-AES256-GCM-SHA384' + # - 'ECDHE-RSA-AES256-GCM-SHA384' + # Defines the Kubernetes name/namespace matching a secret to use + # as the fallback certificate when requests which don't match the + # SNI defined for a vhost. + fallback-certificate: + # name: fallback-secret-name + # namespace: projectcontour + envoy-client-certificate: + # name: envoy-client-cert-secret-name + # namespace: projectcontour + #### + # ExternalName Services are disabled by default due to CVE-2021-XXXXX + # You can re-enable them by setting this setting to `true`. + # This is not recommended without understanding the security implications. + # Please see the advisory at https://github.com/projectcontour/contour/security/advisories/GHSA-5ph6-qq5x-7jwc for the details. + # enableExternalNameService: false + ## + # Address to be placed in status.loadbalancer field of Ingress objects. + # May be either a literal IP address or a host name. + # The value will be placed directly into the relevant field inside the status.loadBalancer struct. + # ingress-status-address: local.projectcontour.io + ### Logging options + # Default setting + accesslog-format: envoy + # The default access log format is defined by Envoy but it can be customized by setting following variable. + # accesslog-format-string: "...\n" + # To enable JSON logging in Envoy + # accesslog-format: json + # accesslog-level: info + # The default fields that will be logged are specified below. + # To customise this list, just add or remove entries. + # The canonical list is available at + # https://godoc.org/github.com/projectcontour/contour/internal/envoy#JSONFields + # json-fields: + # - "@timestamp" + # - "authority" + # - "bytes_received" + # - "bytes_sent" + # - "downstream_local_address" + # - "downstream_remote_address" + # - "duration" + # - "method" + # - "path" + # - "protocol" + # - "request_id" + # - "requested_server_name" + # - "response_code" + # - "response_flags" + # - "uber_trace_id" + # - "upstream_cluster" + # - "upstream_host" + # - "upstream_local_address" + # - "upstream_service_time" + # - "user_agent" + # - "x_forwarded_for" + # - "grpc_status" + # - "grpc_status_number" + # + # default-http-versions: + # - "HTTP/2" + # - "HTTP/1.1" + # + # The following shows the default proxy timeout settings. + # timeouts: + # request-timeout: infinity + # connection-idle-timeout: 60s + # stream-idle-timeout: 5m + # max-connection-duration: infinity + # delayed-close-timeout: 1s + # connection-shutdown-grace-period: 5s + # connect-timeout: 2s + # + # Envoy cluster settings. + # cluster: + # configure the cluster dns lookup family + # valid options are: auto (default), v4, v6 + # dns-lookup-family: auto + # + # Envoy network settings. + # network: + # Configure the number of additional ingress proxy hops from the + # right side of the x-forwarded-for HTTP header to trust. + # num-trusted-hops: 0 + # Configure the port used to access the Envoy Admin interface. + # admin-port: 9001 + # + # Configure an optional global rate limit service. + # rateLimitService: + # Identifies the extension service defining the rate limit service, + # formatted as /. + # extensionService: projectcontour/ratelimit + # Defines the rate limit domain to pass to the rate limit service. + # Acts as a container for a set of rate limit definitions within + # the RLS. + # domain: contour + # Defines whether to allow requests to proceed when the rate limit + # service fails to respond with a valid rate limit decision within + # the timeout defined on the extension service. + # failOpen: false + # Defines whether to include the X-RateLimit headers X-RateLimit-Limit, + # X-RateLimit-Remaining, and X-RateLimit-Reset (as defined by the IETF + # Internet-Draft linked below), on responses to clients when the Rate + # Limit Service is consulted for a request. + # ref. https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html + # enableXRateLimitHeaders: false + # Defines whether to translate status code 429 to grpc code RESOURCE_EXHAUSTED + # instead of the default UNAVAILABLE + # enableResourceExhaustedCode: false + # + # Global Policy settings. + # policy: + # # Default headers to set on all requests (unless set/removed on the HTTPProxy object itself) + # request-headers: + # set: + # # example: the hostname of the Envoy instance that proxied the request + # X-Envoy-Hostname: %HOSTNAME% + # # example: add a l5d-dst-override header to instruct Linkerd what service the request is destined for + # l5d-dst-override: %CONTOUR_SERVICE_NAME%.%CONTOUR_NAMESPACE%.svc.cluster.local:%CONTOUR_SERVICE_PORT% + # # default headers to set on all responses (unless set/removed on the HTTPProxy object itself) + # response-headers: + # set: + # # example: Envoy flags that provide additional details about the response or connection + # X-Envoy-Response-Flags: %RESPONSE_FLAGS% + # + # metrics: + # contour: + # address: 0.0.0.0 + # port: 8000 + # server-certificate-path: /path/to/server-cert.pem + # server-key-path: /path/to/server-private-key.pem + # ca-certificate-path: /path/to/root-ca-for-client-validation.pem + # envoy: + # address: 0.0.0.0 + # port: 8002 + # server-certificate-path: /path/to/server-cert.pem + # server-key-path: /path/to/server-private-key.pem + # ca-certificate-path: /path/to/root-ca-for-client-validation.pem + # + # listener: + # connection-balancer: exact + # socket-options: + # tos: 64 + # traffic-class: 64 +--- +apiVersion: v1 +kind: Service +metadata: + name: contour + namespace: gateway-contour-test +spec: + ports: + - port: 8001 + name: xds + protocol: TCP + targetPort: 8001 + selector: + app: contour + type: ClusterIP + --- apiVersion: apps/v1 kind: Deployment diff --git a/examples/render/contour.yaml b/examples/render/contour.yaml index d485ddcce1c..2cc0d5d5489 100644 --- a/examples/render/contour.yaml +++ b/examples/render/contour.yaml @@ -10,6 +10,7 @@ # examples/contour/02-role-contour.yaml # examples/contour/02-service-contour.yaml # examples/contour/02-service-envoy.yaml +# examples/contour/03-contour-gateway.yaml # examples/contour/03-contour.yaml # examples/contour/03-envoy.yaml @@ -1026,72 +1027,76 @@ spec: type: object type: object outlierDetection: - description: GlobalOutlierDetection defines the configuration for - outlier detection on all services. If defined, this will be used - as the default for all services. + description: |- + GlobalOutlierDetection defines the configuration for outlier detection on all services. + If defined, this will be used as the default for all services. properties: baseEjectionTime: - description: BaseEjectionTime is the base time that a host is - ejected for. A host will remain ejected for a period of time - equal to the product of the ejection base duration and the number - of times the host has been ejected. Defaults to 30s. + description: |- + BaseEjectionTime is the base time that a host is ejected for. + A host will remain ejected for a period of time equal to the + product of the ejection base duration and the number of times the host has been ejected. + Defaults to 30s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string consecutiveLocalOriginFailure: - description: ConsecutiveLocalOriginFailure defines the number - of consecutive local origin failures before a consecutive local - origin ejection occurs. Parameters take effect only when SplitExternalLocalOriginErrors - is true. Defaults to 5. + description: |- + ConsecutiveLocalOriginFailure defines the number of consecutive local origin failures before a consecutive local origin ejection occurs. + Parameters take effect only when SplitExternalLocalOriginErrors is true. + Defaults to 5. format: int32 type: integer consecutiveServerErrors: - description: ConsecutiveServerErrors defines The number of consecutive - server-side error responses before a consecutive 5xx ejection - occurs. When the backend host encounters consecutive errors - greater than or equal to ConsecutiveServerErrors, it will be - ejected from the load balancing pool. for HTTP services, a 5xx - counts as an error and for TCP services connection failures - and connection timeouts count as an error. It can be disabled - by setting the value to 0. Defaults to 5. + description: |- + ConsecutiveServerErrors defines The number of consecutive server-side error responses before a consecutive 5xx ejection occurs. + When the backend host encounters consecutive + errors greater than or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. + for HTTP services, a 5xx counts as an error and for TCP services + connection failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. + Defaults to 5. format: int32 type: integer disabled: - description: Disabled configures the Service to not use the default - global OutlierDetection policy defined by the Contour configuration. + description: |- + Disabled configures the Service to not use + the default global OutlierDetection policy defined by the Contour configuration. Defaults to false. type: boolean interval: - description: Interval is the interval at which host status is - evaluated. Defaults to 10s. + description: |- + Interval is the interval at which host status is evaluated. + Defaults to 10s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionPercent: - description: MaxEjectionPercent is the max percentage of hosts - in the load balancing pool for the upstream service that can - be ejected. But will eject at least one host regardless of the - value here. Defaults to 10%. + description: |- + MaxEjectionPercent is the max percentage of hosts in the load balancing pool for the upstream service that can be ejected. + But will eject at least one host regardless of the value here. + Defaults to 10%. format: int32 maximum: 100 type: integer maxEjectionTime: - description: MaxEjectionTime is the maximum time a host will be - ejected for. After this amount of time, a host will be returned - to normal operation. If not specified, the default value (300s) - or BaseEjectionTime value is applied, whatever is larger. Defaults - to 300s. + description: |- + MaxEjectionTime is the maximum time a host will be ejected for. + After this amount of time, a host will be returned to normal operation. + If not specified, the default value (300s) or BaseEjectionTime value is applied, whatever is larger. + Defaults to 300s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionTimeJitter: - description: MaxEjectionTimeJitter is The maximum amount of jitter - to add to the ejection time, in order to prevent a ‘thundering - herd’ effect where all proxies try to reconnect to host at the - same time. Defaults to 0s. + description: |- + MaxEjectionTimeJitter is The maximum amount of jitter to add to the ejection time, + in order to prevent a ‘thundering herd’ effect where all proxies try to reconnect to host at the same time. + Defaults to 0s. pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string splitExternalLocalOriginErrors: default: false - description: SplitExternalLocalOriginErrors defines whether to - split the local origin errors from the external origin errors. + description: |- + SplitExternalLocalOriginErrors defines whether to split the local origin errors from the external origin errors. Defaults to false. type: boolean type: object @@ -4777,76 +4782,77 @@ spec: type: object type: object outlierDetection: - description: GlobalOutlierDetection defines the configuration - for outlier detection on all services. If defined, this will - be used as the default for all services. + description: |- + GlobalOutlierDetection defines the configuration for outlier detection on all services. + If defined, this will be used as the default for all services. properties: baseEjectionTime: - description: BaseEjectionTime is the base time that a host - is ejected for. A host will remain ejected for a period - of time equal to the product of the ejection base duration - and the number of times the host has been ejected. Defaults - to 30s. + description: |- + BaseEjectionTime is the base time that a host is ejected for. + A host will remain ejected for a period of time equal to the + product of the ejection base duration and the number of times the host has been ejected. + Defaults to 30s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string consecutiveLocalOriginFailure: - description: ConsecutiveLocalOriginFailure defines the number - of consecutive local origin failures before a consecutive - local origin ejection occurs. Parameters take effect only - when SplitExternalLocalOriginErrors is true. Defaults to - 5. + description: |- + ConsecutiveLocalOriginFailure defines the number of consecutive local origin failures before a consecutive local origin ejection occurs. + Parameters take effect only when SplitExternalLocalOriginErrors is true. + Defaults to 5. format: int32 type: integer consecutiveServerErrors: - description: ConsecutiveServerErrors defines The number of - consecutive server-side error responses before a consecutive - 5xx ejection occurs. When the backend host encounters consecutive - errors greater than or equal to ConsecutiveServerErrors, - it will be ejected from the load balancing pool. for HTTP - services, a 5xx counts as an error and for TCP services - connection failures and connection timeouts count as an - error. It can be disabled by setting the value to 0. Defaults - to 5. + description: |- + ConsecutiveServerErrors defines The number of consecutive server-side error responses before a consecutive 5xx ejection occurs. + When the backend host encounters consecutive + errors greater than or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. + for HTTP services, a 5xx counts as an error and for TCP services + connection failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. + Defaults to 5. format: int32 type: integer disabled: - description: Disabled configures the Service to not use the - default global OutlierDetection policy defined by the Contour - configuration. Defaults to false. + description: |- + Disabled configures the Service to not use + the default global OutlierDetection policy defined by the Contour configuration. + Defaults to false. type: boolean interval: - description: Interval is the interval at which host status - is evaluated. Defaults to 10s. + description: |- + Interval is the interval at which host status is evaluated. + Defaults to 10s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionPercent: - description: MaxEjectionPercent is the max percentage of hosts - in the load balancing pool for the upstream service that - can be ejected. But will eject at least one host regardless - of the value here. Defaults to 10%. + description: |- + MaxEjectionPercent is the max percentage of hosts in the load balancing pool for the upstream service that can be ejected. + But will eject at least one host regardless of the value here. + Defaults to 10%. format: int32 maximum: 100 type: integer maxEjectionTime: - description: MaxEjectionTime is the maximum time a host will - be ejected for. After this amount of time, a host will be - returned to normal operation. If not specified, the default - value (300s) or BaseEjectionTime value is applied, whatever - is larger. Defaults to 300s. + description: |- + MaxEjectionTime is the maximum time a host will be ejected for. + After this amount of time, a host will be returned to normal operation. + If not specified, the default value (300s) or BaseEjectionTime value is applied, whatever is larger. + Defaults to 300s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionTimeJitter: - description: MaxEjectionTimeJitter is The maximum amount of - jitter to add to the ejection time, in order to prevent - a ‘thundering herd’ effect where all proxies try to reconnect - to host at the same time. Defaults to 0s. + description: |- + MaxEjectionTimeJitter is The maximum amount of jitter to add to the ejection time, + in order to prevent a ‘thundering herd’ effect where all proxies try to reconnect to host at the same time. + Defaults to 0s. pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string splitExternalLocalOriginErrors: default: false - description: SplitExternalLocalOriginErrors defines whether - to split the local origin errors from the external origin - errors. Defaults to false. + description: |- + SplitExternalLocalOriginErrors defines whether to split the local origin errors from the external origin errors. + Defaults to false. type: boolean type: object policy: @@ -7025,80 +7031,77 @@ spec: Names defined here will be used to look up corresponding endpoints which contain the ips to route. type: string outlierDetection: - description: The policy for managing outlier detection - on a service. If not specified, the global OutlierDetection - policy will be used. + description: |- + The policy for managing outlier detection on a service. + If not specified, the global OutlierDetection policy will be used. properties: baseEjectionTime: - description: BaseEjectionTime is the base time that - a host is ejected for. A host will remain ejected - for a period of time equal to the product of the - ejection base duration and the number of times the - host has been ejected. Defaults to 30s. + description: |- + BaseEjectionTime is the base time that a host is ejected for. + A host will remain ejected for a period of time equal to the + product of the ejection base duration and the number of times the host has been ejected. + Defaults to 30s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string consecutiveLocalOriginFailure: - description: ConsecutiveLocalOriginFailure defines - the number of consecutive local origin failures - before a consecutive local origin ejection occurs. - Parameters take effect only when SplitExternalLocalOriginErrors - is true. Defaults to 5. + description: |- + ConsecutiveLocalOriginFailure defines the number of consecutive local origin failures before a consecutive local origin ejection occurs. + Parameters take effect only when SplitExternalLocalOriginErrors is true. + Defaults to 5. format: int32 type: integer consecutiveServerErrors: - description: ConsecutiveServerErrors defines The number - of consecutive server-side error responses before - a consecutive 5xx ejection occurs. When the backend - host encounters consecutive errors greater than - or equal to ConsecutiveServerErrors, it will be - ejected from the load balancing pool. for HTTP services, - a 5xx counts as an error and for TCP services connection - failures and connection timeouts count as an error. - It can be disabled by setting the value to 0. Defaults - to 5. + description: |- + ConsecutiveServerErrors defines The number of consecutive server-side error responses before a consecutive 5xx ejection occurs. + When the backend host encounters consecutive + errors greater than or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. + for HTTP services, a 5xx counts as an error and for TCP services + connection failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. + Defaults to 5. format: int32 type: integer disabled: - description: Disabled configures the Service to not - use the default global OutlierDetection policy defined - by the Contour configuration. Defaults to false. + description: |- + Disabled configures the Service to not use + the default global OutlierDetection policy defined by the Contour configuration. + Defaults to false. type: boolean interval: - description: Interval is the interval at which host - status is evaluated. Defaults to 10s. + description: |- + Interval is the interval at which host status is evaluated. + Defaults to 10s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionPercent: - description: MaxEjectionPercent is the max percentage - of hosts in the load balancing pool for the upstream - service that can be ejected. But will eject at least - one host regardless of the value here. Defaults - to 10%. + description: |- + MaxEjectionPercent is the max percentage of hosts in the load balancing pool for the upstream service that can be ejected. + But will eject at least one host regardless of the value here. + Defaults to 10%. format: int32 maximum: 100 type: integer maxEjectionTime: - description: MaxEjectionTime is the maximum time a - host will be ejected for. After this amount of time, - a host will be returned to normal operation. If - not specified, the default value (300s) or BaseEjectionTime - value is applied, whatever is larger. Defaults to - 300s. + description: |- + MaxEjectionTime is the maximum time a host will be ejected for. + After this amount of time, a host will be returned to normal operation. + If not specified, the default value (300s) or BaseEjectionTime value is applied, whatever is larger. + Defaults to 300s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionTimeJitter: - description: MaxEjectionTimeJitter is The maximum - amount of jitter to add to the ejection time, in - order to prevent a ‘thundering herd’ effect where - all proxies try to reconnect to host at the same - time. Defaults to 0s. + description: |- + MaxEjectionTimeJitter is The maximum amount of jitter to add to the ejection time, + in order to prevent a ‘thundering herd’ effect where all proxies try to reconnect to host at the same time. + Defaults to 0s. pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string splitExternalLocalOriginErrors: default: false - description: SplitExternalLocalOriginErrors defines - whether to split the local origin errors from the - external origin errors. Defaults to false. + description: |- + SplitExternalLocalOriginErrors defines whether to split the local origin errors from the external origin errors. + Defaults to false. type: boolean type: object port: @@ -7510,80 +7513,77 @@ spec: Names defined here will be used to look up corresponding endpoints which contain the ips to route. type: string outlierDetection: - description: The policy for managing outlier detection on - a service. If not specified, the global OutlierDetection - policy will be used. + description: |- + The policy for managing outlier detection on a service. + If not specified, the global OutlierDetection policy will be used. properties: baseEjectionTime: - description: BaseEjectionTime is the base time that - a host is ejected for. A host will remain ejected - for a period of time equal to the product of the ejection - base duration and the number of times the host has - been ejected. Defaults to 30s. + description: |- + BaseEjectionTime is the base time that a host is ejected for. + A host will remain ejected for a period of time equal to the + product of the ejection base duration and the number of times the host has been ejected. + Defaults to 30s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string consecutiveLocalOriginFailure: - description: ConsecutiveLocalOriginFailure defines the - number of consecutive local origin failures before - a consecutive local origin ejection occurs. Parameters - take effect only when SplitExternalLocalOriginErrors - is true. Defaults to 5. + description: |- + ConsecutiveLocalOriginFailure defines the number of consecutive local origin failures before a consecutive local origin ejection occurs. + Parameters take effect only when SplitExternalLocalOriginErrors is true. + Defaults to 5. format: int32 type: integer consecutiveServerErrors: - description: ConsecutiveServerErrors defines The number - of consecutive server-side error responses before - a consecutive 5xx ejection occurs. When the backend - host encounters consecutive errors greater than or - equal to ConsecutiveServerErrors, it will be ejected - from the load balancing pool. for HTTP services, a - 5xx counts as an error and for TCP services connection - failures and connection timeouts count as an error. - It can be disabled by setting the value to 0. Defaults - to 5. + description: |- + ConsecutiveServerErrors defines The number of consecutive server-side error responses before a consecutive 5xx ejection occurs. + When the backend host encounters consecutive + errors greater than or equal to ConsecutiveServerErrors, it will be + ejected from the load balancing pool. + for HTTP services, a 5xx counts as an error and for TCP services + connection failures and connection timeouts count as an error. + It can be disabled by setting the value to 0. + Defaults to 5. format: int32 type: integer disabled: - description: Disabled configures the Service to not - use the default global OutlierDetection policy defined - by the Contour configuration. Defaults to false. + description: |- + Disabled configures the Service to not use + the default global OutlierDetection policy defined by the Contour configuration. + Defaults to false. type: boolean interval: - description: Interval is the interval at which host - status is evaluated. Defaults to 10s. + description: |- + Interval is the interval at which host status is evaluated. + Defaults to 10s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionPercent: - description: MaxEjectionPercent is the max percentage - of hosts in the load balancing pool for the upstream - service that can be ejected. But will eject at least - one host regardless of the value here. Defaults to - 10%. + description: |- + MaxEjectionPercent is the max percentage of hosts in the load balancing pool for the upstream service that can be ejected. + But will eject at least one host regardless of the value here. + Defaults to 10%. format: int32 maximum: 100 type: integer maxEjectionTime: - description: MaxEjectionTime is the maximum time a host - will be ejected for. After this amount of time, a - host will be returned to normal operation. If not - specified, the default value (300s) or BaseEjectionTime - value is applied, whatever is larger. Defaults to - 300s. + description: |- + MaxEjectionTime is the maximum time a host will be ejected for. + After this amount of time, a host will be returned to normal operation. + If not specified, the default value (300s) or BaseEjectionTime value is applied, whatever is larger. + Defaults to 300s. pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string maxEjectionTimeJitter: - description: MaxEjectionTimeJitter is The maximum amount - of jitter to add to the ejection time, in order to - prevent a ‘thundering herd’ effect where all proxies - try to reconnect to host at the same time. Defaults - to 0s. + description: |- + MaxEjectionTimeJitter is The maximum amount of jitter to add to the ejection time, + in order to prevent a ‘thundering herd’ effect where all proxies try to reconnect to host at the same time. + Defaults to 0s. pattern: ^(((\d*(\.\d*)?s)|(\d*(\.\d*)?ms))+)$ type: string splitExternalLocalOriginErrors: default: false - description: SplitExternalLocalOriginErrors defines - whether to split the local origin errors from the - external origin errors. Defaults to false. + description: |- + SplitExternalLocalOriginErrors defines whether to split the local origin errors from the external origin errors. + Defaults to false. type: boolean type: object port: @@ -9312,6 +9312,421 @@ spec: app: envoy type: LoadBalancer +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gateway-contour-test + namespace: gateway-contour-test +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: gateway-contour-test + namespace: gateway-contour-test +rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: gateway-contour-test +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gateway-contour-test +subjects: + - kind: ServiceAccount + name: gateway-contour-test + namespace: gateway-contour-test +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: gateway-contour-test-rolebinding + namespace: gateway-contour-test +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: gateway-contour-test +subjects: + - kind: ServiceAccount + name: gateway-contour-test + namespace: gateway-contour-test +--- +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gateway-contour-test +rules: + - apiGroups: + - "" + resources: + - endpoints + - namespaces + - secrets + - services + verbs: + - get + - list + - watch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - grpcroutes + - httproutes + - referencegrants + - tcproutes + - tlsroutes + verbs: + - get + - list + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses/status + - gateways/status + - grpcroutes/status + - httproutes/status + - tcproutes/status + - tlsroutes/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - create + - get + - update + - apiGroups: + - projectcontour.io + resources: + - contourconfigurations + - extensionservices + - httpproxies + - tlscertificatedelegations + verbs: + - get + - list + - watch + - apiGroups: + - projectcontour.io + resources: + - contourconfigurations/status + - extensionservices/status + - httpproxies/status + verbs: + - create + - get + - update +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: contour + name: contour + namespace: gateway-contour-test +spec: + replicas: 1 + selector: + matchLabels: + app: contour + template: + metadata: + labels: + app: contour + spec: + containers: + - args: + - serve + - --incluster + - --xds-address=0.0.0.0 + - --xds-port=8001 + - --insecure + - --ingress-class-name=gateway-contour-up + - --root-namespaces=gateway-contour-test + - --config-path=/config/contour.yaml + command: ["contour"] + image: ghcr.io/projectcontour/contour:main + imagePullPolicy: Always + name: contour + ports: + - containerPort: 8001 + name: xds + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: 8000 + readinessProbe: + tcpSocket: + port: 8001 + initialDelaySeconds: 15 + periodSeconds: 10 + volumeMounts: + - name: contour-config + mountPath: /config + readOnly: true + env: + - name: CONTOUR_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + dnsPolicy: ClusterFirst + serviceAccountName: gateway-contour-test + volumes: + - name: contour-config + configMap: + name: contour + defaultMode: 0644 + items: + - key: contour.yaml + path: contour.yaml +--- +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: contour + namespace: gateway-contour-test +data: + contour.yaml: | + # + # server: + # determine which XDS Server implementation to utilize in Contour. + # xds-server-type: contour + # + # Specify the Gateway API configuration. + gateway: + controllerName: projectcontour.io/gateway-controller-test + # + # should contour expect to be running inside a k8s cluster + # incluster: true + # + # path to kubeconfig (if not running inside a k8s cluster) + # kubeconfig: /path/to/.kube/config + # + # Disable RFC-compliant behavior to strip "Content-Length" header if + # "Tranfer-Encoding: chunked" is also set. + # disableAllowChunkedLength: false + # + # Disable Envoy's non-standard merge_slashes path transformation option + # that strips duplicate slashes from request URLs. + # disableMergeSlashes: false + # + # Disable HTTPProxy permitInsecure field + disablePermitInsecure: false + tls: + # minimum TLS version that Contour will negotiate + # minimum-protocol-version: "1.2" + # TLS ciphers to be supported by Envoy TLS listeners when negotiating + # TLS 1.2. + # cipher-suites: + # - '[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]' + # - '[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]' + # - 'ECDHE-ECDSA-AES256-GCM-SHA384' + # - 'ECDHE-RSA-AES256-GCM-SHA384' + # Defines the Kubernetes name/namespace matching a secret to use + # as the fallback certificate when requests which don't match the + # SNI defined for a vhost. + fallback-certificate: + # name: fallback-secret-name + # namespace: projectcontour + envoy-client-certificate: + # name: envoy-client-cert-secret-name + # namespace: projectcontour + #### + # ExternalName Services are disabled by default due to CVE-2021-XXXXX + # You can re-enable them by setting this setting to `true`. + # This is not recommended without understanding the security implications. + # Please see the advisory at https://github.com/projectcontour/contour/security/advisories/GHSA-5ph6-qq5x-7jwc for the details. + # enableExternalNameService: false + ## + # Address to be placed in status.loadbalancer field of Ingress objects. + # May be either a literal IP address or a host name. + # The value will be placed directly into the relevant field inside the status.loadBalancer struct. + # ingress-status-address: local.projectcontour.io + ### Logging options + # Default setting + accesslog-format: envoy + # The default access log format is defined by Envoy but it can be customized by setting following variable. + # accesslog-format-string: "...\n" + # To enable JSON logging in Envoy + # accesslog-format: json + # accesslog-level: info + # The default fields that will be logged are specified below. + # To customise this list, just add or remove entries. + # The canonical list is available at + # https://godoc.org/github.com/projectcontour/contour/internal/envoy#JSONFields + # json-fields: + # - "@timestamp" + # - "authority" + # - "bytes_received" + # - "bytes_sent" + # - "downstream_local_address" + # - "downstream_remote_address" + # - "duration" + # - "method" + # - "path" + # - "protocol" + # - "request_id" + # - "requested_server_name" + # - "response_code" + # - "response_flags" + # - "uber_trace_id" + # - "upstream_cluster" + # - "upstream_host" + # - "upstream_local_address" + # - "upstream_service_time" + # - "user_agent" + # - "x_forwarded_for" + # - "grpc_status" + # - "grpc_status_number" + # + # default-http-versions: + # - "HTTP/2" + # - "HTTP/1.1" + # + # The following shows the default proxy timeout settings. + # timeouts: + # request-timeout: infinity + # connection-idle-timeout: 60s + # stream-idle-timeout: 5m + # max-connection-duration: infinity + # delayed-close-timeout: 1s + # connection-shutdown-grace-period: 5s + # connect-timeout: 2s + # + # Envoy cluster settings. + # cluster: + # configure the cluster dns lookup family + # valid options are: auto (default), v4, v6 + # dns-lookup-family: auto + # + # Envoy network settings. + # network: + # Configure the number of additional ingress proxy hops from the + # right side of the x-forwarded-for HTTP header to trust. + # num-trusted-hops: 0 + # Configure the port used to access the Envoy Admin interface. + # admin-port: 9001 + # + # Configure an optional global rate limit service. + # rateLimitService: + # Identifies the extension service defining the rate limit service, + # formatted as /. + # extensionService: projectcontour/ratelimit + # Defines the rate limit domain to pass to the rate limit service. + # Acts as a container for a set of rate limit definitions within + # the RLS. + # domain: contour + # Defines whether to allow requests to proceed when the rate limit + # service fails to respond with a valid rate limit decision within + # the timeout defined on the extension service. + # failOpen: false + # Defines whether to include the X-RateLimit headers X-RateLimit-Limit, + # X-RateLimit-Remaining, and X-RateLimit-Reset (as defined by the IETF + # Internet-Draft linked below), on responses to clients when the Rate + # Limit Service is consulted for a request. + # ref. https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html + # enableXRateLimitHeaders: false + # Defines whether to translate status code 429 to grpc code RESOURCE_EXHAUSTED + # instead of the default UNAVAILABLE + # enableResourceExhaustedCode: false + # + # Global Policy settings. + # policy: + # # Default headers to set on all requests (unless set/removed on the HTTPProxy object itself) + # request-headers: + # set: + # # example: the hostname of the Envoy instance that proxied the request + # X-Envoy-Hostname: %HOSTNAME% + # # example: add a l5d-dst-override header to instruct Linkerd what service the request is destined for + # l5d-dst-override: %CONTOUR_SERVICE_NAME%.%CONTOUR_NAMESPACE%.svc.cluster.local:%CONTOUR_SERVICE_PORT% + # # default headers to set on all responses (unless set/removed on the HTTPProxy object itself) + # response-headers: + # set: + # # example: Envoy flags that provide additional details about the response or connection + # X-Envoy-Response-Flags: %RESPONSE_FLAGS% + # + # metrics: + # contour: + # address: 0.0.0.0 + # port: 8000 + # server-certificate-path: /path/to/server-cert.pem + # server-key-path: /path/to/server-private-key.pem + # ca-certificate-path: /path/to/root-ca-for-client-validation.pem + # envoy: + # address: 0.0.0.0 + # port: 8002 + # server-certificate-path: /path/to/server-cert.pem + # server-key-path: /path/to/server-private-key.pem + # ca-certificate-path: /path/to/root-ca-for-client-validation.pem + # + # listener: + # connection-balancer: exact + # socket-options: + # tos: 64 + # traffic-class: 64 +--- +apiVersion: v1 +kind: Service +metadata: + name: contour + namespace: gateway-contour-test +spec: + ports: + - port: 8001 + name: xds + protocol: TCP + targetPort: 8001 + selector: + app: contour + type: ClusterIP + --- apiVersion: apps/v1 kind: Deployment diff --git a/site/content/docs/main/config/api-reference.html b/site/content/docs/main/config/api-reference.html index a3c917354a0..70c000105cb 100644 --- a/site/content/docs/main/config/api-reference.html +++ b/site/content/docs/main/config/api-reference.html @@ -277,7 +277,7 @@

AuthorizationPolicy

(Appears on: -AuthorizationServer, +AuthorizationServer, Route)

@@ -328,7 +328,7 @@

AuthorizationServer

(Appears on: -VirtualHost, +VirtualHost, ContourConfigurationSpec)

@@ -812,7 +812,7 @@

CookieRewritePolicy

(Appears on: -Route, +Route, Service)

@@ -903,9 +903,9 @@

DetailedCondition

(Appears on: -HTTPProxyStatus, -TLSCertificateDelegationStatus, -ContourConfigurationStatus, +HTTPProxyStatus, +TLSCertificateDelegationStatus, +ContourConfigurationStatus, ExtensionServiceStatus)

@@ -1226,7 +1226,7 @@

GlobalRateLimitPolicy

(Appears on: -RateLimitPolicy, +RateLimitPolicy, RateLimitServiceConfig)

@@ -1880,7 +1880,7 @@

HeaderMatchCondition

(Appears on: -MatchCondition, +MatchCondition, RequestHeaderValueMatchDescriptor)

@@ -2048,7 +2048,7 @@

HeaderValue

(Appears on: -HeadersPolicy, +HeadersPolicy, LocalRateLimitPolicy)

@@ -2092,7 +2092,7 @@

HeadersPolicy

(Appears on: -Route, +Route, Service)

@@ -2144,7 +2144,7 @@

IPFilterPolicy

(Appears on: -Route, +Route, VirtualHost)

@@ -2440,8 +2440,8 @@

LoadBalancerPolicy

(Appears on: -Route, -TCPProxy, +Route, +TCPProxy, ExtensionServiceSpec)

@@ -2588,7 +2588,7 @@

MatchCondition

(Appears on: -Include, +Include, Route)

@@ -2697,6 +2697,166 @@

Namespace
  • “example.com” - “.” is an invalid character

    • +

    OutlierDetection +

    +

    +(Appears on: +Service, +ContourConfigurationSpec) +

    +

    +

    OutlierDetection defines the configuration for outlier detection on a service.

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +disabled +
    + +bool + +    		 +(Optional) +

    Disabled configures the Service to not use +the default global OutlierDetection policy defined by the Contour configuration. +Defaults to false.

    +
    +consecutiveServerErrors +
    + +uint32 + +    		 +(Optional) +

    ConsecutiveServerErrors defines The number of consecutive server-side error responses before a consecutive 5xx ejection occurs. +When the backend host encounters consecutive +errors greater than or equal to ConsecutiveServerErrors, it will be +ejected from the load balancing pool. +for HTTP services, a 5xx counts as an error and for TCP services +connection failures and connection timeouts count as an error. +It can be disabled by setting the value to 0. +Defaults to 5.

    +
    +interval +
    + +string + +    		 +(Optional) +

    Interval is the interval at which host status is evaluated. +Defaults to 10s.

    +
    +baseEjectionTime +
    + +string + +    		 +(Optional) +

    BaseEjectionTime is the base time that a host is ejected for. +A host will remain ejected for a period of time equal to the +product of the ejection base duration and the number of times the host has been ejected. +Defaults to 30s.

    +
    +maxEjectionTime +
    + +string + +    		 +(Optional) +

    MaxEjectionTime is the maximum time a host will be ejected for. +After this amount of time, a host will be returned to normal operation. +If not specified, the default value (300s) or BaseEjectionTime value is applied, whatever is larger. +Defaults to 300s.

    +
    +splitExternalLocalOriginErrors +
    + +bool + +    		 +(Optional) +

    SplitExternalLocalOriginErrors defines whether to split the local origin errors from the external origin errors. +Defaults to false.

    +
    +consecutiveLocalOriginFailure +
    + +uint32 + +    		 +(Optional) +

    ConsecutiveLocalOriginFailure defines the number of consecutive local origin failures before a consecutive local origin ejection occurs. +Parameters take effect only when SplitExternalLocalOriginErrors is true. +Defaults to 5.

    +
    +maxEjectionPercent +
    + +uint32 + +    		 +(Optional) +

    MaxEjectionPercent is the max percentage of hosts in the load balancing pool for the upstream service that can be ejected. +But will eject at least one host regardless of the value here. +Defaults to 10%.

    +
    +maxEjectionTimeJitter +
    + +string + +    		 +(Optional) +

    MaxEjectionTimeJitter is The maximum amount of jitter to add to the ejection time, +in order to prevent a ‘thundering herd’ effect where all proxies try to reconnect to host at the same time. +Defaults to 0s.

    +

    PathRewritePolicy

    @@ -3023,7 +3183,7 @@

    RateLimitPolicy

    (Appears on: -Route, +Route, VirtualHost)

    @@ -3884,7 +4044,7 @@

    Service

    (Appears on: -Route, +Route, TCPProxy)

    @@ -4057,6 +4217,22 @@

    Service

    Slow start will gradually increase amount of traffic to a newly added endpoint.

    + + +outlierDetection +
    + + +OutlierDetection + + + + +(Optional) +

    The policy for managing outlier detection on a service. +If not specified, the global OutlierDetection policy will be used.

    + +

    SlowStartPolicy @@ -4619,7 +4795,7 @@

    TimeoutPolicy

    (Appears on: -Route, +Route, ExtensionServiceSpec)

    @@ -4688,8 +4864,8 @@

    UpstreamValidation

    (Appears on: -RemoteJWKS, -Service, +RemoteJWKS, +Service, ExtensionServiceSpec)

    @@ -5172,6 +5348,22 @@

    ContourConfiguration +outlierDetection +
    + + +OutlierDetection + + + + +(Optional) +

    GlobalOutlierDetection defines the configuration for outlier detection on all services. +If defined, this will be used as the default for all services.

    + + + + featureFlags
    @@ -5747,7 +5939,7 @@

    ContourConfiguratio

    (Appears on: -ContourConfiguration, +ContourConfiguration, ContourDeploymentSpec)

    @@ -5965,6 +6157,22 @@

    ContourConfiguratio +outlierDetection +
    + + +OutlierDetection + + + + +(Optional) +

    GlobalOutlierDetection defines the configuration for outlier detection on all services. +If defined, this will be used as the default for all services.

    + + + + featureFlags
    @@ -6428,7 +6636,7 @@

    DeploymentSettings

    (Appears on: -ContourSettings, +ContourSettings, EnvoySettings)

    @@ -7271,7 +7479,7 @@

    EnvoyTLS

    (Appears on: -ClusterParameters, +ClusterParameters, EnvoyListenerConfig)

    @@ -7872,7 +8080,7 @@

    HealthConfig

    (Appears on: -ContourConfigurationSpec, +ContourConfigurationSpec, EnvoyConfig)

    @@ -7963,7 +8171,7 @@

    LogLevel (string alias)

    (Appears on: -ContourSettings, +ContourSettings, EnvoySettings)

    @@ -8003,7 +8211,7 @@

    MetricsConfig

    (Appears on: -ContourConfigurationSpec, +ContourConfigurationSpec, EnvoyConfig)

    @@ -8123,10 +8331,10 @@

    NamespacedName

    (Appears on: -EnvoyConfig, -GatewayConfig, -HTTPProxyConfig, -RateLimitServiceConfig, +EnvoyConfig, +GatewayConfig, +HTTPProxyConfig, +RateLimitServiceConfig, TracingConfig)

    @@ -8363,7 +8571,7 @@

    NodePlacement

    (Appears on: -ContourSettings, +ContourSettings, EnvoySettings)

    From 8facf743dc891cd9d09f3928259aa6b110d11605 Mon Sep 17 00:00:00 2001 From: yangyang Date: Fri, 2 Feb 2024 15:38:26 +0800 Subject: [PATCH 5/7] fix test Signed-off-by: yangyang --- internal/dag/policy_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/dag/policy_test.go b/internal/dag/policy_test.go index 25ceaa508c5..836c2b54dfa 100644 --- a/internal/dag/policy_test.go +++ b/internal/dag/policy_test.go @@ -1480,10 +1480,10 @@ func TestOutlierDetectionPolicy(t *testing.T) { t.Run(name, func(t *testing.T) { got, gotErr := outlierDetectionPolicy(nil, tc.in) if tc.wantErr { - assert.Error(t, gotErr) + require.Error(t, gotErr) } else { assert.Equal(t, tc.want, got) - assert.NoError(t, gotErr) + require.NoError(t, gotErr) } }) } From 7c132c980f01f997934efd875e54a315bd1af66f Mon Sep 17 00:00:00 2001 From: yangyang Date: Fri, 2 Feb 2024 15:53:32 +0800 Subject: [PATCH 6/7] fix lint Signed-off-by: yangyang --- examples/render/contour-deployment.yaml | 416 ------------------------ examples/render/contour-gateway.yaml | 416 ------------------------ examples/render/contour.yaml | 416 ------------------------ 3 files changed, 1248 deletions(-) diff --git a/examples/render/contour-deployment.yaml b/examples/render/contour-deployment.yaml index 2c040814d09..77dea1096bc 100644 --- a/examples/render/contour-deployment.yaml +++ b/examples/render/contour-deployment.yaml @@ -10,7 +10,6 @@ # examples/contour/02-role-contour.yaml # examples/contour/02-service-contour.yaml # examples/contour/02-service-envoy.yaml -# examples/contour/03-contour-gateway.yaml # examples/contour/03-contour.yaml # examples/deployment/03-envoy-deployment.yaml @@ -9312,421 +9311,6 @@ spec: app: envoy type: LoadBalancer -apiVersion: v1 -kind: ServiceAccount -metadata: - name: gateway-contour-test - namespace: gateway-contour-test ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: gateway-contour-test - namespace: gateway-contour-test -rules: - - apiGroups: - - "" - resources: - - events - verbs: - - create - - get - - update - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: gateway-contour-test -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: gateway-contour-test -subjects: - - kind: ServiceAccount - name: gateway-contour-test - namespace: gateway-contour-test ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: gateway-contour-test-rolebinding - namespace: gateway-contour-test -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: gateway-contour-test -subjects: - - kind: ServiceAccount - name: gateway-contour-test - namespace: gateway-contour-test ---- ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: gateway-contour-test -rules: - - apiGroups: - - "" - resources: - - endpoints - - namespaces - - secrets - - services - verbs: - - get - - list - - watch - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch - - apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses - - gateways - - grpcroutes - - httproutes - - referencegrants - - tcproutes - - tlsroutes - verbs: - - get - - list - - watch - - apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses/status - - gateways/status - - grpcroutes/status - - httproutes/status - - tcproutes/status - - tlsroutes/status - verbs: - - update - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - create - - get - - update - - apiGroups: - - projectcontour.io - resources: - - contourconfigurations - - extensionservices - - httpproxies - - tlscertificatedelegations - verbs: - - get - - list - - watch - - apiGroups: - - projectcontour.io - resources: - - contourconfigurations/status - - extensionservices/status - - httpproxies/status - verbs: - - create - - get - - update ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: contour - name: contour - namespace: gateway-contour-test -spec: - replicas: 1 - selector: - matchLabels: - app: contour - template: - metadata: - labels: - app: contour - spec: - containers: - - args: - - serve - - --incluster - - --xds-address=0.0.0.0 - - --xds-port=8001 - - --insecure - - --ingress-class-name=gateway-contour-up - - --root-namespaces=gateway-contour-test - - --config-path=/config/contour.yaml - command: ["contour"] - image: ghcr.io/projectcontour/contour:main - imagePullPolicy: Always - name: contour - ports: - - containerPort: 8001 - name: xds - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8000 - readinessProbe: - tcpSocket: - port: 8001 - initialDelaySeconds: 15 - periodSeconds: 10 - volumeMounts: - - name: contour-config - mountPath: /config - readOnly: true - env: - - name: CONTOUR_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - dnsPolicy: ClusterFirst - serviceAccountName: gateway-contour-test - volumes: - - name: contour-config - configMap: - name: contour - defaultMode: 0644 - items: - - key: contour.yaml - path: contour.yaml ---- ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: contour - namespace: gateway-contour-test -data: - contour.yaml: | - # - # server: - # determine which XDS Server implementation to utilize in Contour. - # xds-server-type: contour - # - # Specify the Gateway API configuration. - gateway: - controllerName: projectcontour.io/gateway-controller-test - # - # should contour expect to be running inside a k8s cluster - # incluster: true - # - # path to kubeconfig (if not running inside a k8s cluster) - # kubeconfig: /path/to/.kube/config - # - # Disable RFC-compliant behavior to strip "Content-Length" header if - # "Tranfer-Encoding: chunked" is also set. - # disableAllowChunkedLength: false - # - # Disable Envoy's non-standard merge_slashes path transformation option - # that strips duplicate slashes from request URLs. - # disableMergeSlashes: false - # - # Disable HTTPProxy permitInsecure field - disablePermitInsecure: false - tls: - # minimum TLS version that Contour will negotiate - # minimum-protocol-version: "1.2" - # TLS ciphers to be supported by Envoy TLS listeners when negotiating - # TLS 1.2. - # cipher-suites: - # - '[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]' - # - '[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]' - # - 'ECDHE-ECDSA-AES256-GCM-SHA384' - # - 'ECDHE-RSA-AES256-GCM-SHA384' - # Defines the Kubernetes name/namespace matching a secret to use - # as the fallback certificate when requests which don't match the - # SNI defined for a vhost. - fallback-certificate: - # name: fallback-secret-name - # namespace: projectcontour - envoy-client-certificate: - # name: envoy-client-cert-secret-name - # namespace: projectcontour - #### - # ExternalName Services are disabled by default due to CVE-2021-XXXXX - # You can re-enable them by setting this setting to `true`. - # This is not recommended without understanding the security implications. - # Please see the advisory at https://github.com/projectcontour/contour/security/advisories/GHSA-5ph6-qq5x-7jwc for the details. - # enableExternalNameService: false - ## - # Address to be placed in status.loadbalancer field of Ingress objects. - # May be either a literal IP address or a host name. - # The value will be placed directly into the relevant field inside the status.loadBalancer struct. - # ingress-status-address: local.projectcontour.io - ### Logging options - # Default setting - accesslog-format: envoy - # The default access log format is defined by Envoy but it can be customized by setting following variable. - # accesslog-format-string: "...\n" - # To enable JSON logging in Envoy - # accesslog-format: json - # accesslog-level: info - # The default fields that will be logged are specified below. - # To customise this list, just add or remove entries. - # The canonical list is available at - # https://godoc.org/github.com/projectcontour/contour/internal/envoy#JSONFields - # json-fields: - # - "@timestamp" - # - "authority" - # - "bytes_received" - # - "bytes_sent" - # - "downstream_local_address" - # - "downstream_remote_address" - # - "duration" - # - "method" - # - "path" - # - "protocol" - # - "request_id" - # - "requested_server_name" - # - "response_code" - # - "response_flags" - # - "uber_trace_id" - # - "upstream_cluster" - # - "upstream_host" - # - "upstream_local_address" - # - "upstream_service_time" - # - "user_agent" - # - "x_forwarded_for" - # - "grpc_status" - # - "grpc_status_number" - # - # default-http-versions: - # - "HTTP/2" - # - "HTTP/1.1" - # - # The following shows the default proxy timeout settings. - # timeouts: - # request-timeout: infinity - # connection-idle-timeout: 60s - # stream-idle-timeout: 5m - # max-connection-duration: infinity - # delayed-close-timeout: 1s - # connection-shutdown-grace-period: 5s - # connect-timeout: 2s - # - # Envoy cluster settings. - # cluster: - # configure the cluster dns lookup family - # valid options are: auto (default), v4, v6 - # dns-lookup-family: auto - # - # Envoy network settings. - # network: - # Configure the number of additional ingress proxy hops from the - # right side of the x-forwarded-for HTTP header to trust. - # num-trusted-hops: 0 - # Configure the port used to access the Envoy Admin interface. - # admin-port: 9001 - # - # Configure an optional global rate limit service. - # rateLimitService: - # Identifies the extension service defining the rate limit service, - # formatted as /. - # extensionService: projectcontour/ratelimit - # Defines the rate limit domain to pass to the rate limit service. - # Acts as a container for a set of rate limit definitions within - # the RLS. - # domain: contour - # Defines whether to allow requests to proceed when the rate limit - # service fails to respond with a valid rate limit decision within - # the timeout defined on the extension service. - # failOpen: false - # Defines whether to include the X-RateLimit headers X-RateLimit-Limit, - # X-RateLimit-Remaining, and X-RateLimit-Reset (as defined by the IETF - # Internet-Draft linked below), on responses to clients when the Rate - # Limit Service is consulted for a request. - # ref. https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html - # enableXRateLimitHeaders: false - # Defines whether to translate status code 429 to grpc code RESOURCE_EXHAUSTED - # instead of the default UNAVAILABLE - # enableResourceExhaustedCode: false - # - # Global Policy settings. - # policy: - # # Default headers to set on all requests (unless set/removed on the HTTPProxy object itself) - # request-headers: - # set: - # # example: the hostname of the Envoy instance that proxied the request - # X-Envoy-Hostname: %HOSTNAME% - # # example: add a l5d-dst-override header to instruct Linkerd what service the request is destined for - # l5d-dst-override: %CONTOUR_SERVICE_NAME%.%CONTOUR_NAMESPACE%.svc.cluster.local:%CONTOUR_SERVICE_PORT% - # # default headers to set on all responses (unless set/removed on the HTTPProxy object itself) - # response-headers: - # set: - # # example: Envoy flags that provide additional details about the response or connection - # X-Envoy-Response-Flags: %RESPONSE_FLAGS% - # - # metrics: - # contour: - # address: 0.0.0.0 - # port: 8000 - # server-certificate-path: /path/to/server-cert.pem - # server-key-path: /path/to/server-private-key.pem - # ca-certificate-path: /path/to/root-ca-for-client-validation.pem - # envoy: - # address: 0.0.0.0 - # port: 8002 - # server-certificate-path: /path/to/server-cert.pem - # server-key-path: /path/to/server-private-key.pem - # ca-certificate-path: /path/to/root-ca-for-client-validation.pem - # - # listener: - # connection-balancer: exact - # socket-options: - # tos: 64 - # traffic-class: 64 ---- -apiVersion: v1 -kind: Service -metadata: - name: contour - namespace: gateway-contour-test -spec: - ports: - - port: 8001 - name: xds - protocol: TCP - targetPort: 8001 - selector: - app: contour - type: ClusterIP - --- apiVersion: apps/v1 kind: Deployment diff --git a/examples/render/contour-gateway.yaml b/examples/render/contour-gateway.yaml index ce30a6775ca..0a7becc2953 100644 --- a/examples/render/contour-gateway.yaml +++ b/examples/render/contour-gateway.yaml @@ -10,7 +10,6 @@ # examples/contour/02-role-contour.yaml # examples/contour/02-service-contour.yaml # examples/contour/02-service-envoy.yaml -# examples/contour/03-contour-gateway.yaml # examples/contour/03-contour.yaml # examples/contour/03-envoy.yaml # examples/gateway/00-crds.yaml @@ -9315,421 +9314,6 @@ spec: app: envoy type: LoadBalancer -apiVersion: v1 -kind: ServiceAccount -metadata: - name: gateway-contour-test - namespace: gateway-contour-test ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: gateway-contour-test - namespace: gateway-contour-test -rules: - - apiGroups: - - "" - resources: - - events - verbs: - - create - - get - - update - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: gateway-contour-test -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: gateway-contour-test -subjects: - - kind: ServiceAccount - name: gateway-contour-test - namespace: gateway-contour-test ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: gateway-contour-test-rolebinding - namespace: gateway-contour-test -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: gateway-contour-test -subjects: - - kind: ServiceAccount - name: gateway-contour-test - namespace: gateway-contour-test ---- ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: gateway-contour-test -rules: - - apiGroups: - - "" - resources: - - endpoints - - namespaces - - secrets - - services - verbs: - - get - - list - - watch - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch - - apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses - - gateways - - grpcroutes - - httproutes - - referencegrants - - tcproutes - - tlsroutes - verbs: - - get - - list - - watch - - apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses/status - - gateways/status - - grpcroutes/status - - httproutes/status - - tcproutes/status - - tlsroutes/status - verbs: - - update - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - create - - get - - update - - apiGroups: - - projectcontour.io - resources: - - contourconfigurations - - extensionservices - - httpproxies - - tlscertificatedelegations - verbs: - - get - - list - - watch - - apiGroups: - - projectcontour.io - resources: - - contourconfigurations/status - - extensionservices/status - - httpproxies/status - verbs: - - create - - get - - update ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: contour - name: contour - namespace: gateway-contour-test -spec: - replicas: 1 - selector: - matchLabels: - app: contour - template: - metadata: - labels: - app: contour - spec: - containers: - - args: - - serve - - --incluster - - --xds-address=0.0.0.0 - - --xds-port=8001 - - --insecure - - --ingress-class-name=gateway-contour-up - - --root-namespaces=gateway-contour-test - - --config-path=/config/contour.yaml - command: ["contour"] - image: ghcr.io/projectcontour/contour:main - imagePullPolicy: Always - name: contour - ports: - - containerPort: 8001 - name: xds - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8000 - readinessProbe: - tcpSocket: - port: 8001 - initialDelaySeconds: 15 - periodSeconds: 10 - volumeMounts: - - name: contour-config - mountPath: /config - readOnly: true - env: - - name: CONTOUR_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - dnsPolicy: ClusterFirst - serviceAccountName: gateway-contour-test - volumes: - - name: contour-config - configMap: - name: contour - defaultMode: 0644 - items: - - key: contour.yaml - path: contour.yaml ---- ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: contour - namespace: gateway-contour-test -data: - contour.yaml: | - # - # server: - # determine which XDS Server implementation to utilize in Contour. - # xds-server-type: contour - # - # Specify the Gateway API configuration. - gateway: - controllerName: projectcontour.io/gateway-controller-test - # - # should contour expect to be running inside a k8s cluster - # incluster: true - # - # path to kubeconfig (if not running inside a k8s cluster) - # kubeconfig: /path/to/.kube/config - # - # Disable RFC-compliant behavior to strip "Content-Length" header if - # "Tranfer-Encoding: chunked" is also set. - # disableAllowChunkedLength: false - # - # Disable Envoy's non-standard merge_slashes path transformation option - # that strips duplicate slashes from request URLs. - # disableMergeSlashes: false - # - # Disable HTTPProxy permitInsecure field - disablePermitInsecure: false - tls: - # minimum TLS version that Contour will negotiate - # minimum-protocol-version: "1.2" - # TLS ciphers to be supported by Envoy TLS listeners when negotiating - # TLS 1.2. - # cipher-suites: - # - '[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]' - # - '[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]' - # - 'ECDHE-ECDSA-AES256-GCM-SHA384' - # - 'ECDHE-RSA-AES256-GCM-SHA384' - # Defines the Kubernetes name/namespace matching a secret to use - # as the fallback certificate when requests which don't match the - # SNI defined for a vhost. - fallback-certificate: - # name: fallback-secret-name - # namespace: projectcontour - envoy-client-certificate: - # name: envoy-client-cert-secret-name - # namespace: projectcontour - #### - # ExternalName Services are disabled by default due to CVE-2021-XXXXX - # You can re-enable them by setting this setting to `true`. - # This is not recommended without understanding the security implications. - # Please see the advisory at https://github.com/projectcontour/contour/security/advisories/GHSA-5ph6-qq5x-7jwc for the details. - # enableExternalNameService: false - ## - # Address to be placed in status.loadbalancer field of Ingress objects. - # May be either a literal IP address or a host name. - # The value will be placed directly into the relevant field inside the status.loadBalancer struct. - # ingress-status-address: local.projectcontour.io - ### Logging options - # Default setting - accesslog-format: envoy - # The default access log format is defined by Envoy but it can be customized by setting following variable. - # accesslog-format-string: "...\n" - # To enable JSON logging in Envoy - # accesslog-format: json - # accesslog-level: info - # The default fields that will be logged are specified below. - # To customise this list, just add or remove entries. - # The canonical list is available at - # https://godoc.org/github.com/projectcontour/contour/internal/envoy#JSONFields - # json-fields: - # - "@timestamp" - # - "authority" - # - "bytes_received" - # - "bytes_sent" - # - "downstream_local_address" - # - "downstream_remote_address" - # - "duration" - # - "method" - # - "path" - # - "protocol" - # - "request_id" - # - "requested_server_name" - # - "response_code" - # - "response_flags" - # - "uber_trace_id" - # - "upstream_cluster" - # - "upstream_host" - # - "upstream_local_address" - # - "upstream_service_time" - # - "user_agent" - # - "x_forwarded_for" - # - "grpc_status" - # - "grpc_status_number" - # - # default-http-versions: - # - "HTTP/2" - # - "HTTP/1.1" - # - # The following shows the default proxy timeout settings. - # timeouts: - # request-timeout: infinity - # connection-idle-timeout: 60s - # stream-idle-timeout: 5m - # max-connection-duration: infinity - # delayed-close-timeout: 1s - # connection-shutdown-grace-period: 5s - # connect-timeout: 2s - # - # Envoy cluster settings. - # cluster: - # configure the cluster dns lookup family - # valid options are: auto (default), v4, v6 - # dns-lookup-family: auto - # - # Envoy network settings. - # network: - # Configure the number of additional ingress proxy hops from the - # right side of the x-forwarded-for HTTP header to trust. - # num-trusted-hops: 0 - # Configure the port used to access the Envoy Admin interface. - # admin-port: 9001 - # - # Configure an optional global rate limit service. - # rateLimitService: - # Identifies the extension service defining the rate limit service, - # formatted as /. - # extensionService: projectcontour/ratelimit - # Defines the rate limit domain to pass to the rate limit service. - # Acts as a container for a set of rate limit definitions within - # the RLS. - # domain: contour - # Defines whether to allow requests to proceed when the rate limit - # service fails to respond with a valid rate limit decision within - # the timeout defined on the extension service. - # failOpen: false - # Defines whether to include the X-RateLimit headers X-RateLimit-Limit, - # X-RateLimit-Remaining, and X-RateLimit-Reset (as defined by the IETF - # Internet-Draft linked below), on responses to clients when the Rate - # Limit Service is consulted for a request. - # ref. https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html - # enableXRateLimitHeaders: false - # Defines whether to translate status code 429 to grpc code RESOURCE_EXHAUSTED - # instead of the default UNAVAILABLE - # enableResourceExhaustedCode: false - # - # Global Policy settings. - # policy: - # # Default headers to set on all requests (unless set/removed on the HTTPProxy object itself) - # request-headers: - # set: - # # example: the hostname of the Envoy instance that proxied the request - # X-Envoy-Hostname: %HOSTNAME% - # # example: add a l5d-dst-override header to instruct Linkerd what service the request is destined for - # l5d-dst-override: %CONTOUR_SERVICE_NAME%.%CONTOUR_NAMESPACE%.svc.cluster.local:%CONTOUR_SERVICE_PORT% - # # default headers to set on all responses (unless set/removed on the HTTPProxy object itself) - # response-headers: - # set: - # # example: Envoy flags that provide additional details about the response or connection - # X-Envoy-Response-Flags: %RESPONSE_FLAGS% - # - # metrics: - # contour: - # address: 0.0.0.0 - # port: 8000 - # server-certificate-path: /path/to/server-cert.pem - # server-key-path: /path/to/server-private-key.pem - # ca-certificate-path: /path/to/root-ca-for-client-validation.pem - # envoy: - # address: 0.0.0.0 - # port: 8002 - # server-certificate-path: /path/to/server-cert.pem - # server-key-path: /path/to/server-private-key.pem - # ca-certificate-path: /path/to/root-ca-for-client-validation.pem - # - # listener: - # connection-balancer: exact - # socket-options: - # tos: 64 - # traffic-class: 64 ---- -apiVersion: v1 -kind: Service -metadata: - name: contour - namespace: gateway-contour-test -spec: - ports: - - port: 8001 - name: xds - protocol: TCP - targetPort: 8001 - selector: - app: contour - type: ClusterIP - --- apiVersion: apps/v1 kind: Deployment diff --git a/examples/render/contour.yaml b/examples/render/contour.yaml index 2cc0d5d5489..02735881df4 100644 --- a/examples/render/contour.yaml +++ b/examples/render/contour.yaml @@ -10,7 +10,6 @@ # examples/contour/02-role-contour.yaml # examples/contour/02-service-contour.yaml # examples/contour/02-service-envoy.yaml -# examples/contour/03-contour-gateway.yaml # examples/contour/03-contour.yaml # examples/contour/03-envoy.yaml @@ -9312,421 +9311,6 @@ spec: app: envoy type: LoadBalancer -apiVersion: v1 -kind: ServiceAccount -metadata: - name: gateway-contour-test - namespace: gateway-contour-test ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: gateway-contour-test - namespace: gateway-contour-test -rules: - - apiGroups: - - "" - resources: - - events - verbs: - - create - - get - - update - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: gateway-contour-test -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: gateway-contour-test -subjects: - - kind: ServiceAccount - name: gateway-contour-test - namespace: gateway-contour-test ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: gateway-contour-test-rolebinding - namespace: gateway-contour-test -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: gateway-contour-test -subjects: - - kind: ServiceAccount - name: gateway-contour-test - namespace: gateway-contour-test ---- ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: gateway-contour-test -rules: - - apiGroups: - - "" - resources: - - endpoints - - namespaces - - secrets - - services - verbs: - - get - - list - - watch - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch - - apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses - - gateways - - grpcroutes - - httproutes - - referencegrants - - tcproutes - - tlsroutes - verbs: - - get - - list - - watch - - apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses/status - - gateways/status - - grpcroutes/status - - httproutes/status - - tcproutes/status - - tlsroutes/status - verbs: - - update - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - create - - get - - update - - apiGroups: - - projectcontour.io - resources: - - contourconfigurations - - extensionservices - - httpproxies - - tlscertificatedelegations - verbs: - - get - - list - - watch - - apiGroups: - - projectcontour.io - resources: - - contourconfigurations/status - - extensionservices/status - - httpproxies/status - verbs: - - create - - get - - update ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: contour - name: contour - namespace: gateway-contour-test -spec: - replicas: 1 - selector: - matchLabels: - app: contour - template: - metadata: - labels: - app: contour - spec: - containers: - - args: - - serve - - --incluster - - --xds-address=0.0.0.0 - - --xds-port=8001 - - --insecure - - --ingress-class-name=gateway-contour-up - - --root-namespaces=gateway-contour-test - - --config-path=/config/contour.yaml - command: ["contour"] - image: ghcr.io/projectcontour/contour:main - imagePullPolicy: Always - name: contour - ports: - - containerPort: 8001 - name: xds - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8000 - readinessProbe: - tcpSocket: - port: 8001 - initialDelaySeconds: 15 - periodSeconds: 10 - volumeMounts: - - name: contour-config - mountPath: /config - readOnly: true - env: - - name: CONTOUR_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - dnsPolicy: ClusterFirst - serviceAccountName: gateway-contour-test - volumes: - - name: contour-config - configMap: - name: contour - defaultMode: 0644 - items: - - key: contour.yaml - path: contour.yaml ---- ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: contour - namespace: gateway-contour-test -data: - contour.yaml: | - # - # server: - # determine which XDS Server implementation to utilize in Contour. - # xds-server-type: contour - # - # Specify the Gateway API configuration. - gateway: - controllerName: projectcontour.io/gateway-controller-test - # - # should contour expect to be running inside a k8s cluster - # incluster: true - # - # path to kubeconfig (if not running inside a k8s cluster) - # kubeconfig: /path/to/.kube/config - # - # Disable RFC-compliant behavior to strip "Content-Length" header if - # "Tranfer-Encoding: chunked" is also set. - # disableAllowChunkedLength: false - # - # Disable Envoy's non-standard merge_slashes path transformation option - # that strips duplicate slashes from request URLs. - # disableMergeSlashes: false - # - # Disable HTTPProxy permitInsecure field - disablePermitInsecure: false - tls: - # minimum TLS version that Contour will negotiate - # minimum-protocol-version: "1.2" - # TLS ciphers to be supported by Envoy TLS listeners when negotiating - # TLS 1.2. - # cipher-suites: - # - '[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]' - # - '[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]' - # - 'ECDHE-ECDSA-AES256-GCM-SHA384' - # - 'ECDHE-RSA-AES256-GCM-SHA384' - # Defines the Kubernetes name/namespace matching a secret to use - # as the fallback certificate when requests which don't match the - # SNI defined for a vhost. - fallback-certificate: - # name: fallback-secret-name - # namespace: projectcontour - envoy-client-certificate: - # name: envoy-client-cert-secret-name - # namespace: projectcontour - #### - # ExternalName Services are disabled by default due to CVE-2021-XXXXX - # You can re-enable them by setting this setting to `true`. - # This is not recommended without understanding the security implications. - # Please see the advisory at https://github.com/projectcontour/contour/security/advisories/GHSA-5ph6-qq5x-7jwc for the details. - # enableExternalNameService: false - ## - # Address to be placed in status.loadbalancer field of Ingress objects. - # May be either a literal IP address or a host name. - # The value will be placed directly into the relevant field inside the status.loadBalancer struct. - # ingress-status-address: local.projectcontour.io - ### Logging options - # Default setting - accesslog-format: envoy - # The default access log format is defined by Envoy but it can be customized by setting following variable. - # accesslog-format-string: "...\n" - # To enable JSON logging in Envoy - # accesslog-format: json - # accesslog-level: info - # The default fields that will be logged are specified below. - # To customise this list, just add or remove entries. - # The canonical list is available at - # https://godoc.org/github.com/projectcontour/contour/internal/envoy#JSONFields - # json-fields: - # - "@timestamp" - # - "authority" - # - "bytes_received" - # - "bytes_sent" - # - "downstream_local_address" - # - "downstream_remote_address" - # - "duration" - # - "method" - # - "path" - # - "protocol" - # - "request_id" - # - "requested_server_name" - # - "response_code" - # - "response_flags" - # - "uber_trace_id" - # - "upstream_cluster" - # - "upstream_host" - # - "upstream_local_address" - # - "upstream_service_time" - # - "user_agent" - # - "x_forwarded_for" - # - "grpc_status" - # - "grpc_status_number" - # - # default-http-versions: - # - "HTTP/2" - # - "HTTP/1.1" - # - # The following shows the default proxy timeout settings. - # timeouts: - # request-timeout: infinity - # connection-idle-timeout: 60s - # stream-idle-timeout: 5m - # max-connection-duration: infinity - # delayed-close-timeout: 1s - # connection-shutdown-grace-period: 5s - # connect-timeout: 2s - # - # Envoy cluster settings. - # cluster: - # configure the cluster dns lookup family - # valid options are: auto (default), v4, v6 - # dns-lookup-family: auto - # - # Envoy network settings. - # network: - # Configure the number of additional ingress proxy hops from the - # right side of the x-forwarded-for HTTP header to trust. - # num-trusted-hops: 0 - # Configure the port used to access the Envoy Admin interface. - # admin-port: 9001 - # - # Configure an optional global rate limit service. - # rateLimitService: - # Identifies the extension service defining the rate limit service, - # formatted as /. - # extensionService: projectcontour/ratelimit - # Defines the rate limit domain to pass to the rate limit service. - # Acts as a container for a set of rate limit definitions within - # the RLS. - # domain: contour - # Defines whether to allow requests to proceed when the rate limit - # service fails to respond with a valid rate limit decision within - # the timeout defined on the extension service. - # failOpen: false - # Defines whether to include the X-RateLimit headers X-RateLimit-Limit, - # X-RateLimit-Remaining, and X-RateLimit-Reset (as defined by the IETF - # Internet-Draft linked below), on responses to clients when the Rate - # Limit Service is consulted for a request. - # ref. https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html - # enableXRateLimitHeaders: false - # Defines whether to translate status code 429 to grpc code RESOURCE_EXHAUSTED - # instead of the default UNAVAILABLE - # enableResourceExhaustedCode: false - # - # Global Policy settings. - # policy: - # # Default headers to set on all requests (unless set/removed on the HTTPProxy object itself) - # request-headers: - # set: - # # example: the hostname of the Envoy instance that proxied the request - # X-Envoy-Hostname: %HOSTNAME% - # # example: add a l5d-dst-override header to instruct Linkerd what service the request is destined for - # l5d-dst-override: %CONTOUR_SERVICE_NAME%.%CONTOUR_NAMESPACE%.svc.cluster.local:%CONTOUR_SERVICE_PORT% - # # default headers to set on all responses (unless set/removed on the HTTPProxy object itself) - # response-headers: - # set: - # # example: Envoy flags that provide additional details about the response or connection - # X-Envoy-Response-Flags: %RESPONSE_FLAGS% - # - # metrics: - # contour: - # address: 0.0.0.0 - # port: 8000 - # server-certificate-path: /path/to/server-cert.pem - # server-key-path: /path/to/server-private-key.pem - # ca-certificate-path: /path/to/root-ca-for-client-validation.pem - # envoy: - # address: 0.0.0.0 - # port: 8002 - # server-certificate-path: /path/to/server-cert.pem - # server-key-path: /path/to/server-private-key.pem - # ca-certificate-path: /path/to/root-ca-for-client-validation.pem - # - # listener: - # connection-balancer: exact - # socket-options: - # tos: 64 - # traffic-class: 64 ---- -apiVersion: v1 -kind: Service -metadata: - name: contour - namespace: gateway-contour-test -spec: - ports: - - port: 8001 - name: xds - protocol: TCP - targetPort: 8001 - selector: - app: contour - type: ClusterIP - --- apiVersion: apps/v1 kind: Deployment From 3a2f324b2f1dbd1536b884e9e546c28e244181f6 Mon Sep 17 00:00:00 2001 From: yangyang Date: Mon, 25 Mar 2024 10:52:22 +0800 Subject: [PATCH 7/7] conflict resolution Signed-off-by: yangyang --- apis/projectcontour/v1alpha1/contourconfig.go | 2 +- internal/dag/httpproxy_processor.go | 4 +-- internal/dag/policy.go | 18 +++++------ internal/dag/policy_test.go | 30 +++++++++---------- internal/envoy/v3/cluster.go | 4 +-- internal/envoy/v3/cluster_test.go | 16 +++++----- pkg/config/parameters.go | 2 +- 7 files changed, 38 insertions(+), 38 deletions(-) diff --git a/apis/projectcontour/v1alpha1/contourconfig.go b/apis/projectcontour/v1alpha1/contourconfig.go index d9d9ce65cb4..c1b3cc93a3a 100644 --- a/apis/projectcontour/v1alpha1/contourconfig.go +++ b/apis/projectcontour/v1alpha1/contourconfig.go @@ -88,7 +88,7 @@ type ContourConfigurationSpec struct { // GlobalOutlierDetection defines the configuration for outlier detection on all services. // If defined, this will be used as the default for all services. // +optional - GlobalOutlierDetection *contour_api_v1.OutlierDetection `json:"outlierDetection,omitempty"` + GlobalOutlierDetection *contour_v1.OutlierDetection `json:"outlierDetection,omitempty"` // FeatureFlags defines toggle to enable new contour features. // Available toggles are: diff --git a/internal/dag/httpproxy_processor.go b/internal/dag/httpproxy_processor.go index e6c9f2cf2e8..438d4f73f1b 100644 --- a/internal/dag/httpproxy_processor.go +++ b/internal/dag/httpproxy_processor.go @@ -114,7 +114,7 @@ type HTTPProxyProcessor struct { SetSourceMetadataOnRoutes bool // GlobalOutlierDetection defines route-service's Global Outlier Detection configuration. - GlobalOutlierDetection *contour_api_v1.OutlierDetection + GlobalOutlierDetection *contour_v1.OutlierDetection // GlobalCircuitBreakerDefaults defines global circuit breaker defaults. GlobalCircuitBreakerDefaults *contour_v1alpha1.GlobalCircuitBreakerDefaults @@ -997,7 +997,7 @@ func (p *HTTPProxyProcessor) computeRoutes( outlierDetection, err := outlierDetectionPolicy(p.GlobalOutlierDetection, service.OutlierDetection) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeOutlierDetectionError, "OutlierDetectionInvalid", + validCond.AddErrorf(contour_v1.ConditionTypeOutlierDetectionError, "OutlierDetectionInvalid", "%s on outlier detection", err) return nil } diff --git a/internal/dag/policy.go b/internal/dag/policy.go index 7ffc6335809..45b59af1d46 100644 --- a/internal/dag/policy.go +++ b/internal/dag/policy.go @@ -833,7 +833,7 @@ func serviceCircuitBreakerPolicy(s *Service, cb *contour_v1alpha1.GlobalCircuitB return s } -func mergeOutlierDetectionPolicy(globalOutlierDetection, serviceOutlierDetection *contour_api_v1.OutlierDetection) *contour_api_v1.OutlierDetection { +func mergeOutlierDetectionPolicy(globalOutlierDetection, serviceOutlierDetection *contour_v1.OutlierDetection) *contour_v1.OutlierDetection { if serviceOutlierDetection == nil { if globalOutlierDetection == nil || globalOutlierDetection.Disabled { return nil @@ -848,7 +848,7 @@ func mergeOutlierDetectionPolicy(globalOutlierDetection, serviceOutlierDetection return serviceOutlierDetection } -func outlierDetectionPolicy(globalOutlierDetection, serviceOutlierDetection *contour_api_v1.OutlierDetection) (*OutlierDetectionPolicy, error) { +func outlierDetectionPolicy(globalOutlierDetection, serviceOutlierDetection *contour_v1.OutlierDetection) (*OutlierDetectionPolicy, error) { outlierDetection := mergeOutlierDetectionPolicy(globalOutlierDetection, serviceOutlierDetection) if outlierDetection == nil { @@ -860,7 +860,7 @@ func outlierDetectionPolicy(globalOutlierDetection, serviceOutlierDetection *con } var err error - out.Interval, err = time.ParseDuration(ref.Val(outlierDetection.Interval, "10s")) + out.Interval, err = time.ParseDuration(ptr.Deref(outlierDetection.Interval, "10s")) if err != nil { return nil, fmt.Errorf("error parsing interval: %w", err) } @@ -868,7 +868,7 @@ func outlierDetectionPolicy(globalOutlierDetection, serviceOutlierDetection *con return nil, fmt.Errorf("interval must be greater than 0s") } - out.BaseEjectionTime, err = time.ParseDuration(ref.Val(outlierDetection.BaseEjectionTime, "30s")) + out.BaseEjectionTime, err = time.ParseDuration(ptr.Deref(outlierDetection.BaseEjectionTime, "30s")) if err != nil { return nil, fmt.Errorf("error parsing baseEjectionTime: %w", err) } @@ -876,7 +876,7 @@ func outlierDetectionPolicy(globalOutlierDetection, serviceOutlierDetection *con return nil, fmt.Errorf("baseEjectionTime must be greater than 0s") } - out.MaxEjectionTime, err = time.ParseDuration(ref.Val(outlierDetection.MaxEjectionTime, "300s")) + out.MaxEjectionTime, err = time.ParseDuration(ptr.Deref(outlierDetection.MaxEjectionTime, "300s")) if err != nil { return nil, fmt.Errorf("error parsing maxEjectionTime: %w", err) } @@ -884,13 +884,13 @@ func outlierDetectionPolicy(globalOutlierDetection, serviceOutlierDetection *con return nil, fmt.Errorf("maxEjectionTime cannot be smaller than baseEjectionTime") } - out.ConsecutiveServerErrors = ref.Val(outlierDetection.ConsecutiveServerErrors, 5) + out.ConsecutiveServerErrors = ptr.Deref(outlierDetection.ConsecutiveServerErrors, 5) - out.ConsecutiveLocalOriginFailure = ref.Val(outlierDetection.ConsecutiveLocalOriginFailure, 5) + out.ConsecutiveLocalOriginFailure = ptr.Deref(outlierDetection.ConsecutiveLocalOriginFailure, 5) - out.MaxEjectionPercent = ref.Val(outlierDetection.MaxEjectionPercent, 10) + out.MaxEjectionPercent = ptr.Deref(outlierDetection.MaxEjectionPercent, 10) - out.MaxEjectionTimeJitter, err = time.ParseDuration(ref.Val(outlierDetection.MaxEjectionTimeJitter, "0s")) + out.MaxEjectionTimeJitter, err = time.ParseDuration(ptr.Deref(outlierDetection.MaxEjectionTimeJitter, "0s")) if err != nil { return nil, fmt.Errorf("error parsing maxEjectionTimeJitter: %w", err) } diff --git a/internal/dag/policy_test.go b/internal/dag/policy_test.go index a8d2575035f..63268b60157 100644 --- a/internal/dag/policy_test.go +++ b/internal/dag/policy_test.go @@ -20,12 +20,12 @@ import ( "testing" "time" - "github.com/projectcontour/contour/internal/ref" "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" networking_v1 "k8s.io/api/networking/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" @@ -1381,18 +1381,18 @@ func TestMergeOutlierDetectionPolicy(t *testing.T) { }, "globalPolicy is not nil and globalPolicy is enabled and servicePolicy is not nil and servicePolicy is enabled": { globalPolicy: &contour_v1.OutlierDetection{ - ConsecutiveServerErrors: ref.To(uint32(5)), + ConsecutiveServerErrors: ptr.To(uint32(5)), }, servicePolicy: &contour_v1.OutlierDetection{ - ConsecutiveServerErrors: ref.To(uint32(10)), + ConsecutiveServerErrors: ptr.To(uint32(10)), }, want: &contour_v1.OutlierDetection{ - ConsecutiveServerErrors: ref.To(uint32(10)), + ConsecutiveServerErrors: ptr.To(uint32(10)), }, }, "globalPolicy is not nil and globalPolicy is enabled and servicePolicy is not nil and servicePolicy is disabled": { globalPolicy: &contour_v1.OutlierDetection{ - ConsecutiveServerErrors: ref.To(uint32(5)), + ConsecutiveServerErrors: ptr.To(uint32(5)), }, servicePolicy: &contour_v1.OutlierDetection{ Disabled: true, @@ -1404,10 +1404,10 @@ func TestMergeOutlierDetectionPolicy(t *testing.T) { Disabled: true, }, servicePolicy: &contour_v1.OutlierDetection{ - ConsecutiveServerErrors: ref.To(uint32(10)), + ConsecutiveServerErrors: ptr.To(uint32(10)), }, want: &contour_v1.OutlierDetection{ - ConsecutiveServerErrors: ref.To(uint32(10)), + ConsecutiveServerErrors: ptr.To(uint32(10)), }, }, } @@ -1444,27 +1444,27 @@ func TestOutlierDetectionPolicy(t *testing.T) { }, "interval no unit": { in: &contour_v1.OutlierDetection{ - Interval: ref.To("10"), + Interval: ptr.To("10"), }, want: nil, wantErr: true, }, "interval bad unit": { in: &contour_v1.OutlierDetection{ - Interval: ref.To("10f"), + Interval: ptr.To("10f"), }, want: nil, wantErr: true, }, "normal": { in: &contour_v1.OutlierDetection{ - ConsecutiveServerErrors: ref.To(uint32(5)), - Interval: ref.To("10s"), - BaseEjectionTime: ref.To("30s"), - MaxEjectionTime: ref.To("300s"), + ConsecutiveServerErrors: ptr.To(uint32(5)), + Interval: ptr.To("10s"), + BaseEjectionTime: ptr.To("30s"), + MaxEjectionTime: ptr.To("300s"), SplitExternalLocalOriginErrors: true, - ConsecutiveLocalOriginFailure: ref.To(uint32(3)), - MaxEjectionPercent: ref.To(uint32(50)), + ConsecutiveLocalOriginFailure: ptr.To(uint32(3)), + MaxEjectionPercent: ptr.To(uint32(50)), }, want: &OutlierDetectionPolicy{ ConsecutiveServerErrors: 5, diff --git a/internal/envoy/v3/cluster.go b/internal/envoy/v3/cluster.go index c0c23f7d609..58a3a3856f2 100644 --- a/internal/envoy/v3/cluster.go +++ b/internal/envoy/v3/cluster.go @@ -383,8 +383,8 @@ func slowStartConfig(slowStartConfig *dag.SlowStartConfig) *envoy_config_cluster } } -func outlierDetection(policy *dag.OutlierDetectionPolicy) *envoy_cluster_v3.OutlierDetection { - out := &envoy_cluster_v3.OutlierDetection{ +func outlierDetection(policy *dag.OutlierDetectionPolicy) *envoy_config_cluster_v3.OutlierDetection { + out := &envoy_config_cluster_v3.OutlierDetection{ EnforcingConsecutive_5Xx: protobuf.UInt32Zero(), EnforcingSuccessRate: protobuf.UInt32Zero(), EnforcingConsecutiveGatewayFailure: protobuf.UInt32Zero(), diff --git a/internal/envoy/v3/cluster_test.go b/internal/envoy/v3/cluster_test.go index 353212d43a6..0fcda3ad3f1 100644 --- a/internal/envoy/v3/cluster_test.go +++ b/internal/envoy/v3/cluster_test.go @@ -849,15 +849,15 @@ func TestCluster(t *testing.T) { MaxEjectionTimeJitter: 0, }, }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/e08d8f1af7", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, - OutlierDetection: &envoy_cluster_v3.OutlierDetection{ + OutlierDetection: &envoy_config_cluster_v3.OutlierDetection{ EnforcingConsecutive_5Xx: protobuf.UInt32Zero(), EnforcingSuccessRate: protobuf.UInt32Zero(), EnforcingConsecutiveGatewayFailure: protobuf.UInt32Zero(), @@ -886,15 +886,15 @@ func TestCluster(t *testing.T) { MaxEjectionTimeJitter: 0, }, }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/447b5c0802", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, - OutlierDetection: &envoy_cluster_v3.OutlierDetection{ + OutlierDetection: &envoy_config_cluster_v3.OutlierDetection{ EnforcingConsecutive_5Xx: protobuf.UInt32OrNil(100), EnforcingSuccessRate: protobuf.UInt32Zero(), EnforcingConsecutiveGatewayFailure: protobuf.UInt32Zero(), diff --git a/pkg/config/parameters.go b/pkg/config/parameters.go index 49a6ab3d9d0..d46ed11b2dd 100644 --- a/pkg/config/parameters.go +++ b/pkg/config/parameters.go @@ -708,7 +708,7 @@ type Parameters struct { // GlobalOutlierDetection defines the configuration for outlier detection on all services. // If defined, this will be used as the default for all services. - GlobalOutlierDetection *contour_api_v1.OutlierDetection `yaml:"outlierDetection,omitempty"` + GlobalOutlierDetection *contour_v1.OutlierDetection `yaml:"outlierDetection,omitempty"` // FeatureFlags defines toggle to enable new contour features. // available toggles are