Merge pull request #476 from weaveworks/fix-release-notes

build: generate release notes on disk

.circleci/config.yml

@@ -3,7 +3,7 @@ jobs:
 
   build-binary:
     docker:
-      - image: circleci/golang:1.12
+      - image: circleci/golang:1.14
     working_directory: ~/build
     steps:
       - checkout
@@ -11,8 +11,11 @@ jobs:
           keys:
             - go-mod-v3-{{ checksum "go.sum" }}
       - run:
-          name: Run go fmt
-          command: make test-fmt
+          name: Run go mod download
+          command: go mod download
+      - run:
+          name: Check code formatting
+          command: go install golang.org/x/tools/cmd/goimports && make test-fmt
       - run:
           name: Build Flagger
           command: |
@@ -44,7 +47,7 @@ jobs:
 
   push-container:
     docker:
-      - image: circleci/golang:1.12
+      - image: circleci/golang:1.14
     steps:
       - checkout
       - setup_remote_docker:
@@ -56,7 +59,7 @@ jobs:
 
   push-binary:
     docker:
-      - image: circleci/golang:1.12
+      - image: circleci/golang:1.14
     working_directory: ~/build
     steps:
       - checkout
@@ -65,6 +68,8 @@ jobs:
       - restore_cache:
           keys:
             - go-mod-v3-{{ checksum "go.sum" }}
+      - run: make release-notes
+      - run: github-release-notes -org weaveworks -repo flagger -since-latest-release -include-author > /tmp/release.txt
       - run: test/goreleaser.sh
 
   e2e-istio-testing:
@@ -78,7 +83,29 @@ jobs:
       - run: test/e2e-istio.sh
       - run: test/e2e-tests.sh
 
-  e2e-kubernetes-testing:
+  e2e-kubernetes-daemonset-testing:
+    machine: true
+    steps:
+      - checkout
+      - attach_workspace:
+          at: /tmp/bin
+      - run: test/container-build.sh
+      - run: test/e2e-kind.sh v1.17.0
+      - run: test/e2e-kubernetes.sh
+      - run: test/e2e-kubernetes-tests-daemonset.sh
+
+  e2e-kubernetes-deployment-testing:
+    machine: true
+    steps:
+      - checkout
+      - attach_workspace:
+          at: /tmp/bin
+      - run: test/container-build.sh
+      - run: test/e2e-kind.sh v1.17.0
+      - run: test/e2e-kubernetes.sh
+      - run: test/e2e-kubernetes-tests-deployment.sh
+
+  e2e-kubernetes-svc-testing:
     machine: true
     steps:
       - checkout
@@ -87,7 +114,7 @@ jobs:
       - run: test/container-build.sh
       - run: test/e2e-kind.sh
       - run: test/e2e-kubernetes.sh
-      - run: test/e2e-kubernetes-tests.sh
+      - run: test/e2e-kubernetes-svc-tests.sh
 
   e2e-smi-istio-testing:
     machine: true
@@ -100,17 +127,6 @@ jobs:
       - run: test/e2e-smi-istio.sh
       - run: test/e2e-tests.sh canary
 
-  e2e-supergloo-testing:
-    machine: true
-    steps:
-      - checkout
-      - attach_workspace:
-          at: /tmp/bin
-      - run: test/container-build.sh
-      - run: test/e2e-kind.sh 0.2.1
-      - run: test/e2e-supergloo.sh
-      - run: test/e2e-tests.sh canary
-
   e2e-gloo-testing:
     machine: true
     steps:
@@ -132,6 +148,9 @@ jobs:
       - run: test/e2e-kind.sh
       - run: test/e2e-nginx.sh
       - run: test/e2e-nginx-tests.sh
+      - run: test/e2e-nginx-cleanup.sh
+      - run: test/e2e-nginx-custom-annotations.sh
+      - run: test/e2e-nginx-tests.sh
 
   e2e-linkerd-testing:
     machine: true
@@ -144,6 +163,58 @@ jobs:
       - run: test/e2e-linkerd.sh
       - run: test/e2e-linkerd-tests.sh
 
+  e2e-contour-testing:
+    machine: true
+    steps:
+      - checkout
+      - attach_workspace:
+          at: /tmp/bin
+      - run: test/container-build.sh
+      - run: test/e2e-kind.sh
+      - run: test/e2e-contour.sh
+      - run: test/e2e-contour-tests.sh
+
+  push-helm-charts:
+    docker:
+      - image: circleci/golang:1.14
+    steps:
+      - checkout
+      - run:
+          name: Install kubectl
+          command: sudo curl -L https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl && sudo chmod +x /usr/local/bin/kubectl
+      - run:
+          name: Install helm
+          command: sudo curl -L https://storage.googleapis.com/kubernetes-helm/helm-v2.14.2-linux-amd64.tar.gz | tar xz && sudo mv linux-amd64/helm /bin/helm && sudo rm -rf linux-amd64
+      - run:
+          name: Initialize helm
+          command:  helm init --client-only --kubeconfig=$HOME/.kube/kubeconfig
+      - run:
+          name: Lint charts
+          command: |
+            helm lint ./charts/*
+      - run:
+          name: Package charts
+          command: |
+            mkdir $HOME/charts
+            helm package ./charts/* --destination $HOME/charts
+      - run:
+          name: Publish charts
+          command: |
+            if echo "${CIRCLE_TAG}" | grep v; then
+              REPOSITORY="https://weaveworksbot:${GITHUB_TOKEN}@github.com/weaveworks/flagger.git"
+              git config user.email weaveworksbot@users.noreply.github.com
+              git config user.name weaveworksbot
+              git remote set-url origin ${REPOSITORY}
+              git checkout gh-pages
+              mv -f $HOME/charts/*.tgz .
+              helm repo index . --url https://flagger.app
+              git add .
+              git commit -m "Publish Helm charts v${CIRCLE_TAG}"
+              git push origin gh-pages
+            else
+              echo "Not a release! Skip charts publish"
+            fi
+
 workflows:
   version: 2
   build-test-push:
@@ -153,15 +224,16 @@ workflows:
             branches:
               ignore:
                 - gh-pages
+                - /^user-.*/
       - e2e-istio-testing:
           requires:
             - build-binary
-      - e2e-kubernetes-testing:
+      - e2e-kubernetes-daemonset-testing:
+          requires:
+            - build-binary
+      - e2e-kubernetes-deployment-testing:
           requires:
             - build-binary
-#      - e2e-supergloo-testing:
-#          requires:
-#            - build-binary
       - e2e-gloo-testing:
           requires:
             - build-binary
@@ -171,15 +243,22 @@ workflows:
       - e2e-linkerd-testing:
           requires:
             - build-binary
+      - e2e-contour-testing:
+          requires:
+            - build-binary
       - push-container:
           requires:
             - build-binary
             - e2e-istio-testing
-            - e2e-kubernetes-testing
-            #- e2e-supergloo-testing
+            - e2e-kubernetes-daemonset-testing
+            - e2e-kubernetes-deployment-testing
             - e2e-gloo-testing
             - e2e-nginx-testing
             - e2e-linkerd-testing
+          filters:
+            branches:
+              only:
+                - master
 
   release:
     jobs:
@@ -204,4 +283,12 @@ workflows:
             branches:
               ignore: /.*/
             tags:
-              ignore: /^chart.*/
+              ignore: /^chart.*/
+      - push-helm-charts:
+          requires:
+            - push-container
+          filters:
+            branches:
+              ignore: /.*/
+            tags:
+              ignore: /^chart.*/

.gitbook.yaml

@@ -1 +1,13 @@
-root: ./docs/gitbook
+root: ./docs/gitbook
+
+redirects:
+  how-it-works: usage/how-it-works.md
+  usage/progressive-delivery: tutorials/istio-progressive-delivery.md
+  usage/ab-testing: tutorials/istio-ab-testing.md
+  usage/blue-green: tutorials/kubernetes-blue-green.md
+  usage/appmesh-progressive-delivery: tutorials/appmesh-progressive-delivery.md
+  usage/linkerd-progressive-delivery: tutorials/linkerd-progressive-delivery.md
+  usage/contour-progressive-delivery: tutorials/contour-progressive-delivery.md
+  usage/gloo-progressive-delivery: tutorials/gloo-progressive-delivery.md
+  usage/nginx-progressive-delivery: tutorials/nginx-progressive-delivery.md
+  usage/crossover-progressive-delivery: tutorials/crossover-progressive-delivery.md

.gitignore

@@ -16,4 +16,5 @@ bin/
 _tmp/
 
 artifacts/gcloud/
-.idea
+.idea
+Makefile.dev

CHANGELOG.md

@@ -2,6 +2,249 @@
 
 All notable changes to this project are documented in this file.
 
+## 1.0.0-rc.1 (2020-03-03) 
+
+This is a release candidate for Flagger v1.0.0.
+
+The upgrade procedure from 0.x to 1.0 can be found [here](https://docs.flagger.app/dev/upgrade-guide).
+
+Two new resources where added to the API: `MetricTemplate` and `AlertProvider`.
+The analysis can reference [metric templates](https://docs.flagger.app//usage/metrics#custom-metrics)
+to query Prometheus, Datadog and AWS CloudWatch.
+[Alerting](https://docs.flagger.app/v/master/usage/alerting#canary-configuration) can be configured on a per
+canary basis for Slack, MS Teams, Discord and Rocket.
+
+#### Features
+
+- Implement metric templates for Prometheus [#419](https://github.com/weaveworks/flagger/pull/419),
+    Datadog [#460](https://github.com/weaveworks/flagger/pull/460) and
+    CloudWatch [#464](https://github.com/weaveworks/flagger/pull/464)
+- Implement metric range validation [#424](https://github.com/weaveworks/flagger/pull/424)
+- Add support for targeting DaemonSets [#455](https://github.com/weaveworks/flagger/pull/455)
+- Implement canary alerts and alert providers (Slack, MS Teams, Discord and Rocket)
+    [#429](https://github.com/weaveworks/flagger/pull/429)
+
+#### Improvements
+
+- Add support for Istio multi-cluster
+    [#447](https://github.com/weaveworks/flagger/pull/447) [#450](https://github.com/weaveworks/flagger/pull/450)
+- Extend Istio traffic policy [#441](https://github.com/weaveworks/flagger/pull/441),
+    add support for header operations [#442](https://github.com/weaveworks/flagger/pull/442) and 
+    set ingress destination port when multiple ports are discovered [#436](https://github.com/weaveworks/flagger/pull/436)
+- Add support for rollback gating [#449](https://github.com/weaveworks/flagger/pull/449)
+- Allow disabling ConfigMaps and Secrets tracking [#425](https://github.com/weaveworks/flagger/pull/425)
+
+#### Fixes
+
+- Fix spec changes detection [#446](https://github.com/weaveworks/flagger/pull/446)
+- Track projected ConfigMaps and Secrets [#433](https://github.com/weaveworks/flagger/pull/433)
+
+## 0.23.0 (2020-02-06) 
+
+Adds support for service name configuration and rollback webhook
+
+#### Features
+
+- Implement service name override [#416](https://github.com/weaveworks/flagger/pull/416)
+- Add support for gated rollback [#420](https://github.com/weaveworks/flagger/pull/420)
+
+## 0.22.0 (2020-01-16) 
+
+Adds event dispatching through webhooks
+
+#### Features
+
+- Implement event dispatching webhook [#409](https://github.com/weaveworks/flagger/pull/409)
+- Add general purpose event webhook [#401](https://github.com/weaveworks/flagger/pull/401)
+
+#### Improvements
+
+- Update Contour to v1.1 and add Linkerd header [#411](https://github.com/weaveworks/flagger/pull/411)
+- Update Istio e2e to v1.4.3 [#407](https://github.com/weaveworks/flagger/pull/407)
+- Update Kubernetes packages to 1.17 [#406](https://github.com/weaveworks/flagger/pull/406)
+
+## 0.21.0 (2020-01-06) 
+
+Adds support for Contour ingress controller
+
+#### Features
+
+- Add support for Contour ingress controller [#397](https://github.com/weaveworks/flagger/pull/397)
+- Add support for Envoy managed by Crossover via SMI [#386](https://github.com/weaveworks/flagger/pull/386)
+- Extend canary target ref to Kubernetes Service kind [#372](https://github.com/weaveworks/flagger/pull/372)
+
+#### Improvements 
+
+- Add Prometheus operator PodMonitor template to Helm chart [#399](https://github.com/weaveworks/flagger/pull/399)
+- Update e2e tests to Kubernetes v1.16 [#390](https://github.com/weaveworks/flagger/pull/390)
+
+## 0.20.4 (2019-12-03) 
+
+Adds support for taking over a running deployment without disruption
+
+#### Improvements 
+
+- Add initialization phase to Kubernetes router [#384](https://github.com/weaveworks/flagger/pull/384)
+- Add canary controller interface and Kubernetes deployment kind implementation [#378](https://github.com/weaveworks/flagger/pull/378)
+
+#### Fixes
+
+- Skip primary check on skip analysis [#380](https://github.com/weaveworks/flagger/pull/380)
+
+## 0.20.3 (2019-11-13) 
+
+Adds wrk to load tester tools and the App Mesh gateway chart to Flagger Helm repository
+
+#### Improvements 
+
+- Add wrk to load tester tools [#368](https://github.com/weaveworks/flagger/pull/368)
+- Add App Mesh gateway chart [#365](https://github.com/weaveworks/flagger/pull/365)
+
+## 0.20.2 (2019-11-07) 
+
+Adds support for exposing canaries outside the cluster using App Mesh Gateway annotations 
+
+#### Improvements 
+
+- Expose canaries on public domains with App Mesh Gateway [#358](https://github.com/weaveworks/flagger/pull/358)
+
+#### Fixes
+
+- Use the specified replicas when scaling up the canary [#363](https://github.com/weaveworks/flagger/pull/363)
+
+## 0.20.1 (2019-11-03) 
+
+Fixes promql execution and updates the load testing tools
+
+#### Improvements 
+
+- Update load tester Helm tools [#8349dd1](https://github.com/weaveworks/flagger/commit/8349dd1cda59a741c7bed9a0f67c0fc0fbff4635)
+- e2e testing: update providers [#346](https://github.com/weaveworks/flagger/pull/346)
+
+#### Fixes
+
+- Fix Prometheus query escape [#353](https://github.com/weaveworks/flagger/pull/353)
+- Updating hey release link [#350](https://github.com/weaveworks/flagger/pull/350)
+
+## 0.20.0 (2019-10-21) 
+
+Adds support for [A/B Testing](https://docs.flagger.app/usage/progressive-delivery#traffic-mirroring)
+and retry policies when using App Mesh
+
+#### Features
+
+- Implement App Mesh A/B testing based on HTTP headers match conditions [#340](https://github.com/weaveworks/flagger/pull/340)
+- Implement App Mesh HTTP retry policy [#338](https://github.com/weaveworks/flagger/pull/338)
+- Implement metrics server override [#342](https://github.com/weaveworks/flagger/pull/342)
+
+#### Improvements 
+
+- Add the app/name label to services and primary deployment [#333](https://github.com/weaveworks/flagger/pull/333)
+- Allow setting Slack and Teams URLs with env vars [#334](https://github.com/weaveworks/flagger/pull/334)
+- Refactor Gloo integration [#344](https://github.com/weaveworks/flagger/pull/344)
+
+#### Fixes
+
+- Generate unique names for App Mesh virtual routers and routes [#336](https://github.com/weaveworks/flagger/pull/336)
+
+## 0.19.0 (2019-10-08) 
+
+Adds support for canary and blue/green [traffic mirroring](https://docs.flagger.app/usage/progressive-delivery#traffic-mirroring)
+
+#### Features
+
+- Add traffic mirroring for Istio service mesh [#311](https://github.com/weaveworks/flagger/pull/311)
+- Implement canary service target port [#327](https://github.com/weaveworks/flagger/pull/327)
+
+#### Improvements 
+
+- Allow gPRC protocol for App Mesh [#325](https://github.com/weaveworks/flagger/pull/325)
+- Enforce blue/green when using Kubernetes networking [#326](https://github.com/weaveworks/flagger/pull/326)
+
+#### Fixes
+
+- Fix port discovery diff [#324](https://github.com/weaveworks/flagger/pull/324)
+- Helm chart: Enable Prometheus scraping of Flagger metrics
+    [#2141d88](https://github.com/weaveworks/flagger/commit/2141d88ce1cc6be220dab34171c215a334ecde24)
+
+## 0.18.6 (2019-10-03) 
+
+Adds support for App Mesh conformance tests and latency metric checks
+
+#### Improvements 
+
+- Add support for acceptance testing when using App Mesh [#322](https://github.com/weaveworks/flagger/pull/322)
+- Add Kustomize installer for App Mesh [#310](https://github.com/weaveworks/flagger/pull/310)
+- Update Linkerd to v2.5.0 and Prometheus to v2.12.0 [#323](https://github.com/weaveworks/flagger/pull/323)
+
+#### Fixes
+
+- Fix slack/teams notification fields mapping [#318](https://github.com/weaveworks/flagger/pull/318)
+
+## 0.18.5 (2019-10-02) 
+
+Adds support for [confirm-promotion](https://docs.flagger.app/how-it-works#webhooks)
+webhooks and blue/green deployments when using a service mesh
+
+#### Features
+
+- Implement confirm-promotion hook [#307](https://github.com/weaveworks/flagger/pull/307)
+- Implement B/G for service mesh providers [#305](https://github.com/weaveworks/flagger/pull/305)
+
+#### Improvements 
+
+- Canary promotion improvements to avoid dropping in-flight requests [#310](https://github.com/weaveworks/flagger/pull/310)
+- Update end-to-end tests to Kubernetes v1.15.3 and Istio 1.3.0 [#306](https://github.com/weaveworks/flagger/pull/306) 
+
+#### Fixes
+
+- Skip primary check for App Mesh [#315](https://github.com/weaveworks/flagger/pull/315)
+
+## 0.18.4 (2019-09-08) 
+
+Adds support for NGINX custom annotations and Helm v3 acceptance testing
+
+#### Features
+
+- Add annotations prefix for NGINX ingresses [#293](https://github.com/weaveworks/flagger/pull/293)
+- Add wide columns in CRD [#289](https://github.com/weaveworks/flagger/pull/289)
+- loadtester: implement Helm v3 test command [#296](https://github.com/weaveworks/flagger/pull/296)
+- loadtester: add gPRC health check to load tester image [#295](https://github.com/weaveworks/flagger/pull/295)
+
+#### Fixes
+
+- loadtester: fix tests error logging [#286](https://github.com/weaveworks/flagger/pull/286)
+
+## 0.18.3 (2019-08-22) 
+
+Adds support for tillerless helm tests and protobuf health checking
+
+#### Features
+
+- loadtester: add support for tillerless helm [#280](https://github.com/weaveworks/flagger/pull/280)
+- loadtester: add support for protobuf health checking [#280](https://github.com/weaveworks/flagger/pull/280)
+
+#### Improvements 
+
+- Set HTTP listeners for AppMesh virtual routers [#272](https://github.com/weaveworks/flagger/pull/272)
+
+#### Fixes
+
+- Add missing fields to CRD validation spec [#271](https://github.com/weaveworks/flagger/pull/271)
+- Fix App Mesh backends validation in CRD [#281](https://github.com/weaveworks/flagger/pull/281)
+
+## 0.18.2 (2019-08-05) 
+
+Fixes multi-port support for Istio
+
+#### Fixes
+
+- Fix port discovery for multiple port services [#267](https://github.com/weaveworks/flagger/pull/267)
+
+#### Improvements 
+
+- Update e2e testing to Istio v1.2.3, Gloo v0.18.8 and NGINX ingress chart v1.12.1 [#268](https://github.com/weaveworks/flagger/pull/268)
+
 ## 0.18.1 (2019-07-30) 
 
 Fixes Blue/Green style deployments for Kubernetes and Linkerd providers
@@ -26,8 +269,10 @@ Adds support for [manual gating](https://docs.flagger.app/how-it-works#manual-ga
 
 #### Breaking changes
 
-- due to the status sub-resource changes in [#240](https://github.com/weaveworks/flagger/pull/240), when upgrading Flagger the canaries status phase will be reset to `Initialized`
-- upgrading Flagger with Helm will fail due to Helm poor support of CRDs, see [workaround](https://github.com/weaveworks/flagger/issues/223)
+- Due to the status sub-resource changes in [#240](https://github.com/weaveworks/flagger/pull/240),
+    when upgrading Flagger the canaries status phase will be reset to `Initialized`
+- Upgrading Flagger with Helm will fail due to Helm poor support of CRDs,
+    see [workaround](https://github.com/weaveworks/flagger/issues/223)
 
 ## 0.17.0 (2019-07-08) 
 
@@ -41,12 +286,14 @@ Adds support for Linkerd (SMI Traffic Split API), MS Teams notifications and HA
 
 #### Improvements 
 
-- Add [Kustomize](https://docs.flagger.app/install/flagger-install-on-kubernetes#install-flagger-with-kustomize) installer [#232](https://github.com/weaveworks/flagger/pull/232)
+- Add [Kustomize](https://docs.flagger.app/install/flagger-install-on-kubernetes#install-flagger-with-kustomize)
+    installer [#232](https://github.com/weaveworks/flagger/pull/232)
 - Add Pod Security Policy to Helm chart [#234](https://github.com/weaveworks/flagger/pull/234)
 
 ## 0.16.0 (2019-06-23) 
 
-Adds support for running [Blue/Green deployments](https://docs.flagger.app/usage/blue-green) without a service mesh or ingress controller
+Adds support for running [Blue/Green deployments](https://docs.flagger.app/usage/blue-green)
+without a service mesh or ingress controller
 
 #### Features
 
@@ -78,7 +325,8 @@ Adds support for customising the Istio [traffic policy](https://docs.flagger.app
 
 ## 0.14.1 (2019-06-05) 
 
-Adds support for running [acceptance/integration tests](https://docs.flagger.app/how-it-works#integration-testing) with Helm test or Bash Bats using pre-rollout hooks
+Adds support for running [acceptance/integration tests](https://docs.flagger.app/how-it-works#integration-testing)
+with Helm test or Bash Bats using pre-rollout hooks
 
 #### Features
 
@@ -125,7 +373,8 @@ Adds support for [NGINX](https://docs.flagger.app/usage/nginx-progressive-delive
 #### Features
 
 - Add support for nginx ingress controller (weighted traffic and A/B testing) [#170](https://github.com/weaveworks/flagger/pull/170)
-- Add Prometheus add-on to Flagger Helm chart for App Mesh and NGINX [79b3370](https://github.com/weaveworks/flagger/pull/170/commits/79b337089294a92961bc8446fd185b38c50a32df)
+- Add Prometheus add-on to Flagger Helm chart for App Mesh and
+    NGINX [79b3370](https://github.com/weaveworks/flagger/pull/170/commits/79b337089294a92961bc8446fd185b38c50a32df)
 
 #### Fixes
 

CONTRIBUTING.md

@@ -17,12 +17,12 @@ contribution.
 ## Chat
 
 The project uses Slack: To join the conversation, simply join the
-[Weave community](https://slack.weave.works/) Slack workspace.
+[Weave community](https://slack.weave.works/) Slack workspace #flagger channel.
 
 ## Getting Started
 
 - Fork the repository on GitHub
-- If you want to contribute as a developer, continue reading this document for further instructions
+- If you want to contribute as a developer, read [Flagger Development Guide](https://docs.flagger.app/dev-guide)
 - If you have questions, concerns, get stuck or need a hand, let us know
   on the Slack channel. We are happy to help and look forward to having
   you part of the team. No matter in which capacity.
@@ -59,7 +59,7 @@ get asked to resubmit the PR or divide the changes into more than one PR.
 
 ### Format of the Commit Message
 
-For Flux we prefer the following rules for good commit messages:
+For Flagger we prefer the following rules for good commit messages:
 
 - Limit the subject to 50 characters and write as the continuation
   of the sentence "If applied, this commit will ..."
@@ -69,4 +69,4 @@ For Flux we prefer the following rules for good commit messages:
 The [following article](https://chris.beams.io/posts/git-commit/#seven-rules)
 has some more helpful advice on documenting your work.
 
-This doc is adapted from the [Weaveworks Flux](https://github.com/weaveworks/flux/blob/master/CONTRIBUTING.md)
+This doc is adapted from [FluxCD](https://github.com/fluxcd/flux/blob/master/CONTRIBUTING.md).

Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.9
+FROM alpine:3.11
 
 RUN addgroup -S flagger \
     && adduser -S -g flagger flagger \

Dockerfile.loadtester

@@ -1,27 +1,69 @@
-FROM bats/bats:v1.1.0
+FROM alpine:3.11 as build
 
-RUN addgroup -S app \
-    && adduser -S -g app app \
-    && apk --no-cache add ca-certificates curl jq
+RUN apk --no-cache add alpine-sdk perl curl
+
+RUN curl -sSLo hey "https://storage.googleapis.com/hey-release/hey_linux_amd64" && \
+chmod +x hey && mv hey /usr/local/bin/hey
+
+RUN HELM2_VERSION=2.16.3 && \
+curl -sSL "https://get.helm.sh/helm-v${HELM2_VERSION}-linux-amd64.tar.gz" | tar xvz && \
+chmod +x linux-amd64/helm && mv linux-amd64/helm /usr/local/bin/helm && \
+chmod +x linux-amd64/tiller && mv linux-amd64/tiller /usr/local/bin/tiller
+
+RUN HELM3_VERSION=3.1.1 && \
+curl -sSL "https://get.helm.sh/helm-v${HELM3_VERSION}-linux-amd64.tar.gz" | tar xvz && \
+chmod +x linux-amd64/helm && mv linux-amd64/helm /usr/local/bin/helmv3
+
+RUN GRPC_HEALTH_PROBE_VERSION=v0.3.1 && \
+wget -qO /usr/local/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-amd64 && \
+chmod +x /usr/local/bin/grpc_health_probe
+
+RUN GHZ_VERSION=0.39.0 && \
+curl -sSL "https://github.com/bojand/ghz/releases/download/v${GHZ_VERSION}/ghz_${GHZ_VERSION}_Linux_x86_64.tar.gz" | tar xz -C /tmp && \
+mv /tmp/ghz /usr/local/bin && chmod +x /usr/local/bin/ghz
+
+RUN HELM_TILLER_VERSION=0.9.3 && \
+curl -sSL "https://github.com/rimusz/helm-tiller/archive/v${HELM_TILLER_VERSION}.tar.gz" | tar xz -C /tmp && \
+mv /tmp/helm-tiller-${HELM_TILLER_VERSION} /tmp/helm-tiller
+
+RUN WRK_VERSION=4.0.2 && \
+cd /tmp && git clone -b ${WRK_VERSION} https://github.com/wg/wrk
+RUN cd /tmp/wrk && make
+
+FROM bash:5.0
+
+RUN addgroup -S app && \
+adduser -S -g app app && \
+apk --no-cache add ca-certificates curl jq libgcc
 
 WORKDIR /home/app
 
-RUN curl -sSLo hey "https://storage.googleapis.com/jblabs/dist/hey_linux_v0.1.2" && \
-chmod +x hey && mv hey /usr/local/bin/hey
+COPY --from=bats/bats:v1.1.0 /opt/bats/ /opt/bats/
+RUN ln -s /opt/bats/bin/bats /usr/local/bin/
 
-RUN curl -sSL "https://get.helm.sh/helm-v2.12.3-linux-amd64.tar.gz" | tar xvz && \
-chmod +x linux-amd64/helm && mv linux-amd64/helm /usr/local/bin/helm && \
-rm -rf linux-amd64
+COPY --from=build /usr/local/bin/hey /usr/local/bin/
+COPY --from=build /tmp/wrk/wrk /usr/local/bin/
+COPY --from=build /usr/local/bin/helm /usr/local/bin/
+COPY --from=build /usr/local/bin/tiller /usr/local/bin/
+COPY --from=build /usr/local/bin/ghz /usr/local/bin/
+COPY --from=build /usr/local/bin/helmv3 /usr/local/bin/
+COPY --from=build /usr/local/bin/grpc_health_probe /usr/local/bin/
+COPY --from=build /tmp/helm-tiller /tmp/helm-tiller
 
-RUN curl -sSL "https://github.com/bojand/ghz/releases/download/v0.39.0/ghz_0.39.0_Linux_x86_64.tar.gz" | tar xz -C /tmp && \
-mv /tmp/ghz /usr/local/bin && chmod +x /usr/local/bin/ghz && rm -rf /tmp/ghz-web
-
-RUN ls /tmp
+ADD https://raw.githubusercontent.com/grpc/grpc-proto/master/grpc/health/v1/health.proto /tmp/ghz/health.proto
 
 COPY ./bin/loadtester .
 
 RUN chown -R app:app ./
+RUN chown -R app:app /tmp/ghz
 
 USER app
 
+# test load generator tools
+RUN hey -n 1 -c 1 https://flagger.app > /dev/null && echo $? | grep 0
+RUN wrk -d 1s -c 1 -t 1 https://flagger.app > /dev/null && echo $? | grep 0
+
+# install Helm v2 plugins
+RUN helm init --client-only && helm plugin install /tmp/helm-tiller
+
 ENTRYPOINT ["./loadtester"]

MAINTAINERS

@@ -3,3 +3,4 @@ https://weave-community.slack.com/messages/flagger/ (obtain an invitation
 at https://slack.weave.works/).
 
 Stefan Prodan, Weaveworks <stefan@weave.works> (Slack: @stefan Twitter: @stefanprodan)
+Takeshi Yoneda, DMM.com <cz.rk.t0415y.g@gmail.com> (Slack: @mathetake Twitter: @mathetake)

Makefile

@@ -1,48 +1,11 @@
 TAG?=latest
 VERSION?=$(shell grep 'VERSION' pkg/version/version.go | awk '{ print $$4 }' | tr -d '"')
-VERSION_MINOR:=$(shell grep 'VERSION' pkg/version/version.go | awk '{ print $$4 }' | tr -d '"' | rev | cut -d'.' -f2- | rev)
-PATCH:=$(shell grep 'VERSION' pkg/version/version.go | awk '{ print $$4 }' | tr -d '"' | awk -F. '{print $$NF}')
-SOURCE_DIRS = cmd pkg/apis pkg/controller pkg/server pkg/canary pkg/metrics pkg/router pkg/notifier
 LT_VERSION?=$(shell grep 'VERSION' cmd/loadtester/main.go | awk '{ print $$4 }' | tr -d '"' | head -n1)
-TS=$(shell date +%Y-%m-%d_%H-%M-%S)
-
-run:
-	GO111MODULE=on go run cmd/flagger/* -kubeconfig=$$HOME/.kube/config -log-level=info -mesh-provider=istio -namespace=test \
-	-metrics-server=https://prometheus.istio.weavedx.com \
-	-enable-leader-election=true
-
-run2:
-	GO111MODULE=on go run cmd/flagger/* -kubeconfig=$$HOME/.kube/config -log-level=info -mesh-provider=istio -namespace=test \
-	-metrics-server=https://prometheus.istio.weavedx.com \
-	-enable-leader-election=true \
-	-port=9092
-
-run-appmesh:
-	GO111MODULE=on go run cmd/flagger/* -kubeconfig=$$HOME/.kube/config -log-level=info -mesh-provider=appmesh \
-	-metrics-server=http://acfc235624ca911e9a94c02c4171f346-1585187926.us-west-2.elb.amazonaws.com:9090
-
-run-nginx:
-	GO111MODULE=on go run cmd/flagger/* -kubeconfig=$$HOME/.kube/config -log-level=info -mesh-provider=nginx -namespace=nginx \
-	-metrics-server=http://prometheus-weave.istio.weavedx.com
-
-run-smi:
-	GO111MODULE=on go run cmd/flagger/* -kubeconfig=$$HOME/.kube/config -log-level=info -mesh-provider=smi:istio -namespace=smi \
-	-metrics-server=https://prometheus.istio.weavedx.com
-
-run-gloo:
-	GO111MODULE=on go run cmd/flagger/* -kubeconfig=$$HOME/.kube/config -log-level=info -mesh-provider=gloo -namespace=gloo \
-	-metrics-server=https://prometheus.istio.weavedx.com
-
-run-nop:
-	GO111MODULE=on go run cmd/flagger/* -kubeconfig=$$HOME/.kube/config -log-level=info -mesh-provider=none -namespace=bg \
-	-metrics-server=https://prometheus.istio.weavedx.com
-
-run-linkerd:
-	GO111MODULE=on go run cmd/flagger/* -kubeconfig=$$HOME/.kube/config -log-level=info -mesh-provider=smi:linkerd -namespace=demo \
-	-metrics-server=https://linkerd-prometheus.istio.weavedx.com
 
 build:
-	GIT_COMMIT=$$(git rev-list -1 HEAD) && GO111MODULE=on CGO_ENABLED=0 GOOS=linux go build  -ldflags "-s -w -X github.com/weaveworks/flagger/pkg/version.REVISION=$${GIT_COMMIT}" -a -installsuffix cgo -o ./bin/flagger ./cmd/flagger/*
+	GIT_COMMIT=$$(git rev-list -1 HEAD) && CGO_ENABLED=0 GOOS=linux go build  \
+		-ldflags "-s -w -X github.com/weaveworks/flagger/pkg/version.REVISION=$${GIT_COMMIT}" \
+		-a -installsuffix cgo -o ./bin/flagger ./cmd/flagger/*
 	docker build -t weaveworks/flagger:$(TAG) . -f Dockerfile
 
 push:
@@ -50,10 +13,15 @@ push:
 	docker push weaveworks/flagger:$(VERSION)
 
 fmt:
-	gofmt -l -s -w $(SOURCE_DIRS)
+	gofmt -l -s -w ./
+	goimports -l -w ./
 
 test-fmt:
-	gofmt -l -s $(SOURCE_DIRS) | grep ".*\.go"; if [ "$$?" = "0" ]; then exit 1; fi
+	gofmt -l -s ./ | grep ".*\.go"; if [ "$$?" = "0" ]; then exit 1; fi
+	goimports -l ./ | grep ".*\.go"; if [ "$$?" = "0" ]; then exit 1; fi
+
+codegen:
+	./hack/update-codegen.sh
 
 test-codegen:
 	./hack/verify-codegen.sh
@@ -61,15 +29,9 @@ test-codegen:
 test: test-fmt test-codegen
 	go test ./...
 
-helm-package:
-	cd charts/ && helm package ./*
-	mv charts/*.tgz bin/
-	curl -s https://raw.githubusercontent.com/weaveworks/flagger/gh-pages/index.yaml > ./bin/index.yaml
-	helm repo index bin --url https://flagger.app --merge ./bin/index.yaml
-
-helm-up:
-	helm upgrade --install flagger ./charts/flagger --namespace=istio-system --set crd.create=false
-	helm upgrade --install flagger-grafana ./charts/grafana --namespace=istio-system
+crd:
+	cat artifacts/flagger/crd.yaml > charts/flagger/crds/crd.yaml
+	cat artifacts/flagger/crd.yaml > kustomize/base/flagger/crd.yaml
 
 version-set:
 	@next="$(TAG)" && \
@@ -82,46 +44,17 @@ version-set:
 	sed -i '' "s/newTag: $$current/newTag: $$next/g" kustomize/base/flagger/kustomization.yaml && \
 	echo "Version $$next set in code, deployment, chart and kustomize"
 
-version-up:
-	@next="$(VERSION_MINOR).$$(($(PATCH) + 1))" && \
-	current="$(VERSION)" && \
-	sed -i '' "s/$$current/$$next/g" pkg/version/version.go && \
-	sed -i '' "s/flagger:$$current/flagger:$$next/g" artifacts/flagger/deployment.yaml && \
-	sed -i '' "s/tag: $$current/tag: $$next/g" charts/flagger/values.yaml && \
-	sed -i '' "s/appVersion: $$current/appVersion: $$next/g" charts/flagger/Chart.yaml && \
-	echo "Version $$next set in code, deployment and chart"
-
-dev-up: version-up
-	@echo "Starting build/push/deploy pipeline for $(VERSION)"
-	docker build -t quay.io/stefanprodan/flagger:$(VERSION) . -f Dockerfile
-	docker push quay.io/stefanprodan/flagger:$(VERSION)
-	kubectl apply -f ./artifacts/flagger/crd.yaml
-	helm upgrade -i flagger ./charts/flagger --namespace=istio-system --set crd.create=false
-
 release:
-	git tag $(VERSION)
-	git push origin $(VERSION)
+	git tag "v$(VERSION)"
+	git push origin "v$(VERSION)"
 
-release-set: fmt version-set helm-package
-	git add .
-	git commit -m "Release $(VERSION)"
-	git push origin master
-	git tag $(VERSION)
-	git push origin $(VERSION)
-
-reset-test:
-	kubectl delete -f ./artifacts/namespaces
-	kubectl apply -f ./artifacts/namespaces
-	kubectl apply -f ./artifacts/canaries
-
-loadtester-run: loadtester-build
-	docker build -t weaveworks/flagger-loadtester:$(LT_VERSION) . -f Dockerfile.loadtester
-	docker rm -f tester || true
-	docker run -dp 8888:9090 --name tester weaveworks/flagger-loadtester:$(LT_VERSION)
+release-notes:
+	cd /tmp && GH_REL_URL="https://github.com/buchanae/github-release-notes/releases/download/0.2.0/github-release-notes-linux-amd64-0.2.0.tar.gz" && \
+    curl -sSL $${GH_REL_URL} | tar xz && sudo mv github-release-notes /usr/local/bin/
 
 loadtester-build:
-	GO111MODULE=on CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o ./bin/loadtester ./cmd/loadtester/*
+	CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o ./bin/loadtester ./cmd/loadtester/*
+	docker build -t weaveworks/flagger-loadtester:$(LT_VERSION) . -f Dockerfile.loadtester
 
 loadtester-push:
-	docker build -t weaveworks/flagger-loadtester:$(LT_VERSION) . -f Dockerfile.loadtester
 	docker push weaveworks/flagger-loadtester:$(LT_VERSION)

README.md

@@ -6,54 +6,54 @@
 [![license](https://img.shields.io/github/license/weaveworks/flagger.svg)](https://github.com/weaveworks/flagger/blob/master/LICENSE)
 [![release](https://img.shields.io/github/release/weaveworks/flagger/all.svg)](https://github.com/weaveworks/flagger/releases)
 
-Flagger is a Kubernetes operator that automates the promotion of canary deployments
-using Istio, Linkerd, App Mesh, NGINX or Gloo routing for traffic shifting and Prometheus metrics for canary analysis.
-The canary analysis can be extended with webhooks for running acceptance tests,
-load tests or any other custom validation.
-
-Flagger implements a control loop that gradually shifts traffic to the canary while measuring key performance
-indicators like HTTP requests success rate, requests average duration and pods health.
-Based on analysis of the KPIs a canary is promoted or aborted, and the analysis result is published to Slack or MS Teams.
+Flagger is a progressive delivery tool that automates the release process for applications running on Kubernetes. 
+It reduces the risk of introducing a new software version in production
+by gradually shifting traffic to the new version while measuring metrics and running conformance tests.
 
 ![flagger-overview](https://raw.githubusercontent.com/weaveworks/flagger/master/docs/diagrams/flagger-canary-overview.png)
 
-## Documentation
+Flagger implements several deployment strategies (Canary releases, A/B testing, Blue/Green mirroring)
+using a service mesh (App Mesh, Istio, Linkerd) or an ingress controller (Contour, Gloo, NGINX) for traffic routing.
+For release analysis, Flagger can query Prometheus, Datadog or CloudWatch
+and for alerting it uses Slack, MS Teams, Discord and Rocket.
 
-Flagger documentation can be found at [docs.flagger.app](https://docs.flagger.app)
+### Documentation
+
+Flagger documentation can be found at [docs.flagger.app](https://docs.flagger.app).
 
 * Install
   * [Flagger install on Kubernetes](https://docs.flagger.app/install/flagger-install-on-kubernetes)
-  * [Flagger install on GKE Istio](https://docs.flagger.app/install/flagger-install-on-google-cloud)
-  * [Flagger install on EKS App Mesh](https://docs.flagger.app/install/flagger-install-on-eks-appmesh)
-  * [Flagger install with SuperGloo](https://docs.flagger.app/install/flagger-install-with-supergloo)
-* How it works
-  * [Canary custom resource](https://docs.flagger.app/how-it-works#canary-custom-resource)
-  * [Routing](https://docs.flagger.app/how-it-works#istio-routing)
-  * [Canary deployment stages](https://docs.flagger.app/how-it-works#canary-deployment)
-  * [Canary analysis](https://docs.flagger.app/how-it-works#canary-analysis)
-  * [HTTP metrics](https://docs.flagger.app/how-it-works#http-metrics)
-  * [Custom metrics](https://docs.flagger.app/how-it-works#custom-metrics)
-  * [Webhooks](https://docs.flagger.app/how-it-works#webhooks)
-  * [Load testing](https://docs.flagger.app/how-it-works#load-testing)
-  * [Manual gating](https://docs.flagger.app/how-it-works#manual-gating)
-  * [FAQ](https://docs.flagger.app/faq)
 * Usage
-  * [Istio canary deployments](https://docs.flagger.app/usage/progressive-delivery)
-  * [Istio A/B testing](https://docs.flagger.app/usage/ab-testing)
-  * [Linkerd canary deployments](https://docs.flagger.app/usage/linkerd-progressive-delivery)
-  * [App Mesh canary deployments](https://docs.flagger.app/usage/appmesh-progressive-delivery)
-  * [NGINX ingress controller canary deployments](https://docs.flagger.app/usage/nginx-progressive-delivery)
-  * [Gloo ingress controller canary deployments](https://docs.flagger.app/usage/gloo-progressive-delivery)
-  * [Blue/Green deployments](https://docs.flagger.app/usage/blue-green)
-  * [Monitoring](https://docs.flagger.app/usage/monitoring)
+  * [How it works](https://docs.flagger.app/usage/how-it-works)
+  * [Deployment strategies](https://docs.flagger.app/usage/deployment-strategies)
+  * [Metrics analysis](https://docs.flagger.app/usage/webhooks)
+  * [Webhooks](https://docs.flagger.app/usage/webhooks)
   * [Alerting](https://docs.flagger.app/usage/alerting)
+  * [Monitoring](https://docs.flagger.app/usage/monitoring)
 * Tutorials
-  * [Canary deployments with Helm charts and Weave Flux](https://docs.flagger.app/tutorials/canary-helm-gitops)
+  * [App Mesh](https://docs.flagger.app/tutorials/appmesh-progressive-delivery)
+  * [Istio](https://docs.flagger.app/tutorials/istio-progressive-delivery)
+  * [Linkerd](https://docs.flagger.app/tutorials/linkerd-progressive-delivery)
+  * [Contour](https://docs.flagger.app/tutorials/contour-progressive-delivery)
+  * [Gloo](https://docs.flagger.app/tutorials/gloo-progressive-delivery)
+  * [NGINX Ingress](https://docs.flagger.app/tutorials/nginx-progressive-delivery)
+  * [Kubernetes Blue/Green](https://docs.flagger.app/tutorials/kubernetes-blue-green)
 
-## Canary CRD
+### Who is using Flagger
+
+List of organizations using Flagger:
+
+* [Chick-fil-A](https://www.chick-fil-a.com)
+* [Capra Consulting](https://www.capraconsulting.no)
+* [DMM.com](https://dmm-corp.com)
+* [Weaveworks](https://weave.works)
+
+If you are using Flagger, please submit a PR to add your organization to the list!
+
+### Canary CRD
 
 Flagger takes a Kubernetes deployment and optionally a horizontal pod autoscaler (HPA),
-then creates a series of objects (Kubernetes deployments, ClusterIP services and Istio or App Mesh virtual services).
+then creates a series of objects (Kubernetes deployments, ClusterIP services, service mesh or ingress routes).
 These objects expose the application on the mesh and drive the canary analysis and promotion.
 
 Flagger keeps track of ConfigMaps and Secrets referenced by a Kubernetes Deployment and triggers a canary analysis if any of those objects change.
@@ -62,15 +62,14 @@ When promoting a workload in production, both code (container images) and config
 For a deployment named _podinfo_, a canary promotion can be defined using Flagger's custom resource:
 
 ```yaml
-apiVersion: flagger.app/v1alpha3
+apiVersion: flagger.app/v1beta1
 kind: Canary
 metadata:
   name: podinfo
   namespace: test
 spec:
   # service mesh provider (optional)
-  # can be: kubernetes, istio, linkerd, appmesh, nginx, gloo, supergloo
-  # use the kubernetes provider for Blue/Green style deployments
+  # can be: kubernetes, istio, linkerd, appmesh, nginx, contour, gloo, supergloo
   provider: istio
   # deployment reference
   targetRef:
@@ -86,14 +85,17 @@ spec:
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:
-    # container port
+    # service name (defaults to targetRef.name)
+    name: podinfo
+    # ClusterIP port number
     port: 9898
-    # Istio gateways (optional)
-    gateways:
-    - public-gateway.istio-system.svc.cluster.local
-    # Istio virtual service host names (optional)
-    hosts:
-    - podinfo.example.com
+    # container port name or number (optional)
+    targetPort: 9898
+    # port name can be http or grpc (default http)
+    portName: http
+    # add all the other container ports
+    # to the ClusterIP services (default false)
+    portDiscovery: true
     # HTTP match conditions (optional)
     match:
       - uri:
@@ -101,16 +103,12 @@ spec:
     # HTTP rewrite (optional)
     rewrite:
       uri: /
-    # cross-origin resource sharing policy (optional)
-    corsPolicy:
-      allowOrigin:
-        - example.com
     # request timeout (optional)
     timeout: 5s
   # promote the canary without analysing it (default false)
   skipAnalysis: false
   # define the canary analysis timing and KPIs
-  canaryAnalysis:
+  analysis:
     # schedule interval (default 60s)
     interval: 1m
     # max number of failed metric checks before rollback
@@ -121,70 +119,98 @@ spec:
     # canary increment step
     # percentage (0-100)
     stepWeight: 5
-    # Istio Prometheus checks
+    # validation (optional)
     metrics:
-    # builtin checks
     - name: request-success-rate
+      # builtin Prometheus check
       # minimum req success rate (non 5xx responses)
       # percentage (0-100)
-      threshold: 99
+      thresholdRange:
+        min: 99
       interval: 1m
     - name: request-duration
+      # builtin Prometheus check
       # maximum req duration P99
       # milliseconds
-      threshold: 500
+      thresholdRange:
+        max: 500
       interval: 30s
-    # custom check
-    - name: "kafka lag"
-      threshold: 100
-      query: |
-        avg_over_time(
-          kafka_consumergroup_lag{
-            consumergroup=~"podinfo-consumer-.*",
-            topic="podinfo"
-          }[1m]
-        )
-    # external checks (optional)
+    - name: "database connections"
+      # custom Prometheus check
+      templateRef:
+        name: db-connections
+      thresholdRange:
+        min: 2
+        max: 100
+      interval: 1m
+    # testing (optional)
     webhooks:
-      - name: load-test
+      - name: "conformance test"
+        type: pre-rollout
+        url: http://flagger-helmtester.test/
+        timeout: 5m
+        metadata:
+          type: "helmv3"
+          cmd: "test run podinfo -n test"
+      - name: "load test"
+        type: rollout
         url: http://flagger-loadtester.test/
-        timeout: 5s
         metadata:
           cmd: "hey -z 1m -q 10 -c 2 http://podinfo.test:9898/"
+    # alerting (optional)
+    alerts:
+      - name: "dev team Slack"
+        severity: error
+        providerRef:
+          name: dev-slack
+          namespace: flagger
+      - name: "qa team Discord"
+        severity: warn
+        providerRef:
+          name: qa-discord
+      - name: "on-call MS Teams"
+        severity: info
+        providerRef:
+          name: on-call-msteams
 ```
 
-For more details on how the canary analysis and promotion works please [read the docs](https://docs.flagger.app/how-it-works).
+For more details on how the canary analysis and promotion works please [read the docs](https://docs.flagger.app/usage/how-it-works).
 
-## Features
+### Features
 
-| Feature                                      | Istio              | Linkerd            | App Mesh           | NGINX              | Gloo               |
-| -------------------------------------------- | ------------------ | ------------------ |------------------  |------------------  |------------------  |
-| Canary deployments (weighted traffic)        | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
-| A/B testing (headers and cookies filters)    | :heavy_check_mark: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_check_mark: | :heavy_minus_sign: |
-| Webhooks (acceptance/load testing)           | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
-| Request success rate check (L7 metric)       | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
-| Request duration check (L7 metric)           | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_check_mark: | :heavy_check_mark: |
-| Custom promql checks                         | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
-| Traffic policy, CORS, retries and timeouts   | :heavy_check_mark: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: |
+| Feature                                      | Istio              | Linkerd            | App Mesh           | NGINX              | Gloo               | Contour            | CNI                |
+| -------------------------------------------- | ------------------ | ------------------ |------------------  |------------------  |------------------  |------------------  |------------------  |
+| Canary deployments (weighted traffic)        | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: |
+| A/B testing (headers and cookies routing)    | :heavy_check_mark: | :heavy_minus_sign: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_check_mark: | :heavy_minus_sign: |
+| Blue/Green deployments (traffic switch)      | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Webhooks (acceptance/load testing)           | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Manual gating (approve/pause/resume)         | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Request success rate check (L7 metric)       | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: |
+| Request duration check (L7 metric)           | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: |
+| Custom promql checks                         | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Traffic policy, CORS, retries and timeouts   | :heavy_check_mark: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_check_mark: | :heavy_minus_sign: |
 
-## Roadmap
+### Roadmap
 
-* Integrate with other ingress controllers like Contour, HAProxy, ALB
+* Add support for Kubernetes [Ingress v2](https://github.com/kubernetes-sigs/service-apis)
+* Integrate with other service mesh like Consul Connect and ingress controllers like HAProxy, ALB
+* Integrate with other metrics providers like InfluxDB, Stackdriver, SignalFX
 * Add support for comparing the canary metrics to the primary ones and do the validation based on the derivation between the two
 
-## Contributing
+### Contributing
 
 Flagger is Apache 2.0 licensed and accepts contributions via GitHub pull requests.
+To start contributing please read the [development guide](https://docs.flagger.app/dev-guide).
 
 When submitting bug reports please include as much details as possible:
 
 * which Flagger version
 * which Flagger CRD version
-* which Kubernetes/Istio version
-* what configuration (canary, virtual service and workloads definitions)
-* what happened (Flagger, Istio Pilot and Proxy logs)
+* which Kubernetes version
+* what configuration (canary, ingress and workloads definitions)
+* what happened (Flagger and Proxy logs)
 
-## Getting Help
+### Getting Help
 
 If you have any questions about Flagger and progressive delivery:
 

artifacts/ab-testing/canary.yaml

@@ -1,62 +0,0 @@
-apiVersion: flagger.app/v1alpha3
-kind: Canary
-metadata:
-  name: abtest
-  namespace: test
-spec:
-  # deployment reference
-  targetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: abtest
-  # the maximum time in seconds for the canary deployment
-  # to make progress before it is rollback (default 600s)
-  progressDeadlineSeconds: 60
-  # HPA reference (optional)
-  autoscalerRef:
-    apiVersion: autoscaling/v2beta1
-    kind: HorizontalPodAutoscaler
-    name: abtest
-  service:
-    # container port
-    port: 9898
-    # Istio gateways (optional)
-    gateways:
-    - public-gateway.istio-system.svc.cluster.local
-    - mesh
-    # Istio virtual service host names (optional)
-    hosts:
-    - abtest.istio.weavedx.com
-  canaryAnalysis:
-    # schedule interval (default 60s)
-    interval: 10s
-    # max number of failed metric checks before rollback
-    threshold: 10
-    # total number of iterations
-    iterations: 10
-    # canary match condition
-    match:
-      - headers:
-          user-agent:
-            regex: "^(?!.*Chrome)(?=.*\bSafari\b).*$"
-      - headers:
-          cookie:
-            regex: "^(.*?;)?(type=insider)(;.*)?$"
-    metrics:
-    - name: request-success-rate
-      # minimum req success rate (non 5xx responses)
-      # percentage (0-100)
-      threshold: 99
-      interval: 1m
-    - name: request-duration
-      # maximum req duration P99
-      # milliseconds
-      threshold: 500
-      interval: 30s
-    # external checks (optional)
-    webhooks:
-      - name: load-test
-        url: http://flagger-loadtester.test/
-        timeout: 5s
-        metadata:
-          cmd: "hey -z 1m -q 10 -c 2 -H 'Cookie: type=insider' http://podinfo.test:9898/"

artifacts/ab-testing/deployment.yaml

@@ -1,67 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: abtest
-  namespace: test
-  labels:
-    app: abtest
-spec:
-  minReadySeconds: 5
-  revisionHistoryLimit: 5
-  progressDeadlineSeconds: 60
-  strategy:
-    rollingUpdate:
-      maxUnavailable: 0
-    type: RollingUpdate
-  selector:
-    matchLabels:
-      app: abtest
-  template:
-    metadata:
-      annotations:
-        prometheus.io/scrape: "true"
-      labels:
-        app: abtest
-    spec:
-      containers:
-      - name: podinfod
-        image: quay.io/stefanprodan/podinfo:1.7.0
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 9898
-          name: http
-          protocol: TCP
-        command:
-        - ./podinfo
-        - --port=9898
-        - --level=info
-        - --random-delay=false
-        - --random-error=false
-        env:
-        - name: PODINFO_UI_COLOR
-          value: blue
-        livenessProbe:
-          exec:
-            command:
-            - podcli
-            - check
-            - http
-            - localhost:9898/healthz
-          initialDelaySeconds: 5
-          timeoutSeconds: 5
-        readinessProbe:
-          exec:
-            command:
-            - podcli
-            - check
-            - http
-            - localhost:9898/readyz
-          initialDelaySeconds: 5
-          timeoutSeconds: 5
-        resources:
-          limits:
-            cpu: 2000m
-            memory: 512Mi
-          requests:
-            cpu: 100m
-            memory: 64Mi

artifacts/ab-testing/hpa.yaml

@@ -1,19 +0,0 @@
-apiVersion: autoscaling/v2beta1
-kind: HorizontalPodAutoscaler
-metadata:
-  name: abtest
-  namespace: test
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: abtest
-  minReplicas: 2
-  maxReplicas: 4
-  metrics:
-  - type: Resource
-    resource:
-      name: cpu
-      # scale up if usage is above
-      # 99% of the requested CPU (100m)
-      targetAverageUtilization: 99

artifacts/appmesh/canary.yaml

@@ -1,50 +0,0 @@
-apiVersion: flagger.app/v1alpha3
-kind: Canary
-metadata:
-  name: podinfo
-  namespace: test
-spec:
-  # deployment reference
-  targetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: podinfo
-  # the maximum time in seconds for the canary deployment
-  # to make progress before it is rollback (default 600s)
-  progressDeadlineSeconds: 60
-  # HPA reference (optional)
-  autoscalerRef:
-    apiVersion: autoscaling/v2beta1
-    kind: HorizontalPodAutoscaler
-    name: podinfo
-  service:
-    # container port
-    port: 9898
-    # App Mesh reference
-    meshName: global
-  # define the canary analysis timing and KPIs
-  canaryAnalysis:
-    # schedule interval (default 60s)
-    interval: 10s
-    # max number of failed metric checks before rollback
-    threshold: 10
-    # max traffic percentage routed to canary
-    # percentage (0-100)
-    maxWeight: 50
-    # canary increment step
-    # percentage (0-100)
-    stepWeight: 5
-    # App Mesh Prometheus checks
-    metrics:
-    - name: request-success-rate
-      # minimum req success rate (non 5xx responses)
-      # percentage (0-100)
-      threshold: 99
-      interval: 1m
-    # external checks (optional)
-    webhooks:
-      - name: load-test
-        url: http://flagger-loadtester.test/
-        timeout: 5s
-        metadata:
-          cmd: "hey -z 1m -q 10 -c 2 http://podinfo.test:9898/"

artifacts/appmesh/deployment.yaml

@@ -1,65 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: podinfo
-  namespace: test
-  labels:
-    app: podinfo
-spec:
-  minReadySeconds: 5
-  revisionHistoryLimit: 5
-  progressDeadlineSeconds: 60
-  strategy:
-    rollingUpdate:
-      maxUnavailable: 0
-    type: RollingUpdate
-  selector:
-    matchLabels:
-      app: podinfo
-  template:
-    metadata:
-      annotations:
-        prometheus.io/scrape: "true"
-      labels:
-        app: podinfo
-    spec:
-      containers:
-      - name: podinfod
-        image: quay.io/stefanprodan/podinfo:1.7.0
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 9898
-          name: http
-          protocol: TCP
-        command:
-        - ./podinfo
-        - --port=9898
-        - --level=info
-        env:
-        - name: PODINFO_UI_COLOR
-          value: blue
-        livenessProbe:
-          exec:
-            command:
-            - podcli
-            - check
-            - http
-            - localhost:9898/healthz
-          initialDelaySeconds: 5
-          timeoutSeconds: 5
-        readinessProbe:
-          exec:
-            command:
-            - podcli
-            - check
-            - http
-            - localhost:9898/readyz
-          initialDelaySeconds: 5
-          timeoutSeconds: 5
-        resources:
-          limits:
-            cpu: 2000m
-            memory: 512Mi
-          requests:
-            cpu: 100m
-            memory: 64Mi

artifacts/appmesh/global-mesh.yaml

@@ -1,6 +0,0 @@
-apiVersion: appmesh.k8s.aws/v1beta1
-kind: Mesh
-metadata:
-  name: global
-spec:
-  serviceDiscoveryType: dns

artifacts/appmesh/hpa.yaml

@@ -1,19 +0,0 @@
-apiVersion: autoscaling/v2beta1
-kind: HorizontalPodAutoscaler
-metadata:
-  name: podinfo
-  namespace: test
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: podinfo
-  minReplicas: 2
-  maxReplicas: 4
-  metrics:
-  - type: Resource
-    resource:
-      name: cpu
-      # scale up if usage is above
-      # 99% of the requested CPU (100m)
-      targetAverageUtilization: 99

artifacts/appmesh/ingress.yaml

@@ -1,177 +0,0 @@
----
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  name: ingress-config
-  namespace: test
-  labels:
-    app: ingress
-data:
-  envoy.yaml: |
-    static_resources:
-      listeners:
-        - address:
-            socket_address:
-              address: 0.0.0.0
-              port_value: 80
-          filter_chains:
-            - filters:
-                - name: envoy.http_connection_manager
-                  config:
-                    access_log:
-                    - name: envoy.file_access_log
-                      config:
-                        path: /dev/stdout
-                    codec_type: auto
-                    stat_prefix: ingress_http
-                    http_filters:
-                      - name: envoy.router
-                        config: {}
-                    route_config:
-                      name: local_route
-                      virtual_hosts:
-                        - name: local_service
-                          domains: ["*"]
-                          routes:
-                            - match:
-                                prefix: "/"
-                              route:
-                                cluster: podinfo
-                                host_rewrite: podinfo.test
-                                timeout: 15s
-                                retry_policy:
-                                  retry_on: "gateway-error,connect-failure,refused-stream"
-                                  num_retries: 10
-                                  per_try_timeout: 5s
-      clusters:
-        - name: podinfo
-          connect_timeout: 0.30s
-          type: strict_dns
-          lb_policy: round_robin
-          http2_protocol_options: {}
-          hosts:
-            - socket_address:
-                address: podinfo.test
-                port_value: 9898
-    admin:
-      access_log_path: /dev/null
-      address:
-        socket_address:
-          address: 0.0.0.0
-          port_value: 9999
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: ingress
-  namespace: test
-  labels:
-    app: ingress
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: ingress
-  strategy:
-    type: RollingUpdate
-    rollingUpdate:
-      maxUnavailable: 0
-  template:
-    metadata:
-      labels:
-        app: ingress
-      annotations:
-        prometheus.io/path: "/stats/prometheus"
-        prometheus.io/port: "9999"
-        prometheus.io/scrape: "true"
-        # dummy port to exclude ingress from mesh traffic
-        # only egress should go over the mesh
-        appmesh.k8s.aws/ports: "444"
-    spec:
-      terminationGracePeriodSeconds: 30
-      containers:
-        - name: ingress
-          image: "envoyproxy/envoy-alpine:d920944aed67425f91fc203774aebce9609e5d9a"
-          securityContext:
-            capabilities:
-              drop:
-                - ALL
-              add:
-                - NET_BIND_SERVICE
-          command:
-            - /usr/bin/dumb-init
-            - --
-          args:
-            - /usr/local/bin/envoy
-            - --base-id 30
-            - --v2-config-only
-            - -l
-            - $loglevel
-            - -c
-            - /config/envoy.yaml
-          ports:
-            - name: admin
-              containerPort: 9999
-              protocol: TCP
-            - name: http
-              containerPort: 80
-              protocol: TCP
-            - name: https
-              containerPort: 443
-              protocol: TCP
-          livenessProbe:
-            initialDelaySeconds: 5
-            tcpSocket:
-              port: admin
-          readinessProbe:
-            initialDelaySeconds: 5
-            tcpSocket:
-              port: admin
-          resources:
-            requests:
-              cpu: 100m
-              memory: 64Mi
-          volumeMounts:
-            - name: config
-              mountPath: /config
-      volumes:
-        - name: config
-          configMap:
-            name: ingress-config
----
-kind: Service
-apiVersion: v1
-metadata:
-  name: ingress
-  namespace: test
-spec:
-  selector:
-    app: ingress
-  ports:
-    - protocol: TCP
-      name: http
-      port: 80
-      targetPort: 80
-    - protocol: TCP
-      name: https
-      port: 443
-      targetPort: 443
-  type: LoadBalancer
----
-apiVersion: appmesh.k8s.aws/v1beta1
-kind: VirtualNode
-metadata:
-  name: ingress
-  namespace: test
-spec:
-  meshName: global
-  listeners:
-    - portMapping:
-        port: 80
-        protocol: http
-  serviceDiscovery:
-    dns:
-      hostName: ingress.test
-  backends:
-    - virtualService:
-        virtualServiceName: podinfo.test

artifacts/canaries/canary.yaml

@@ -1,88 +0,0 @@
-apiVersion: flagger.app/v1alpha3
-kind: Canary
-metadata:
-  name: podinfo
-  namespace: test
-spec:
-  # service mesh provider (default istio)
-  # can be: kubernetes, istio, appmesh, smi, nginx, gloo, supergloo
-  # use the kubernetes provider for Blue/Green style deployments
-  provider: istio
-  # deployment reference
-  targetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: podinfo
-  # the maximum time in seconds for the canary deployment
-  # to make progress before it is rollback (default 600s)
-  progressDeadlineSeconds: 60
-  # HPA reference (optional)
-  autoscalerRef:
-    apiVersion: autoscaling/v2beta1
-    kind: HorizontalPodAutoscaler
-    name: podinfo
-  service:
-    # container port
-    port: 9898
-    # port name can be http or grpc (default http)
-    portName: http
-    # add all the other container ports
-    # when generating ClusterIP services (default false)
-    portDiscovery: false
-    # Istio gateways (optional)
-    gateways:
-    - public-gateway.istio-system.svc.cluster.local
-      # remove the mesh gateway if the public host is
-      # shared across multiple virtual services
-    - mesh
-    # Istio virtual service host names (optional)
-    hosts:
-    - app.istio.weavedx.com
-    # Istio traffic policy (optional)
-    trafficPolicy:
-      tls:
-        # use ISTIO_MUTUAL when mTLS is enabled
-        mode: DISABLE
-    # HTTP match conditions (optional)
-    match:
-      - uri:
-          prefix: /
-    # HTTP rewrite (optional)
-    rewrite:
-      uri: /
-    # HTTP timeout (optional)
-    timeout: 30s
-  # promote the canary without analysing it (default false)
-  skipAnalysis: false
-  canaryAnalysis:
-    # schedule interval (default 60s)
-    interval: 10s
-    # max number of failed metric checks before rollback
-    threshold: 10
-    # max traffic percentage routed to canary
-    # percentage (0-100)
-    maxWeight: 50
-    # canary increment step
-    # percentage (0-100)
-    stepWeight: 5
-    # Prometheus checks
-    metrics:
-    - name: request-success-rate
-      # minimum req success rate (non 5xx responses)
-      # percentage (0-100)
-      threshold: 99
-      interval: 1m
-    - name: request-duration
-      # maximum req duration P99
-      # milliseconds
-      threshold: 500
-      interval: 30s
-    # external checks (optional)
-    webhooks:
-      - name: load-test
-        url: http://flagger-loadtester.test/
-        timeout: 5s
-        metadata:
-          type: cmd
-          cmd: "hey -z 1m -q 10 -c 2 http://podinfo-canary.test:9898/"
-          logCmdOutput: "true"

artifacts/canaries/deployment.yaml

@@ -1,67 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: podinfo
-  namespace: test
-  labels:
-    app: podinfo
-spec:
-  minReadySeconds: 5
-  revisionHistoryLimit: 5
-  progressDeadlineSeconds: 60
-  strategy:
-    rollingUpdate:
-      maxUnavailable: 0
-    type: RollingUpdate
-  selector:
-    matchLabels:
-      app: podinfo
-  template:
-    metadata:
-      annotations:
-        prometheus.io/scrape: "true"
-      labels:
-        app: podinfo
-    spec:
-      containers:
-      - name: podinfod
-        image: quay.io/stefanprodan/podinfo:1.7.0
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 9898
-          name: http
-          protocol: TCP
-        command:
-        - ./podinfo
-        - --port=9898
-        - --level=info
-        - --random-delay=false
-        - --random-error=false
-        env:
-        - name: PODINFO_UI_COLOR
-          value: blue
-        livenessProbe:
-          exec:
-            command:
-            - podcli
-            - check
-            - http
-            - localhost:9898/healthz
-          initialDelaySeconds: 5
-          timeoutSeconds: 5
-        readinessProbe:
-          exec:
-            command:
-            - podcli
-            - check
-            - http
-            - localhost:9898/readyz
-          initialDelaySeconds: 5
-          timeoutSeconds: 5
-        resources:
-          limits:
-            cpu: 2000m
-            memory: 512Mi
-          requests:
-            cpu: 100m
-            memory: 64Mi

artifacts/canaries/hpa.yaml

@@ -1,19 +0,0 @@
-apiVersion: autoscaling/v2beta1
-kind: HorizontalPodAutoscaler
-metadata:
-  name: podinfo
-  namespace: test
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: podinfo
-  minReplicas: 2
-  maxReplicas: 4
-  metrics:
-  - type: Resource
-    resource:
-      name: cpu
-      # scale up if usage is above
-      # 99% of the requested CPU (100m)
-      targetAverageUtilization: 99

artifacts/cluster/namespaces/test.yaml

@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: test
-  labels:
-    istio-injection: enabled

artifacts/cluster/releases/test/backend.yaml

@@ -1,26 +0,0 @@
-apiVersion: flux.weave.works/v1beta1
-kind: HelmRelease
-metadata:
-  name: backend
-  namespace: test
-  annotations:
-    flux.weave.works/automated: "true"
-    flux.weave.works/tag.chart-image: regexp:^1.7.*
-spec:
-  releaseName: backend
-  chart:
-    repository: https://flagger.app/
-    name: podinfo
-    version: 2.2.0
-  values:
-    image:
-      repository: quay.io/stefanprodan/podinfo
-      tag: 1.7.0
-      httpServer:
-        timeout: 30s
-      canary:
-        enabled: true
-        istioIngress:
-          enabled: false
-        loadtest:
-          enabled: true

artifacts/cluster/releases/test/frontend.yaml

@@ -1,27 +0,0 @@
-apiVersion: flux.weave.works/v1beta1
-kind: HelmRelease
-metadata:
-  name: frontend
-  namespace: test
-  annotations:
-    flux.weave.works/automated: "true"
-    flux.weave.works/tag.chart-image: semver:~1.7
-spec:
-  releaseName: frontend
-  chart:
-    repository: https://flagger.app/
-    name: podinfo
-    version: 2.2.0
-  values:
-    image:
-      repository: quay.io/stefanprodan/podinfo
-      tag: 1.7.0
-      backend: http://backend-podinfo:9898/echo
-      canary:
-        enabled: true
-        istioIngress:
-          enabled: true
-          gateway: public-gateway.istio-system.svc.cluster.local
-          host: frontend.istio.example.com
-        loadtest:
-          enabled: true

artifacts/cluster/releases/test/loadtester.yaml

@@ -1,18 +0,0 @@
-apiVersion: flux.weave.works/v1beta1
-kind: HelmRelease
-metadata:
-  name: loadtester
-  namespace: test
-  annotations:
-    flux.weave.works/automated: "true"
-    flux.weave.works/tag.chart-image: glob:0.*
-spec:
-  releaseName: flagger-loadtester
-  chart:
-    repository: https://flagger.app/
-    name: loadtester
-    version: 0.6.0
-  values:
-    image:
-      repository: weaveworks/flagger-loadtester
-      tag: 0.6.1

artifacts/eks/appmesh-prometheus.yaml

@@ -1,264 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: prometheus
-  labels:
-    app: prometheus
-rules:
-  - apiGroups: [""]
-    resources:
-      - nodes
-      - services
-      - endpoints
-      - pods
-      - nodes/proxy
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources:
-      - configmaps
-    verbs: ["get"]
-  - nonResourceURLs: ["/metrics"]
-    verbs: ["get"]
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  name: prometheus
-  labels:
-    app: prometheus
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: prometheus
-subjects:
-  - kind: ServiceAccount
-    name: prometheus
-    namespace: appmesh-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: prometheus
-  namespace: appmesh-system
-  labels:
-    app: prometheus
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: prometheus
-  namespace: appmesh-system
-  labels:
-    app: prometheus
-data:
-  prometheus.yml: |-
-    global:
-      scrape_interval: 5s
-    scrape_configs:
-
-    # Scrape config for AppMesh Envoy sidecar
-    - job_name: 'appmesh-envoy'
-      metrics_path: /stats/prometheus
-      kubernetes_sd_configs:
-      - role: pod
-
-      relabel_configs:
-      - source_labels: [__meta_kubernetes_pod_container_name]
-        action: keep
-        regex: '^envoy$'
-      - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
-        action: replace
-        regex: ([^:]+)(?::\d+)?;(\d+)
-        replacement: ${1}:9901
-        target_label: __address__
-      - action: labelmap
-        regex: __meta_kubernetes_pod_label_(.+)
-      - source_labels: [__meta_kubernetes_namespace]
-        action: replace
-        target_label: kubernetes_namespace
-      - source_labels: [__meta_kubernetes_pod_name]
-        action: replace
-        target_label: kubernetes_pod_name
-
-      # Exclude high cardinality metrics
-      metric_relabel_configs:
-      - source_labels: [ cluster_name ]
-        regex: '(outbound|inbound|prometheus_stats).*'
-        action: drop
-      - source_labels: [ tcp_prefix ]
-        regex: '(outbound|inbound|prometheus_stats).*'
-        action: drop
-      - source_labels: [ listener_address ]
-        regex: '(.+)'
-        action: drop
-      - source_labels: [ http_conn_manager_listener_prefix ]
-        regex: '(.+)'
-        action: drop
-      - source_labels: [ http_conn_manager_prefix ]
-        regex: '(.+)'
-        action: drop
-      - source_labels: [ __name__ ]
-        regex: 'envoy_tls.*'
-        action: drop
-      - source_labels: [ __name__ ]
-        regex: 'envoy_tcp_downstream.*'
-        action: drop
-      - source_labels: [ __name__ ]
-        regex: 'envoy_http_(stats|admin).*'
-        action: drop
-      - source_labels: [ __name__ ]
-        regex: 'envoy_cluster_(lb|retry|bind|internal|max|original).*'
-        action: drop
-
-    # Scrape config for API servers
-    - job_name: 'kubernetes-apiservers'
-      kubernetes_sd_configs:
-      - role: endpoints
-        namespaces:
-          names:
-          - default
-      scheme: https
-      tls_config:
-        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-      relabel_configs:
-      - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
-        action: keep
-        regex: kubernetes;https
-
-    # Scrape config for nodes
-    - job_name: 'kubernetes-nodes'
-      scheme: https
-      tls_config:
-        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-      kubernetes_sd_configs:
-      - role: node
-      relabel_configs:
-      - action: labelmap
-        regex: __meta_kubernetes_node_label_(.+)
-      - target_label: __address__
-        replacement: kubernetes.default.svc:443
-      - source_labels: [__meta_kubernetes_node_name]
-        regex: (.+)
-        target_label: __metrics_path__
-        replacement: /api/v1/nodes/${1}/proxy/metrics
-
-    # scrape config for cAdvisor
-    - job_name: 'kubernetes-cadvisor'
-      scheme: https
-      tls_config:
-        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-      kubernetes_sd_configs:
-      - role: node
-      relabel_configs:
-      - action: labelmap
-        regex: __meta_kubernetes_node_label_(.+)
-      - target_label: __address__
-        replacement: kubernetes.default.svc:443
-      - source_labels: [__meta_kubernetes_node_name]
-        regex: (.+)
-        target_label: __metrics_path__
-        replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor
-
-    # scrape config for pods
-    - job_name: kubernetes-pods
-      kubernetes_sd_configs:
-      - role: pod
-      relabel_configs:
-      - action: keep
-        regex: true
-        source_labels:
-        - __meta_kubernetes_pod_annotation_prometheus_io_scrape
-      - source_labels: [ __address__ ]
-        regex: '.*9901.*'
-        action: drop
-      - action: replace
-        regex: (.+)
-        source_labels:
-        - __meta_kubernetes_pod_annotation_prometheus_io_path
-        target_label: __metrics_path__
-      - action: replace
-        regex: ([^:]+)(?::\d+)?;(\d+)
-        replacement: $1:$2
-        source_labels:
-        - __address__
-        - __meta_kubernetes_pod_annotation_prometheus_io_port
-        target_label: __address__
-      - action: labelmap
-        regex: __meta_kubernetes_pod_label_(.+)
-      - action: replace
-        source_labels:
-        - __meta_kubernetes_namespace
-        target_label: kubernetes_namespace
-      - action: replace
-        source_labels:
-        - __meta_kubernetes_pod_name
-        target_label: kubernetes_pod_name
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: prometheus
-  namespace: appmesh-system
-  labels:
-    app: prometheus
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: prometheus
-  template:
-    metadata:
-      labels:
-        app: prometheus
-      annotations:
-        version: "appmesh-v1alpha1"
-    spec:
-      serviceAccountName: prometheus
-      containers:
-        - name: prometheus
-          image: "docker.io/prom/prometheus:v2.7.1"
-          imagePullPolicy: IfNotPresent
-          args:
-            - '--storage.tsdb.retention=6h'
-            - '--config.file=/etc/prometheus/prometheus.yml'
-          ports:
-            - containerPort: 9090
-              name: http
-          livenessProbe:
-            httpGet:
-              path: /-/healthy
-              port: 9090
-          readinessProbe:
-            httpGet:
-              path: /-/ready
-              port: 9090
-          resources:
-            requests:
-              cpu: 10m
-              memory: 128Mi
-          volumeMounts:
-            - name: config-volume
-              mountPath: /etc/prometheus
-      volumes:
-        - name: config-volume
-          configMap:
-            name: prometheus
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: prometheus
-  namespace: appmesh-system
-  labels:
-    name: prometheus
-spec:
-  selector:
-    app: prometheus
-  ports:
-    - name: http
-      protocol: TCP
-      port: 9090

artifacts/examples/appmesh-abtest.yaml

@@ -0,0 +1,62 @@
+apiVersion: flagger.app/v1beta1
+kind: Canary
+metadata:
+  name: podinfo
+  namespace: test
+spec:
+  provider: appmesh
+  progressDeadlineSeconds: 600
+  targetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: podinfo
+  autoscalerRef:
+    apiVersion: autoscaling/v2beta1
+    kind: HorizontalPodAutoscaler
+    name: podinfo
+  service:
+    port: 80
+    targetPort: 9898
+    meshName: global
+    retries:
+      attempts: 3
+      perTryTimeout: 5s
+      retryOn: "gateway-error,client-error,stream-error"
+    timeout: 35s
+    match:
+      - uri:
+          prefix: /
+    rewrite:
+      uri: /
+  analysis:
+    interval: 15s
+    threshold: 10
+    iterations: 10
+    match:
+    - headers:
+        x-canary:
+          exact: "insider"
+    metrics:
+    - name: request-success-rate
+      thresholdRange:
+        min: 99
+      interval: 1m
+    - name: request-duration
+      thresholdRange:
+        max: 500
+      interval: 30s
+    webhooks:
+    - name: conformance-test
+      type: pre-rollout
+      url: http://flagger-loadtester.test/
+      timeout: 15s
+      metadata:
+        type: "bash"
+        cmd: "curl -sd 'test' http://podinfo-canary.test/token | grep token"
+    - name: load-test
+      type: rollout
+      url: http://flagger-loadtester.test/
+      timeout: 5s
+      metadata:
+        type: cmd
+        cmd: "hey -z 1m -q 10 -c 2 -H 'X-Canary: insider' http://podinfo-canary.test/"

artifacts/examples/appmesh-canary.yaml

@@ -0,0 +1,59 @@
+apiVersion: flagger.app/v1beta1
+kind: Canary
+metadata:
+  name: podinfo
+  namespace: test
+spec:
+  provider: appmesh
+  progressDeadlineSeconds: 600
+  targetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: podinfo
+  autoscalerRef:
+    apiVersion: autoscaling/v2beta1
+    kind: HorizontalPodAutoscaler
+    name: podinfo
+  service:
+    port: 80
+    targetPort: http
+    meshName: global
+    retries:
+      attempts: 3
+      perTryTimeout: 5s
+      retryOn: "gateway-error,client-error,stream-error"
+    timeout: 35s
+    match:
+      - uri:
+          prefix: /
+    rewrite:
+      uri: /
+  analysis:
+    interval: 15s
+    threshold: 10
+    maxWeight: 50
+    stepWeight: 5
+    metrics:
+    - name: request-success-rate
+      thresholdRange:
+        min: 99
+      interval: 1m
+    - name: request-duration
+      thresholdRange:
+        max: 500
+      interval: 30s
+    webhooks:
+    - name: conformance-test
+      type: pre-rollout
+      url: http://flagger-loadtester.test/
+      timeout: 15s
+      metadata:
+        type: "bash"
+        cmd: "curl -sd 'test' http://podinfo-canary.test/token | grep token"
+    - name: load-test
+      type: rollout
+      url: http://flagger-loadtester.test/
+      timeout: 5s
+      metadata:
+        type: cmd
+        cmd: "hey -z 1m -q 10 -c 2 http://podinfo-canary.test/"

artifacts/examples/istio-abtest.yaml

@@ -0,0 +1,70 @@
+apiVersion: flagger.app/v1beta1
+kind: Canary
+metadata:
+  name: podinfo
+  namespace: test
+spec:
+  provider: istio
+  targetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: podinfo
+  autoscalerRef:
+    apiVersion: autoscaling/v2beta1
+    kind: HorizontalPodAutoscaler
+    name: podinfo
+  service:
+    name: podinfo
+    port: 80
+    targetPort: 9898
+    portName: http
+    portDiscovery: true
+    gateways:
+      - public-gateway.istio-system.svc.cluster.local
+      - mesh
+    hosts:
+      - app.example.com
+    trafficPolicy:
+      tls:
+        mode: DISABLE
+    match:
+      - uri:
+          prefix: /
+    rewrite:
+      uri: /
+    timeout: 30s
+  analysis:
+    interval: 15s
+    threshold: 10
+    iterations: 10
+    match:
+    - headers:
+        cookie:
+          regex: "^(.*?;)?(type=insider)(;.*)?$"
+    - headers:
+        user-agent:
+          regex: "(?=.*Safari)(?!.*Chrome).*$"
+    metrics:
+      - name: request-success-rate
+        thresholdRange:
+          min: 99
+        interval: 1m
+      - name: request-duration
+        thresholdRange:
+          max: 500
+        interval: 30s
+    webhooks:
+      - name: conformance-test
+        type: pre-rollout
+        url: http://flagger-loadtester.test/
+        timeout: 15s
+        metadata:
+          type: "bash"
+          cmd: "curl -sd 'test' http://podinfo-canary.test/token | grep token"
+      - name: load-test
+        type: rollout
+        url: http://flagger-loadtester.test/
+        timeout: 5s
+        metadata:
+          type: cmd
+          cmd: "hey -z 1m -q 10 -c 2 -H 'Cookie: type=insider' http://podinfo.test/"

artifacts/examples/istio-canary.yaml

@@ -0,0 +1,66 @@
+apiVersion: flagger.app/v1beta1
+kind: Canary
+metadata:
+  name: podinfo
+  namespace: test
+spec:
+  provider: istio
+  progressDeadlineSeconds: 600
+  targetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: podinfo
+  autoscalerRef:
+    apiVersion: autoscaling/v2beta1
+    kind: HorizontalPodAutoscaler
+    name: podinfo
+  service:
+    name: podinfo
+    port: 80
+    targetPort: 9898
+    portName: http
+    portDiscovery: true
+    gateways:
+    - public-gateway.istio-system.svc.cluster.local
+    - mesh
+    hosts:
+    - app.example.com
+    trafficPolicy:
+      tls:
+        mode: DISABLE
+    match:
+    - uri:
+        prefix: /
+    rewrite:
+      uri: /
+    timeout: 30s
+  skipAnalysis: false
+  analysis:
+    interval: 15s
+    threshold: 10
+    maxWeight: 50
+    stepWeight: 5
+    metrics:
+    - name: request-success-rate
+      thresholdRange:
+        min: 99
+      interval: 1m
+    - name: request-duration
+      thresholdRange:
+        max: 500
+      interval: 30s
+    webhooks:
+    - name: conformance-test
+      type: pre-rollout
+      url: http://flagger-loadtester.test/
+      timeout: 15s
+      metadata:
+        type: "bash"
+        cmd: "curl -sd 'test' http://podinfo-canary.test/token | grep token"
+    - name: load-test
+      type: rollout
+      url: http://flagger-loadtester.test/
+      timeout: 5s
+      metadata:
+        type: cmd
+        cmd: "hey -z 1m -q 10 -c 2 http://podinfo-canary.test/"

artifacts/examples/linkerd-canary.yaml

@@ -0,0 +1,52 @@
+apiVersion: flagger.app/v1beta1
+kind: Canary
+metadata:
+  name: podinfo
+  namespace: test
+spec:
+  provider: linkerd
+  progressDeadlineSeconds: 600
+  targetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: podinfo
+  autoscalerRef:
+    apiVersion: autoscaling/v2beta1
+    kind: HorizontalPodAutoscaler
+    name: podinfo
+  service:
+    name: podinfo
+    port: 80
+    targetPort: 9898
+    portName: http
+    portDiscovery: true
+  skipAnalysis: false
+  analysis:
+    interval: 15s
+    threshold: 10
+    maxWeight: 50
+    stepWeight: 5
+    metrics:
+    - name: request-success-rate
+      thresholdRange:
+        min: 99
+      interval: 1m
+    - name: request-duration
+      thresholdRange:
+        max: 500
+      interval: 30s
+    webhooks:
+    - name: conformance-test
+      type: pre-rollout
+      url: http://flagger-loadtester.test/
+      timeout: 15s
+      metadata:
+        type: "bash"
+        cmd: "curl -sd 'test' http://podinfo-canary.test/token | grep token"
+    - name: load-test
+      type: rollout
+      url: http://flagger-loadtester.test/
+      timeout: 5s
+      metadata:
+        type: cmd
+        cmd: "hey -z 1m -q 10 -c 2 http://podinfo-canary.test/"

artifacts/flagger/account.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: flagger
-  namespace: istio-system
+  namespace: default
   labels:
     app: flagger
 ---
@@ -24,6 +24,7 @@ rules:
   - apiGroups:
       - apps
     resources:
+      - daemonsets
       - deployments
     verbs: ["*"]
   - apiGroups:
@@ -42,6 +43,10 @@ rules:
     resources:
       - canaries
       - canaries/status
+      - metrictemplates
+      - metrictemplates/status
+      - alertproviders
+      - alertproviders/status
     verbs: ["*"]
   - apiGroups:
       - networking.istio.io
@@ -81,6 +86,11 @@ rules:
       - virtualservices
       - gateways
     verbs: ["*"]
+  - apiGroups:
+      - projectcontour.io
+    resources:
+      - httpproxies
+    verbs: ["*"]
   - nonResourceURLs:
       - /version
     verbs:
@@ -99,4 +109,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: flagger
-  namespace: istio-system
+  namespace: default

artifacts/flagger/crd.yaml

@@ -6,16 +6,19 @@ metadata:
     helm.sh/resource-policy: keep
 spec:
   group: flagger.app
-  version: v1alpha3
+  version: v1beta1
   versions:
-    - name: v1alpha3
+    - name: v1beta1
       served: true
       storage: true
-    - name: v1alpha2
+    - name: v1alpha3
       served: true
       storage: false
+    - name: v1alpha2
+      served: false
+      storage: false
     - name: v1alpha1
-      served: true
+      served: false
       storage: false
   names:
     plural: canaries
@@ -33,6 +36,26 @@ spec:
     - name: Weight
       type: string
       JSONPath: .status.canaryWeight
+    - name: FailedChecks
+      type: string
+      JSONPath: .status.failedChecks
+      priority: 1
+    - name: Interval
+      type: string
+      JSONPath: .spec.analysis.interval
+      priority: 1
+    - name: Mirror
+      type: boolean
+      JSONPath: .spec.analysis.mirror
+      priority: 1
+    - name: StepWeight
+      type: string
+      JSONPath: .spec.analysis.stepWeight
+      priority: 1
+    - name: MaxWeight
+      type: string
+      JSONPath: .spec.analysis.maxWeight
+      priority: 1
     - name: LastTransitionTime
       type: string
       JSONPath: .status.lastTransitionTime
@@ -43,66 +66,451 @@ spec:
           required:
             - targetRef
             - service
-            - canaryAnalysis
+            - analysis
           properties:
             provider:
+              description: Traffic managent provider
+              type: string
+            metricsServer:
+              description: Prometheus URL
               type: string
             progressDeadlineSeconds:
+              description: Deployment progress deadline
               type: number
             targetRef:
+              description: Target selector
               type: object
-              required: ['apiVersion', 'kind', 'name']
+              required: ["apiVersion", "kind", "name"]
               properties:
                 apiVersion:
                   type: string
                 kind:
                   type: string
+                  enum:
+                    - DaemonSet
+                    - Deployment
+                    - Service
                 name:
                   type: string
             autoscalerRef:
-              anyOf:
-                - type: string
-                - type: object
-              required: ['apiVersion', 'kind', 'name']
+              description: HPA selector
+              type: object
+              required: ["apiVersion", "kind", "name"]
               properties:
                 apiVersion:
                   type: string
                 kind:
                   type: string
+                  enum:
+                    - HorizontalPodAutoscaler
                 name:
                   type: string
             ingressRef:
-              anyOf:
-                - type: string
-                - type: object
-              required: ['apiVersion', 'kind', 'name']
+              description: NGINX ingress selector
+              type: object
+              required: ["apiVersion", "kind", "name"]
               properties:
                 apiVersion:
                   type: string
                 kind:
                   type: string
+                  enum:
+                    - Ingress
                 name:
                   type: string
             service:
+              description: Kubernetes Service spec
               type: object
-              required: ['port']
+              required: ["port"]
               properties:
+                name:
+                  description: Kubernetes service name
+                  type: string
                 port:
+                  description: Container port number
                   type: number
                 portName:
+                  description: Container port name
                   type: string
+                targetPort:
+                  description: Container target port name
+                  anyOf:
+                    - type: string
+                    - type: number
                 portDiscovery:
+                  description: Enable port dicovery
                   type: boolean
-                meshName:
-                  type: string
                 timeout:
+                  description: HTTP or gRPC request timeout
                   type: string
+                meshName:
+                  description: AppMesh mesh name
+                  type: string
+                backends:
+                  description: AppMesh backend array
+                  type: array
+                  items:
+                    type: string
+                hosts:
+                  description: The list of host names for this service
+                  type: array
+                  items:
+                    type: string
+                match:
+                  description: URI match conditions
+                  type: array
+                  items:
+                    type: object
+                    properties:
+                      uri:
+                        type: object
+                        oneOf:
+                          - required: ["exact"]
+                          - required: ["prefix"]
+                          - required: ["suffix"]
+                          - required: ["regex"]
+                        properties:
+                          exact:
+                            format: string
+                            type: string
+                          prefix:
+                            format: string
+                            type: string
+                          suffix:
+                            format: string
+                            type: string
+                          regex:
+                            format: string
+                            type: string
+                retries:
+                  description: Retry policy for HTTP requests
+                  type: object
+                  properties:
+                    attempts:
+                      description: Number of retries for a given request
+                      format: int32
+                      type: integer
+                    perTryTimeout:
+                      description: Timeout per retry attempt for a given request
+                      type: string
+                    retryOn:
+                      description: Specifies the conditions under which retry takes place
+                      format: string
+                      type: string
+                rewrite:
+                  description: Rewrite HTTP URIs
+                  type: object
+                  properties:
+                    uri:
+                      format: string
+                      type: string
+                headers:
+                  description: Headers operations
+                  type: object
+                  properties:
+                    request:
+                      properties:
+                        add:
+                          additionalProperties:
+                            format: string
+                            type: string
+                          type: object
+                        remove:
+                          items:
+                            format: string
+                            type: string
+                          type: array
+                        set:
+                          additionalProperties:
+                            format: string
+                            type: string
+                          type: object
+                      type: object
+                    response:
+                      properties:
+                        add:
+                          additionalProperties:
+                            format: string
+                            type: string
+                          type: object
+                        remove:
+                          items:
+                            format: string
+                            type: string
+                          type: array
+                        set:
+                          additionalProperties:
+                            format: string
+                            type: string
+                          type: object
+                      type: object
+                gateways:
+                  description: The list of Istio gateway for this virtual service
+                  type: array
+                  items:
+                    type: string
+                corsPolicy:
+                  description: Istio Cross-Origin Resource Sharing policy (CORS)
+                  type: object
+                  properties:
+                    allowCredentials:
+                      type: boolean
+                    allowHeaders:
+                      items:
+                        format: string
+                        type: string
+                      type: array
+                    allowMethods:
+                      description: List of HTTP methods allowed to access the resource
+                      items:
+                        format: string
+                        type: string
+                      type: array
+                    allowOrigin:
+                      description: The list of origins that are allowed to perform
+                        CORS requests.
+                      items:
+                        format: string
+                        type: string
+                      type: array
+                    allowOrigins:
+                      description: String patterns that match allowed origins
+                      type: array
+                      items:
+                        type: object
+                        oneOf:
+                          - required:
+                              - exact
+                          - required:
+                              - prefix
+                          - required:
+                              - regex
+                        properties:
+                          exact:
+                            format: string
+                            type: string
+                          prefix:
+                            format: string
+                            type: string
+                          regex:
+                            format: string
+                            type: string
+                    exposeHeaders:
+                      items:
+                        format: string
+                        type: string
+                      type: array
+                    maxAge:
+                      type: string
+                trafficPolicy:
+                  description: Istio traffic policy
+                  type: object
+                  properties:
+                    connectionPool:
+                      properties:
+                        http:
+                          description: HTTP connection pool settings.
+                          type: object
+                          properties:
+                            h2UpgradePolicy:
+                              description: Specify if http1.1 connection should
+                                be upgraded to http2 for the associated destination.
+                              enum:
+                                - DEFAULT
+                                - DO_NOT_UPGRADE
+                                - UPGRADE
+                              type: string
+                            http1MaxPendingRequests:
+                              description: Maximum number of pending HTTP requests
+                                to a destination.
+                              format: int32
+                              type: integer
+                            http2MaxRequests:
+                              description: Maximum number of requests to a backend.
+                              format: int32
+                              type: integer
+                            idleTimeout:
+                              description: The idle timeout for upstream connection
+                                pool connections.
+                              type: string
+                            maxRequestsPerConnection:
+                              description: Maximum number of requests per connection
+                                to a backend.
+                              format: int32
+                              type: integer
+                            maxRetries:
+                              format: int32
+                              type: integer
+                    loadBalancer:
+                      description: Settings controlling the load balancer algorithms.
+                      type: object
+                      oneOf:
+                        - required:
+                            - simple
+                        - properties:
+                            consistentHash:
+                              oneOf:
+                                - required:
+                                    - httpHeaderName
+                                - required:
+                                    - httpCookie
+                                - required:
+                                    - useSourceIp
+                                - required:
+                                    - httpQueryParameterName
+                          required:
+                            - consistentHash
+                      properties:
+                        consistentHash:
+                          properties:
+                            httpCookie:
+                              description: Hash based on HTTP cookie.
+                              properties:
+                                name:
+                                  description: Name of the cookie.
+                                  format: string
+                                  type: string
+                                path:
+                                  description: Path to set for the cookie.
+                                  format: string
+                                  type: string
+                                ttl:
+                                  description: Lifetime of the cookie.
+                                  type: string
+                              type: object
+                            httpHeaderName:
+                              description: Hash based on a specific HTTP header.
+                              format: string
+                              type: string
+                            httpQueryParameterName:
+                              description: Hash based on a specific HTTP query parameter.
+                              format: string
+                              type: string
+                            minimumRingSize:
+                              type: integer
+                            useSourceIp:
+                              description: Hash based on the source IP address.
+                              type: boolean
+                          type: object
+                        localityLbSetting:
+                          properties:
+                            distribute:
+                              description: 'Optional: only one of distribute or
+                                failover can be set.'
+                              items:
+                                properties:
+                                  from:
+                                    description: Originating locality, '/' separated,
+                                      e.g.
+                                    format: string
+                                    type: string
+                                  to:
+                                    additionalProperties:
+                                      type: integer
+                                    description: Map of upstream localities to traffic
+                                      distribution weights.
+                                    type: object
+                                type: object
+                              type: array
+                            enabled:
+                              description: enable locality load balancing, this
+                                is DestinationRule-level and will override mesh
+                                wide settings in entirety.
+                              type: boolean
+                            failover:
+                              description: 'Optional: only failover or distribute
+                                can be set.'
+                              items:
+                                properties:
+                                  from:
+                                    description: Originating region.
+                                    format: string
+                                    type: string
+                                  to:
+                                    format: string
+                                    type: string
+                                type: object
+                              type: array
+                          type: object
+                        simple:
+                          enum:
+                            - ROUND_ROBIN
+                            - LEAST_CONN
+                            - RANDOM
+                            - PASSTHROUGH
+                          type: string
+                    outlierDetection:
+                      description: Settings controlling eviction of unhealthy hosts from the load balancing pool.
+                      type: object
+                      properties:
+                        baseEjectionTime:
+                          description: Minimum ejection duration.
+                          type: string
+                        consecutive5xxErrors:
+                          description: Number of 5xx errors before a host is ejected
+                            from the connection pool.
+                          type: integer
+                        consecutiveErrors:
+                          format: int32
+                          type: integer
+                        consecutiveGatewayErrors:
+                          description: Number of gateway errors before a host is
+                            ejected from the connection pool.
+                          format: int32
+                          type: integer
+                        interval:
+                          description: Time interval between ejection sweep analysis.
+                          type: string
+                        maxEjectionPercent:
+                          format: int32
+                          type: integer
+                        minHealthPercent:
+                          format: int32
+                          type: integer
+                    tls:
+                      description: Istio TLS related settings for connections to the upstream service
+                      type: object
+                      properties:
+                        caCertificates:
+                          format: string
+                          type: string
+                        clientCertificate:
+                          description: REQUIRED if mode is `MUTUAL`.
+                          format: string
+                          type: string
+                        mode:
+                          enum:
+                            - DISABLE
+                            - SIMPLE
+                            - MUTUAL
+                            - ISTIO_MUTUAL
+                          type: string
+                        privateKey:
+                          description: REQUIRED if mode is `MUTUAL`.
+                          format: string
+                          type: string
+                        sni:
+                          description: SNI string to present to the server
+                            during TLS handshake.
+                          format: string
+                          type: string
+                        subjectAltNames:
+                          items:
+                            format: string
+                            type: string
+                          type: array
             skipAnalysis:
+              description: Skip analysis and promote canary
               type: boolean
-            canaryAnalysis:
+            analysis:
+              description: Canary analysis for this canary
+              type: object
+              oneOf:
+                - required: ["interval", "threshold", "iterations"]
+                - required: ["interval", "threshold", "stepWeight"]
               properties:
                 interval:
-                  description: Canary schedule interval
+                  description: Schedule interval for this canary
                   type: string
                   pattern: "^[0-9]+(m|s)"
                 iterations:
@@ -115,56 +523,115 @@ spec:
                   description: Max traffic percentage routed to canary
                   type: number
                 stepWeight:
-                  description: Canary incremental traffic percentage step
+                  description: Incremental traffic percentage step
                   type: number
-                metrics:
-                  description: Prometheus query list for this canary
+                mirror:
+                  description: Mirror traffic to canary
+                  type: boolean
+                match:
+                  description: A/B testing match conditions
                   type: array
-                  properties:
-                    items:
-                      type: object
-                      required: ['name', 'threshold']
-                      properties:
-                        name:
-                          description: Name of the Prometheus metric
-                          type: string
-                        interval:
-                          description: Interval of the promql query
-                          type: string
-                          pattern: "^[0-9]+(m|s)"
-                        threshold:
-                          description: Max scalar value accepted for this metric
-                          type: number
-                        query:
-                          description: Prometheus query
-                          type: string
+                  items:
+                    type: object
+                    properties:
+                      headers:
+                        type: object
+                        additionalProperties:
+                          oneOf:
+                            - required: ["exact"]
+                            - required: ["prefix"]
+                            - required: ["suffix"]
+                            - required: ["regex"]
+                          type: object
+                          properties:
+                            exact:
+                              format: string
+                              type: string
+                            prefix:
+                              format: string
+                              type: string
+                            suffix:
+                              format: string
+                              type: string
+                            regex:
+                              format: string
+                              type: string
+                metrics:
+                  description: Metric check list for this canary
+                  type: array
+                  items:
+                    type: object
+                    required: ["name"]
+                    properties:
+                      name:
+                        description: Name of the metric
+                        type: string
+                      interval:
+                        description: Interval of the query
+                        type: string
+                        pattern: "^[0-9]+(m|s)"
+                      threshold:
+                        description: Max value accepted for this metric
+                        type: number
+                      thresholdRange:
+                        description: Range accepted for this metric
+                        type: object
+                        properties:
+                          min:
+                            description: Min value accepted for this metric
+                            type: number
+                          max:
+                            description: Max value accepted for this metric
+                            type: number
+                      query:
+                        description: Prometheus query
+                        type: string
+                      templateRef:
+                        description: Metric template reference
+                        type: object
+                        required: ["name"]
+                        properties:
+                          name:
+                            description: Name of this metric template
+                            type: string
+                          namespace:
+                            description: Namespace of this metric template
+                            type: string
                 webhooks:
                   description: Webhook list for this canary
                   type: array
-                  properties:
-                    items:
-                      type: object
-                      required: ['name', 'url', 'timeout']
-                      properties:
-                        name:
-                          description: Name of the webhook
+                  items:
+                    type: object
+                    required: ["name", "url"]
+                    properties:
+                      name:
+                        description: Name of the webhook
+                        type: string
+                      type:
+                        description: Type of the webhook pre, post or during rollout
+                        type: string
+                        enum:
+                          - ""
+                          - confirm-rollout
+                          - pre-rollout
+                          - rollout
+                          - confirm-promotion
+                          - post-rollout
+                          - event
+                          - rollback
+                      url:
+                        description: URL address of this webhook
+                        type: string
+                        format: url
+                      timeout:
+                        description: Request timeout for this webhook
+                        type: string
+                        pattern: "^[0-9]+(m|s)"
+                      metadata:
+                        description: Metadata (key-value pairs) for this webhook
+                        type: object
+                        additionalProperties:
                           type: string
-                        type:
-                          description: Type of the webhook pre, post or during rollout
-                          type: string
-                          enum:
-                            - ""
-                            - pre-rollout
-                            - rollout
-                            - post-rollout
-                        url:
-                          description: URL address of this webhook
-                          type: string
-                          format: url
-                        timeout:
-                          description: Request timeout for this webhook
-                          type: string
-                          pattern: "^[0-9]+(m|s)"
         status:
           properties:
             phase:
@@ -176,6 +643,7 @@ spec:
                 - Initialized
                 - Waiting
                 - Progressing
+                - Promoting
                 - Finalising
                 - Succeeded
                 - Failed
@@ -198,28 +666,156 @@ spec:
             conditions:
               description: Status conditions of this canary
               type: array
+              items:
+                type: object
+                required: ["type", "status", "reason"]
+                properties:
+                  lastTransitionTime:
+                    description: LastTransitionTime of this condition
+                    format: date-time
+                    type: string
+                  lastUpdateTime:
+                    description: LastUpdateTime of this condition
+                    format: date-time
+                    type: string
+                  message:
+                    description: Message associated with this condition
+                    type: string
+                  reason:
+                    description: Reason for the current status of this condition
+                    type: string
+                  status:
+                    description: Status of this condition
+                    type: string
+                  type:
+                    description: Type of this condition
+                    type: string
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: metrictemplates.flagger.app
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  group: flagger.app
+  version: v1beta1
+  versions:
+    - name: v1beta1
+      served: true
+      storage: true
+    - name: v1alpha1
+      served: true
+      storage: false
+  names:
+    plural: metrictemplates
+    singular: metrictemplate
+    kind: MetricTemplate
+    categories:
+      - all
+  scope: Namespaced
+  subresources:
+    status: {}
+  additionalPrinterColumns:
+    - name: Provider
+      type: string
+      JSONPath: .spec.provider.type
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          required:
+            - provider
+            - query
+          properties:
+            provider:
+              description: Provider of this metric template
+              type: object
+              required:
+                - type
               properties:
-                items:
+                type:
+                  description: Type of this provider
+                  type: string
+                  enum:
+                    - prometheus
+                    - influxdb
+                    - datadog
+                    - cloudwatch
+                address:
+                  description: API address of this provider
+                  type: string
+                secretRef:
+                  description: Kubernetes secret reference containing the provider credentials
                   type: object
-                  required: ['type', 'status', 'reason']
+                  required:
+                    - name
                   properties:
-                    lastTransitionTime:
-                      description: LastTransitionTime of this condition
-                      format: date-time
-                      type: string
-                    lastUpdateTime:
-                      description: LastUpdateTime of this condition
-                      format: date-time
-                      type: string
-                    message:
-                      description: Message associated with this condition
-                      type: string
-                    reason:
-                      description: Reason for the current status of this condition
-                      type: string
-                    status:
-                      description: Status of this condition
-                      type: string
-                    type:
-                      description: Type of this condition
+                    name:
+                      description: Name of the Kubernetes secret
                       type: string
+                region:
+                  description: Region of the provider
+                  type: string
+            query:
+              description: Query of this metric template
+              type: string
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: alertproviders.flagger.app
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  group: flagger.app
+  version: v1beta1
+  versions:
+    - name: v1beta1
+      served: true
+      storage: true
+  names:
+    plural: alertproviders
+    singular: alertprovider
+    kind: AlertProvider
+    categories:
+      - all
+  scope: Namespaced
+  subresources:
+    status: {}
+  additionalPrinterColumns:
+    - name: Type
+      type: string
+      JSONPath: .spec.type
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          oneOf:
+            - required:
+              - type
+              - address
+            - required:
+              - type
+              - secretRef
+          properties:
+            type:
+              description: Type of this provider
+              type: string
+              enum:
+                - slack
+                - msteams
+                - discord
+                - rocket
+            address:
+              description: Hook URL address of this provider
+              type: string
+            secretRef:
+              description: Kubernetes secret reference containing the provider address
+              type: object
+              required:
+                - name
+              properties:
+                name:
+                  description: Name of the Kubernetes secret
+                  type: string

artifacts/flagger/deployment.yaml

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: flagger
-  namespace: istio-system
+  namespace: default
   labels:
     app: flagger
 spec:
@@ -22,7 +22,7 @@ spec:
       serviceAccountName: flagger
       containers:
       - name: flagger
-        image: weaveworks/flagger:0.18.1
+        image: weaveworks/flagger:1.0.0-rc.1
         imagePullPolicy: IfNotPresent
         ports:
         - name: http
@@ -30,9 +30,6 @@ spec:
         command:
         - ./flagger
         - -log-level=info
-        - -control-loop-interval=10s
-        - -mesh-provider=$(MESH_PROVIDER)
-        - -metrics-server=http://prometheus.istio-system.svc.cluster.local:9090
         livenessProbe:
           exec:
             command:

artifacts/gke/istio-gateway.yaml

@@ -1,27 +0,0 @@
-apiVersion: networking.istio.io/v1alpha3
-kind: Gateway
-metadata:
-  name: public-gateway
-  namespace: istio-system
-spec:
-  selector:
-    istio: ingressgateway
-  servers:
-    - port:
-        number: 80
-        name: http
-        protocol: HTTP
-      hosts:
-        - "*"
-      tls:
-        httpsRedirect: true
-    - port:
-        number: 443
-        name: https
-        protocol: HTTPS
-      hosts:
-        - "*"
-      tls:
-        mode: SIMPLE
-        privateKey: /etc/istio/ingressgateway-certs/tls.key
-        serverCertificate: /etc/istio/ingressgateway-certs/tls.crt

artifacts/gke/istio-prometheus.yaml

@@ -1,834 +0,0 @@
-# Source: istio/charts/prometheus/templates/configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: prometheus
-  namespace: istio-system
-  labels:
-    app: prometheus
-    chart: prometheus-1.0.6
-    heritage: Tiller
-    release: istio
-data:
-  prometheus.yml: |-
-    global:
-      scrape_interval: 15s
-    scrape_configs:
-
-    - job_name: 'istio-mesh'
-      # Override the global default and scrape targets from this job every 5 seconds.
-      scrape_interval: 5s
-
-      kubernetes_sd_configs:
-      - role: endpoints
-        namespaces:
-          names:
-          - istio-system
-
-      relabel_configs:
-      - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
-        action: keep
-        regex: istio-telemetry;prometheus
-
-
-    # Scrape config for envoy stats
-    - job_name: 'envoy-stats'
-      metrics_path: /stats/prometheus
-      kubernetes_sd_configs:
-      - role: pod
-
-      relabel_configs:
-      - source_labels: [__meta_kubernetes_pod_container_port_name]
-        action: keep
-        regex: '.*-envoy-prom'
-      - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
-        action: replace
-        regex: ([^:]+)(?::\d+)?;(\d+)
-        replacement: $1:15090
-        target_label: __address__
-      - action: labelmap
-        regex: __meta_kubernetes_pod_label_(.+)
-      - source_labels: [__meta_kubernetes_namespace]
-        action: replace
-        target_label: namespace
-      - source_labels: [__meta_kubernetes_pod_name]
-        action: replace
-        target_label: pod_name
-
-      metric_relabel_configs:
-      # Exclude some of the envoy metrics that have massive cardinality
-      # This list may need to be pruned further moving forward, as informed
-      # by performance and scalability testing.
-      - source_labels: [ cluster_name ]
-        regex: '(outbound|inbound|prometheus_stats).*'
-        action: drop
-      - source_labels: [ tcp_prefix ]
-        regex: '(outbound|inbound|prometheus_stats).*'
-        action: drop
-      - source_labels: [ listener_address ]
-        regex: '(.+)'
-        action: drop
-      - source_labels: [ http_conn_manager_listener_prefix ]
-        regex: '(.+)'
-        action: drop
-      - source_labels: [ http_conn_manager_prefix ]
-        regex: '(.+)'
-        action: drop
-      - source_labels: [ __name__ ]
-        regex: 'envoy_tls.*'
-        action: drop
-      - source_labels: [ __name__ ]
-        regex: 'envoy_tcp_downstream.*'
-        action: drop
-      - source_labels: [ __name__ ]
-        regex: 'envoy_http_(stats|admin).*'
-        action: drop
-      - source_labels: [ __name__ ]
-        regex: 'envoy_cluster_(lb|retry|bind|internal|max|original).*'
-        action: drop
-
-
-    - job_name: 'istio-policy'
-      # Override the global default and scrape targets from this job every 5 seconds.
-      scrape_interval: 5s
-      # metrics_path defaults to '/metrics'
-      # scheme defaults to 'http'.
-
-      kubernetes_sd_configs:
-      - role: endpoints
-        namespaces:
-          names:
-          - istio-system
-
-
-      relabel_configs:
-      - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
-        action: keep
-        regex: istio-policy;http-monitoring
-
-    - job_name: 'istio-telemetry'
-      # Override the global default and scrape targets from this job every 5 seconds.
-      scrape_interval: 5s
-      # metrics_path defaults to '/metrics'
-      # scheme defaults to 'http'.
-
-      kubernetes_sd_configs:
-      - role: endpoints
-        namespaces:
-          names:
-          - istio-system
-
-      relabel_configs:
-      - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
-        action: keep
-        regex: istio-telemetry;http-monitoring
-
-    - job_name: 'pilot'
-      # Override the global default and scrape targets from this job every 5 seconds.
-      scrape_interval: 5s
-      # metrics_path defaults to '/metrics'
-      # scheme defaults to 'http'.
-
-      kubernetes_sd_configs:
-      - role: endpoints
-        namespaces:
-          names:
-          - istio-system
-
-      relabel_configs:
-      - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
-        action: keep
-        regex: istio-pilot;http-monitoring
-
-    - job_name: 'galley'
-      # Override the global default and scrape targets from this job every 5 seconds.
-      scrape_interval: 5s
-      # metrics_path defaults to '/metrics'
-      # scheme defaults to 'http'.
-
-      kubernetes_sd_configs:
-      - role: endpoints
-        namespaces:
-          names:
-          - istio-system
-
-      relabel_configs:
-      - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
-        action: keep
-        regex: istio-galley;http-monitoring
-
-    # scrape config for API servers
-    - job_name: 'kubernetes-apiservers'
-      kubernetes_sd_configs:
-      - role: endpoints
-        namespaces:
-          names:
-          - default
-      scheme: https
-      tls_config:
-        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-      relabel_configs:
-      - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
-        action: keep
-        regex: kubernetes;https
-
-    # scrape config for nodes (kubelet)
-    - job_name: 'kubernetes-nodes'
-      scheme: https
-      tls_config:
-        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-      kubernetes_sd_configs:
-      - role: node
-      relabel_configs:
-      - action: labelmap
-        regex: __meta_kubernetes_node_label_(.+)
-      - target_label: __address__
-        replacement: kubernetes.default.svc:443
-      - source_labels: [__meta_kubernetes_node_name]
-        regex: (.+)
-        target_label: __metrics_path__
-        replacement: /api/v1/nodes/${1}/proxy/metrics
-
-    # Scrape config for Kubelet cAdvisor.
-    #
-    # This is required for Kubernetes 1.7.3 and later, where cAdvisor metrics
-    # (those whose names begin with 'container_') have been removed from the
-    # Kubelet metrics endpoint.  This job scrapes the cAdvisor endpoint to
-    # retrieve those metrics.
-    #
-    # In Kubernetes 1.7.0-1.7.2, these metrics are only exposed on the cAdvisor
-    # HTTP endpoint; use "replacement: /api/v1/nodes/${1}:4194/proxy/metrics"
-    # in that case (and ensure cAdvisor's HTTP server hasn't been disabled with
-    # the --cadvisor-port=0 Kubelet flag).
-    #
-    # This job is not necessary and should be removed in Kubernetes 1.6 and
-    # earlier versions, or it will cause the metrics to be scraped twice.
-    - job_name: 'kubernetes-cadvisor'
-      scheme: https
-      tls_config:
-        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-      kubernetes_sd_configs:
-      - role: node
-      relabel_configs:
-      - action: labelmap
-        regex: __meta_kubernetes_node_label_(.+)
-      - target_label: __address__
-        replacement: kubernetes.default.svc:443
-      - source_labels: [__meta_kubernetes_node_name]
-        regex: (.+)
-        target_label: __metrics_path__
-        replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor
-
-    # scrape config for service endpoints.
-    - job_name: 'kubernetes-service-endpoints'
-      kubernetes_sd_configs:
-      - role: endpoints
-      relabel_configs:
-      - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]
-        action: keep
-        regex: true
-      - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
-        action: replace
-        target_label: __scheme__
-        regex: (https?)
-      - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
-        action: replace
-        target_label: __metrics_path__
-        regex: (.+)
-      - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
-        action: replace
-        target_label: __address__
-        regex: ([^:]+)(?::\d+)?;(\d+)
-        replacement: $1:$2
-      - action: labelmap
-        regex: __meta_kubernetes_service_label_(.+)
-      - source_labels: [__meta_kubernetes_namespace]
-        action: replace
-        target_label: kubernetes_namespace
-      - source_labels: [__meta_kubernetes_service_name]
-        action: replace
-        target_label: kubernetes_name
-
-    - job_name: 'kubernetes-pods'
-      kubernetes_sd_configs:
-      - role: pod
-      relabel_configs:  # If first two labels are present, pod should be scraped  by the istio-secure job.
-      - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
-        action: keep
-        regex: true
-      - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status]
-        action: drop
-        regex: (.+)
-      - source_labels: [__meta_kubernetes_pod_annotation_istio_mtls]
-        action: drop
-        regex: (true)
-      - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
-        action: replace
-        target_label: __metrics_path__
-        regex: (.+)
-      - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
-        action: replace
-        regex: ([^:]+)(?::\d+)?;(\d+)
-        replacement: $1:$2
-        target_label: __address__
-      - action: labelmap
-        regex: __meta_kubernetes_pod_label_(.+)
-      - source_labels: [__meta_kubernetes_namespace]
-        action: replace
-        target_label: namespace
-      - source_labels: [__meta_kubernetes_pod_name]
-        action: replace
-        target_label: pod_name
-
-    - job_name: 'kubernetes-pods-istio-secure'
-      scheme: https
-      tls_config:
-        ca_file: /etc/istio-certs/root-cert.pem
-        cert_file: /etc/istio-certs/cert-chain.pem
-        key_file: /etc/istio-certs/key.pem
-        insecure_skip_verify: true  # prometheus does not support secure naming.
-      kubernetes_sd_configs:
-      - role: pod
-      relabel_configs:
-      - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
-        action: keep
-        regex: true
-      # sidecar status annotation is added by sidecar injector and
-      # istio_workload_mtls_ability can be specifically placed on a pod to indicate its ability to receive mtls traffic.
-      - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_istio_mtls]
-        action: keep
-        regex: (([^;]+);([^;]*))|(([^;]*);(true))
-      - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
-        action: replace
-        target_label: __metrics_path__
-        regex: (.+)
-      - source_labels: [__address__]  # Only keep address that is host:port
-        action: keep    # otherwise an extra target with ':443' is added for https scheme
-        regex: ([^:]+):(\d+)
-      - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
-        action: replace
-        regex: ([^:]+)(?::\d+)?;(\d+)
-        replacement: $1:$2
-        target_label: __address__
-      - action: labelmap
-        regex: __meta_kubernetes_pod_label_(.+)
-      - source_labels: [__meta_kubernetes_namespace]
-        action: replace
-        target_label: namespace
-      - source_labels: [__meta_kubernetes_pod_name]
-        action: replace
-        target_label: pod_name
-
----
-
-# Source: istio/charts/prometheus/templates/clusterrole.yaml
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: prometheus-istio-system
-  labels:
-    app: prometheus
-    chart: prometheus-1.0.6
-    heritage: Tiller
-    release: istio
-rules:
-  - apiGroups: [""]
-    resources:
-      - nodes
-      - services
-      - endpoints
-      - pods
-      - nodes/proxy
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources:
-      - configmaps
-    verbs: ["get"]
-  - nonResourceURLs: ["/metrics"]
-    verbs: ["get"]
-
----
-
-# Source: istio/charts/prometheus/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: prometheus
-  namespace: istio-system
-  labels:
-    app: prometheus
-    chart: prometheus-1.0.6
-    heritage: Tiller
-    release: istio
-
----
-
-# Source: istio/charts/prometheus/templates/clusterrolebindings.yaml
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  name: prometheus-istio-system
-  labels:
-    app: prometheus
-    chart: prometheus-1.0.6
-    heritage: Tiller
-    release: istio
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: prometheus-istio-system
-subjects:
-  - kind: ServiceAccount
-    name: prometheus
-    namespace: istio-system
-
----
-
-# Source: istio/charts/prometheus/templates/service.yaml
-apiVersion: v1
-kind: Service
-metadata:
-  name: prometheus
-  namespace: istio-system
-  annotations:
-    prometheus.io/scrape: 'true'
-  labels:
-    name: prometheus
-spec:
-  selector:
-    app: prometheus
-  ports:
-    - name: http-prometheus
-      protocol: TCP
-      port: 9090
-
----
-
-# Source: istio/charts/prometheus/templates/deployment.yaml
-apiVersion: apps/v1beta1
-kind: Deployment
-metadata:
-  name: prometheus
-  namespace: istio-system
-  labels:
-    app: prometheus
-    chart: prometheus-1.0.6
-    heritage: Tiller
-    release: istio
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: prometheus
-  template:
-    metadata:
-      labels:
-        app: prometheus
-      annotations:
-        sidecar.istio.io/inject: "false"
-        scheduler.alpha.kubernetes.io/critical-pod: ""
-    spec:
-      serviceAccountName: prometheus
-      containers:
-        - name: prometheus
-          image: "docker.io/prom/prometheus:v2.3.1"
-          imagePullPolicy: IfNotPresent
-          args:
-            - '--storage.tsdb.retention=6h'
-            - '--config.file=/etc/prometheus/prometheus.yml'
-          ports:
-            - containerPort: 9090
-              name: http
-          livenessProbe:
-            httpGet:
-              path: /-/healthy
-              port: 9090
-          readinessProbe:
-            httpGet:
-              path: /-/ready
-              port: 9090
-          resources:
-            requests:
-              cpu: 10m
-
-          volumeMounts:
-            - name: config-volume
-              mountPath: /etc/prometheus
-            - mountPath: /etc/istio-certs
-              name: istio-certs
-      volumes:
-        - name: config-volume
-          configMap:
-            name: prometheus
-        - name: istio-certs
-          secret:
-            defaultMode: 420
-            optional: true
-            secretName: istio.default
-      affinity:
-        nodeAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            nodeSelectorTerms:
-              - matchExpressions:
-                  - key: beta.kubernetes.io/arch
-                    operator: In
-                    values:
-                      - amd64
-                      - ppc64le
-                      - s390x
-          preferredDuringSchedulingIgnoredDuringExecution:
-            - weight: 2
-              preference:
-                matchExpressions:
-                  - key: beta.kubernetes.io/arch
-                    operator: In
-                    values:
-                      - amd64
-            - weight: 2
-              preference:
-                matchExpressions:
-                  - key: beta.kubernetes.io/arch
-                    operator: In
-                    values:
-                      - ppc64le
-            - weight: 2
-              preference:
-                matchExpressions:
-                  - key: beta.kubernetes.io/arch
-                    operator: In
-                    values:
-                      - s390x
-
----
-apiVersion: "config.istio.io/v1alpha2"
-kind: metric
-metadata:
-  name: requestcount
-  namespace: istio-system
-spec:
-  value: "1"
-  dimensions:
-    reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination")
-    source_workload: source.workload.name | "unknown"
-    source_workload_namespace: source.workload.namespace | "unknown"
-    source_principal: source.principal | "unknown"
-    source_app: source.labels["app"] | "unknown"
-    source_version: source.labels["version"] | "unknown"
-    destination_workload: destination.workload.name | "unknown"
-    destination_workload_namespace: destination.workload.namespace | "unknown"
-    destination_principal: destination.principal | "unknown"
-    destination_app: destination.labels["app"] | "unknown"
-    destination_version: destination.labels["version"] | "unknown"
-    destination_service: destination.service.host | "unknown"
-    destination_service_name: destination.service.name | "unknown"
-    destination_service_namespace: destination.service.namespace | "unknown"
-    request_protocol: api.protocol | context.protocol | "unknown"
-    response_code: response.code | 200
-    connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none"))
-  monitored_resource_type: '"UNSPECIFIED"'
----
-apiVersion: "config.istio.io/v1alpha2"
-kind: metric
-metadata:
-  name: requestduration
-  namespace: istio-system
-spec:
-  value: response.duration | "0ms"
-  dimensions:
-    reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination")
-    source_workload: source.workload.name | "unknown"
-    source_workload_namespace: source.workload.namespace | "unknown"
-    source_principal: source.principal | "unknown"
-    source_app: source.labels["app"] | "unknown"
-    source_version: source.labels["version"] | "unknown"
-    destination_workload: destination.workload.name | "unknown"
-    destination_workload_namespace: destination.workload.namespace | "unknown"
-    destination_principal: destination.principal | "unknown"
-    destination_app: destination.labels["app"] | "unknown"
-    destination_version: destination.labels["version"] | "unknown"
-    destination_service: destination.service.host | "unknown"
-    destination_service_name: destination.service.name | "unknown"
-    destination_service_namespace: destination.service.namespace | "unknown"
-    request_protocol: api.protocol | context.protocol | "unknown"
-    response_code: response.code | 200
-    connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none"))
-  monitored_resource_type: '"UNSPECIFIED"'
----
-apiVersion: "config.istio.io/v1alpha2"
-kind: metric
-metadata:
-  name: requestsize
-  namespace: istio-system
-spec:
-  value: request.size | 0
-  dimensions:
-    reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination")
-    source_workload: source.workload.name | "unknown"
-    source_workload_namespace: source.workload.namespace | "unknown"
-    source_principal: source.principal | "unknown"
-    source_app: source.labels["app"] | "unknown"
-    source_version: source.labels["version"] | "unknown"
-    destination_workload: destination.workload.name | "unknown"
-    destination_workload_namespace: destination.workload.namespace | "unknown"
-    destination_principal: destination.principal | "unknown"
-    destination_app: destination.labels["app"] | "unknown"
-    destination_version: destination.labels["version"] | "unknown"
-    destination_service: destination.service.host | "unknown"
-    destination_service_name: destination.service.name | "unknown"
-    destination_service_namespace: destination.service.namespace | "unknown"
-    request_protocol: api.protocol | context.protocol | "unknown"
-    response_code: response.code | 200
-    connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none"))
-  monitored_resource_type: '"UNSPECIFIED"'
----
-apiVersion: "config.istio.io/v1alpha2"
-kind: metric
-metadata:
-  name: responsesize
-  namespace: istio-system
-spec:
-  value: response.size | 0
-  dimensions:
-    reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination")
-    source_workload: source.workload.name | "unknown"
-    source_workload_namespace: source.workload.namespace | "unknown"
-    source_principal: source.principal | "unknown"
-    source_app: source.labels["app"] | "unknown"
-    source_version: source.labels["version"] | "unknown"
-    destination_workload: destination.workload.name | "unknown"
-    destination_workload_namespace: destination.workload.namespace | "unknown"
-    destination_principal: destination.principal | "unknown"
-    destination_app: destination.labels["app"] | "unknown"
-    destination_version: destination.labels["version"] | "unknown"
-    destination_service: destination.service.host | "unknown"
-    destination_service_name: destination.service.name | "unknown"
-    destination_service_namespace: destination.service.namespace | "unknown"
-    request_protocol: api.protocol | context.protocol | "unknown"
-    response_code: response.code | 200
-    connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none"))
-  monitored_resource_type: '"UNSPECIFIED"'
----
-apiVersion: "config.istio.io/v1alpha2"
-kind: metric
-metadata:
-  name: tcpbytesent
-  namespace: istio-system
-spec:
-  value: connection.sent.bytes | 0
-  dimensions:
-    reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination")
-    source_workload: source.workload.name | "unknown"
-    source_workload_namespace: source.workload.namespace | "unknown"
-    source_principal: source.principal | "unknown"
-    source_app: source.labels["app"] | "unknown"
-    source_version: source.labels["version"] | "unknown"
-    destination_workload: destination.workload.name | "unknown"
-    destination_workload_namespace: destination.workload.namespace | "unknown"
-    destination_principal: destination.principal | "unknown"
-    destination_app: destination.labels["app"] | "unknown"
-    destination_version: destination.labels["version"] | "unknown"
-    destination_service: destination.service.name | "unknown"
-    destination_service_name: destination.service.name | "unknown"
-    destination_service_namespace: destination.service.namespace | "unknown"
-    connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none"))
-  monitored_resource_type: '"UNSPECIFIED"'
----
-apiVersion: "config.istio.io/v1alpha2"
-kind: metric
-metadata:
-  name: tcpbytereceived
-  namespace: istio-system
-spec:
-  value: connection.received.bytes | 0
-  dimensions:
-    reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination")
-    source_workload: source.workload.name | "unknown"
-    source_workload_namespace: source.workload.namespace | "unknown"
-    source_principal: source.principal | "unknown"
-    source_app: source.labels["app"] | "unknown"
-    source_version: source.labels["version"] | "unknown"
-    destination_workload: destination.workload.name | "unknown"
-    destination_workload_namespace: destination.workload.namespace | "unknown"
-    destination_principal: destination.principal | "unknown"
-    destination_app: destination.labels["app"] | "unknown"
-    destination_version: destination.labels["version"] | "unknown"
-    destination_service: destination.service.name | "unknown"
-    destination_service_name: destination.service.name | "unknown"
-    destination_service_namespace: destination.service.namespace | "unknown"
-    connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none"))
-  monitored_resource_type: '"UNSPECIFIED"'
----
-apiVersion: "config.istio.io/v1alpha2"
-kind: prometheus
-metadata:
-  name: handler
-  namespace: istio-system
-spec:
-  metrics:
-    - name: requests_total
-      instance_name: requestcount.metric.istio-system
-      kind: COUNTER
-      label_names:
-        - reporter
-        - source_app
-        - source_principal
-        - source_workload
-        - source_workload_namespace
-        - source_version
-        - destination_app
-        - destination_principal
-        - destination_workload
-        - destination_workload_namespace
-        - destination_version
-        - destination_service
-        - destination_service_name
-        - destination_service_namespace
-        - request_protocol
-        - response_code
-        - connection_security_policy
-    - name: request_duration_seconds
-      instance_name: requestduration.metric.istio-system
-      kind: DISTRIBUTION
-      label_names:
-        - reporter
-        - source_app
-        - source_principal
-        - source_workload
-        - source_workload_namespace
-        - source_version
-        - destination_app
-        - destination_principal
-        - destination_workload
-        - destination_workload_namespace
-        - destination_version
-        - destination_service
-        - destination_service_name
-        - destination_service_namespace
-        - request_protocol
-        - response_code
-        - connection_security_policy
-      buckets:
-        explicit_buckets:
-          bounds: [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10]
-    - name: request_bytes
-      instance_name: requestsize.metric.istio-system
-      kind: DISTRIBUTION
-      label_names:
-        - reporter
-        - source_app
-        - source_principal
-        - source_workload
-        - source_workload_namespace
-        - source_version
-        - destination_app
-        - destination_principal
-        - destination_workload
-        - destination_workload_namespace
-        - destination_version
-        - destination_service
-        - destination_service_name
-        - destination_service_namespace
-        - request_protocol
-        - response_code
-        - connection_security_policy
-      buckets:
-        exponentialBuckets:
-          numFiniteBuckets: 8
-          scale: 1
-          growthFactor: 10
-    - name: response_bytes
-      instance_name: responsesize.metric.istio-system
-      kind: DISTRIBUTION
-      label_names:
-        - reporter
-        - source_app
-        - source_principal
-        - source_workload
-        - source_workload_namespace
-        - source_version
-        - destination_app
-        - destination_principal
-        - destination_workload
-        - destination_workload_namespace
-        - destination_version
-        - destination_service
-        - destination_service_name
-        - destination_service_namespace
-        - request_protocol
-        - response_code
-        - connection_security_policy
-      buckets:
-        exponentialBuckets:
-          numFiniteBuckets: 8
-          scale: 1
-          growthFactor: 10
-    - name: tcp_sent_bytes_total
-      instance_name: tcpbytesent.metric.istio-system
-      kind: COUNTER
-      label_names:
-        - reporter
-        - source_app
-        - source_principal
-        - source_workload
-        - source_workload_namespace
-        - source_version
-        - destination_app
-        - destination_principal
-        - destination_workload
-        - destination_workload_namespace
-        - destination_version
-        - destination_service
-        - destination_service_name
-        - destination_service_namespace
-        - connection_security_policy
-    - name: tcp_received_bytes_total
-      instance_name: tcpbytereceived.metric.istio-system
-      kind: COUNTER
-      label_names:
-        - reporter
-        - source_app
-        - source_principal
-        - source_workload
-        - source_workload_namespace
-        - source_version
-        - destination_app
-        - destination_principal
-        - destination_workload
-        - destination_workload_namespace
-        - destination_version
-        - destination_service
-        - destination_service_name
-        - destination_service_namespace
-        - connection_security_policy
----
-apiVersion: "config.istio.io/v1alpha2"
-kind: rule
-metadata:
-  name: promhttp
-  namespace: istio-system
-spec:
-  match: context.protocol == "http" || context.protocol == "grpc"
-  actions:
-    - handler: handler.prometheus
-      instances:
-        - requestcount.metric
-        - requestduration.metric
-        - requestsize.metric
-        - responsesize.metric
----
-apiVersion: "config.istio.io/v1alpha2"
-kind: rule
-metadata:
-  name: promtcp
-  namespace: istio-system
-spec:
-  match: context.protocol == "tcp"
-  actions:
-    - handler: handler.prometheus
-      instances:
-        - tcpbytesent.metric
-        - tcpbytereceived.metric
----

artifacts/gloo/canary.yaml

@@ -1,36 +0,0 @@
-apiVersion: flagger.app/v1alpha3
-kind: Canary
-metadata:
-  name: podinfo
-  namespace: test
-spec:
-  targetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: podinfo
-  progressDeadlineSeconds: 60
-  autoscalerRef:
-    apiVersion: autoscaling/v2beta1
-    kind: HorizontalPodAutoscaler
-    name: podinfo
-  service:
-    port: 9898
-  canaryAnalysis:
-    interval: 10s
-    threshold: 10
-    maxWeight: 50
-    stepWeight: 5
-    metrics:
-    - name: request-success-rate
-      threshold: 99
-      interval: 1m
-    - name: request-duration
-      threshold: 500
-      interval: 30s
-    webhooks:
-      - name: load-test
-        url: http://flagger-loadtester.test/
-        timeout: 5s
-        metadata:
-          type: cmd
-          cmd: "hey -z 1m -q 10 -c 2 http://gloo.example.com/"

artifacts/gloo/deployment.yaml

@@ -1,67 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: podinfo
-  namespace: test
-  labels:
-    app: podinfo
-spec:
-  minReadySeconds: 5
-  revisionHistoryLimit: 5
-  progressDeadlineSeconds: 60
-  strategy:
-    rollingUpdate:
-      maxUnavailable: 0
-    type: RollingUpdate
-  selector:
-    matchLabels:
-      app: podinfo
-  template:
-    metadata:
-      annotations:
-        prometheus.io/scrape: "true"
-      labels:
-        app: podinfo
-    spec:
-      containers:
-      - name: podinfod
-        image: quay.io/stefanprodan/podinfo:1.7.0
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 9898
-          name: http
-          protocol: TCP
-        command:
-        - ./podinfo
-        - --port=9898
-        - --level=info
-        - --random-delay=false
-        - --random-error=false
-        env:
-        - name: PODINFO_UI_COLOR
-          value: blue
-        livenessProbe:
-          exec:
-            command:
-            - podcli
-            - check
-            - http
-            - localhost:9898/healthz
-          initialDelaySeconds: 5
-          timeoutSeconds: 5
-        readinessProbe:
-          exec:
-            command:
-            - podcli
-            - check
-            - http
-            - localhost:9898/readyz
-          initialDelaySeconds: 5
-          timeoutSeconds: 5
-        resources:
-          limits:
-            cpu: 2000m
-            memory: 512Mi
-          requests:
-            cpu: 100m
-            memory: 64Mi

artifacts/gloo/hpa.yaml

@@ -1,19 +0,0 @@
-apiVersion: autoscaling/v2beta1
-kind: HorizontalPodAutoscaler
-metadata:
-  name: podinfo
-  namespace: test
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: podinfo
-  minReplicas: 1
-  maxReplicas: 4
-  metrics:
-  - type: Resource
-    resource:
-      name: cpu
-      # scale up if usage is above
-      # 99% of the requested CPU (100m)
-      targetAverageUtilization: 99

artifacts/gloo/virtual-service.yaml

@@ -1,17 +0,0 @@
-apiVersion: gateway.solo.io/v1
-kind: VirtualService
-metadata:
-  name: podinfo
-  namespace: test
-spec:
-  virtualHost:
-    domains:
-      - '*'
-    name: podinfo.default
-    routes:
-      - matcher:
-          prefix: /
-        routeAction:
-          upstreamGroup:
-            name: podinfo
-            namespace: gloo

artifacts/helmtester/deployment.yaml

@@ -1,58 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: flagger-helmtester
-  namespace: kube-system
-  labels:
-    app: flagger-helmtester
-spec:
-  selector:
-    matchLabels:
-      app: flagger-helmtester
-  template:
-    metadata:
-      labels:
-        app: flagger-helmtester
-      annotations:
-        prometheus.io/scrape: "true"
-    spec:
-      serviceAccountName: tiller
-      containers:
-        - name: helmtester
-          image: weaveworks/flagger-loadtester:0.4.0
-          imagePullPolicy: IfNotPresent
-          ports:
-            - name: http
-              containerPort: 8080
-          command:
-            - ./loadtester
-            - -port=8080
-            - -log-level=info
-            - -timeout=1h
-          livenessProbe:
-            exec:
-              command:
-                - wget
-                - --quiet
-                - --tries=1
-                - --timeout=4
-                - --spider
-                - http://localhost:8080/healthz
-            timeoutSeconds: 5
-          readinessProbe:
-            exec:
-              command:
-                - wget
-                - --quiet
-                - --tries=1
-                - --timeout=4
-                - --spider
-                - http://localhost:8080/healthz
-            timeoutSeconds: 5
-          resources:
-            limits:
-              memory: "512Mi"
-              cpu: "1000m"
-            requests:
-              memory: "32Mi"
-              cpu: "10m"

artifacts/helmtester/service.yaml

@@ -1,16 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: flagger-helmtester
-  namespace: kube-system
-  labels:
-    app: flagger-helmtester
-spec:
-  type: ClusterIP
-  selector:
-    app: flagger-helmtester
-  ports:
-    - name: http
-      port: 80
-      protocol: TCP
-      targetPort: http

artifacts/loadtester/config.yaml

@@ -1,19 +0,0 @@
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: flagger-loadtester-bats
-data:
-  tests: |
-    #!/usr/bin/env bats
-
-    @test "check message" {
-      curl -sS http://${URL} | jq -r .message | {
-        run cut -d $' ' -f1
-        [ $output = "greetings" ]
-      }
-    }
-
-    @test "check headers" {
-      curl -sS http://${URL}/headers | grep X-Request-Id
-    }

artifacts/loadtester/deployment.yaml

@@ -1,67 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: flagger-loadtester
-  labels:
-    app: flagger-loadtester
-spec:
-  selector:
-    matchLabels:
-      app: flagger-loadtester
-  template:
-    metadata:
-      labels:
-        app: flagger-loadtester
-      annotations:
-        prometheus.io/scrape: "true"
-    spec:
-      containers:
-        - name: loadtester
-          image: weaveworks/flagger-loadtester:0.6.1
-          imagePullPolicy: IfNotPresent
-          ports:
-            - name: http
-              containerPort: 8080
-          command:
-            - ./loadtester
-            - -port=8080
-            - -log-level=info
-            - -timeout=1h
-          livenessProbe:
-            exec:
-              command:
-                - wget
-                - --quiet
-                - --tries=1
-                - --timeout=4
-                - --spider
-                - http://localhost:8080/healthz
-            timeoutSeconds: 5
-          readinessProbe:
-            exec:
-              command:
-                - wget
-                - --quiet
-                - --tries=1
-                - --timeout=4
-                - --spider
-                - http://localhost:8080/healthz
-            timeoutSeconds: 5
-          resources:
-            limits:
-              memory: "512Mi"
-              cpu: "1000m"
-            requests:
-              memory: "32Mi"
-              cpu: "10m"
-          securityContext:
-            readOnlyRootFilesystem: true
-            runAsUser: 10001
-#          volumeMounts:
-#            - name: tests
-#              mountPath: /bats
-#              readOnly: true
-#      volumes:
-#        - name: tests
-#          configMap:
-#            name: flagger-loadtester-bats

artifacts/loadtester/service.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: flagger-loadtester
-  labels:
-    app: flagger-loadtester
-spec:
-  type: ClusterIP
-  selector:
-    app: flagger-loadtester
-  ports:
-    - name: http
-      port: 80
-      protocol: TCP
-      targetPort: http

artifacts/namespaces/test.yaml

@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: test
-  labels:
-    istio-injection: enabled
-    appmesh.k8s.aws/sidecarInjectorWebhook: enabled

artifacts/nginx/canary.yaml

@@ -1,68 +0,0 @@
-apiVersion: flagger.app/v1alpha3
-kind: Canary
-metadata:
-  name: podinfo
-  namespace: test
-spec:
-  # deployment reference
-  targetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: podinfo
-  # ingress reference
-  ingressRef:
-    apiVersion: extensions/v1beta1
-    kind: Ingress
-    name: podinfo
-  # HPA reference (optional)
-  autoscalerRef:
-    apiVersion: autoscaling/v2beta1
-    kind: HorizontalPodAutoscaler
-    name: podinfo
-  # the maximum time in seconds for the canary deployment
-  # to make progress before it is rollback (default 600s)
-  progressDeadlineSeconds: 60
-  service:
-    # container port
-    port: 9898
-  canaryAnalysis:
-    # schedule interval (default 60s)
-    interval: 10s
-    # max number of failed metric checks before rollback
-    threshold: 10
-    # max traffic percentage routed to canary
-    # percentage (0-100)
-    maxWeight: 50
-    # canary increment step
-    # percentage (0-100)
-    stepWeight: 5
-    # NGINX Prometheus checks
-    metrics:
-    - name: request-success-rate
-      # minimum req success rate (non 5xx responses)
-      # percentage (0-100)
-      threshold: 99
-      interval: 1m
-    - name: "latency"
-      threshold: 0.5
-      interval: 1m
-      query: |
-        histogram_quantile(0.99,
-          sum(
-            rate(
-              http_request_duration_seconds_bucket{
-                kubernetes_namespace="test",
-                kubernetes_pod_name=~"podinfo-[0-9a-zA-Z]+(-[0-9a-zA-Z]+)"
-              }[1m]
-            )
-          ) by (le)
-        )
-    # external checks (optional)
-    webhooks:
-      - name: load-test
-        url: http://flagger-loadtester.test/
-        timeout: 5s
-        metadata:
-          type: cmd
-          cmd: "hey -z 1m -q 10 -c 2 http://app.example.com/"
-          logCmdOutput: "true"

artifacts/nginx/deployment.yaml

@@ -1,69 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: podinfo
-  namespace: test
-  labels:
-    app: podinfo
-spec:
-  replicas: 1
-  strategy:
-    rollingUpdate:
-      maxUnavailable: 0
-    type: RollingUpdate
-  selector:
-    matchLabels:
-      app: podinfo
-  template:
-    metadata:
-      annotations:
-        prometheus.io/scrape: "true"
-      labels:
-        app: podinfo
-    spec:
-      containers:
-      - name: podinfod
-        image: quay.io/stefanprodan/podinfo:1.7.0
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 9898
-          name: http
-          protocol: TCP
-        command:
-        - ./podinfo
-        - --port=9898
-        - --level=info
-        - --random-delay=false
-        - --random-error=false
-        env:
-        - name: PODINFO_UI_COLOR
-          value: green
-        livenessProbe:
-          exec:
-            command:
-            - podcli
-            - check
-            - http
-            - localhost:9898/healthz
-          failureThreshold: 3
-          periodSeconds: 10
-          successThreshold: 1
-          timeoutSeconds: 2
-        readinessProbe:
-          exec:
-            command:
-            - podcli
-            - check
-            - http
-            - localhost:9898/readyz
-          failureThreshold: 3
-          periodSeconds: 3
-          successThreshold: 1
-          timeoutSeconds: 2
-        resources:
-          limits:
-            cpu: 1000m
-            memory: 256Mi
-          requests:
-            cpu: 100m
-            memory: 16Mi

artifacts/nginx/hpa.yaml

@@ -1,19 +0,0 @@
-apiVersion: autoscaling/v2beta1
-kind: HorizontalPodAutoscaler
-metadata:
-  name: podinfo
-  namespace: test
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: podinfo
-  minReplicas: 2
-  maxReplicas: 4
-  metrics:
-  - type: Resource
-    resource:
-      name: cpu
-      # scale up if usage is above
-      # 99% of the requested CPU (100m)
-      targetAverageUtilization: 99

artifacts/nginx/ingress.yaml

@@ -1,17 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: podinfo
-  namespace: test
-  labels:
-    app: podinfo
-  annotations:
-    kubernetes.io/ingress.class: "nginx"
-spec:
-  rules:
-    - host: app.example.com
-      http:
-        paths:
-          - backend:
-              serviceName: podinfo
-              servicePort: 9898

artifacts/smi/istio-adapter.yaml

@@ -1,131 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: trafficsplits.split.smi-spec.io
-spec:
-  additionalPrinterColumns:
-    - JSONPath: .spec.service
-      description: The service
-      name: Service
-      type: string
-  group: split.smi-spec.io
-  names:
-    kind: TrafficSplit
-    listKind: TrafficSplitList
-    plural: trafficsplits
-    singular: trafficsplit
-  scope: Namespaced
-  subresources:
-    status: {}
-  version: v1alpha1
-  versions:
-    - name: v1alpha1
-      served: true
-      storage: true
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: smi-adapter-istio
-  namespace: istio-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: smi-adapter-istio
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - pods
-      - services
-      - endpoints
-      - persistentvolumeclaims
-      - events
-      - configmaps
-      - secrets
-    verbs:
-      - '*'
-  - apiGroups:
-      - apps
-    resources:
-      - deployments
-      - daemonsets
-      - replicasets
-      - statefulsets
-    verbs:
-      - '*'
-  - apiGroups:
-      - monitoring.coreos.com
-    resources:
-      - servicemonitors
-    verbs:
-      - get
-      - create
-  - apiGroups:
-      - apps
-    resourceNames:
-      - smi-adapter-istio
-    resources:
-      - deployments/finalizers
-    verbs:
-      - update
-  - apiGroups:
-      - split.smi-spec.io
-    resources:
-      - '*'
-    verbs:
-      - '*'
-  - apiGroups:
-      - networking.istio.io
-    resources:
-      - '*'
-    verbs:
-      - '*'
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: smi-adapter-istio
-subjects:
-  - kind: ServiceAccount
-    name: smi-adapter-istio
-    namespace: istio-system
-roleRef:
-  kind: ClusterRole
-  name: smi-adapter-istio
-  apiGroup: rbac.authorization.k8s.io
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: smi-adapter-istio
-  namespace: istio-system
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      name: smi-adapter-istio
-  template:
-    metadata:
-      labels:
-        name: smi-adapter-istio
-      annotations:
-        sidecar.istio.io/inject: "false"
-    spec:
-      serviceAccountName: smi-adapter-istio
-      containers:
-        - name: smi-adapter-istio
-          image: docker.io/stefanprodan/smi-adapter-istio:0.0.2-beta.1
-          command:
-          - smi-adapter-istio
-          imagePullPolicy: Always
-          env:
-            - name: WATCH_NAMESPACE
-              value: ""
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: OPERATOR_NAME
-              value: "smi-adapter-istio"

charts/appmesh-gateway/.helmignore

@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

charts/appmesh-gateway/Chart.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+name: appmesh-gateway
+description: Flagger Gateway for AWS App Mesh is an edge L7 load balancer that exposes applications outside the mesh.
+version: 1.1.1
+appVersion: 1.1.0
+home: https://flagger.app
+icon: https://raw.githubusercontent.com/weaveworks/flagger/master/docs/logo/weaveworks.png
+sources:
+  - https://github.com/stefanprodan/appmesh-gateway
+maintainers:
+  - name: Stefan Prodan
+    url: https://github.com/stefanprodan
+    email: stefanprodan@users.noreply.github.com
+keywords:
+  - flagger
+  - appmesh
+  - envoy
+  - gateway
+  - ingress

charts/appmesh-gateway/README.md

@@ -0,0 +1,87 @@
+# Flagger Gateway for App Mesh
+
+[Flagger Gateway for App Mesh](https://github.com/stefanprodan/appmesh-gateway) is an
+Envoy-powered load balancer that exposes applications outside the mesh.
+The gateway facilitates canary deployments and A/B testing for user-facing web applications running on AWS App Mesh.
+
+## Prerequisites
+
+* Kubernetes >= 1.13
+* [App Mesh controller](https://github.com/aws/eks-charts/tree/master/stable/appmesh-controller) >= 0.2.0
+* [App Mesh inject](https://github.com/aws/eks-charts/tree/master/stable/appmesh-inject) >= 0.2.0
+
+## Installing the Chart
+
+Add Flagger Helm repository:
+
+```console
+$ helm repo add flagger https://flagger.app
+```
+
+Create a namespace with App Mesh sidecar injection enabled:
+
+```sh
+kubectl create ns flagger-system
+kubectl label namespace test appmesh.k8s.aws/sidecarInjectorWebhook=enabled
+```
+
+Install App Mesh Gateway for an existing mesh:
+
+```sh
+helm upgrade -i appmesh-gateway flagger/appmesh-gateway \
+--namespace flagger-system \
+--set mesh.name=global
+```
+
+Optionally you can create a mesh at install time:
+  
+```sh
+helm upgrade -i appmesh-gateway flagger/appmesh-gateway \
+--namespace flagger-system \
+--set mesh.name=global \
+--set mesh.create=true
+```
+
+The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
+## Uninstalling the Chart
+
+To uninstall/delete the `appmesh-gateway` deployment:
+
+```console
+helm delete --purge appmesh-gateway
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+
+The following tables lists the configurable parameters of the chart and their default values.
+
+Parameter | Description | Default
+--- | --- | ---
+`service.type` |  When set to LoadBalancer it creates an AWS NLB | `LoadBalancer`
+`proxy.access_log_path` | to enable the access logs, set it to `/dev/stdout` | `/dev/null`
+`proxy.image.repository` | image repository | `envoyproxy/envoy`
+`proxy.image.tag` | image tag | `<VERSION>`
+`proxy.image.pullPolicy` | image pull policy | `IfNotPresent`
+`controller.image.repository` | image repository | `weaveworks/flagger-appmesh-gateway`
+`controller.image.tag` | image tag | `<VERSION>`
+`controller.image.pullPolicy` | image pull policy | `IfNotPresent`
+`resources.requests/cpu` | pod CPU request | `100m`
+`resources.requests/memory` | pod memory request | `128Mi`
+`resources.limits/memory` | pod memory limit | `2Gi`
+`nodeSelector` | node labels for pod assignment | `{}`
+`tolerations` | list of node taints to tolerate | `[]`
+`rbac.create` | if `true`, create and use RBAC resources | `true`
+`rbac.pspEnabled` | If `true`, create and use a restricted pod security policy | `false`
+`serviceAccount.create` | If `true`, create a new service account | `true`
+`serviceAccount.name` | Service account to be used | None
+`mesh.create` | If `true`, create mesh custom resource | `false`
+`mesh.name` | The name of the mesh to use | `global`
+`mesh.discovery` | The service discovery type to use, can be dns or cloudmap | `dns`
+`hpa.enabled` | `true` if HPA resource should be created, metrics-server is required | `true`
+`hpa.maxReplicas` | number of max replicas | `3`
+`hpa.cpu` |  average total CPU usage per pod (1-100) | `99`
+`hpa.memory` |  average memory usage per pod (100Mi-1Gi) | None
+`discovery.optIn` | `true` if only services with the 'expose' annotation are discoverable | `true`

charts/appmesh-gateway/templates/NOTES.txt

@@ -0,0 +1 @@
+App Mesh Gateway installed!

charts/appmesh-gateway/templates/_helpers.tpl

@@ -0,0 +1,56 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "appmesh-gateway.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "appmesh-gateway.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "appmesh-gateway.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "appmesh-gateway.labels" -}}
+app.kubernetes.io/name: {{ include "appmesh-gateway.name" . }}
+helm.sh/chart: {{ include "appmesh-gateway.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "appmesh-gateway.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "appmesh-gateway.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}

charts/appmesh-gateway/templates/account.yaml

@@ -0,0 +1,8 @@
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "appmesh-gateway.serviceAccountName" . }}
+  labels:
+{{ include "appmesh-gateway.labels" . | indent 4 }}
+{{- end }}

charts/appmesh-gateway/templates/config.yaml

@@ -0,0 +1,41 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "appmesh-gateway.fullname" . }}
+  labels:
+{{ include "appmesh-gateway.labels" . | indent 4 }}
+data:
+  envoy.yaml: |-
+    admin:
+      access_log_path: {{ .Values.proxy.access_log_path }}
+      address:
+        socket_address:
+          address: 0.0.0.0
+          port_value: 8081
+
+    dynamic_resources:
+      ads_config:
+        api_type: GRPC
+        grpc_services:
+          - envoy_grpc:
+              cluster_name: xds
+      cds_config:
+        ads: {}
+      lds_config:
+        ads: {}
+
+    static_resources:
+      clusters:
+        - name: xds
+          connect_timeout: 0.50s
+          type: static
+          http2_protocol_options: {}
+          load_assignment:
+            cluster_name: xds
+            endpoints:
+              - lb_endpoints:
+                  - endpoint:
+                      address:
+                        socket_address:
+                          address: 127.0.0.1
+                          port_value: 18000

charts/appmesh-gateway/templates/deployment.yaml

@@ -0,0 +1,144 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "appmesh-gateway.fullname" . }}
+  labels:
+{{ include "appmesh-gateway.labels" . | indent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "appmesh-gateway.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ include "appmesh-gateway.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        app.kubernetes.io/part-of: appmesh
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/path: "/stats/prometheus"
+        prometheus.io/port: "8081"
+        # exclude inbound traffic on port 8080
+        appmesh.k8s.aws/ports: "444"
+        # exclude egress traffic to xDS server and Kubernetes API
+        appmesh.k8s.aws/egressIgnoredPorts: "18000,22,443"
+        checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum | quote }}
+    spec:
+      serviceAccountName: {{ include "appmesh-gateway.serviceAccountName" . }}
+      terminationGracePeriodSeconds: 45
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - podAffinityTerm:
+                labelSelector:
+                  matchLabels:
+                    app.kubernetes.io/name: {{ include "appmesh-gateway.name" . }}
+                topologyKey: kubernetes.io/hostname
+              weight: 100
+      volumes:
+      - name: appmesh-gateway-config
+        configMap:
+          name: {{ template "appmesh-gateway.fullname" . }}
+      containers:
+        - name: controller
+          image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}"
+          imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
+          securityContext:
+            readOnlyRootFilesystem: true
+            runAsUser: 10001
+            capabilities:
+              drop:
+                - ALL
+              add:
+                - NET_BIND_SERVICE
+          command:
+            - ./flagger-appmesh-gateway
+            - --opt-in={{ .Values.discovery.optIn }}
+            - --gateway-mesh={{ .Values.mesh.name }}
+            - --gateway-name=$(POD_SERVICE_ACCOUNT)
+            - --gateway-namespace=$(POD_NAMESPACE)
+          env:
+            - name: POD_SERVICE_ACCOUNT
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.serviceAccountName
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          ports:
+            - name: grpc
+              containerPort: 18000
+              protocol: TCP
+          livenessProbe:
+            initialDelaySeconds: 5
+            tcpSocket:
+              port: grpc
+          readinessProbe:
+            initialDelaySeconds: 5
+            tcpSocket:
+              port: grpc
+          resources:
+            limits:
+              memory: 1Gi
+            requests:
+              cpu: 10m
+              memory: 32Mi
+        - name: proxy
+          image: "{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}"
+          imagePullPolicy: {{ .Values.proxy.image.pullPolicy }}
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
+              add:
+                - NET_BIND_SERVICE
+          args:
+            - -c
+            - /config/envoy.yaml
+            - --service-cluster $(POD_NAMESPACE)
+            - --service-node $(POD_NAME)
+            - --log-level info
+            - --base-id 1234
+          ports:
+            - name: admin
+              containerPort: 8081
+              protocol: TCP
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          livenessProbe:
+            initialDelaySeconds: 5
+            tcpSocket:
+              port: admin
+          readinessProbe:
+            initialDelaySeconds: 5
+            httpGet:
+              path: /ready
+              port: admin
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          volumeMounts:
+            - name: appmesh-gateway-config
+              mountPath: /config
+          resources:
+{{ toYaml .Values.resources | indent 12 }}
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}

charts/appmesh-gateway/templates/hpa.yaml

@@ -0,0 +1,28 @@
+{{- if .Values.hpa.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ template "appmesh-gateway.fullname" . }}
+  labels:
+{{ include "appmesh-gateway.labels" . | indent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ template "appmesh-gateway.fullname" . }}
+  minReplicas: {{ .Values.replicaCount }}
+  maxReplicas: {{ .Values.hpa.maxReplicas }}
+  metrics:
+    {{- if .Values.hpa.cpu }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ .Values.hpa.cpu }}
+    {{- end }}
+    {{- if .Values.hpa.memory }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageValue: {{ .Values.hpa.memory }}
+    {{- end }}
+{{- end }}

charts/appmesh-gateway/templates/mesh.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.mesh.create }}
+apiVersion: appmesh.k8s.aws/v1beta1
+kind: Mesh
+metadata:
+    name: {{ .Values.mesh.name }}
+    annotations:
+        helm.sh/resource-policy: keep
+    labels:
+{{ include "appmesh-gateway.labels" . | indent 4 }}
+spec:
+    serviceDiscoveryType: {{ .Values.mesh.discovery }}
+{{- end }}

charts/appmesh-gateway/templates/psp.yaml

@@ -0,0 +1,57 @@
+{{- if .Values.rbac.pspEnabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "appmesh-gateway.fullname" . }}
+  labels:
+{{ include "appmesh-gateway.labels" . | indent 4 }}
+  annotations:
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
+spec:
+  privileged: false
+  hostIPC: false
+  hostNetwork: false
+  hostPID: false
+  readOnlyRootFilesystem: false
+  allowPrivilegeEscalation: false
+  allowedCapabilities:
+    - '*'
+  fsGroup:
+    rule: RunAsAny
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+    - '*'
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ template "appmesh-gateway.fullname" . }}-psp
+  labels:
+{{ include "appmesh-gateway.labels" . | indent 4 }}
+rules:
+  - apiGroups: ['policy']
+    resources: ['podsecuritypolicies']
+    verbs:     ['use']
+    resourceNames:
+      - {{ template "appmesh-gateway.fullname" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "appmesh-gateway.fullname" . }}-psp
+  labels:
+{{ include "appmesh-gateway.labels" . | indent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "appmesh-gateway.fullname" . }}-psp
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "appmesh-gateway.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end }}

charts/appmesh-gateway/templates/rbac.yaml

@@ -0,0 +1,39 @@
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: {{ template "appmesh-gateway.fullname" . }}
+  labels:
+{{ include "appmesh-gateway.labels" . | indent 4 }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs: ["*"]
+  - apiGroups:
+      - appmesh.k8s.aws
+    resources:
+      - meshes
+      - meshes/status
+      - virtualnodes
+      - virtualnodes/status
+      - virtualservices
+      - virtualservices/status
+    verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "appmesh-gateway.fullname" . }}
+  labels:
+{{ include "appmesh-gateway.labels" . | indent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "appmesh-gateway.fullname" . }}
+subjects:
+- name: {{ template "appmesh-gateway.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+  kind: ServiceAccount
+{{- end }}

charts/appmesh-gateway/templates/service.yaml

@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "appmesh-gateway.fullname" . }}
+  annotations:
+    gateway.appmesh.k8s.aws/expose: "false"
+    {{- if eq .Values.service.type "LoadBalancer" }}
+    service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
+    {{- end }}
+  labels:
+{{ include "appmesh-gateway.labels" . | indent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  {{- if eq .Values.service.type "LoadBalancer" }}
+  externalTrafficPolicy: Local
+  {{- end }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: {{ include "appmesh-gateway.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}

charts/appmesh-gateway/values.yaml

@@ -0,0 +1,69 @@
+# Default values for appmesh-gateway.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+discovery:
+  # discovery.optIn `true` if only services with the 'expose' annotation are discoverable
+  optIn: true
+
+proxy:
+  access_log_path: /dev/null
+  image:
+    repository: docker.io/envoyproxy/envoy
+    tag: v1.12.0
+    pullPolicy: IfNotPresent
+
+controller:
+  image:
+    repository: weaveworks/flagger-appmesh-gateway
+    tag: v1.1.0
+    pullPolicy: IfNotPresent
+
+nameOverride: ""
+fullnameOverride: ""
+
+service:
+  # service.type: When set to LoadBalancer it creates an AWS NLB
+  type: LoadBalancer
+  port: 80
+
+hpa:
+  # hpa.enabled `true` if HPA resource should be created, metrics-server is required
+  enabled: true
+  maxReplicas: 3
+  # hpa.cpu average total CPU usage per pod (1-100)
+  cpu: 99
+  # hpa.memory average memory usage per pod (100Mi-1Gi)
+  memory:
+
+resources:
+  limits:
+    memory: 2Gi
+  requests:
+    cpu: 100m
+    memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+serviceAccount:
+  # serviceAccount.create: Whether to create a service account or not
+  create: true
+  # serviceAccount.name: The name of the service account to create or use
+  name: ""
+
+rbac:
+  # rbac.create: `true` if rbac resources should be created
+  create: true
+  # rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created
+  pspEnabled: false
+
+mesh:
+  # mesh.create: `true` if mesh resource should be created
+  create: false
+  # mesh.name: The name of the mesh to use
+  name: "global"
+  # mesh.discovery: The service discovery type to use, can be dns or cloudmap
+  discovery: dns

charts/flagger/Chart.yaml

@@ -1,21 +1,23 @@
 apiVersion: v1
 name: flagger
-version: 0.18.1
-appVersion: 0.18.1
+version: 0.24.0
+appVersion: 1.0.0-rc.1
 kubeVersion: ">=1.11.0-0"
 engine: gotpl
-description: Flagger is a Kubernetes operator that automates the promotion of canary deployments using Istio, Linkerd, App Mesh, Gloo or NGINX routing for traffic shifting and Prometheus metrics for canary analysis.
-home: https://docs.flagger.app
-icon: https://raw.githubusercontent.com/weaveworks/flagger/master/docs/logo/flagger-icon.png
+description: Flagger is a progressive delivery operator for Kubernetes
+home: https://flagger.app
+icon: https://raw.githubusercontent.com/weaveworks/flagger/master/docs/logo/weaveworks.png
 sources:
-- https://github.com/weaveworks/flagger
+  - https://github.com/weaveworks/flagger
 maintainers:
-- name: stefanprodan
-  url: https://github.com/stefanprodan
-  email: stefanprodan@users.noreply.github.com
+  - name: stefanprodan
+    url: https://github.com/stefanprodan
+    email: stefanprodan@users.noreply.github.com
 keywords:
-- canary
-- istio
-- appmesh
-- linkerd
-- gitops
+  - flagger
+  - istio
+  - appmesh
+  - linkerd
+  - gloo
+  - gitops
+  - canary

charts/flagger/README.md

@@ -1,7 +1,8 @@
 # Flagger
 
-[Flagger](https://github.com/weaveworks/flagger) is a Kubernetes operator that automates the promotion of 
-canary deployments using Istio, Linkerd, App Mesh, NGINX or Gloo routing for traffic shifting and Prometheus metrics for canary analysis. 
+[Flagger](https://github.com/weaveworks/flagger) is a Kubernetes operator that automates the promotion of canary
+deployments using Istio, Linkerd, App Mesh, NGINX or Gloo routing for traffic shifting and Prometheus metrics for canary analysis. 
+
 Flagger implements a control loop that gradually shifts traffic to the canary while measuring key performance indicators
 like HTTP requests success rate, requests average duration and pods health.
 Based on the KPIs analysis a canary is promoted or aborted and the analysis result is published to Slack or MS Teams.
@@ -45,6 +46,16 @@ $ helm upgrade -i flagger flagger/flagger \
     --set metricsServer=http://linkerd-prometheus:9090
 ```
 
+To install the chart with the release name `flagger` for AWS App Mesh:
+
+```console
+$ helm upgrade -i flagger flagger/flagger \
+    --namespace=appmesh-system \
+    --set crd.create=false \
+    --set meshProvider=appmesh \
+    --set metricsServer=http://appmesh-prometheus:9090
+```
+
 The [configuration](#configuration) section lists the parameters that can be configured during installation.
 
 ## Uninstalling the Chart
@@ -63,33 +74,43 @@ The following tables lists the configurable parameters of the Flagger chart and
 
 Parameter | Description | Default
 --- | --- | ---
-`image.repository` | image repository | `weaveworks/flagger`
-`image.tag` | image tag | `<VERSION>`
-`image.pullPolicy` | image pull policy | `IfNotPresent`
-`prometheus.install` | if `true`, installs Prometheus configured to scrape all pods in the custer including the App Mesh sidecar | `false`
+`image.repository` | Image repository | `weaveworks/flagger`
+`image.tag` | Image tag | `<VERSION>`
+`image.pullPolicy` | Image pull policy | `IfNotPresent`
+`prometheus.install` | If `true`, installs Prometheus configured to scrape all pods in the custer including the App Mesh sidecar | `false`
 `metricsServer` | Prometheus URL, used when `prometheus.install` is `false` | `http://prometheus.istio-system:9090`
+`selectorLabels` | List of labels that Flagger uses to create pod selectors | `app,name,app.kubernetes.io/name`
+`configTracking.enabled` | If `true`, flagger will track changes in Secrets and ConfigMaps referenced in the target deployment | `true`
+`eventWebhook` | If set, Flagger will publish events to the given webhook | None
 `slack.url` | Slack incoming webhook | None
 `slack.channel` | Slack channel | None
 `slack.user` | Slack username | `flagger`
 `msteams.url` | Microsoft Teams incoming webhook | None
-`leaderElection.enabled` | leader election must be enabled when running more than one replica | `false`
-`leaderElection.replicaCount` | number of replicas | `1`
-`rbac.create` | if `true`, create and use RBAC resources | `true`
+`podMonitor.enabled` | If `true`, create a PodMonitor for [monitoring the metrics](https://docs.flagger.app/usage/monitoring#metrics) | `false`
+`podMonitor.namespace` | Namespace where the PodMonitor is created | the same namespace 
+`podMonitor.interval` | Interval at which metrics should be scraped | `15s` 
+`podMonitor.podMonitor` | Additional labels to add to the PodMonitor | `{}`
+`leaderElection.enabled` | If `true`, Flagger will run in HA mode | `false`
+`leaderElection.replicaCount` | Number of replicas | `1`
+`ingressAnnotationsPrefix` | Annotations prefix for ingresses | `custom.ingress.kubernetes.io`
+`rbac.create` | If `true`, create and use RBAC resources | `true`
 `rbac.pspEnabled` | If `true`, create and use a restricted pod security policy | `false`
-`crd.create` | if `true`, create Flagger's CRDs | `true`
-`resources.requests/cpu` | pod CPU request | `10m`
-`resources.requests/memory` | pod memory request | `32Mi`
-`resources.limits/cpu` | pod CPU limit | `1000m`
-`resources.limits/memory` | pod memory limit | `512Mi`
-`affinity` | node/pod affinities | None
-`nodeSelector` | node labels for pod assignment | `{}`
-`tolerations` | list of node taints to tolerate | `[]`
+`crd.create` | If `true`, create Flagger's CRDs (should be enabled for Helm v2 only) | `false`
+`resources.requests/cpu` | Pod CPU request | `10m`
+`resources.requests/memory` | Pod memory request | `32Mi`
+`resources.limits/cpu` | Pod CPU limit | `1000m`
+`resources.limits/memory` | Pod memory limit | `512Mi`
+`affinity` | Node/pod affinities | None
+`nodeSelector` | Node labels for pod assignment | `{}`
+`tolerations` | List of node taints to tolerate | `[]`
+`istio.kubeconfig.secretName` | The name of the Kubernetes secret containing the Istio shared control plane kubeconfig | None
+`istio.kubeconfig.key` | The name of Kubernetes secret data key that contains the Istio control plane kubeconfig | `kubeconfig`
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade`. For example,
 
 ```console
 $ helm upgrade -i flagger flagger/flagger \
-  --namespace istio-system \
+  --namespace flagger-system \
   --set crd.create=false \
   --set slack.url=https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK \
   --set slack.channel=general

charts/flagger/crds/crd.yaml

@@ -0,0 +1,821 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: canaries.flagger.app
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  group: flagger.app
+  version: v1beta1
+  versions:
+    - name: v1beta1
+      served: true
+      storage: true
+    - name: v1alpha3
+      served: true
+      storage: false
+    - name: v1alpha2
+      served: false
+      storage: false
+    - name: v1alpha1
+      served: false
+      storage: false
+  names:
+    plural: canaries
+    singular: canary
+    kind: Canary
+    categories:
+      - all
+  scope: Namespaced
+  subresources:
+    status: {}
+  additionalPrinterColumns:
+    - name: Status
+      type: string
+      JSONPath: .status.phase
+    - name: Weight
+      type: string
+      JSONPath: .status.canaryWeight
+    - name: FailedChecks
+      type: string
+      JSONPath: .status.failedChecks
+      priority: 1
+    - name: Interval
+      type: string
+      JSONPath: .spec.analysis.interval
+      priority: 1
+    - name: Mirror
+      type: boolean
+      JSONPath: .spec.analysis.mirror
+      priority: 1
+    - name: StepWeight
+      type: string
+      JSONPath: .spec.analysis.stepWeight
+      priority: 1
+    - name: MaxWeight
+      type: string
+      JSONPath: .spec.analysis.maxWeight
+      priority: 1
+    - name: LastTransitionTime
+      type: string
+      JSONPath: .status.lastTransitionTime
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          required:
+            - targetRef
+            - service
+            - analysis
+          properties:
+            provider:
+              description: Traffic managent provider
+              type: string
+            metricsServer:
+              description: Prometheus URL
+              type: string
+            progressDeadlineSeconds:
+              description: Deployment progress deadline
+              type: number
+            targetRef:
+              description: Target selector
+              type: object
+              required: ["apiVersion", "kind", "name"]
+              properties:
+                apiVersion:
+                  type: string
+                kind:
+                  type: string
+                  enum:
+                    - DaemonSet
+                    - Deployment
+                    - Service
+                name:
+                  type: string
+            autoscalerRef:
+              description: HPA selector
+              type: object
+              required: ["apiVersion", "kind", "name"]
+              properties:
+                apiVersion:
+                  type: string
+                kind:
+                  type: string
+                  enum:
+                    - HorizontalPodAutoscaler
+                name:
+                  type: string
+            ingressRef:
+              description: NGINX ingress selector
+              type: object
+              required: ["apiVersion", "kind", "name"]
+              properties:
+                apiVersion:
+                  type: string
+                kind:
+                  type: string
+                  enum:
+                    - Ingress
+                name:
+                  type: string
+            service:
+              description: Kubernetes Service spec
+              type: object
+              required: ["port"]
+              properties:
+                name:
+                  description: Kubernetes service name
+                  type: string
+                port:
+                  description: Container port number
+                  type: number
+                portName:
+                  description: Container port name
+                  type: string
+                targetPort:
+                  description: Container target port name
+                  anyOf:
+                    - type: string
+                    - type: number
+                portDiscovery:
+                  description: Enable port dicovery
+                  type: boolean
+                timeout:
+                  description: HTTP or gRPC request timeout
+                  type: string
+                meshName:
+                  description: AppMesh mesh name
+                  type: string
+                backends:
+                  description: AppMesh backend array
+                  type: array
+                  items:
+                    type: string
+                hosts:
+                  description: The list of host names for this service
+                  type: array
+                  items:
+                    type: string
+                match:
+                  description: URI match conditions
+                  type: array
+                  items:
+                    type: object
+                    properties:
+                      uri:
+                        type: object
+                        oneOf:
+                          - required: ["exact"]
+                          - required: ["prefix"]
+                          - required: ["suffix"]
+                          - required: ["regex"]
+                        properties:
+                          exact:
+                            format: string
+                            type: string
+                          prefix:
+                            format: string
+                            type: string
+                          suffix:
+                            format: string
+                            type: string
+                          regex:
+                            format: string
+                            type: string
+                retries:
+                  description: Retry policy for HTTP requests
+                  type: object
+                  properties:
+                    attempts:
+                      description: Number of retries for a given request
+                      format: int32
+                      type: integer
+                    perTryTimeout:
+                      description: Timeout per retry attempt for a given request
+                      type: string
+                    retryOn:
+                      description: Specifies the conditions under which retry takes place
+                      format: string
+                      type: string
+                rewrite:
+                  description: Rewrite HTTP URIs
+                  type: object
+                  properties:
+                    uri:
+                      format: string
+                      type: string
+                headers:
+                  description: Headers operations
+                  type: object
+                  properties:
+                    request:
+                      properties:
+                        add:
+                          additionalProperties:
+                            format: string
+                            type: string
+                          type: object
+                        remove:
+                          items:
+                            format: string
+                            type: string
+                          type: array
+                        set:
+                          additionalProperties:
+                            format: string
+                            type: string
+                          type: object
+                      type: object
+                    response:
+                      properties:
+                        add:
+                          additionalProperties:
+                            format: string
+                            type: string
+                          type: object
+                        remove:
+                          items:
+                            format: string
+                            type: string
+                          type: array
+                        set:
+                          additionalProperties:
+                            format: string
+                            type: string
+                          type: object
+                      type: object
+                gateways:
+                  description: The list of Istio gateway for this virtual service
+                  type: array
+                  items:
+                    type: string
+                corsPolicy:
+                  description: Istio Cross-Origin Resource Sharing policy (CORS)
+                  type: object
+                  properties:
+                    allowCredentials:
+                      type: boolean
+                    allowHeaders:
+                      items:
+                        format: string
+                        type: string
+                      type: array
+                    allowMethods:
+                      description: List of HTTP methods allowed to access the resource
+                      items:
+                        format: string
+                        type: string
+                      type: array
+                    allowOrigin:
+                      description: The list of origins that are allowed to perform
+                        CORS requests.
+                      items:
+                        format: string
+                        type: string
+                      type: array
+                    allowOrigins:
+                      description: String patterns that match allowed origins
+                      type: array
+                      items:
+                        type: object
+                        oneOf:
+                          - required:
+                              - exact
+                          - required:
+                              - prefix
+                          - required:
+                              - regex
+                        properties:
+                          exact:
+                            format: string
+                            type: string
+                          prefix:
+                            format: string
+                            type: string
+                          regex:
+                            format: string
+                            type: string
+                    exposeHeaders:
+                      items:
+                        format: string
+                        type: string
+                      type: array
+                    maxAge:
+                      type: string
+                trafficPolicy:
+                  description: Istio traffic policy
+                  type: object
+                  properties:
+                    connectionPool:
+                      properties:
+                        http:
+                          description: HTTP connection pool settings.
+                          type: object
+                          properties:
+                            h2UpgradePolicy:
+                              description: Specify if http1.1 connection should
+                                be upgraded to http2 for the associated destination.
+                              enum:
+                                - DEFAULT
+                                - DO_NOT_UPGRADE
+                                - UPGRADE
+                              type: string
+                            http1MaxPendingRequests:
+                              description: Maximum number of pending HTTP requests
+                                to a destination.
+                              format: int32
+                              type: integer
+                            http2MaxRequests:
+                              description: Maximum number of requests to a backend.
+                              format: int32
+                              type: integer
+                            idleTimeout:
+                              description: The idle timeout for upstream connection
+                                pool connections.
+                              type: string
+                            maxRequestsPerConnection:
+                              description: Maximum number of requests per connection
+                                to a backend.
+                              format: int32
+                              type: integer
+                            maxRetries:
+                              format: int32
+                              type: integer
+                    loadBalancer:
+                      description: Settings controlling the load balancer algorithms.
+                      type: object
+                      oneOf:
+                        - required:
+                            - simple
+                        - properties:
+                            consistentHash:
+                              oneOf:
+                                - required:
+                                    - httpHeaderName
+                                - required:
+                                    - httpCookie
+                                - required:
+                                    - useSourceIp
+                                - required:
+                                    - httpQueryParameterName
+                          required:
+                            - consistentHash
+                      properties:
+                        consistentHash:
+                          properties:
+                            httpCookie:
+                              description: Hash based on HTTP cookie.
+                              properties:
+                                name:
+                                  description: Name of the cookie.
+                                  format: string
+                                  type: string
+                                path:
+                                  description: Path to set for the cookie.
+                                  format: string
+                                  type: string
+                                ttl:
+                                  description: Lifetime of the cookie.
+                                  type: string
+                              type: object
+                            httpHeaderName:
+                              description: Hash based on a specific HTTP header.
+                              format: string
+                              type: string
+                            httpQueryParameterName:
+                              description: Hash based on a specific HTTP query parameter.
+                              format: string
+                              type: string
+                            minimumRingSize:
+                              type: integer
+                            useSourceIp:
+                              description: Hash based on the source IP address.
+                              type: boolean
+                          type: object
+                        localityLbSetting:
+                          properties:
+                            distribute:
+                              description: 'Optional: only one of distribute or
+                                failover can be set.'
+                              items:
+                                properties:
+                                  from:
+                                    description: Originating locality, '/' separated,
+                                      e.g.
+                                    format: string
+                                    type: string
+                                  to:
+                                    additionalProperties:
+                                      type: integer
+                                    description: Map of upstream localities to traffic
+                                      distribution weights.
+                                    type: object
+                                type: object
+                              type: array
+                            enabled:
+                              description: enable locality load balancing, this
+                                is DestinationRule-level and will override mesh
+                                wide settings in entirety.
+                              type: boolean
+                            failover:
+                              description: 'Optional: only failover or distribute
+                                can be set.'
+                              items:
+                                properties:
+                                  from:
+                                    description: Originating region.
+                                    format: string
+                                    type: string
+                                  to:
+                                    format: string
+                                    type: string
+                                type: object
+                              type: array
+                          type: object
+                        simple:
+                          enum:
+                            - ROUND_ROBIN
+                            - LEAST_CONN
+                            - RANDOM
+                            - PASSTHROUGH
+                          type: string
+                    outlierDetection:
+                      description: Settings controlling eviction of unhealthy hosts from the load balancing pool.
+                      type: object
+                      properties:
+                        baseEjectionTime:
+                          description: Minimum ejection duration.
+                          type: string
+                        consecutive5xxErrors:
+                          description: Number of 5xx errors before a host is ejected
+                            from the connection pool.
+                          type: integer
+                        consecutiveErrors:
+                          format: int32
+                          type: integer
+                        consecutiveGatewayErrors:
+                          description: Number of gateway errors before a host is
+                            ejected from the connection pool.
+                          format: int32
+                          type: integer
+                        interval:
+                          description: Time interval between ejection sweep analysis.
+                          type: string
+                        maxEjectionPercent:
+                          format: int32
+                          type: integer
+                        minHealthPercent:
+                          format: int32
+                          type: integer
+                    tls:
+                      description: Istio TLS related settings for connections to the upstream service
+                      type: object
+                      properties:
+                        caCertificates:
+                          format: string
+                          type: string
+                        clientCertificate:
+                          description: REQUIRED if mode is `MUTUAL`.
+                          format: string
+                          type: string
+                        mode:
+                          enum:
+                            - DISABLE
+                            - SIMPLE
+                            - MUTUAL
+                            - ISTIO_MUTUAL
+                          type: string
+                        privateKey:
+                          description: REQUIRED if mode is `MUTUAL`.
+                          format: string
+                          type: string
+                        sni:
+                          description: SNI string to present to the server
+                            during TLS handshake.
+                          format: string
+                          type: string
+                        subjectAltNames:
+                          items:
+                            format: string
+                            type: string
+                          type: array
+            skipAnalysis:
+              description: Skip analysis and promote canary
+              type: boolean
+            analysis:
+              description: Canary analysis for this canary
+              type: object
+              oneOf:
+                - required: ["interval", "threshold", "iterations"]
+                - required: ["interval", "threshold", "stepWeight"]
+              properties:
+                interval:
+                  description: Schedule interval for this canary
+                  type: string
+                  pattern: "^[0-9]+(m|s)"
+                iterations:
+                  description: Number of checks to run for A/B Testing and Blue/Green
+                  type: number
+                threshold:
+                  description: Max number of failed checks before rollback
+                  type: number
+                maxWeight:
+                  description: Max traffic percentage routed to canary
+                  type: number
+                stepWeight:
+                  description: Incremental traffic percentage step
+                  type: number
+                mirror:
+                  description: Mirror traffic to canary
+                  type: boolean
+                match:
+                  description: A/B testing match conditions
+                  type: array
+                  items:
+                    type: object
+                    properties:
+                      headers:
+                        type: object
+                        additionalProperties:
+                          oneOf:
+                            - required: ["exact"]
+                            - required: ["prefix"]
+                            - required: ["suffix"]
+                            - required: ["regex"]
+                          type: object
+                          properties:
+                            exact:
+                              format: string
+                              type: string
+                            prefix:
+                              format: string
+                              type: string
+                            suffix:
+                              format: string
+                              type: string
+                            regex:
+                              format: string
+                              type: string
+                metrics:
+                  description: Metric check list for this canary
+                  type: array
+                  items:
+                    type: object
+                    required: ["name"]
+                    properties:
+                      name:
+                        description: Name of the metric
+                        type: string
+                      interval:
+                        description: Interval of the query
+                        type: string
+                        pattern: "^[0-9]+(m|s)"
+                      threshold:
+                        description: Max value accepted for this metric
+                        type: number
+                      thresholdRange:
+                        description: Range accepted for this metric
+                        type: object
+                        properties:
+                          min:
+                            description: Min value accepted for this metric
+                            type: number
+                          max:
+                            description: Max value accepted for this metric
+                            type: number
+                      query:
+                        description: Prometheus query
+                        type: string
+                      templateRef:
+                        description: Metric template reference
+                        type: object
+                        required: ["name"]
+                        properties:
+                          name:
+                            description: Name of this metric template
+                            type: string
+                          namespace:
+                            description: Namespace of this metric template
+                            type: string
+                webhooks:
+                  description: Webhook list for this canary
+                  type: array
+                  items:
+                    type: object
+                    required: ["name", "url"]
+                    properties:
+                      name:
+                        description: Name of the webhook
+                        type: string
+                      type:
+                        description: Type of the webhook pre, post or during rollout
+                        type: string
+                        enum:
+                          - ""
+                          - confirm-rollout
+                          - pre-rollout
+                          - rollout
+                          - confirm-promotion
+                          - post-rollout
+                          - event
+                          - rollback
+                      url:
+                        description: URL address of this webhook
+                        type: string
+                        format: url
+                      timeout:
+                        description: Request timeout for this webhook
+                        type: string
+                        pattern: "^[0-9]+(m|s)"
+                      metadata:
+                        description: Metadata (key-value pairs) for this webhook
+                        type: object
+                        additionalProperties:
+                          type: string
+        status:
+          properties:
+            phase:
+              description: Analysis phase of this canary
+              type: string
+              enum:
+                - ""
+                - Initializing
+                - Initialized
+                - Waiting
+                - Progressing
+                - Promoting
+                - Finalising
+                - Succeeded
+                - Failed
+            canaryWeight:
+              description: Traffic weight percentage routed to canary
+              type: number
+            failedChecks:
+              description: Failed check count of the current canary analysis
+              type: number
+            iterations:
+              description: Iteration count of the current canary analysis
+              type: number
+            lastAppliedSpec:
+              description: LastAppliedSpec of this canary
+              type: string
+            lastTransitionTime:
+              description: LastTransitionTime of this canary
+              format: date-time
+              type: string
+            conditions:
+              description: Status conditions of this canary
+              type: array
+              items:
+                type: object
+                required: ["type", "status", "reason"]
+                properties:
+                  lastTransitionTime:
+                    description: LastTransitionTime of this condition
+                    format: date-time
+                    type: string
+                  lastUpdateTime:
+                    description: LastUpdateTime of this condition
+                    format: date-time
+                    type: string
+                  message:
+                    description: Message associated with this condition
+                    type: string
+                  reason:
+                    description: Reason for the current status of this condition
+                    type: string
+                  status:
+                    description: Status of this condition
+                    type: string
+                  type:
+                    description: Type of this condition
+                    type: string
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: metrictemplates.flagger.app
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  group: flagger.app
+  version: v1beta1
+  versions:
+    - name: v1beta1
+      served: true
+      storage: true
+    - name: v1alpha1
+      served: true
+      storage: false
+  names:
+    plural: metrictemplates
+    singular: metrictemplate
+    kind: MetricTemplate
+    categories:
+      - all
+  scope: Namespaced
+  subresources:
+    status: {}
+  additionalPrinterColumns:
+    - name: Provider
+      type: string
+      JSONPath: .spec.provider.type
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          required:
+            - provider
+            - query
+          properties:
+            provider:
+              description: Provider of this metric template
+              type: object
+              required:
+                - type
+              properties:
+                type:
+                  description: Type of this provider
+                  type: string
+                  enum:
+                    - prometheus
+                    - influxdb
+                    - datadog
+                    - cloudwatch
+                address:
+                  description: API address of this provider
+                  type: string
+                secretRef:
+                  description: Kubernetes secret reference containing the provider credentials
+                  type: object
+                  required:
+                    - name
+                  properties:
+                    name:
+                      description: Name of the Kubernetes secret
+                      type: string
+                region:
+                  description: Region of the provider
+                  type: string
+            query:
+              description: Query of this metric template
+              type: string
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: alertproviders.flagger.app
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  group: flagger.app
+  version: v1beta1
+  versions:
+    - name: v1beta1
+      served: true
+      storage: true
+  names:
+    plural: alertproviders
+    singular: alertprovider
+    kind: AlertProvider
+    categories:
+      - all
+  scope: Namespaced
+  subresources:
+    status: {}
+  additionalPrinterColumns:
+    - name: Type
+      type: string
+      JSONPath: .spec.type
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          oneOf:
+            - required:
+              - type
+              - address
+            - required:
+              - type
+              - secretRef
+          properties:
+            type:
+              description: Type of this provider
+              type: string
+              enum:
+                - slack
+                - msteams
+                - discord
+                - rocket
+            address:
+              description: Hook URL address of this provider
+              type: string
+            secretRef:
+              description: Kubernetes secret reference containing the provider address
+              type: object
+              required:
+                - name
+              properties:
+                name:
+                  description: Name of the Kubernetes secret
+                  type: string

charts/flagger/templates/crd.yaml

@@ -1,227 +1,6 @@
-{{- if .Values.crd.create }}
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: canaries.flagger.app
-  annotations:
-    helm.sh/resource-policy: keep
-spec:
-  group: flagger.app
-  version: v1alpha3
-  versions:
-    - name: v1alpha3
-      served: true
-      storage: true
-    - name: v1alpha2
-      served: true
-      storage: false
-    - name: v1alpha1
-      served: true
-      storage: false
-  names:
-    plural: canaries
-    singular: canary
-    kind: Canary
-    categories:
-      - all
-  scope: Namespaced
-  subresources:
-    status: {}
-  additionalPrinterColumns:
-    - name: Status
-      type: string
-      JSONPath: .status.phase
-    - name: Weight
-      type: string
-      JSONPath: .status.canaryWeight
-    - name: LastTransitionTime
-      type: string
-      JSONPath: .status.lastTransitionTime
-  validation:
-    openAPIV3Schema:
-      properties:
-        spec:
-          required:
-            - targetRef
-            - service
-            - canaryAnalysis
-          properties:
-            provider:
-              type: string
-            progressDeadlineSeconds:
-              type: number
-            targetRef:
-              type: object
-              required: ['apiVersion', 'kind', 'name']
-              properties:
-                apiVersion:
-                  type: string
-                kind:
-                  type: string
-                name:
-                  type: string
-            autoscalerRef:
-              anyOf:
-                - type: string
-                - type: object
-              required: ['apiVersion', 'kind', 'name']
-              properties:
-                apiVersion:
-                  type: string
-                kind:
-                  type: string
-                name:
-                  type: string
-            ingressRef:
-              anyOf:
-                - type: string
-                - type: object
-              required: ['apiVersion', 'kind', 'name']
-              properties:
-                apiVersion:
-                  type: string
-                kind:
-                  type: string
-                name:
-                  type: string
-            service:
-              type: object
-              required: ['port']
-              properties:
-                port:
-                  type: number
-                portName:
-                  type: string
-                portDiscovery:
-                  type: boolean
-                meshName:
-                  type: string
-                timeout:
-                  type: string
-            skipAnalysis:
-              type: boolean
-            canaryAnalysis:
-              properties:
-                interval:
-                  description: Canary schedule interval
-                  type: string
-                  pattern: "^[0-9]+(m|s)"
-                iterations:
-                  description: Number of checks to run for A/B Testing and Blue/Green
-                  type: number
-                threshold:
-                  description: Max number of failed checks before rollback
-                  type: number
-                maxWeight:
-                  description: Max traffic percentage routed to canary
-                  type: number
-                stepWeight:
-                  description: Canary incremental traffic percentage step
-                  type: number
-                metrics:
-                  description: Prometheus query list for this canary
-                  type: array
-                  properties:
-                    items:
-                      type: object
-                      required: ['name', 'threshold']
-                      properties:
-                        name:
-                          description: Name of the Prometheus metric
-                          type: string
-                        interval:
-                          description: Interval of the promql query
-                          type: string
-                          pattern: "^[0-9]+(m|s)"
-                        threshold:
-                          description: Max scalar value accepted for this metric
-                          type: number
-                        query:
-                          description: Prometheus query
-                          type: string
-                webhooks:
-                  description: Webhook list for this canary
-                  type: array
-                  properties:
-                    items:
-                      type: object
-                      required: ['name', 'url', 'timeout']
-                      properties:
-                        name:
-                          description: Name of the webhook
-                          type: string
-                        type:
-                          description: Type of the webhook pre, post or during rollout
-                          type: string
-                          enum:
-                            - ""
-                            - pre-rollout
-                            - rollout
-                            - post-rollout
-                        url:
-                          description: URL address of this webhook
-                          type: string
-                          format: url
-                        timeout:
-                          description: Request timeout for this webhook
-                          type: string
-                          pattern: "^[0-9]+(m|s)"
-        status:
-          properties:
-            phase:
-              description: Analysis phase of this canary
-              type: string
-              enum:
-                - ""
-                - Initializing
-                - Initialized
-                - Waiting
-                - Progressing
-                - Finalising
-                - Succeeded
-                - Failed
-            canaryWeight:
-              description: Traffic weight percentage routed to canary
-              type: number
-            failedChecks:
-              description: Failed check count of the current canary analysis
-              type: number
-            iterations:
-              description: Iteration count of the current canary analysis
-              type: number
-            lastAppliedSpec:
-              description: LastAppliedSpec of this canary
-              type: string
-            lastTransitionTime:
-              description: LastTransitionTime of this canary
-              format: date-time
-              type: string
-            conditions:
-              description: Status conditions of this canary
-              type: array
-              properties:
-                items:
-                  type: object
-                  required: ['type', 'status', 'reason']
-                  properties:
-                    lastTransitionTime:
-                      description: LastTransitionTime of this condition
-                      format: date-time
-                      type: string
-                    lastUpdateTime:
-                      description: LastUpdateTime of this condition
-                      format: date-time
-                      type: string
-                    message:
-                      description: Message associated with this condition
-                      type: string
-                    reason:
-                      description: Reason for the current status of this condition
-                      type: string
-                    status:
-                      description: Status of this condition
-                      type: string
-                    type:
-                      description: Type of this condition
-                      type: string
-{{- end }}
+{{- if .Values.crd.create -}}
+{{- range $path, $bytes := .Files.Glob "crds/*.yaml" -}}
+{{ $.Files.Get $path }}
+---
+{{- end -}}
+{{- end -}}

charts/flagger/templates/deployment.yaml

@@ -9,8 +9,10 @@ metadata:
     app.kubernetes.io/instance: {{ .Release.Name }}
 spec:
   replicas: {{ .Values.leaderElection.replicaCount }}
+  {{- if eq .Values.leaderElection.enabled false }}
   strategy:
     type: Recreate
+  {{- end }}
   selector:
     matchLabels:
       app.kubernetes.io/name: {{ template "flagger.name" . }}
@@ -20,6 +22,10 @@ spec:
       labels:
         app.kubernetes.io/name: {{ template "flagger.name" . }}
         app.kubernetes.io/instance: {{ .Release.Name }}
+      annotations:
+        {{- if .Values.podAnnotations }}
+{{ toYaml .Values.podAnnotations | indent 8 }}
+        {{- end }}
     spec:
       serviceAccountName: {{ template "flagger.serviceAccountName" . }}
       affinity:
@@ -32,11 +38,26 @@ spec:
                     app.kubernetes.io/name: {{ template "flagger.name" . }}
                     app.kubernetes.io/instance: {{ .Release.Name }}
                 topologyKey: kubernetes.io/hostname
+      {{- if .Values.image.pullSecret }}
+      imagePullSecrets:
+        - name: {{ .Values.image.pullSecret }}
+      {{- end }}
+      volumes:
+        {{- if .Values.istio.kubeconfig.secretName }}
+        - name: kubeconfig
+          secret:
+            secretName: "{{ .Values.istio.kubeconfig.secretName }}"
+        {{- end }}
       containers:
         - name: flagger
           securityContext:
             readOnlyRootFilesystem: true
             runAsUser: 10001
+          volumeMounts:
+            {{- if .Values.istio.kubeconfig.secretName }}
+            - name: kubeconfig
+              mountPath: "/tmp/istio-host"
+            {{- end }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
@@ -53,6 +74,12 @@ spec:
           {{- else }}
           - -metrics-server={{ .Values.metricsServer }}
           {{- end }}
+          {{- if .Values.selectorLabels }}
+          - -selector-labels={{ .Values.selectorLabels }}
+          {{- end }}
+          {{- if .Values.configTracking }}
+          - -enable-config-tracking={{ .Values.configTracking.enabled }}
+          {{- end }}
           {{- if .Values.namespace }}
           - -namespace={{ .Values.namespace }}
           {{- end }}
@@ -68,6 +95,15 @@ spec:
           - -enable-leader-election=true
           - -leader-election-namespace={{ .Release.Namespace }}
           {{- end }}
+          {{- if .Values.ingressAnnotationsPrefix }}
+          - -ingress-annotations-prefix={{ .Values.ingressAnnotationsPrefix }}
+          {{- end }}
+          {{- if .Values.eventWebhook }}
+          - -event-webhook={{ .Values.eventWebhook }}
+          {{- end }}
+          {{- if .Values.istio.kubeconfig.secretName }}
+          - -kubeconfig-service-mesh=/tmp/istio-host/{{ .Values.istio.kubeconfig.key }}
+          {{- end }}
           livenessProbe:
             exec:
               command:
@@ -88,6 +124,10 @@ spec:
               - --spider
               - http://localhost:8080/healthz
             timeoutSeconds: 5
+          {{- if .Values.env }}
+          env:
+{{ toYaml .Values.env | indent 12 }}
+          {{- end }}
           resources:
 {{ toYaml .Values.resources | indent 12 }}
     {{- with .Values.nodeSelector }}

charts/flagger/templates/podmonitor.yaml

@@ -0,0 +1,27 @@
+{{- if .Values.podMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  labels:
+    helm.sh/chart: {{ template "flagger.chart" . }}
+    app.kubernetes.io/name: {{ template "flagger.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- range $k, $v := .Values.podMonitor.additionalLabels }}
+    {{ $k }}: {{ $v | quote }}
+    {{- end }}
+  name: {{ include "flagger.fullname" . }}
+  namespace: {{ .Values.podMonitor.namespace | default .Release.Namespace }}
+spec:
+  podMetricsEndpoints:
+  - interval: {{ .Values.podMonitor.interval }}
+    path: /metrics
+    port: http
+  namespaceSelector:
+    matchNames:
+    - {{ .Release.Namespace }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "flagger.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/flagger/templates/prometheus.yaml

@@ -133,38 +133,22 @@ data:
       scheme: https
       tls_config:
         ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+        insecure_skip_verify: true
       bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
       relabel_configs:
       - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
         action: keep
         regex: kubernetes;https
 
-    # Scrape config for nodes
-    - job_name: 'kubernetes-nodes'
-      scheme: https
-      tls_config:
-        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-      kubernetes_sd_configs:
-      - role: node
-      relabel_configs:
-      - action: labelmap
-        regex: __meta_kubernetes_node_label_(.+)
-      - target_label: __address__
-        replacement: kubernetes.default.svc:443
-      - source_labels: [__meta_kubernetes_node_name]
-        regex: (.+)
-        target_label: __metrics_path__
-        replacement: /api/v1/nodes/${1}/proxy/metrics
-
     # scrape config for cAdvisor
     - job_name: 'kubernetes-cadvisor'
       scheme: https
       tls_config:
         ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+        insecure_skip_verify: true
       bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
       kubernetes_sd_configs:
-      - role: node
+        - role: node
       relabel_configs:
       - action: labelmap
         regex: __meta_kubernetes_node_label_(.+)
@@ -174,6 +158,14 @@ data:
         regex: (.+)
         target_label: __metrics_path__
         replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor
+      # exclude high cardinality metrics
+      metric_relabel_configs:
+      - source_labels: [__name__]
+        regex: (container|machine)_(cpu|memory|network|fs)_(.+)
+        action: keep
+      - source_labels: [__name__]
+        regex: container_memory_failures_total
+        action: drop
 
     # scrape config for pods
     - job_name: kubernetes-pods
@@ -238,7 +230,7 @@ spec:
       serviceAccountName: {{ template "flagger.serviceAccountName" . }}-prometheus
       containers:
         - name: prometheus
-          image: "docker.io/prom/prometheus:v2.10.0"
+          image: "docker.io/prom/prometheus:v2.15.2"
           imagePullPolicy: IfNotPresent
           args:
             - '--storage.tsdb.retention=2h'

charts/flagger/templates/rbac.yaml

@@ -20,6 +20,7 @@ rules:
   - apiGroups:
       - apps
     resources:
+      - daemonsets
       - deployments
     verbs: ["*"]
   - apiGroups:
@@ -38,6 +39,10 @@ rules:
     resources:
       - canaries
       - canaries/status
+      - metrictemplates
+      - metrictemplates/status
+      - alertproviders
+      - alertproviders/status
     verbs: ["*"]
   - apiGroups:
       - networking.istio.io
@@ -77,6 +82,11 @@ rules:
       - virtualservices
       - gateways
     verbs: ["*"]
+  - apiGroups:
+      - projectcontour.io
+    resources:
+      - httpproxies
+    verbs: ["*"]
   - nonResourceURLs:
       - /version
     verbs:

charts/flagger/values.yaml

@@ -2,17 +2,34 @@
 
 image:
   repository: weaveworks/flagger
-  tag: 0.18.1
+  tag: 1.0.0-rc.1
   pullPolicy: IfNotPresent
+  pullSecret:
+
+podAnnotations:
+  prometheus.io/scrape: "true"
+  prometheus.io/port: "8080"
+  appmesh.k8s.aws/sidecarInjectorWebhook: disabled
 
 metricsServer: "http://prometheus:9090"
 
-# accepted values are istio, appmesh, nginx or supergloo:mesh.namespace (defaults to istio)
+# accepted values are kubernetes, istio, linkerd, appmesh, nginx, gloo or supergloo:mesh.namespace (defaults to istio)
 meshProvider: ""
 
 # single namespace restriction
 namespace: ""
 
+# list of pod labels that Flagger uses to create pod selectors
+# defaults to: app,name,app.kubernetes.io/name
+selectorLabels: ""
+
+# when enabled, flagger will track changes in Secrets and ConfigMaps referenced in the target deployment (enabled by default)
+configTracking:
+  enabled: true
+
+# when specified, flagger will publish events to the provided webhook
+eventWebhook: ""
+
 slack:
   user: flagger
   channel:
@@ -23,6 +40,30 @@ msteams:
   # MS Teams incoming webhook URL
   url:
 
+podMonitor:
+  enabled: false
+  namespace:
+  interval: 15s
+  additionalLabels: {}
+
+#env:
+#- name: SLACK_URL
+#  valueFrom:
+#    secretKeyRef:
+#      name: slack
+#      key: url
+#- name: MSTEAMS_URL
+#  valueFrom:
+#    secretKeyRef:
+#      name: msteams
+#      key: url
+#- name: EVENT_WEBHOOK_URL
+#  valueFrom:
+#    secretKeyRef:
+#      name: eventwebhook
+#      key: url
+env: []
+
 leaderElection:
   enabled: false
   replicaCount: 1
@@ -41,7 +82,7 @@ rbac:
 
 crd:
   # crd.create: `true` if custom resource definitions should be created
-  create: true
+  create: false
 
 nameOverride: ""
 fullnameOverride: ""
@@ -59,5 +100,14 @@ nodeSelector: {}
 tolerations: []
 
 prometheus:
-  # to be used with AppMesh or nginx ingress
+  # to be used with ingress controllers
   install: false
+
+#  Istio multi-cluster service mesh (shared control plane single-network)
+# https://istio.io/docs/setup/install/multicluster/shared-vpn/
+istio:
+  kubeconfig:
+    # istio.kubeconfig.secretName: The name of the secret containing the Istio control plane kubeconfig
+    secretName: ""
+    # istio.kubeconfig.key: The name of secret data key that contains the Istio control plane kubeconfig
+    key: "kubeconfig"

charts/grafana/Chart.yaml

@@ -1,13 +1,20 @@
 apiVersion: v1
 name: grafana
-version: 1.3.0
-appVersion: 6.2.5
+version: 1.4.0
+appVersion: 6.5.1
 description: Grafana dashboards for monitoring Flagger canary deployments
-icon: https://raw.githubusercontent.com/weaveworks/flagger/master/docs/logo/flagger-icon.png
+icon: https://raw.githubusercontent.com/weaveworks/flagger/master/docs/logo/weaveworks.png
 home: https://flagger.app
 sources:
-- https://github.com/weaveworks/flagger
+  - https://github.com/weaveworks/flagger
 maintainers:
-- name: stefanprodan
-  url: https://github.com/stefanprodan
-  email: stefanprodan@users.noreply.github.com
+  - name: stefanprodan
+    url: https://github.com/stefanprodan
+    email: stefanprodan@users.noreply.github.com
+keywords:
+  - flagger
+  - grafana
+  - canary
+  - istio
+  - appmesh
+

charts/grafana/README.md

@@ -1,13 +1,12 @@
 # Flagger Grafana
 
-Grafana dashboards for monitoring progressive deployments powered by Istio, Prometheus and Flagger.
+Grafana dashboards for monitoring progressive deployments powered by Flagger and Prometheus.
 
 ![flagger-grafana](https://raw.githubusercontent.com/weaveworks/flagger/master/docs/screens/grafana-canary-analysis.png)
 
 ## Prerequisites
 
 * Kubernetes >= 1.11
-* Istio >= 1.0
 * Prometheus >= 2.6
 
 ## Installing the Chart
@@ -18,14 +17,20 @@ Add Flagger Helm repository:
 helm repo add flagger https://flagger.app
 ```
 
-To install the chart with the release name `flagger-grafana`:
+To install the chart for Istio run:
 
 ```console
 helm upgrade -i flagger-grafana flagger/grafana \
 --namespace=istio-system \
---set url=http://prometheus:9090 \
---set user=admin \
---set password=admin
+--set url=http://prometheus:9090
+```
+
+To install the chart for AWS App Mesh run:
+
+```console
+helm upgrade -i flagger-grafana flagger/grafana \
+--namespace=appmesh-system \
+--set url=http://appmesh-prometheus:9090
 ```
 
 The command deploys Grafana on the Kubernetes cluster in the default namespace.
@@ -56,10 +61,7 @@ Parameter | Description | Default
 `affinity` | node/pod affinities | `node`
 `nodeSelector` | node labels for pod assignment | `{}`
 `service.type` | type of service | `ClusterIP`
-`url` | Prometheus URL, used when Weave Cloud token is empty | `http://prometheus:9090`
-`token` | Weave Cloud token | `none`
-`user` | Grafana admin username | `admin`
-`password` | Grafana admin password | `admin`
+`url` | Prometheus URL | `http://prometheus:9090`
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
 

charts/grafana/templates/deployment.yaml

@@ -1,4 +1,4 @@
-apiVersion: apps/v1beta2
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ template "grafana.fullname" . }}
@@ -20,6 +20,9 @@ spec:
         release: {{ .Release.Name }}
       annotations:
         prometheus.io/scrape: 'false'
+        {{- if .Values.podAnnotations }}
+{{ toYaml .Values.podAnnotations | indent 8 }}
+        {{- end }}
     spec:
       containers:
         - name: {{ .Chart.Name }}

charts/grafana/values.yaml

@@ -6,9 +6,11 @@ replicaCount: 1
 
 image:
   repository: grafana/grafana
-  tag: 6.2.5
+  tag: 6.5.1
   pullPolicy: IfNotPresent
 
+podAnnotations: {}
+
 service:
   type: ClusterIP
   port: 80

charts/loadtester/Chart.yaml

@@ -1,12 +1,12 @@
 apiVersion: v1
 name: loadtester
-version: 0.6.0
-appVersion: 0.6.1
+version: 0.13.0
+appVersion: 0.13.0
 kubeVersion: ">=1.11.0-0"
 engine: gotpl
 description: Flagger's load testing services based on rakyll/hey and bojand/ghz that generates traffic during canary analysis when configured as a webhook.
 home: https://docs.flagger.app
-icon: https://raw.githubusercontent.com/weaveworks/flagger/master/docs/logo/flagger-icon.png
+icon: https://raw.githubusercontent.com/weaveworks/flagger/master/docs/logo/weaveworks.png
 sources:
   - https://github.com/weaveworks/flagger
 maintainers:
@@ -14,8 +14,10 @@ maintainers:
     url: https://github.com/stefanprodan
     email: stefanprodan@users.noreply.github.com
 keywords:
-  - canary
+  - flagger
   - istio
   - appmesh
+  - linkerd
+  - gloo
   - gitops
   - load testing

charts/loadtester/templates/deployment.yaml

@@ -18,9 +18,14 @@ spec:
         app: {{ include "loadtester.name" . }}
       annotations:
         appmesh.k8s.aws/ports: "444"
+        {{- if .Values.podAnnotations }}
+{{ toYaml .Values.podAnnotations | indent 8 }}
+        {{- end }}
     spec:
       {{- if .Values.serviceAccountName }}
       serviceAccountName: {{ .Values.serviceAccountName }}
+      {{- else if .Values.rbac.create }}
+      serviceAccountName: {{ include "loadtester.fullname" . }}
       {{- end }}
       containers:
         - name: {{ .Chart.Name }}

charts/loadtester/templates/rbac.yaml

@@ -0,0 +1,54 @@
+---
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- if eq .Values.rbac.scope "cluster" }}
+kind: ClusterRole
+{{- else }}
+kind: Role
+{{- end }}
+metadata:
+  name: {{ template "loadtester.fullname" . }}
+  labels:
+    helm.sh/chart: {{ template "loadtester.chart" . }}
+    app.kubernetes.io/name: {{ template "loadtester.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+rules:
+{{ toYaml .Values.rbac.rules | indent 2 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+{{- if eq .Values.rbac.scope "cluster" }}
+kind: ClusterRoleBinding
+{{- else }}
+kind: RoleBinding
+{{- end }}
+metadata:
+  name: {{ template "loadtester.fullname" . }}
+  labels:
+    helm.sh/chart: {{ template "loadtester.chart" . }}
+    app.kubernetes.io/name: {{ template "loadtester.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  {{- if eq .Values.rbac.scope "cluster" }}
+  kind: ClusterRole
+  {{- else }}
+  kind: Role
+  {{- end }}
+  name: {{ template "loadtester.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "loadtester.fullname" . }}
+    namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "loadtester.fullname" . }}
+  labels:
+    helm.sh/chart: {{ template "loadtester.chart" . }}
+    app.kubernetes.io/name: {{ template "loadtester.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/loadtester/values.yaml

@@ -2,9 +2,13 @@ replicaCount: 1
 
 image:
   repository: weaveworks/flagger-loadtester
-  tag: 0.6.1
+  tag: 0.13.0
   pullPolicy: IfNotPresent
 
+podAnnotations:
+  prometheus.io/scrape: "true"
+  prometheus.io/port: "8080"
+
 logLevel: info
 cmd:
   timeout: 1h
@@ -27,6 +31,20 @@ tolerations: []
 
 affinity: {}
 
+rbac:
+  # rbac.create: `true` if rbac resources should be created
+  create: false
+  # rbac.scope: `cluster` to create cluster-scope rbac resources (ClusterRole/ClusterRoleBinding)
+  # otherwise, namespace-scope rbac resources will be created (Role/RoleBinding)
+  scope:
+  # rbac.rules: array of rules to apply to the role. example:
+  # rules:
+  # - apiGroups: [""]
+  #   resources: ["pods"]
+  #   verbs: ["list", "get"]
+  rules: []
+
+# name of an existing service account to use - if not creating rbac resources
 serviceAccountName: ""
 
 # App Mesh virtual node settings

charts/podinfo/Chart.yaml

@@ -1,12 +1,14 @@
 apiVersion: v1
-version: 2.3.0
-appVersion: 1.7.0
+version: 3.1.1
+appVersion: 3.1.0
 name: podinfo
 engine: gotpl
-description: Flagger canary deployment demo chart
-home: https://github.com/weaveworks/flagger
-maintainers:
-- email: stefanprodan@users.noreply.github.com
-  name: stefanprodan
+description: Flagger canary deployment demo application
+home: https://docs.flagger.app
+icon: https://raw.githubusercontent.com/weaveworks/flagger/master/docs/logo/weaveworks.png
 sources:
-- https://github.com/weaveworks/flagger
+  - https://github.com/stefanprodan/podinfo
+maintainers:
+  - name: stefanprodan
+    url: https://github.com/stefanprodan
+    email: stefanprodan@users.noreply.github.com

charts/podinfo/templates/canary.yaml

@@ -1,5 +1,5 @@
 {{- if .Values.canary.enabled }}
-apiVersion: flagger.app/v1alpha3
+apiVersion: flagger.app/v1beta1
 kind: Canary
 metadata:
   name: {{ template "podinfo.fullname" . }}
@@ -13,7 +13,6 @@ spec:
     apiVersion: apps/v1
     kind: Deployment
     name:  {{ template "podinfo.fullname" . }}
-  progressDeadlineSeconds: 60
   autoscalerRef:
     apiVersion: autoscaling/v2beta1
     kind: HorizontalPodAutoscaler
@@ -29,7 +28,7 @@ spec:
     trafficPolicy:
       tls:
         mode: {{ .Values.canary.istioTLS }}
-  canaryAnalysis:
+  analysis:
     interval: {{ .Values.canary.analysis.interval }}
     threshold: {{ .Values.canary.analysis.threshold }}
     maxWeight: {{ .Values.canary.analysis.maxWeight }}
@@ -48,8 +47,8 @@ spec:
         url: {{ .Values.canary.helmtest.url }}
         timeout: 3m
         metadata:
-          type: "helm"
-          cmd: "test {{ .Release.Name }} --cleanup"
+          type: "helmv3"
+          cmd: "test {{ .Release.Name }} -n {{ .Release.Namespace }}"
       {{- end }}
       {{- if .Values.canary.loadtest.enabled }}
       - name: load-test-get
@@ -57,10 +56,5 @@ spec:
         timeout: 5s
         metadata:
           cmd: "hey -z 1m -q 5 -c 2 http://{{ template "podinfo.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }}"
-      - name: load-test-post
-        url: {{ .Values.canary.loadtest.url }}
-        timeout: 5s
-        metadata:
-          cmd: "hey -z 1m -q 5 -c 2 -m POST -d '{\"test\": true}' http://{{ template "podinfo.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }}/echo"
       {{- end }}
 {{- end }}

charts/podinfo/templates/deployment.yaml

@@ -21,10 +21,13 @@ spec:
         app: {{ template "podinfo.fullname" . }}
       annotations:
         prometheus.io/scrape: 'true'
+        {{- if .Values.podAnnotations }}
+{{ toYaml .Values.podAnnotations | indent 8 }}
+        {{- end }}
     spec:
       terminationGracePeriodSeconds: 30
       containers:
-        - name: {{ .Chart.Name }}
+        - name: podinfo
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           command:
@@ -34,7 +37,12 @@ spec:
             - --random-delay={{ .Values.faults.delay }}
             - --random-error={{ .Values.faults.error }}
             - --config-path=/podinfo/config
+            {{- range .Values.backends }}
+            - --backend-url={{ . }}
+            {{- end }}
           env:
+          - name: PODINFO_UI_COLOR
+            value: "#34577c"
           {{- if .Values.message }}
           - name: PODINFO_UI_MESSAGE
             value: {{ .Values.message }}

charts/podinfo/templates/hpa.yaml

@@ -10,7 +10,7 @@ metadata:
     heritage: {{ .Release.Service }}
 spec:
   scaleTargetRef:
-    apiVersion: apps/v1beta2
+    apiVersion: apps/v1
     kind: Deployment
     name: {{ template "podinfo.fullname" . }}
   minReplicas: {{ .Values.hpa.minReplicas }}
@@ -28,10 +28,4 @@ spec:
       name: memory
       targetAverageValue: {{ .Values.hpa.memory }}
   {{- end }}
-  {{- if .Values.hpa.requests }}
-  - type: Pod
-      pods:
-        metricName: http_requests
-        targetAverageValue: {{ .Values.hpa.requests }}
-  {{- end }}
 {{- end }}

charts/podinfo/templates/tests/jwt.yaml

@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ template "podinfo.fullname" . }}-jwt-test-{{ randAlphaNum 5 | lower }}
+  labels:
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+    app: {{ template "podinfo.name" . }}
+  annotations:
+    "helm.sh/hook": test-success
+    sidecar.istio.io/inject: "false"
+    linkerd.io/inject: disabled
+    appmesh.k8s.aws/sidecarInjectorWebhook: disabled
+spec:
+  containers:
+    - name: tools
+      image: giantswarm/tiny-tools
+      command:
+        - sh
+        - -c
+        - |
+          TOKEN=$(curl -sd 'test' ${PODINFO_SVC}/token | jq -r .token) &&
+          curl -H "Authorization: Bearer ${TOKEN}" ${PODINFO_SVC}/token/validate | grep test
+      env:
+      - name: PODINFO_SVC
+        value: {{ template "podinfo.fullname" . }}:{{ .Values.service.port }}
+  restartPolicy: Never
+

charts/podinfo/templates/tests/test-config.yaml

@@ -1,22 +0,0 @@
-{{- $url := printf "%s%s.%s:%v" (include "podinfo.fullname" .) (include "podinfo.suffix" .) .Release.Namespace .Values.service.port -}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name:  {{ template "podinfo.fullname" . }}-tests
-  labels:
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    app: {{ template "podinfo.name" . }}
-data:
-  run.sh: |-
-    @test "HTTP POST /echo" {
-      run curl --retry 3 --connect-timeout 2 -sSX POST -d 'test' {{ $url }}/echo
-      [ $output = "test" ]
-    }
-    @test "HTTP POST /store" {
-      curl --retry 3 --connect-timeout 2 -sSX POST -d 'test' {{ $url }}/store
-    }
-    @test "HTTP GET /" {
-      curl --retry 3 --connect-timeout 2 -sS {{ $url }} | grep hostname
-    }

charts/podinfo/templates/tests/test-pod.yaml

@@ -1,43 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: {{ template "podinfo.fullname" . }}-tests-{{ randAlphaNum 5 | lower }}
-  annotations:
-    "helm.sh/hook": test-success
-    sidecar.istio.io/inject: "false"
-  labels:
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    app: {{ template "podinfo.name" . }}
-spec:
-  initContainers:
-    - name: "test-framework"
-      image: "dduportal/bats:0.4.0"
-      command:
-      - "bash"
-      - "-c"
-      - |
-        set -ex
-        # copy bats to tools dir
-        cp -R /usr/local/libexec/ /tools/bats/
-      volumeMounts:
-      - mountPath: /tools
-        name: tools
-  containers:
-    - name: {{ .Release.Name }}-ui-test
-      image: dduportal/bats:0.4.0
-      command: ["/tools/bats/bats", "-t", "/tests/run.sh"]
-      volumeMounts:
-      - mountPath: /tests
-        name: tests
-        readOnly: true
-      - mountPath: /tools
-        name: tools
-  volumes:
-  - name: tests
-    configMap:
-      name: {{ template "podinfo.fullname" . }}-tests
-  - name: tools
-    emptyDir: {}
-  restartPolicy: Never

charts/podinfo/values.yaml

@@ -1,22 +1,25 @@
 # Default values for podinfo.
 image:
-  repository: quay.io/stefanprodan/podinfo
-  tag: 1.7.0
+  repository: stefanprodan/podinfo
+  tag: 3.1.0
   pullPolicy: IfNotPresent
 
+podAnnotations: {}
+
 service:
+  enabled: false
   type: ClusterIP
   port: 9898
 
 hpa:
   enabled: true
   minReplicas: 2
-  maxReplicas: 2
+  maxReplicas: 4
   cpu: 80
   memory: 512Mi
 
 canary:
-  enabled: true
+  enabled: false
   # Istio traffic policy tls can be DISABLE or ISTIO_MUTUAL
   istioTLS: DISABLE
   istioIngress:
@@ -69,6 +72,7 @@ fullnameOverride: ""
 
 logLevel: info
 backend: #http://backend-podinfo:9898/echo
+backends: []
 message: #UI greetings
 
 faults:

cmd/flagger/main.go

@@ -9,18 +9,9 @@ import (
 	"strings"
 	"time"
 
-	"github.com/Masterminds/semver"
-	clientset "github.com/weaveworks/flagger/pkg/client/clientset/versioned"
-	informers "github.com/weaveworks/flagger/pkg/client/informers/externalversions"
-	"github.com/weaveworks/flagger/pkg/controller"
-	"github.com/weaveworks/flagger/pkg/logger"
-	"github.com/weaveworks/flagger/pkg/metrics"
-	"github.com/weaveworks/flagger/pkg/notifier"
-	"github.com/weaveworks/flagger/pkg/router"
-	"github.com/weaveworks/flagger/pkg/server"
-	"github.com/weaveworks/flagger/pkg/signals"
-	"github.com/weaveworks/flagger/pkg/version"
+	semver "github.com/Masterminds/semver/v3"
 	"go.uber.org/zap"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/uuid"
 	"k8s.io/client-go/kubernetes"
 	_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
@@ -30,28 +21,44 @@ import (
 	"k8s.io/client-go/tools/leaderelection/resourcelock"
 	"k8s.io/client-go/transport"
 	_ "k8s.io/code-generator/cmd/client-gen/generators"
+
+	"github.com/weaveworks/flagger/pkg/canary"
+	clientset "github.com/weaveworks/flagger/pkg/client/clientset/versioned"
+	informers "github.com/weaveworks/flagger/pkg/client/informers/externalversions"
+	"github.com/weaveworks/flagger/pkg/controller"
+	"github.com/weaveworks/flagger/pkg/logger"
+	"github.com/weaveworks/flagger/pkg/metrics/observers"
+	"github.com/weaveworks/flagger/pkg/notifier"
+	"github.com/weaveworks/flagger/pkg/router"
+	"github.com/weaveworks/flagger/pkg/server"
+	"github.com/weaveworks/flagger/pkg/signals"
+	"github.com/weaveworks/flagger/pkg/version"
 )
 
 var (
-	masterURL               string
-	kubeconfig              string
-	metricsServer           string
-	controlLoopInterval     time.Duration
-	logLevel                string
-	port                    string
-	msteamsURL              string
-	slackURL                string
-	slackUser               string
-	slackChannel            string
-	threadiness             int
-	zapReplaceGlobals       bool
-	zapEncoding             string
-	namespace               string
-	meshProvider            string
-	selectorLabels          string
-	enableLeaderElection    bool
-	leaderElectionNamespace string
-	ver                     bool
+	masterURL                string
+	kubeconfig               string
+	metricsServer            string
+	controlLoopInterval      time.Duration
+	logLevel                 string
+	port                     string
+	msteamsURL               string
+	slackURL                 string
+	slackUser                string
+	slackChannel             string
+	eventWebhook             string
+	threadiness              int
+	zapReplaceGlobals        bool
+	zapEncoding              string
+	namespace                string
+	meshProvider             string
+	selectorLabels           string
+	ingressAnnotationsPrefix string
+	enableLeaderElection     bool
+	leaderElectionNamespace  string
+	enableConfigTracking     bool
+	ver                      bool
+	kubeconfigServiceMesh    string
 )
 
 func init() {
@@ -64,6 +71,7 @@ func init() {
 	flag.StringVar(&slackURL, "slack-url", "", "Slack hook URL.")
 	flag.StringVar(&slackUser, "slack-user", "flagger", "Slack user name.")
 	flag.StringVar(&slackChannel, "slack-channel", "", "Slack channel.")
+	flag.StringVar(&eventWebhook, "event-webhook", "", "Webhook for publishing flagger events")
 	flag.StringVar(&msteamsURL, "msteams-url", "", "MS Teams incoming webhook URL.")
 	flag.IntVar(&threadiness, "threadiness", 2, "Worker concurrency.")
 	flag.BoolVar(&zapReplaceGlobals, "zap-replace-globals", false, "Whether to change the logging level of the global zap logger.")
@@ -71,9 +79,12 @@ func init() {
 	flag.StringVar(&namespace, "namespace", "", "Namespace that flagger would watch canary object.")
 	flag.StringVar(&meshProvider, "mesh-provider", "istio", "Service mesh provider, can be istio, linkerd, appmesh, supergloo, nginx or smi.")
 	flag.StringVar(&selectorLabels, "selector-labels", "app,name,app.kubernetes.io/name", "List of pod labels that Flagger uses to create pod selectors.")
+	flag.StringVar(&ingressAnnotationsPrefix, "ingress-annotations-prefix", "nginx.ingress.kubernetes.io", "Annotations prefix for ingresses.")
 	flag.BoolVar(&enableLeaderElection, "enable-leader-election", false, "Enable leader election.")
 	flag.StringVar(&leaderElectionNamespace, "leader-election-namespace", "kube-system", "Namespace used to create the leader election config map.")
+	flag.BoolVar(&enableConfigTracking, "enable-config-tracking", true, "Enable secrets and configmaps tracking.")
 	flag.BoolVar(&ver, "version", false, "Print version")
+	flag.StringVar(&kubeconfigServiceMesh, "kubeconfig-service-mesh", "", "Path to a kubeconfig for the service mesh control plane cluster.")
 }
 
 func main() {
@@ -96,6 +107,8 @@ func main() {
 
 	stopCh := signals.SetupSignalHandler()
 
+	logger.Infof("Starting flagger version %s revision %s mesh provider %s", version.VERSION, version.REVISION, meshProvider)
+
 	cfg, err := clientcmd.BuildConfigFromFlags(masterURL, kubeconfig)
 	if err != nil {
 		logger.Fatalf("Error building kubeconfig: %v", err)
@@ -106,58 +119,36 @@ func main() {
 		logger.Fatalf("Error building kubernetes clientset: %v", err)
 	}
 
-	meshClient, err := clientset.NewForConfig(cfg)
-	if err != nil {
-		logger.Fatalf("Error building mesh clientset: %v", err)
-	}
-
 	flaggerClient, err := clientset.NewForConfig(cfg)
 	if err != nil {
 		logger.Fatalf("Error building flagger clientset: %s", err.Error())
 	}
 
-	flaggerInformerFactory := informers.NewSharedInformerFactoryWithOptions(flaggerClient, time.Second*30, informers.WithNamespace(namespace))
-
-	canaryInformer := flaggerInformerFactory.Flagger().V1alpha3().Canaries()
-
-	logger.Infof("Starting flagger version %s revision %s mesh provider %s", version.VERSION, version.REVISION, meshProvider)
-
-	ver, err := kubeClient.Discovery().ServerVersion()
+	// use a remote cluster for routing if a service mesh kubeconfig is specified
+	cfgHost, err := clientcmd.BuildConfigFromFlags(masterURL, kubeconfigServiceMesh)
 	if err != nil {
-		logger.Fatalf("Error calling Kubernetes API: %v", err)
+		logger.Fatalf("Error building host kubeconfig: %v", err)
 	}
 
-	k8sVersionConstraint := "^1.11.0"
-
-	// We append -alpha.1 to the end of our version constraint so that prebuilds of later versions
-	// are considered valid for our purposes, as well as some managed solutions like EKS where they provide
-	// a version like `v1.12.6-eks-d69f1b`. It doesn't matter what the prelease value is here, just that it
-	// exists in our constraint.
-	semverConstraint, err := semver.NewConstraint(k8sVersionConstraint + "-alpha.1")
+	meshClient, err := clientset.NewForConfig(cfgHost)
 	if err != nil {
-		logger.Fatalf("Error parsing kubernetes version constraint: %v", err)
+		logger.Fatalf("Error building mesh clientset: %v", err)
 	}
 
-	k8sSemver, err := semver.NewVersion(ver.GitVersion)
-	if err != nil {
-		logger.Fatalf("Error parsing kubernetes version as a semantic version: %v", err)
-	}
-
-	if !semverConstraint.Check(k8sSemver) {
-		logger.Fatalf("Unsupported version of kubernetes detected.  Expected %s, got %v", k8sVersionConstraint, ver)
-	}
+	verifyCRDs(flaggerClient, logger)
+	verifyKubernetesVersion(kubeClient, logger)
+	infos := startInformers(flaggerClient, logger, stopCh)
 
 	labels := strings.Split(selectorLabels, ",")
 	if len(labels) < 1 {
 		logger.Fatalf("At least one selector label is required")
 	}
 
-	logger.Infof("Connected to Kubernetes API %s", ver)
 	if namespace != "" {
 		logger.Infof("Watching namespace %s", namespace)
 	}
 
-	observerFactory, err := metrics.NewFactory(metricsServer, meshProvider, 5*time.Second)
+	observerFactory, err := observers.NewFactory(metricsServer)
 	if err != nil {
 		logger.Fatalf("Error building prometheus client: %s", err.Error())
 	}
@@ -175,34 +166,37 @@ func main() {
 	// start HTTP server
 	go server.ListenAndServe(port, 3*time.Second, logger, stopCh)
 
-	routerFactory := router.NewFactory(cfg, kubeClient, flaggerClient, logger, meshClient)
+	routerFactory := router.NewFactory(cfg, kubeClient, flaggerClient, ingressAnnotationsPrefix, logger, meshClient)
+
+	var configTracker canary.Tracker
+	if enableConfigTracking {
+		configTracker = &canary.ConfigTracker{
+			Logger:        logger,
+			KubeClient:    kubeClient,
+			FlaggerClient: flaggerClient,
+		}
+	} else {
+		configTracker = &canary.NopTracker{}
+	}
+
+	canaryFactory := canary.NewFactory(kubeClient, flaggerClient, configTracker, labels, logger)
 
 	c := controller.NewController(
 		kubeClient,
 		meshClient,
 		flaggerClient,
-		canaryInformer,
+		infos,
 		controlLoopInterval,
 		logger,
 		notifierClient,
+		canaryFactory,
 		routerFactory,
 		observerFactory,
 		meshProvider,
 		version.VERSION,
-		labels,
+		fromEnv("EVENT_WEBHOOK_URL", eventWebhook),
 	)
 
-	flaggerInformerFactory.Start(stopCh)
-
-	logger.Info("Waiting for informer caches to sync")
-	for _, synced := range []cache.InformerSynced{
-		canaryInformer.Informer().HasSynced,
-	} {
-		if ok := cache.WaitForCacheSync(stopCh, synced); !ok {
-			logger.Fatalf("Failed to wait for cache sync")
-		}
-	}
-
 	// leader election context
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
@@ -235,6 +229,37 @@ func main() {
 	}
 }
 
+func startInformers(flaggerClient clientset.Interface, logger *zap.SugaredLogger, stopCh <-chan struct{}) controller.Informers {
+	flaggerInformerFactory := informers.NewSharedInformerFactoryWithOptions(flaggerClient, time.Second*30, informers.WithNamespace(namespace))
+
+	logger.Info("Waiting for canary informer cache to sync")
+	canaryInformer := flaggerInformerFactory.Flagger().V1beta1().Canaries()
+	go canaryInformer.Informer().Run(stopCh)
+	if ok := cache.WaitForNamedCacheSync("flagger", stopCh, canaryInformer.Informer().HasSynced); !ok {
+		logger.Fatalf("failed to wait for cache to sync")
+	}
+
+	logger.Info("Waiting for metric template informer cache to sync")
+	metricInformer := flaggerInformerFactory.Flagger().V1beta1().MetricTemplates()
+	go metricInformer.Informer().Run(stopCh)
+	if ok := cache.WaitForNamedCacheSync("flagger", stopCh, metricInformer.Informer().HasSynced); !ok {
+		logger.Fatalf("failed to wait for cache to sync")
+	}
+
+	logger.Info("Waiting for alert provider informer cache to sync")
+	alertInformer := flaggerInformerFactory.Flagger().V1beta1().AlertProviders()
+	go alertInformer.Informer().Run(stopCh)
+	if ok := cache.WaitForNamedCacheSync("flagger", stopCh, alertInformer.Informer().HasSynced); !ok {
+		logger.Fatalf("failed to wait for cache to sync")
+	}
+
+	return controller.Informers{
+		CanaryInformer: canaryInformer,
+		MetricInformer: metricInformer,
+		AlertInformer:  alertInformer,
+	}
+}
+
 func startLeaderElection(ctx context.Context, run func(), ns string, kubeClient kubernetes.Interface, logger *zap.SugaredLogger) {
 	configMapName := "flagger-leader-election"
 	id, err := os.Hostname()
@@ -284,10 +309,10 @@ func startLeaderElection(ctx context.Context, run func(), ns string, kubeClient
 
 func initNotifier(logger *zap.SugaredLogger) (client notifier.Interface) {
 	provider := "slack"
-	notifierURL := slackURL
-	if msteamsURL != "" {
+	notifierURL := fromEnv("SLACK_URL", slackURL)
+	if msteamsURL != "" || os.Getenv("MSTEAMS_URL") != "" {
 		provider = "msteams"
-		notifierURL = msteamsURL
+		notifierURL = fromEnv("MSTEAMS_URL", msteamsURL)
 	}
 	notifierFactory := notifier.NewFactory(notifierURL, slackUser, slackChannel)
 
@@ -302,3 +327,56 @@ func initNotifier(logger *zap.SugaredLogger) (client notifier.Interface) {
 	}
 	return
 }
+
+func fromEnv(envVar string, defaultVal string) string {
+	if os.Getenv(envVar) != "" {
+		return os.Getenv(envVar)
+	}
+	return defaultVal
+}
+
+func verifyCRDs(flaggerClient clientset.Interface, logger *zap.SugaredLogger) {
+	_, err := flaggerClient.FlaggerV1beta1().Canaries(namespace).List(metav1.ListOptions{Limit: 1})
+	if err != nil {
+		logger.Fatalf("Canary CRD is not registered %v", err)
+	}
+
+	_, err = flaggerClient.FlaggerV1beta1().MetricTemplates(namespace).List(metav1.ListOptions{Limit: 1})
+	if err != nil {
+		logger.Fatalf("MetricTemplate CRD is not registered %v", err)
+	}
+
+	_, err = flaggerClient.FlaggerV1beta1().AlertProviders(namespace).List(metav1.ListOptions{Limit: 1})
+	if err != nil {
+		logger.Fatalf("AlertProvider CRD is not registered %v", err)
+	}
+}
+
+func verifyKubernetesVersion(kubeClient kubernetes.Interface, logger *zap.SugaredLogger) {
+	ver, err := kubeClient.Discovery().ServerVersion()
+	if err != nil {
+		logger.Fatalf("Error calling Kubernetes API: %v", err)
+	}
+
+	k8sVersionConstraint := "^1.11.0"
+
+	// We append -alpha.1 to the end of our version constraint so that prebuilds of later versions
+	// are considered valid for our purposes, as well as some managed solutions like EKS where they provide
+	// a version like `v1.12.6-eks-d69f1b`. It doesn't matter what the prelease value is here, just that it
+	// exists in our constraint.
+	semverConstraint, err := semver.NewConstraint(k8sVersionConstraint + "-alpha.1")
+	if err != nil {
+		logger.Fatalf("Error parsing kubernetes version constraint: %v", err)
+	}
+
+	k8sSemver, err := semver.NewVersion(ver.GitVersion)
+	if err != nil {
+		logger.Fatalf("Error parsing kubernetes version as a semantic version: %v", err)
+	}
+
+	if !semverConstraint.Check(k8sSemver) {
+		logger.Fatalf("Unsupported version of kubernetes detected.  Expected %s, got %v", k8sVersionConstraint, ver)
+	}
+
+	logger.Infof("Connected to Kubernetes API %s", ver)
+}

cmd/loadtester/main.go

@@ -2,15 +2,16 @@ package main
 
 import (
 	"flag"
+	"log"
+	"time"
+
 	"github.com/weaveworks/flagger/pkg/loadtester"
 	"github.com/weaveworks/flagger/pkg/logger"
 	"github.com/weaveworks/flagger/pkg/signals"
 	"go.uber.org/zap"
-	"log"
-	"time"
 )
 
-var VERSION = "0.6.1"
+var VERSION = "0.13.0"
 var (
 	logLevel          string
 	port              string

docs/gitbook/README.md

@@ -4,19 +4,44 @@ description: Flagger is a progressive delivery Kubernetes operator
 
 # Introduction
 
-[Flagger](https://github.com/weaveworks/flagger) is a **Kubernetes** operator that automates the promotion of canary 
-deployments using **Istio**, **Linkerd**, **App Mesh**, **NGINX** or **Gloo** routing for traffic shifting and **Prometheus** metrics for canary analysis.
-The canary analysis can be extended with webhooks for running system integration/acceptance tests, load tests, or any other custom validation.
+[Flagger](https://github.com/weaveworks/flagger) is a **Kubernetes** operator that automates the promotion of
+canary deployments using **Istio**, **Linkerd**, **App Mesh**, **NGINX**, **Contour** or **Gloo** routing for
+traffic shifting and **Prometheus** metrics for canary analysis. The canary analysis can be extended with webhooks for
+running system integration/acceptance tests, load tests, or any other custom validation.
 
-Flagger implements a control loop that gradually shifts traffic to the canary while measuring key performance 
-indicators like HTTP requests success rate, requests average duration and pods health. 
+Flagger implements a control loop that gradually shifts traffic to the canary while measuring key performance indicators
+like HTTP requests success rate, requests average duration and pods health.
 Based on analysis of the **KPIs** a canary is promoted or aborted, and the analysis result is published to **Slack** or **MS Teams**.
 
 ![Flagger overview diagram](https://raw.githubusercontent.com/weaveworks/flagger/master/docs/diagrams/flagger-canary-overview.png)
 
-Flagger can be configured with Kubernetes custom resources and is compatible with 
-any CI/CD solutions made for Kubernetes. Since Flagger is declarative and reacts to Kubernetes events, 
-it can be used in **GitOps** pipelines together with Weave Flux or JenkinsX.
+Flagger can be configured with Kubernetes custom resources and is compatible with any CI/CD solutions made for Kubernetes.
+Since Flagger is declarative and reacts to Kubernetes events,
+it can be used in **GitOps** pipelines together with Flux CD or JenkinsX.
 
 This project is sponsored by [Weaveworks](https://www.weave.works/)
 
+## Getting started
+
+To get started with Flagger, chose one of the supported routing providers
+and [install](install/flagger-install-on-kubernetes.md) Flagger with Helm or Kustomize.
+
+After install Flagger, you can follow one of the tutorials:
+
+**Service mesh tutorials**
+
+* [Istio](tutorials/istio-progressive-delivery.md)
+* [Linkerd](tutorials/linkerd-progressive-delivery.md)
+* [AWS App Mesh](tutorials/appmesh-progressive-delivery.md)
+
+**Ingress controller tutorials**
+
+* [Contour](tutorials/contour-progressive-delivery.md)
+* [Gloo](tutorials/gloo-progressive-delivery.md)
+* [NGINX Ingress](tutorials/nginx-progressive-delivery.md)
+
+**Hands-on GitOps workshops**
+
+* [Istio](https://github.com/stefanprodan/gitops-istio)
+* [Linkerd](https://helm.workshop.flagger.dev)
+* [AWS App Mesh](https://eks.hands-on.flagger.dev)

docs/gitbook/SUMMARY.md

@@ -1,7 +1,6 @@
 # Table of contents
 
 * [Introduction](README.md)
-* [How it works](how-it-works.md)
 * [FAQ](faq.md)
 
 ## Install
@@ -9,22 +8,33 @@
 * [Flagger Install on Kubernetes](install/flagger-install-on-kubernetes.md)
 * [Flagger Install on GKE Istio](install/flagger-install-on-google-cloud.md)
 * [Flagger Install on EKS App Mesh](install/flagger-install-on-eks-appmesh.md)
-* [Flagger Install with SuperGloo](install/flagger-install-with-supergloo.md)
 
 ## Usage
 
-* [Istio Canary Deployments](usage/progressive-delivery.md)
-* [Istio A/B Testing](usage/ab-testing.md)
-* [Linkerd Canary Deployments](usage/linkerd-progressive-delivery.md)
-* [App Mesh Canary Deployments](usage/appmesh-progressive-delivery.md)
-* [NGINX Canary Deployments](usage/nginx-progressive-delivery.md)
-* [Gloo Canary Deployments](usage/gloo-progressive-delivery.md)
-* [Blue/Green Deployments](usage/blue-green.md)
-* [Monitoring](usage/monitoring.md)
+* [How it works](usage/how-it-works.md)
+* [Deployment Strategies](usage/deployment-strategies.md)
+* [Metrics Analysis](usage/metrics.md)
+* [Webhooks](usage/webhooks.md)
 * [Alerting](usage/alerting.md)
+* [Monitoring](usage/monitoring.md)
 
 ## Tutorials
 
+* [Istio Canary Deployments](tutorials/istio-progressive-delivery.md)
+* [Istio A/B Testing](tutorials/istio-ab-testing.md)
+* [Linkerd Canary Deployments](tutorials/linkerd-progressive-delivery.md)
+* [App Mesh Canary Deployments](tutorials/appmesh-progressive-delivery.md)
+* [NGINX Canary Deployments](tutorials/nginx-progressive-delivery.md)
+* [Gloo Canary Deployments](tutorials/gloo-progressive-delivery.md)
+* [Contour Canary Deployments](tutorials/contour-progressive-delivery.md)
+* [Blue/Green Deployments](tutorials/kubernetes-blue-green.md)
+* [Crossover Canary Deployments](tutorials/crossover-progressive-delivery.md)
 * [SMI Istio Canary Deployments](tutorials/flagger-smi-istio.md)
 * [Canaries with Helm charts and GitOps](tutorials/canary-helm-gitops.md)
 * [Zero downtime deployments](tutorials/zero-downtime-deployments.md)
+
+## Dev
+
+* [Development Guide](dev/dev-guide.md)
+* [Release Guide](dev/release-guide.md)
+* [Upgrade Guide](dev/upgrade-guide.md)