github/flagger
1
0
Fork 0
mirror of https://github.com/fluxcd/flagger.git synced 2026-04-15 06:57:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: github:v1.11.0
Branches Tags
github:main github:dependabot/github_actions/ci-c8ae41a514 github:gh-pages github:website github:docs github:knative-support github:juparog/webhook-disabletls github:poc/keptn-provider github:redirects
github:v1.42.0 github:v1.41.0 github:v1.40.0 github:v1.39.0 github:v1.38.0 github:v1.37.0 github:v1.36.1 github:v1.36.0 github:v1.35.0 github:v1.34.0 github:v1.33.0 github:v1.32.0 github:v1.31.0 github:v1.30.0 github:v1.29.0 github:v1.28.0 github:v1.27.0 github:v1.26.0 github:v1.25.0 github:v1.24.1 github:v1.24.0 github:v1.23.0 github:v1.22.2 github:v1.22.1 github:v1.22.0 github:v1.21.0 github:v1.20.0 github:v1.19.0 github:v1.18.0 github:v1.17.0 github:v1.16.1 github:v1.16.0 github:v1.15.0 github:v1.14.0 github:v1.13.0 github:v1.12.1 github:v1.12.0 github:v1.11.0 github:v1.10.0 github:v1.9.0 github:v1.8.0 github:v1.7.0 github:v1.6.4 github:v1.6.3 github:v1.6.2 github:v1.6.1 github:v1.6.0 github:v1.5.0 github:v1.4.2 github:v1.4.1 github:v1.4.0 github:v1.3.0 github:v1.2.0 github:v1.1.0 github:v1.0.1 github:v1.0.0 github:v1.0.0-rc.5 github:v1.0.0-rc.4 github:v1.0.0-rc.3 github:v1.0.0-rc.2 github:v1.0.0-rc.1 github:0.23.0 github:0.22.0 github:0.21.0 github:0.20.4 github:0.20.3 github:0.20.2 github:0.20.1 github:0.20.0 github:0.19.0 github:0.18.6 github:0.18.5 github:0.18.4 github:0.18.3 github:0.18.2 github:0.18.1 github:0.18.0 github:0.17.0 github:0.16.0 github:0.15.0 github:0.14.1 github:0.14.0 github:0.13.2 github:0.13.1 github:0.13.0 github:0.12.0 github:0.11.1 github:0.11.0 github:0.10.0 github:0.9.0 github:0.8.0 github:0.7.0 github:0.6.0 github:0.5.1 github:0.5.0 github:0.4.1 github:0.4.0 github:0.3.0 github:0.2.0 github:0.1.2 github:0.1.1 github:0.1.0 github:0.1.0-beta.6 github:0.1.0-beta.2 github:0.1.0-alpha.2 github:0.1.0-alpha.1 github:0.0.1
...
compare: github:v1.21.0
Branches Tags
github:main github:dependabot/github_actions/ci-c8ae41a514 github:gh-pages github:website github:docs github:knative-support github:juparog/webhook-disabletls github:poc/keptn-provider github:redirects
github:v1.42.0 github:v1.41.0 github:v1.40.0 github:v1.39.0 github:v1.38.0 github:v1.37.0 github:v1.36.1 github:v1.36.0 github:v1.35.0 github:v1.34.0 github:v1.33.0 github:v1.32.0 github:v1.31.0 github:v1.30.0 github:v1.29.0 github:v1.28.0 github:v1.27.0 github:v1.26.0 github:v1.25.0 github:v1.24.1 github:v1.24.0 github:v1.23.0 github:v1.22.2 github:v1.22.1 github:v1.22.0 github:v1.21.0 github:v1.20.0 github:v1.19.0 github:v1.18.0 github:v1.17.0 github:v1.16.1 github:v1.16.0 github:v1.15.0 github:v1.14.0 github:v1.13.0 github:v1.12.1 github:v1.12.0 github:v1.11.0 github:v1.10.0 github:v1.9.0 github:v1.8.0 github:v1.7.0 github:v1.6.4 github:v1.6.3 github:v1.6.2 github:v1.6.1 github:v1.6.0 github:v1.5.0 github:v1.4.2 github:v1.4.1 github:v1.4.0 github:v1.3.0 github:v1.2.0 github:v1.1.0 github:v1.0.1 github:v1.0.0 github:v1.0.0-rc.5 github:v1.0.0-rc.4 github:v1.0.0-rc.3 github:v1.0.0-rc.2 github:v1.0.0-rc.1 github:0.23.0 github:0.22.0 github:0.21.0 github:0.20.4 github:0.20.3 github:0.20.2 github:0.20.1 github:0.20.0 github:0.19.0 github:0.18.6 github:0.18.5 github:0.18.4 github:0.18.3 github:0.18.2 github:0.18.1 github:0.18.0 github:0.17.0 github:0.16.0 github:0.15.0 github:0.14.1 github:0.14.0 github:0.13.2 github:0.13.1 github:0.13.0 github:0.12.0 github:0.11.1 github:0.11.0 github:0.10.0 github:0.9.0 github:0.8.0 github:0.7.0 github:0.6.0 github:0.5.1 github:0.5.0 github:0.4.1 github:0.4.0 github:0.3.0 github:0.2.0 github:0.1.2 github:0.1.1 github:0.1.0 github:0.1.0-beta.6 github:0.1.0-beta.2 github:0.1.0-alpha.2 github:0.1.0-alpha.1 github:0.0.1

266 Commits
v1.11.0 ... v1.21.0

Author SHA1 Message Date
Stefan Prodan
a4babd6fc4 Merge pull request #1189 from fluxcd/release-1.21.0 
Release v1.21.0
 2022-05-06 19:15:41 +03:00
Stefan Prodan
edd5515bd7 Release v1.21.0 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-05-06 18:25:07 +03:00
Stefan Prodan
00dde2358a Merge pull request #1188 from fluxcd/helm-kubeconfig 
Rename kubeconfig section in helm values
 2022-05-06 18:04:02 +03:00
Stefan Prodan
8e84262a32 Update the Helm chart kubeVersion to 1.19 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-05-06 17:02:12 +03:00
Stefan Prodan
541696f3f7 Rename kubeconfig section in helm values 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-05-06 17:01:07 +03:00
Stefan Prodan
8051d03f08 Merge pull request #1187 from fluxcd/update-digram 
Update Flagger overview diagram
 2022-05-06 16:48:27 +03:00
Stefan Prodan
a78d273aeb Update Flagger overview diagram 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-05-06 16:25:08 +03:00
Stefan Prodan
07bd3563cd Merge pull request #1183 from aryan9600/multi-cluster 
Avoid setting owner refs if the service mesh/ingress is on a different cluster
 2022-05-06 08:50:06 +03:00
Sanskar Jaiswal
8c690d1b21 avoid setting owner refs if the service mesh cluster is different 
Signed-off-by: Sanskar Jaiswal <sanskar.jaiswal@weave.works>
 2022-05-06 01:06:03 +05:30
Stefan Prodan
a8b4e9cc6d Merge pull request #1181 from aryan9600/no-cross-ns-refs 
Add flag to disable cross namespace refs to Custom Resources
 2022-05-03 11:53:38 +03:00
Sanskar Jaiswal
30ed9fb75c verify canary spec before syncing 
Signed-off-by: Sanskar Jaiswal <sanskar.jaiswal@weave.works>
 2022-04-29 13:53:14 +05:30
Sanskar Jaiswal
0382d9c1ca Add no cross-namespace refs to FAQ and helm chart 
Signed-off-by: Sanskar Jaiswal <sanskar.jaiswal@weave.works>
 2022-04-29 13:50:01 +05:30
Stefan Prodan
95381e1892 Merge pull request #1150 from cdlliuy/be_honor_to_skip_analysis_new 
ignore FailedCheck result when skipAnalysis defined and be honor to skipAnalysis when internal error happens
 2022-04-28 11:19:05 +03:00
Sanskar Jaiswal
7df1beef85 Add flag to disable cross namespace refs to AlertProviders and MetricTemplates 
Signed-off-by: Sanskar Jaiswal <sanskar.jaiswal@weave.works>
 2022-04-27 17:09:07 +05:30
Stefan Prodan
a1e519b352 Merge pull request #1172 from fluxcd/release-1.20.0 
Release v1.20.0
 2022-04-15 13:24:01 +03:00
Stefan Prodan
e7f16a8c06 Release v1.20.0 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-04-15 12:49:17 +03:00
Stefan Prodan
a3adae4af0 Merge pull request #1171 from aryan9600/fix-primary-restart 
Fix canary rollback behaviour
 2022-04-15 12:18:51 +03:00
Sanskar Jaiswal
c7c0c76bd3 fix canary rollback behaviour 
Prevents the canary from getting triggered, when a canary deploy is
updated to match the primary deploy after an analysis fails.

Signed-off-by: Sanskar Jaiswal <sanskar.jaiswal@weave.works>
 2022-04-15 13:49:05 +05:30
Stefan Prodan
67cc965d31 Merge pull request #1164 from shipt/contour-retryon-support 
Contour: Update the httproxy API and enable RetryOn
 2022-04-12 10:32:53 +03:00
brandoncate
d09969e3b4 update httpproxy 
Signed-off-by: brandoncate <brandon.cate@shipt.com>
 2022-04-08 09:58:23 -05:00
brandoncate
41904b42f8 add assertion to retryOn field 
Signed-off-by: brandoncate <brandon.cate@shipt.com>
 2022-04-08 09:58:23 -05:00
brandoncate
f638410782 remove custom.sh test file 
Signed-off-by: brandoncate <brandon.cate@shipt.com>
 2022-04-08 09:58:23 -05:00
brandoncate
48cc7995d7 adding retryon support 
Signed-off-by: brandoncate <brandon.cate@shipt.com>
 2022-04-08 09:58:23 -05:00
Stefan Prodan
793b93c665 Merge pull request #1148 from cdlliuy/add_canary_analysis_result_as_metric 
Add canary analysis result as Prometheus metrics
 2022-04-06 07:57:23 +03:00
Ying Liu
e0186cbe2a update docs for metrics part 
Signed-off-by: Ying Liu <ying.liu.lying@gmail.com>
 2022-04-06 09:57:46 +08:00
Stefan Prodan
2cc2b5dce8 Merge pull request #1162 from denvernyaw/wrong_unit_of_time_for_duration_panels_in_grafana_dashboard 
Fix unit of time in the Istio Grafana dashboard
 2022-04-05 16:39:21 +03:00
Mikita Reshatko
ccdbbdb0ec adapt Prometheus queries results for request duration metrics to Grafana dashboard 
Signed-off-by: Mikita Reshatko <mikita.reshatko@gmail.com>
 2022-04-05 14:14:09 +03:00
ying
13483321ac Update pkg/metrics/recorder.go 
Co-authored-by: Stefan Prodan <stefan.prodan@gmail.com>
Signed-off-by: Ying Liu <ying.liu.lying@gmail.com>
 2022-03-25 23:10:03 +08:00
Ying Liu
5547533197 add canary analysis result as prometheus metrics 
Signed-off-by: Ying Liu <ying.liu.lying@gmail.com>
 2022-03-25 23:10:03 +08:00
Stefan Prodan
c68998d75e Merge pull request #1156 from aryan9600/appmesh-log 
AppMesh: Add annotation to enable Envoy access logs
 2022-03-22 16:13:37 +02:00
Sanskar Jaiswal
20f2d3f2f9 add annotation to enable appmesh logs 
Signed-off-by: Sanskar Jaiswal <sanskar.jaiswal@weave.works>
Co-authored-by: wucg <wucg@trip.com>
 2022-03-22 15:45:02 +05:30
Stefan Prodan
cc7b35b44a Merge pull request #1146 from canidam/fix-podinfo-service-when-canary-enabled 
Fix the service toggle condition in the podinfo helm chart
 2022-03-18 11:35:06 +02:00
Stefan Prodan
67a2cd6a48 Merge pull request #1139 from cdlliuy/ying_short_metric_analysis_waiting_promption 
shorten the metric analysis cycle after confirm promotion gate is open
 2022-03-18 11:34:21 +02:00
Stefan Prodan
08deddc4fe Merge pull request #1145 from anovateam/route_port_on_delegation 
istio: Add destination port when port discovery and delegation are true
 2022-03-18 10:10:54 +02:00
Ying Liu
77b2eb36a5 ignore FailedCheck result when skipAnalysis defined and be honor to skipAnalysi when internal error happens 
Signed-off-by: Ying Liu <ying.liu.lying@gmail.com>
 2022-03-17 10:49:30 +08:00
Ying Liu
ab84ac207a shorten the metric analysis cycle after confirmpromption gate is open and make the analysis check still works during waitingpromption status 
Signed-off-by: Ying Liu <ying.liu.lying@gmail.com>
 2022-03-17 10:32:01 +08:00
Chen Anidam
8957d91e01 Fix podinfo service toggle condition 
Signed-off-by: Chen Anidam <canidam@gmail.com>
 2022-03-17 00:34:51 +02:00
Marco Amador
c7cbb729b7 add destination port when port discovery is active and delegation is true 
Signed-off-by: Marco Amador <amador.marco@gmail.com>
 2022-03-16 18:57:02 +00:00
Stefan Prodan
eca6fa7958 Merge pull request #1144 from aryan9600/aryan9600/gateway-api 
Remove unnecessary log statement
 2022-03-15 15:03:16 +02:00
Sanskar Jaiswal
ee535afcb9 remove unnecessary log statement 
Signed-off-by: Sanskar Jaiswal <sanskar.jaiswal@weave.works>
 2022-03-15 18:07:23 +05:30
Stefan Prodan
18b64910d7 Merge pull request #1143 from aryan9600/aryan9600/gateway-api 
Fix Gateway API docs
 2022-03-15 14:34:57 +02:00
Sanskar Jaiswal
3ca75140d0 fix gateway api docs 
Signed-off-by: Sanskar Jaiswal <sanskar.jaiswal@weave.works>
 2022-03-15 17:38:55 +05:30
Stefan Prodan
960f924448 Merge pull request #1142 from aryan9600/aryan9600/gateway-api 
Change debug level to info for gateway API
 2022-03-15 14:07:26 +02:00
Sanskar Jaiswal
eed128a8b4 change debug level to info 
Signed-off-by: Sanskar Jaiswal <sanskar.jaiswal@weave.works>
 2022-03-15 16:21:39 +05:30
Stefan Prodan
210e21176b Merge pull request #1138 from fluxcd/release-1.19.0 
Release v1.19.0
 2022-03-14 14:47:33 +02:00
Stefan Prodan
0a0c3835d6 Release v1.19.0 
This release comes with support for Kubernetes Gateway API v1alpha2.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-03-14 12:09:01 +02:00
Stefan Prodan
531893b279 Merge pull request #1110 from Moscagus/canary-replicas 
Use the primary replicas when scaling up the canary (no hpa)
 2022-03-14 12:02:27 +02:00
Stefan Prodan
e6bb47f920 Merge pull request #1108 from aryan9600/aryan9600/gateway-api 
Add Gateway API as a provider
 2022-03-14 11:14:01 +02:00
Stefan Prodan
307813a628 Merge pull request #1117 from johnzheng1975/patch-01 
Update istio-progressive-delivery.md
 2022-03-11 11:53:27 +02:00
Sanskar Jaiswal
38fc6b567f merge a/b and progressive tutorial 
Signed-off-by: Sanskar Jaiswal <sanskar.jaiswal@weave.works>
 2022-03-11 15:19:46 +05:30
Stefan Prodan
17015b23bf Merge pull request #1131 from aryan9600/bump-podinfo 
Bump podinfo to 6.0.x and loadtester to 0.22.0
 2022-03-11 10:07:46 +02:00
Sanskar Jaiswal
c9e53dd069 remove gateway types, fix rbac and add istio faq 
Signed-off-by: Sanskar Jaiswal <sanskar.jaiswal@weave.works>
 2022-03-10 18:16:44 +05:30
Sanskar Jaiswal
e26a10b481 update README 
Signed-off-by: Sanskar Jaiswal <sanskar.jaiswal@weave.works>
 2022-03-10 16:54:36 +05:30
Sanskar Jaiswal
281d869f54 add a/b test docs and update progressive docs 
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
 2022-03-10 16:54:36 +05:30
Sanskar Jaiswal
91126d102d fix a/b testing logic and update e2e tests 
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
 2022-03-10 16:54:36 +05:30
Sanskar Jaiswal
ba4646cddb fix docs and e2e install.sh 
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
 2022-03-10 16:54:36 +05:30
Sanskar Jaiswal
438877674a add docs 
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
 2022-03-10 16:54:36 +05:30
Sanskar Jaiswal
da451a0cf4 add metric templates to tests 
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
 2022-03-10 16:54:36 +05:30
Sanskar Jaiswal
5e1d00d4d2 add router_test and make test install script platform agnostic 
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
 2022-03-10 16:54:36 +05:30
Sanskar Jaiswal
00d54d268c add gateway tests and change provider aname 
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
 2022-03-10 16:54:36 +05:30
Sanskar Jaiswal
174e9fdc93 Add support for Gateway API as a provider. 
Adds Gateway API as a provider for progressive traffic shifting, A/B
testing and Blue-Green testing. Adds a new field in the Canary
`spec.service.gatewayRefs` which specifies the Gateway that Flagger
should use.

Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
 2022-03-10 16:54:36 +05:30
Moscagus
f7fd6cce8c If HPA isn't set and replicas are not specified, it uses the primary replicas when scaling up the canary 
Signed-off-by: Moscagus <gustavo.varisco@gmail.com>
 2022-03-09 22:16:47 -03:00
Sanskar Jaiswal
5dc336d609 bump podinfo to 6.0.x and loadtester to 0.22.0 
Signed-off-by: Sanskar Jaiswal <sanskar.jaiswal@weave.works>
 2022-03-09 20:19:39 +05:30
Stefan Prodan
ae6a683f23 Merge pull request #1130 from aryan9600/remove-helm2 
Remove support for helmv2 in loadtester
 2022-03-09 10:18:58 +02:00
Sanskar Jaiswal
5acf189fbe remove support for helmv2 in loadtester 
Signed-off-by: Sanskar Jaiswal <sanskar.jaiswal@weave.works>
 2022-03-08 22:14:32 +05:30
Stefan Prodan
090329d0c9 Merge pull request #1119 from connesc/authorizer 
Restrict source namespaces in flagger-loadtester
 2022-03-08 14:41:11 +02:00
Cédric Connes
96fd359b99 Add cmd.namespaceRegexp to loadtester Helm chart 
Signed-off-by: Cédric Connes <cedric.connes@gmail.com>
 2022-03-08 12:38:19 +01:00
Stefan Prodan
519f343fcc Merge pull request #1125 from aryan9600/fix-finalizer-dupl 
Fix potential canary finalizer duplication
 2022-03-08 11:10:39 +02:00
Stefan Prodan
5d2a7ba9e7 Merge pull request #1128 from aryan9600/ld-multiarch 
Add arm64 support for loadtester
 2022-03-07 16:33:26 +02:00
Sanskar Jaiswal
1664ca436e add arm64 support for loadtester 
Signed-off-by: Sanskar Jaiswal <sanskar.jaiswal@weave.works>
 2022-03-07 17:34:24 +05:30
Sanskar Jaiswal
84ae65c763 fix potential canary finalizer duplication 
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
 2022-03-04 21:11:31 +05:30
Cédric Connes
6085753d84 Only allow namespaces matching -namespace-regexp 
This allows to forbid access from canaries in non-whitelisted
namespaces.
In a multi-tenant context, this can be combined with network policies to
maintain isolation between namespaces.

Signed-off-by: Cédric Connes <cedric.connes@gmail.com>
 2022-02-24 18:24:03 +01:00
John Zheng
da706be4aa Update istio-progressive-delivery.md 
Signed-off-by: Author Name <johnzhengaz@gmail.com>
It is easy tp raise: Halt advancement no values found for istio metric request-success-rate probably podinfo.test is not receiving traffic: running query failed: no values found
If it is inconsistence between the prometheus version and istio version.
Signed-off-by: John Zheng <john.zheng@hp.com>
 2022-02-18 20:04:57 +08:00
Stefan Prodan
65e3bcb1d8 Merge pull request #1116 from pjbgf/patch-180222 
Update Kubernetes dependencies to v1.23.3
 2022-02-18 12:24:44 +02:00
Paulo Gomes
582f6eec77 Update Kubernetes dependecies to v0.23.3 
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
 2022-02-18 09:56:43 +00:00
Paulo Gomes
4200c0159d Update github.com/prometheus/client_golang to v1.11.1 (CVE fix) 
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
 2022-02-18 08:44:48 +00:00
Stefan Prodan
cf8fe94fca Merge pull request #1107 from fluxcd/release-1.18.0 
Release v1.18.0
 2022-02-14 15:27:57 +02:00
Stefan Prodan
30d553c6f3 Release v1.18.0 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-02-14 12:44:23 +02:00
Stefan Prodan
f8f6a994dd Merge pull request #1106 from SomtochiAma/set-replica 
Set primary deployment replicas when autoscaler isn't used
 2022-02-14 12:33:10 +02:00
Somtochi Onyekwere
085639bbde Set primary deployment replicas when autoscaler isn't used 
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
 2022-02-14 10:54:24 +01:00
Stefan Prodan
3bfa7c974d Merge pull request #1102 from SomtochiAma/topology-spread 
Add field `spec.analysis.canaryReadyThreshold` for configuring canary threshold
 2022-02-10 11:11:37 +02:00
Stefan Prodan
d29e475277 Merge pull request #1103 from chlunde/patch-2 
docs: Fix typo ExternalDNS
 2022-02-10 11:10:27 +02:00
Stefan Prodan
b7ba3ab063 Merge pull request #1105 from SomtochiAma/error-msg 
Send warning and error alerts correctly
 2022-02-09 09:31:12 +02:00
Somtochi Onyekwere
9796903c78 Send warning and error alerts correctly 
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
 2022-02-08 21:48:46 +01:00
Carl Henrik Lunde
2f25fab560 docs: Fix typo ExternalDNS 
Signed-off-by: Carl Henrik Lunde <chlunde@ifi.uio.no>
 2022-02-08 18:26:17 +01:00
Somtochi Onyekwere
215c859619 add field for configuring canary threshold 
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
 2022-02-08 13:52:28 +01:00
Stefan Prodan
7071d42152 Merge pull request #1100 from SomtochiAma/topology-spread 
Update matchLabels for TopologySpreadContstraints in Deployments
 2022-02-07 15:13:52 +02:00
Somtochi Onyekwere
08b1e52278 Add extra check for name 
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
 2022-02-07 13:00:43 +01:00
Stefan Prodan
801f801e02 Merge pull request #1095 from ashokhein/main 
Fix for when Prometheus returns NaN
 2022-02-07 13:53:32 +02:00
Stefan Prodan
af5634962f Merge pull request #1092 from northwesternmutual/main 
Update metadata during subsequent promote
 2022-02-07 13:45:26 +02:00
Somtochi Onyekwere
fe7615afb4 Update matchLabels in LabelSelectors 
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
 2022-02-07 11:30:21 +01:00
ASHOK KUMAR KS
fc6bedda23 Merge branch 'fluxcd:main' into main 2022-01-25 10:41:13 +00:00
Stefan Prodan
a7f997c092 Merge pull request #1091 from fluxcd/release-0.17.0 
Release v1.17.0
 2022-01-25 10:48:03 +02:00
Karl Heins
121eb767cb Update metadata during subsequent promote 
Signed-off-by: Karl Heins <karlheins@northwesternmutual.com>

Support updating primary Deployment/DaemonSet/HPA/Service labels and annotations after first-time rollout
 2022-01-24 14:41:24 -06:00
ashokhein
cd3a1d8478 fixed bug when Prometheus returns NaN 
Signed-off-by: ashokhein <ashokhein@gmail.com>
 2022-01-24 12:58:57 +00:00
Stefan Prodan
6f6af25467 chart: Update Prometheus to v2.32.1 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-01-21 15:13:12 +02:00
Stefan Prodan
a0f1638f6c Remove Flux deprecated marker 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-01-21 15:11:42 +02:00
Stefan Prodan
fc13276f0e Release v1.17.0 
Adds support for Kuma service mesh

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-01-21 15:11:41 +02:00
Stefan Prodan
8a0b92db19 Merge pull request #1094 from fluxcd/sbom 
Publish a Software Bill of Materials (SBOM)
 2022-01-21 15:11:11 +02:00
Stefan Prodan
2f0d34adb2 Publish a Software Bill of Materials (SBOM) 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-01-21 14:20:48 +02:00
Stefan Prodan
617f416291 Merge pull request #1093 from aryan9600/aryan9600/fix-kuma-e2e 
Fix failing kuma e2e tests
 2022-01-20 10:47:32 +02:00
Sanskar Jaiswal
7a438ad323 fix failing kuma e2e tests 
Kuma e2e tests were failing in CI(https://github.com/fluxcd/flagger/runs/4826617915?check_suite_focus=true)
due to prom server installed in the kuma-metrics ns not being able to
contact the kubernetes api server. Fixed by switching to flagger
prometheus and a custom kustomize build for kuma tests.

Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
 2022-01-20 08:20:16 +00:00
Stefan Prodan
5776f0b64b Merge pull request #1041 from baldey-nz/baldey-nz/notification-change 
Add cluster name to flagger cmd args for altering
 2022-01-11 11:14:47 +02:00
Stefan Prodan
96d190a789 Merge pull request #1085 from johnharris85/add-kuma-support 
Add kuma support for progressive traffic shifting canaries
 2022-01-11 11:01:14 +02:00
John Harris
d2038699c0 Fix newlines 
Signed-off-by: John Harris <john.harris@konghq.com>
 2022-01-05 07:46:56 -08:00
John Harris
cb3b5cba90 Remove Prometheus from default install 
Signed-off-by: John Harris <john.harris@konghq.com>
 2022-01-05 07:18:41 -08:00
baldey-nz
8c881ab758 as suggested changing cluster-name to flag 
Signed-off-by: baldey-nz <baldey@gmail.com>
 2021-12-21 14:11:49 +13:00
John Harris
caefaf73aa Add additional docs references 
Signed-off-by: John Harris <john.harris@konghq.com>
 2021-12-20 09:21:42 -08:00
John Harris
e8d7001f5e Add RO FS back to deployment 
Signed-off-by: John Harris <john.harris@konghq.com>
 2021-12-18 14:51:57 -08:00
John Harris
ae0f20a445 Add Kuma docs 
Signed-off-by: John Harris <john.harris@konghq.com>
 2021-12-18 14:45:23 -08:00
John Harris
4ddc12185f Add prometheus support 
Signed-off-by: John Harris <john.harris@konghq.com>
 2021-12-18 14:18:56 -08:00
John Harris
e81627a96d Add tests 
Signed-off-by: John Harris <john.harris@konghq.com>
 2021-12-18 14:09:39 -08:00
John Harris
47be2a25f2 Add Kuma routing and metrics 
Signed-off-by: John Harris <john.harris@konghq.com>
 2021-12-18 14:07:59 -08:00
John Harris
6832a4ffde Add/update Kustomize configurations 
Signed-off-by: John Harris <john.harris@konghq.com>
 2021-12-18 14:07:05 -08:00
John Harris
bd58a47862 Add/update API types 
Signed-off-by: John Harris <john.harris@konghq.com>
 2021-12-18 14:05:54 -08:00
Stefan Prodan
613fb92a25 Merge pull request #1084 from fluxcd/release-1.16.1 
Release v1.16.1
 2021-12-17 17:37:56 +02:00
Stefan Prodan
250d9f2836 Release v1.16.1 
Contains flagger-loadtester v0.21.0

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-12-17 16:51:53 +02:00
Stefan Prodan
0cab25e44c Merge pull request #1083 from fluxcd/loadtester-v0.21.0 
Release loadtester v0.21.0
 2021-12-16 14:43:01 +02:00
Stefan Prodan
cbf6b462e4 Release loadtester v0.21.0 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-12-16 13:41:20 +02:00
Stefan Prodan
8695660c58 Merge pull request #1082 from fluxcd/fix-loadtester-workflow 
Fix loadtester CI workflow
 2021-12-16 13:33:38 +02:00
Stefan Prodan
1216990f52 Fix loadtester CI workflow 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-12-16 13:33:06 +02:00
John Harris
204228bc8f Add API types. 
Signed-off-by: John Harris <john.harris@konghq.com>
 2021-12-15 15:13:47 -08:00
Stefan Prodan
ebc26e9ea0 Merge pull request #1081 from fluxcd/alpine-3.15 
Update Alpine to 3.15
 2021-12-15 12:16:40 +02:00
Stefan Prodan
3c03119d2d Merge pull request #1080 from fluxcd/lt-helm 
loadtester: Update the Helm CLI
 2021-12-15 12:16:31 +02:00
Stefan Prodan
644049092f Update Alpine to 3.15 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-12-15 10:49:16 +02:00
Stefan Prodan
578f447728 loadtester: Update the Helm CLI 
- helm 2.17.0
- helmv3 3.7.2

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-12-15 10:47:53 +02:00
Stefan Prodan
3bf926e419 Merge pull request #1079 from fluxcd/push-ld 
Add workflow for pushing loadtester image
 2021-12-14 19:18:07 +02:00
Stefan Prodan
48ee4f8bd2 Add workflow for pushing loadtester image 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-12-14 18:53:29 +02:00
Stefan Prodan
b4964a0535 Merge pull request #1078 from fluxcd/k8s.io/v0.23.0 
Update Kubernetes packages to v1.23.0
 2021-12-14 18:31:16 +02:00
Stefan Prodan
47ff00e9b9 Update Kubernetes packages to v1.23.0 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-12-14 17:56:59 +02:00
Stefan Prodan
6ca99a5ddb Merge pull request #1077 from fluxcd/go-1.17 
Update Go to v1.17
 2021-12-14 17:49:54 +02:00
Stefan Prodan
30b5054692 Update Go to v1.17 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-12-14 17:26:13 +02:00
Stefan Prodan
edf7b90c11 Merge pull request #1076 from makaronak/loadtester-secrets 
feat: allow loadtester pull secrets
 2021-12-14 16:15:58 +02:00
Stefan Prodan
7f0f97d14d Merge pull request #1071 from longkai/fix-code-gen 
fix: code gen sometimes fail issue
 2021-12-14 15:04:32 +02:00
Maksim Makaronak
b03b75cd7e feat: allow loadtester pull secrets 
Signed-off-by: Maksim Makaronak <maksim.makaronak@ihsmarkit.com>
 2021-12-14 14:19:47 +03:00
Stefan Prodan
f0d2e60a9a Merge pull request #1075 from dholbach/update-maintainer-file 
Update MAINTAINERS file (Takeshi is at Tetrate now)
 2021-12-14 10:14:49 +02:00
Daniel Holbach
328f1d9ea2 Update MAINTAINERS file (Takeshi is at Tetrate now) 
Also bring it up to same format as all the other
	MAINTAINERS files (needed for fluxcd/community#155).

Signed-off-by: Daniel Holbach <daniel@weave.works>
 2021-12-13 17:46:47 +01:00
longkai
a14013f393 fix: code gen sometimes fail issue 
In my self project I reference this nice script, the go.sum look like this(after run go mod tidy and
download):

```
k8s.io/apimachinery v0.22.1/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0=
k8s.io/apiserver v0.22.1/go.mod h1:2mcM6dzSt+XndzVQJX21Gx0/Klo7Aen7i0Ai6tIa400=
k8s.io/client-go v0.22.1 h1:jW0ZSHi8wW260FvcXHkIa0NLxFBQszTlhiAVsU5mopw=
k8s.io/client-go v0.22.1/go.mod h1:BquC5A4UOo4qVDUtoc04/+Nxp1MeHcVc1HJm1KmG8kk=
k8s.io/code-generator v0.22.1/go.mod h1:eV77Y09IopzeXOJzndrDyCI88UBok2h6WxAlBwpxa+o=
k8s.io/component-base v0.22.1 h1:SFqIXsEN3v3Kkr1bS6rstrs1wd45StJqbtgbQ4nRQdo=
```

as you can see the, sometimes the go.sum only has `version/go.mod` line,
if we run the scripts, it will fail like this:

chmod: cannot access '/home/longkai/pkg/mod/k8s.io/code-generator@v0.22.1/go.mod/generate-groups.sh': Not a directory

so this pr fix this.

Finally, the list is sort by version ast, we want to choose the newer one.

Signed-off-by: longkai <im.longkai@gmail.com>
 2021-12-07 14:32:34 +08:00
Stefan Prodan
aef1d7904d Merge pull request #1063 from rajatvig/UpdateLoadTester 
Update libraries included in the load tester to newer versions
 2021-12-01 09:20:26 +02:00
Rajat Vig
dc478188c1 Update loadtester version 
Signed-off-by: Rajat Vig <rvig@etsy.com>
 2021-12-01 00:13:35 +00:00
Rajat Vig
9fa6e775c0 Fix ghz URI and install wrk from alpine vs compiling it 
Signed-off-by: Rajat Vig <rvig@etsy.com>
 2021-12-01 00:08:55 +00:00
Rajat Vig
584350623b Update libraries included in the load tester to newer versions 
Signed-off-by: Rajat Vig <rvig@etsy.com>
 2021-11-29 11:07:41 +00:00
Stefan Prodan
919959b32c Merge pull request #1062 from rajatvig/patch-1 
Update content for changes in autoscaler behaviour
 2021-11-29 12:50:03 +02:00
Rajat Vig
ec54eedf93 Update content for changes in autoscaler behaviour 
Signed-off-by: Rajat Vig <rvig@etsy.com>
 2021-11-29 10:26:48 +00:00
Stefan Prodan
f311797215 Merge pull request #1061 from SanyaKochhar/osm-docs 
Update OSM docs for managed/non-default instances
 2021-11-24 17:14:58 +02:00
Stefan Prodan
059b5d0f89 Merge pull request #1059 from julienduchesne/patch-1 
Add section about the k6 load tester
 2021-11-24 17:14:43 +02:00
Sanya Kochhar
7542640494 update osm docs for managed/non-default osm instances 
Signed-off-by: Sanya Kochhar <kochhars@microsoft.com>
 2021-11-23 14:10:46 -05:00
Julien Duchesne
52493f181a Add section about the k6 load tester 
As suggested here: https://cloud-native.slack.com/archives/C01JR4YUG4B/p1637598108108000

Signed-off-by: Julien Duchesne <julien.duchesne@grafana.com>
 2021-11-22 11:52:27 -05:00
Stefan Prodan
5d95143536 Merge pull request #1058 from fluxcd/release-1.16.0 
Release v1.16.0
 2021-11-22 15:40:25 +02:00
Stefan Prodan
a2c5861ca5 Release v1.16.0 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-11-22 14:53:54 +02:00
Stefan Prodan
fcc07f02b0 Merge pull request #1049 from fluxcd/prevent-flux-overrides 
Prevent Flux from overriding Flagger managed objects
 2021-11-22 14:38:27 +02:00
Stefan Prodan
3f43526aac Merge pull request #1057 from fluxcd/update-diagram-osm 
Update Flagger diagram to include OpenServiceMesh
 2021-11-22 14:38:13 +02:00
Stefan Prodan
cd07da9137 Update Flagger diagram to include OpenServiceMesh 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-11-22 12:05:17 +02:00
Stefan Prodan
30ab182b2e Merge pull request #1052 from zeot/append-ownerreferences-configmaps-and-secrets 
Append to list of ownerReferences for primary configmaps and secrets
 2021-11-18 10:51:36 +02:00
Stefan Prodan
2ddd9587f7 Merge pull request #1048 from personio/primary-ready-threshold 
[feat] primaryReadyThreshold: allow configuring threshold for primary
 2021-11-17 10:30:37 +02:00
Zacharias Taubert
50800857b6 Append to list of ownerReferences for cm and secrets 
If a "primary" ConfigMap or Secret already exists, keep the list of
ownerReferences and append the updating Canary as ownerReference if it's
not already in the list. This will prevent the GC from deleting primary
ConfigMaps and Secrets used by multiple primary deployments when one is
deleted.

Signed-off-by: Zacharias Taubert <zacharias.taubert@gmail.com>
 2021-11-14 23:30:30 +01:00
Mahdi Dibaiee
8f50521435 [feat] primaryReadyThreshold: allow configuring threshold for primary 
see #639

Signed-off-by: Mahdi Dibaiee <mdibaiee@pm.me>
 2021-11-11 14:44:52 +00:00
Stefan Prodan
45ecaa9084 Prevent Flux from overriding Flagger managed objects 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-11-10 18:19:04 +02:00
Stefan Prodan
9c7db58d87 Merge pull request #1044 from Misteur-Z/external-dns-docs 
Add warning in docs about ExternalDNS + Istio configuration
 2021-11-09 19:56:21 +02:00
Stefan Prodan
6b11e9714b Merge pull request #1045 from DiptoChakrabarty/replaceioutil 
Replace ioutil in testing of gchat
 2021-11-09 19:22:30 +02:00
Stefan Prodan
7f5a9ed34a Merge pull request #1047 from ecordell/patch-1 
Mark CanaryMetric.Threshold as omitempty
 2021-11-09 19:22:09 +02:00
Evan Cordell
bc9a231d26 Mark CanaryMetric.Threshold as omitempty 
Signed-off-by: Evan Cordell <cordell.evan@gmail.com>
 2021-11-09 09:27:20 -05:00
Dipto Chakrabarty
0bb3815f73 replace ioutil in testing of gchat 
Signed-off-by: DiptoChakrabarty <diptochuck123@gmail.com>
 2021-11-01 15:17:44 +05:30
Misteur-Z
944cc8ef62 Remove emoji 
Signed-off-by: Misteur-Z <22374424+Misteur-Z@users.noreply.github.com>
 2021-10-29 15:43:13 +02:00
Misteur-Z
e97334d7c1 Warning 
Signed-off-by: Misteur-Z <22374424+Misteur-Z@users.noreply.github.com>
 2021-10-29 14:41:24 +02:00
Stefan Prodan
2dacf08c30 Merge pull request #1043 from fluxcd/release-1.15.0 
Release v1.15.0
 2021-10-29 09:52:55 +03:00
Stefan Prodan
6f6590774e Add a note to docs for external-dns annotations 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-10-28 16:41:33 +03:00
Stefan Prodan
fe5bb3fd26 Release v1.15.0 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-10-28 16:24:43 +03:00
baldey-nz
c638edd346 If applied, this commit will add an optional canary spec field named summary for notification purposes 
Signed-off-by: baldey-nz <baldey@gmail.com>
 2021-10-28 07:14:24 +13:00
Stefan Prodan
c02477a245 Merge pull request #1036 from sa-spag/loadtester-chart 
Add `podLabels` to loadtester chart
 2021-10-27 08:56:21 +03:00
Stefan Prodan
da6da9c839 Merge pull request #1038 from bseenu/loadtester-security 
Update load tester binaries (CVEs fix)
 2021-10-27 08:53:56 +03:00
Stefan Prodan
d83293776d Merge pull request #1034 from jonnylangefeld/jlf/add-metadata-to-istio-vs 
Add metadata annotations to generated apex objects
 2021-10-27 08:52:34 +03:00
Jonny Langefeld
d5994ac127 Add metadata to istio VirtualService 
Some third party software relies on annotations and labels on istios VirtualServices. For instance external-dns makes use of the `external-dns.alpha.kubernetes.io/controller` annotation. Currently there is no way to set labels and annotations on the VirtualService resource.

This change takes the metadata from the `canary.Spec.Service.Apex` property to replicate exactly what is already possible for a traefik resource:
c36a13ccff/pkg/router/traefik.go (L59-L68)

Fix #854

Signed-off-by: Jonny Langefeld <jonny.langefeld@gmail.com>
 2021-10-26 10:59:34 -07:00
Stefan Prodan
36584826bb Merge pull request #1022 from menglingwei/main 
Fix tyops in code comments
 2021-10-26 12:52:29 +03:00
Srinivas
7a6fccb70d Security Fixes 
Signed-off-by: Srinivas <sboga@roku.com>
 2021-10-22 18:12:23 -07:00
Alexis Gauthiez
ca1971c085 Bump loadtester chart version 
Signed-off-by: Alexis Gauthiez <alexis.gauthiez@blablacar.com>
 2021-10-19 16:42:52 +02:00
Alexis Gauthiez
97eaecec48 Add podLabels to loadtester chart 
Signed-off-by: Alexis Gauthiez <alexis.gauthiez@blablacar.com>
 2021-10-19 16:42:52 +02:00
Stefan Prodan
01d47808a7 Merge pull request #1023 from Infomaniak/hotfix/use-nginx-controller-canary-metrics 
Use nginx controller canary metrics
 2021-09-30 14:45:54 +03:00
Léopold Jacquot
7d2f3dea7a Use nginx controller canary metrics 
Signed-off-by: Léopold Jacquot <leopold.jacquot@infomaniak.com>
 2021-09-30 11:12:37 +02:00
Stefan Prodan
bce1d02b3b Merge pull request #1025 from fluxcd/gloo-1.9 
Update Gloo to 1.9.0
 2021-09-30 12:02:49 +03:00
Stefan Prodan
9a993b131d Update Gloo to 1.9.0 
Fix for deprecated CRDs

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-09-30 11:39:59 +03:00
Stefan Prodan
636a1d7576 Merge pull request #1020 from SomtochiAma/test-fieldIsMandatory 
Add test for checking if configmap is optional
 2021-09-30 11:25:34 +03:00
xiaobing.meng
fb621ec465 fix comments 
Signed-off-by: xiaobing.meng <xiaobing.meng@alibaba-inc.com>
 2021-09-26 15:14:47 +08:00
Somtochi Onyekwere
00e993c686 Add test for fieldIsMandatory 
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
 2021-09-20 23:17:27 +01:00
Stefan Prodan
374a55d8f5 Merge pull request #1001 from kyanagimoto/main 
fix: 🐛 trigger unexpected canary deployment.
 2021-09-20 18:36:09 +03:00
Stefan Prodan
1e88e2fa72 Merge pull request #1019 from fluxcd/release-v1.14.0 
Release v1.14.0
 2021-09-20 11:41:39 +03:00
Stefan Prodan
a2326198f6 Release v1.14.0 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-09-20 11:07:43 +03:00
Stefan Prodan
a0031d626a Merge pull request #1018 from funkypenguin/patch-1 
[docs] update promql query for istio request duration
 2021-09-20 10:10:30 +03:00
David Young
a2b58d59ab [docs] update promql query for istio request duration 
A minor issue I stumbled across while learning how to drive Flagger, is that the docs still use `istio_request_duration_seconds_bucket` to illustrate the query behind the `request-duration` metric. I understand that this changed with Istio 1.5 (https://github.com/fluxcd/flagger/issues/478), but it seems that in the current version of flagger, the correct metric must already be used, since I'm getting duration metrics out of Istio 1.10 :)

This change simply makes the docs clearer for those of us trying to understand exactly what `request-duration` entails!

Signed-off-by: David Young <davidy@funkypenguin.co.nz>
 2021-09-20 10:54:43 +12:00
Stefan Prodan
e8b17406b7 Merge pull request #1016 from SomtochiAma/istio-crds 
Add support for Istio load balancer settings
 2021-09-17 12:18:22 +03:00
Somtochi Onyekwere
5245045d84 Update localbalancer settings 
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
 2021-09-17 09:31:00 +01:00
Stefan Prodan
b57d39369b Merge pull request #1015 from SomtochiAma/influxdb 
Render inline promql query
 2021-09-17 09:24:34 +03:00
Stefan Prodan
db72fe3d97 Merge pull request #1013 from GregoireW/testing 
Add dynatrace metric provider
 2021-09-17 09:23:36 +03:00
Somtochi Onyekwere
3a2f688c56 Render inline promql query 
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
 2021-09-16 13:02:58 +01:00
GregoireW
13a2a5073f Add dynatrace provider 
Signed-off-by: GregoireW <24318548+GregoireW@users.noreply.github.com>
 2021-09-16 10:48:51 +02:00
Stefan Prodan
418853fd0c Merge pull request #1012 from SomtochiAma/influxdb 
Add Influxdb metric provider
 2021-09-16 11:21:24 +03:00
Somtochi Onyekwere
cfb68a6e56 Add Influxdb provider 
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
 2021-09-16 08:55:40 +01:00
Stefan Prodan
88b13274d7 Merge pull request #991 from SomtochiAma/stackdriver-analysis 
Add stackdriver metrics analysis
 2021-09-02 17:40:47 +03:00
Somtochi Onyekwere
056ba675a7 Add stackdriver metrics analysis 
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
 2021-09-01 18:25:59 +01:00
kyanagimoto
873b74561c fix: 🐛 trigger unexpected canary deployment. 
https://github.com/fluxcd/flagger/issues/989

Signed-off-by: kyanagimoto <koichiyanagimoto@gmail.com>
 2021-09-01 19:17:17 +09:00
Stefan Prodan
8b42ce374d Merge pull request #990 from fluxcd/chart-publish 
ci: Add on-demand Helm publish workflow
 2021-08-27 09:40:54 +03:00
Stefan Prodan
4871003ff1 ci: Add on-demand Helm publish workflow 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-08-27 09:40:30 +03:00
Stefan Prodan
b4e7ad5575 Merge pull request #987 from SomtochiAma/k8s-provider-docs 
Clarify that traffic routing with doesn't happen kubernetes blue/green deployment
 2021-08-27 09:37:36 +03:00
Stefan Prodan
1a246060e2 Merge pull request #986 from andylibrian/fix-broken-loadtester-chart 
Fix broken loadtester chart due to extra end
 2021-08-27 09:32:34 +03:00
Somtochi Onyekwere
6a3d74c645 Clarify traffic routing with kubernetes 
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
 2021-08-26 11:16:31 +01:00
Andy Librian
2073bd2027 Fix broken loadtester chart due to extra end 
Signed-off-by: Andy Librian <andylibrian@gmail.com>
 2021-08-26 14:15:35 +07:00
Stefan Prodan
c63554c534 Merge pull request #985 from fluxcd/cosign-fix 
Fix cosign workflow
 2021-08-25 12:16:24 +03:00
Stefan Prodan
be8ed8a696 Fix cosign workflow 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-08-25 12:16:06 +03:00
Stefan Prodan
98530d9968 Merge pull request #984 from fluxcd/release-v1.13.0 
Release v1.13.0
 2021-08-25 12:08:14 +03:00
Stefan Prodan
38adc513a6 Release v1.13.0 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-08-25 11:46:30 +03:00
Stefan Prodan
eb12e3bde1 Merge pull request #983 from fluxcd/cosign 
Sign Flagger container images with cosign
 2021-08-25 10:00:59 +03:00
Stefan Prodan
8b2839d36e Add docs on how to verify Flagger containers with cosign 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-08-24 17:59:32 +03:00
Stefan Prodan
f0fa2aa6bb Sign Flagger container images with cosign 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-08-24 17:58:54 +03:00
Stefan Prodan
33528b073f Add cosign keys 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-08-24 15:25:02 +03:00
Fabio Pinna
cf8783ea37 Add support for Google Chat alerts (#953) 
Add gchat alerting support

Signed-off-by: fpinna <fplkid@gmail.com>
 2021-08-24 11:26:00 +03:00
Stefan Prodan
00355635f8 Merge pull request #982 from saiskee/fix-gloo-edge-flagger 
Update Gloo APIs to v1.8
 2021-08-23 19:47:18 +03:00
Keerthan Ekbote
aa485f4bf1 Update gloo apis to replace snake case with camel case 
Signed-off-by: Keerthan Ekbote <keerthan.ekbote@solo.io>
 2021-08-23 12:16:43 -04:00
Stefan Prodan
273b05fb24 Merge pull request #980 from fluxcd/istio-e2e 
Update virtual service delegation e2e tests for Istio v1.11
 2021-08-23 18:10:51 +03:00
Stefan Prodan
e470474d6f Update Istio delegation e2e for 1.11 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-08-23 17:48:40 +03:00
Stefan Prodan
ddfd2fe2ec Merge pull request #979 from fluxcd/update-e2e-vers 
Update providers in e2e tests
 2021-08-23 15:15:32 +03:00
Stefan Prodan
7533d0ae99 e2e: Update Ingress NGINX to v0.49.0 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-08-23 14:26:27 +03:00
Stefan Prodan
04ec7f0388 Merge pull request #966 from eduardobarbosa/eduardobarbosa/add-podlabels-helmchart 
Add extra podLabels options to Flagger Helm Chart
 2021-08-23 13:02:13 +03:00
Stefan Prodan
419000cc13 e2e: Update Istio to v1.11.0 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-08-23 12:58:35 +03:00
Stefan Prodan
0dc8edb437 Merge pull request #975 from hobbsh/support-volumes-loadtester 
support volumes/volumeMounts in loadtester chart
 2021-08-23 12:48:17 +03:00
Stefan Prodan
0759b6531b e2e: Update Contour to v1.18 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-08-23 12:34:32 +03:00
Stefan Prodan
d8f984de7d Merge pull request #977 from johnsonshi/osm-flagger-docs 
Add OSM tutorial and docs
 2021-08-23 12:33:16 +03:00
Johnson Shi
82e490a875 Add osm tutorial and docs 
Signed-off-by: Johnson Shi <Johnson.Shi@microsoft.com>
 2021-08-20 14:25:47 -07:00
Stefan Prodan
c6dffd9d3e e2e: Update Linkerd to v2.10.2 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-08-20 17:17:59 +03:00
Stefan Prodan
8ee3d5835a Merge pull request #978 from fluxcd/update-calendar 
Update links to calendar and resources
 2021-08-17 13:33:13 +03:00
Daniel Holbach
1209d7e42b update links to calendar and resources 
Signed-off-by: Daniel Holbach <daniel@weave.works>
 2021-08-17 10:22:48 +02:00
Wylie Hobbs
cdc05ba506 support volumes/volumeMounts in loadtester chart 
Signed-off-by: Wylie Hobbs <wylie@wyliehobbs.com>
 2021-08-12 10:44:12 -06:00
Stefan Prodan
a6fae0195f Merge pull request #955 from johnsonshi/support-osm-in-flagger 
Support OSM progressive traffic shifting in Flagger
 2021-08-12 15:04:09 +03:00
Johnson Shi
11375b6890 Support OSM progressive traffic shifting 
Signed-off-by: Johnson Shi <Johnson.Shi@microsoft.com>
 2021-08-11 17:43:00 -07:00
eduardobarbosa
3811470ebf Add extra podLabels options to Flagger Helm Chart 
Signed-off-by: eduardobarbosa <eduardobarbosadacosta@gmail.com>
 2021-08-04 15:10:00 -03:00
Stefan Prodan
e2b08eb4dc Merge pull request #964 from shuheiktgw/drop_ioutil 
chore: Drop deprecated io/ioutil
 2021-07-31 10:16:11 +03:00
shuheiktgw
38d3ca1022 chore: Drop deprecated io/ioutil 
Signed-off-by: shuheiktgw <shuheiktgw@users.noreply.github.com>
 2021-07-31 08:25:46 +09:00
Stefan Prodan
df459c5fe6 Merge pull request #960 from fluxcd/traefik-2.4 
e2e: Update Traefik to 2.4.9
 2021-07-27 12:56:41 +03:00
Stefan Prodan
d1d9c0e2a9 Update Traefik docs with Prometheus annotations 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-07-27 12:34:27 +03:00
Stefan Prodan
c1b1d7d448 e2e: Update Traefik to 2.4.9 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-07-27 12:17:40 +03:00
Stefan Prodan
e6b5ee2042 Merge pull request #958 from GregoryVds/fix-typo 
pkg:canary: fix typos in logs
 2021-07-26 18:37:20 +03:00
Stefan Prodan
0170fc6166 Merge pull request #959 from HBOCodeLabs/mdb/typo-fixes 
correct spelling of 'Secrets' in code comments
 2021-07-26 17:02:58 +03:00
Mike Ball
4cc2ada2a2 correct spelling of 'Secrets' in code comments 
Signed-off-by: Mike Ball <mike.ball@warnermedia.com>
 2021-07-23 06:54:26 -04:00
Gregory Vander Schueren
a5d3e4f6a6 pkg:canary: fix typos in logs 
Signed-off-by: Gregory Vander Schueren <gregory.vanderschueren@sortlist.com>
 2021-07-21 15:44:56 +02:00
Stefan Prodan
7c92b33886 Merge pull request #952 from bellkev/fix-grafana-dashboard 
Remove problematic nulls from Grafana dashboard
 2021-07-09 17:21:46 +03:00
Kevin Bell
0f0b9414ae Remove problematic nulls from Grafana dashboard 
Newer versions of Grafana complain when loading
dashboard JSON with nulls in these "current" fields.

Signed-off-by: Kevin Bell <kebel@amazon.com>
 2021-07-08 18:01:47 -07:00
Stefan Prodan
6fbb67ee8c Merge pull request #943 from L3o-pold/hotfix/fix-alerting-http-proxy 
Fix for the http client proxy overriding the default client
 2021-06-24 17:14:52 +03:00
Léopold Jacquot
6634f1a9ae don't override DefaultClient 
bug introduced by https://github.com/fluxcd/flagger/pull/872

Signed-off-by: Léopold Jacquot <leopold.jacquot@infomaniak.com>
 2021-06-24 15:04:41 +02:00
Stefan Prodan
8da8138f77 Merge pull request #941 from fluxcd/release-v1.12.1 
Release v1.12.1
 2021-06-17 19:33:36 +03:00
Stefan Prodan
588f4c477b Release v1.12.1 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-06-17 19:12:06 +03:00
Stefan Prodan
fda1775d3a Merge pull request #940 from fluxcd/k8s.io/api-v0.21.1 
Update Go to v1.16 and Kubernetes packages to v1.21.1
 2021-06-17 19:03:24 +03:00
Stefan Prodan
fc71d53c71 Update Go to v1.16 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-06-17 18:44:23 +03:00
Stefan Prodan
ab2a320659 Update Kubernetes packages to v1.21.1 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-06-17 18:35:42 +03:00
Stefan Prodan
7f50f81ac7 Merge pull request #939 from fluxcd/remove-toolkit-markers 
Remove the GitOps Toolkit metadata from generated objects
 2021-06-17 18:12:21 +03:00
Stefan Prodan
c36a13ccff Remove the GitOps Toolkit metadata from generated objects 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-06-17 17:49:22 +03:00
Stefan Prodan
47de726345 Merge pull request #937 from fluxcd/release-v1.12.0 
Release v1.12.0
 2021-06-16 13:16:19 +03:00
Stefan Prodan
7a4fdbddc0 Release v1.12.0 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-06-16 12:18:40 +03:00
Joakim Ahrlin
0dc6f33550 Add insecureSkipVerify option for Prometheus and Graphite 
Add insecureSkipVerify option for Prometheus and Graphite

Signed-off-by: Joakim Ahrlin <joakim.ahrlin@embark-studios.com>
 2021-06-15 19:28:25 +03:00
Stefan Prodan
b2436eb0df Merge pull request #936 from fluxcd/flux-gc-skip 
Remove Flux GC markers from generated objects
 2021-06-15 18:08:32 +03:00
Stefan Prodan
cc673159d7 Remove Flux GC markers from generated objects 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-06-15 17:45:33 +03:00
Stefan Prodan
17c310d66d Merge pull request #932 from KnechtionsCoding/feat/gloo-label-copy 
gloo: copy labels from upstream
 2021-06-15 12:36:37 +03:00
Hans Knecht
e7357c4e07 fix: updating to use include-label-prefix 
fix: remove copy of labels

Signed-off-by: Hans Knecht <Hans.Knecht@missionlane.com>
 2021-06-14 11:39:55 -04:00
Stefan Prodan
c44de2d7c3 Merge pull request #934 from johnsonshi/fix-smi-trafficsplit-v1alpha2-omitempty 
fix: Require SMI TrafficSplit Service and Weight
 2021-06-14 18:07:42 +03:00
Johnson Shi
d82b2c219a fix: Require SMI TrafficSplit Service and Weight 
In the SMI TrafficSplit spec, Weight and Service are
required values for TrafficSplit Backend.
In flagger's SMI v1alpha2 implementation,
Service and Weight have the omitempty json option.

During canary analysis, flagger initially creates
a SMI TrafficSplit custom resource in which the
canary backend service has a Weight of 0.
The omitempty option causes Go to omit Weight
when it sends the custom resource to Kubernetes.
This throws an error during canary analysis.

Signed-off-by: Johnson Shi <Johnson.Shi@microsoft.com>
 2021-06-14 06:55:59 -07:00
Hans Knecht
35c8957a55 chore: lowercase labels 
Signed-off-by: Hans Knecht <Hans.Knecht@missionlane.com>
 2021-06-12 21:57:45 -04:00
Hans Knecht
8555f8250a feat: copy labels from upstream 
Signed-off-by: Hans Knecht <Hans.Knecht@missionlane.com>
 2021-06-11 16:18:29 -04:00
Mike Ball
8137a25b13 Improve language and correct typos in FAQs docs (#925) 
Improve language and correct typos in FAQs docs

Signed-off-by: Mike Ball <mike.ball@warnermedia.com>
 2021-06-03 11:09:42 +03:00
314 changed files with 15196 additions and 1509 deletions
Expand all files Collapse all files

50
.cosign/README.md Normal file
View File

@@ -0,0 +1,50 @@
# Flagger signed releases
Flagger releases published to GitHub Container Registry as multi-arch container images
are signed using [cosign](https://github.com/sigstore/cosign).
## Verify Flagger images
Install the [cosign](https://github.com/sigstore/cosign) CLI:
```sh
brew install sigstore/tap/cosign
```
Verify a Flagger release with cosign CLI:
```sh
cosign verify -key https://raw.githubusercontent.com/fluxcd/flagger/main/cosign/cosign.pub \
ghcr.io/fluxcd/flagger:1.13.0
```
Verify Flagger images before they get pulled on your Kubernetes clusters with [Kyverno](https://github.com/kyverno/kyverno/):
```yaml
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: verify-flagger-image
annotations:
policies.kyverno.io/title: Verify Flagger Image
policies.kyverno.io/category: Cosign
policies.kyverno.io/severity: medium
policies.kyverno.io/subject: Pod
policies.kyverno.io/minversion: 1.4.2
spec:
validationFailureAction: enforce
background: false
rules:
- name: verify-image
match:
resources:
kinds:
- Pod
verifyImages:
- image: "ghcr.io/fluxcd/flagger:*"
key: |-
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEST+BqQ1XZhhVYx0YWQjdUJYIG5Lt
iz2+UxRIqmKBqNmce2T+l45qyqOs99qfD7gLNGmkVZ4vtJ9bM7FxChFczg==
-----END PUBLIC KEY-----
```

11
.cosign/cosign.key Normal file
View File

@@ -0,0 +1,11 @@
-----BEGIN ENCRYPTED COSIGN PRIVATE KEY-----
eyJrZGYiOnsibmFtZSI6InNjcnlwdCIsInBhcmFtcyI6eyJOIjozMjc2OCwiciI6
OCwicCI6MX0sInNhbHQiOiIvK1MwbTNrU3pGMFFXdVVYQkFoY2gvTDc3NVJBSy9O
cnkzUC9iMkxBZGF3PSJ9LCJjaXBoZXIiOnsibmFtZSI6Im5hY2wvc2VjcmV0Ym94
Iiwibm9uY2UiOiJBNEFYL2IyU1BsMDBuY3JUNk45QkNOb0VLZTZLZEluRCJ9LCJj
aXBoZXJ0ZXh0IjoiZ054UlJweXpraWtRMUVaRldsSnEvQXVUWTl0Vis2enBlWkIy
dUFHREMzOVhUQlAwaWY5YStaZTE1V0NTT2FQZ01XQmtSZWhrQVVjQ3dZOGF2WTZa
eFhZWWE3T1B4eFdidHJuSUVZM2hwZUk1M1dVQVZ6SXEzQjl0N0ZmV1JlVGsxdFlo
b3hwQmxUSHY4U0c2azdPYk1aQnJleitzSGRWclF6YUdMdG12V1FOMTNZazRNb25i
ZUpRSUJpUXFQTFg5NzFhSUlxU0dxYVhCanc9PSJ9
-----END ENCRYPTED COSIGN PRIVATE KEY-----

4
.cosign/cosign.pub Normal file
View File

@@ -0,0 +1,4 @@
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEST+BqQ1XZhhVYx0YWQjdUJYIG5Lt
iz2+UxRIqmKBqNmce2T+l45qyqOs99qfD7gLNGmkVZ4vtJ9bM7FxChFczg==
-----END PUBLIC KEY-----

3
.gitbook.yaml
View File

@@ -13,3 +13,6 @@ redirects:
usage/skipper-progressive-delivery: tutorials/skipper-progressive-delivery.md
usage/crossover-progressive-delivery: tutorials/crossover-progressive-delivery.md
usage/traefik-progressive-delivery: tutorials/traefik-progressive-delivery.md
usage/osm-progressive-delivery: tutorials/osm-progressive-delivery.md
usage/kuma-progressive-delivery: tutorials/kuma-progressive-delivery.md
usage/gatewayapi-progressive-delivery: tutorials/gatewayapi-progressive-delivery.md

5
.github/workflows/build.yaml vendored
View File

@@ -9,6 +9,9 @@ on:
branches:
- main
permissions:
contents: read # for actions/checkout to fetch code
jobs:
container:
runs-on: ubuntu-latest
@@ -25,7 +28,7 @@ jobs:
- name: Setup Go
uses: actions/setup-go@v2
with:
go-version: 1.15.x
go-version: 1.17.x
- name: Download modules
run: |
go mod download

11
.github/workflows/e2e.yaml vendored
View File

@@ -9,27 +9,36 @@ on:
branches:
- main
permissions:
contents: read # for actions/checkout to fetch code
jobs:
kind:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
provider:
# service mesh
- istio
- linkerd
- osm
- kuma
# ingress controllers
- contour
- nginx
- traefik
- gloo
- skipper
- kubernetes
- gatewayapi
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Kubernetes
uses: engineerd/setup-kind@v0.5.0
with:
version: "v0.11.0"
version: "v0.11.1"
image: kindest/node:v1.21.1@sha256:fae9a58f17f18f06aeac9772ca8b5ac680ebbed985e266f711d936e91d113bad
- name: Build container image
run: |

18
.github/workflows/helm.yaml vendored Normal file
View File

@@ -0,0 +1,18 @@
name: helm
on:
workflow_dispatch:
permissions:
contents: write # needed to push chart
jobs:
build-push:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Publish Helm charts
uses: stefanprodan/helm-gh-pages@v1.3.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
charts_url: https://flagger.app

56
.github/workflows/push-ld.yml vendored Normal file
View File

@@ -0,0 +1,56 @@
name: push-ld
on:
workflow_dispatch:
env:
IMAGE: "ghcr.io/fluxcd/flagger-loadtester"
permissions:
contents: write # needed to write releases
packages: write # needed for ghcr access
jobs:
build-push:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Prepare
id: prep
run: |
VERSION=$(grep 'VERSION' cmd/loadtester/main.go | head -1 | awk '{ print $4 }' | tr -d '"')
echo ::set-output name=BUILD_DATE::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
echo ::set-output name=VERSION::${VERSION}
- name: Setup QEMU
uses: docker/setup-qemu-action@v1
- name: Setup Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: fluxcdbot
password: ${{ secrets.GHCR_TOKEN }}
- name: Generate image meta
id: meta
uses: docker/metadata-action@v3
with:
images: |
${{ env.IMAGE }}
tags: |
type=raw,value=${{ steps.prep.outputs.VERSION }}
- name: Publish image
uses: docker/build-push-action@v2
with:
push: true
builder: ${{ steps.buildx.outputs.name }}
context: .
file: ./Dockerfile.loadtester
platforms: linux/amd64,linux/arm64
build-args: |
REVISION=${{ github.sha }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Check images
run: |
docker buildx imagetools inspect ${{ env.IMAGE }}:${{ steps.prep.outputs.VERSION }}

61
.github/workflows/release.yml vendored
View File

@@ -4,34 +4,47 @@ on:
tags:
- 'v*'
permissions:
contents: write # needed to write releases
id-token: write # needed for keyless signing
packages: write # needed for ghcr access
env:
IMAGE: "ghcr.io/fluxcd/${{ github.event.repository.name }}"
jobs:
build-push:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: sigstore/cosign-installer@main
- name: Prepare
id: prep
run: |
VERSION=$(grep 'VERSION' pkg/version/version.go | awk '{ print $4 }' | tr -d '"')
CHANGELOG="https://github.com/fluxcd/flagger/blob/main/CHANGELOG.md#$(echo $VERSION | tr -d '.')"
echo "[CHANGELOG](${CHANGELOG})" > notes.md
echo ::set-output name=BUILD_DATE::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
echo ::set-output name=VERSION::${VERSION}
echo ::set-output name=CHANGELOG::${CHANGELOG}
- name: Setup QEMU
uses: docker/setup-qemu-action@v1
with:
platforms: all
- name: Setup Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
with:
buildkitd-flags: "--debug"
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: fluxcdbot
password: ${{ secrets.GHCR_TOKEN }}
- name: Generate image meta
id: meta
uses: docker/metadata-action@v3
with:
images: |
${{ env.IMAGE }}
tags: |
type=raw,value=${{ steps.prep.outputs.VERSION }}
- name: Publish image
uses: docker/build-push-action@v2
with:
@@ -42,33 +55,31 @@ jobs:
platforms: linux/amd64,linux/arm64,linux/arm/v7
build-args: |
REVISON=${{ github.sha }}
tags: |
ghcr.io/fluxcd/flagger:${{ steps.prep.outputs.VERSION }}
labels: |
org.opencontainers.image.title=${{ github.event.repository.name }}
org.opencontainers.image.description=${{ github.event.repository.description }}
org.opencontainers.image.url=${{ github.event.repository.html_url }}
org.opencontainers.image.source=${{ github.event.repository.html_url }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }}
org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Sign image
run: |
echo -n "${{secrets.COSIGN_PASSWORD}}" | \
cosign sign -key ./.cosign/cosign.key -a git_sha=$GITHUB_SHA \
${{ env.IMAGE }}:${{ steps.prep.outputs.VERSION }}
- name: Check images
run: |
docker buildx imagetools inspect ghcr.io/fluxcd/flagger:${{ steps.prep.outputs.VERSION }}
docker buildx imagetools inspect ${{ env.IMAGE }}:${{ steps.prep.outputs.VERSION }}
- name: Verifiy image signature
run: |
cosign verify -key ./.cosign/cosign.pub \
${{ env.IMAGE }}:${{ steps.prep.outputs.VERSION }}
- name: Publish Helm charts
uses: stefanprodan/helm-gh-pages@v1.3.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
charts_url: https://flagger.app
linting: off
- name: Create release
uses: actions/create-release@latest
- uses: anchore/sbom-action/download-syft@v0
- name: Create release and SBOM
uses: goreleaser/goreleaser-action@v2
with:
version: latest
args: release --release-notes=notes.md --rm-dist --skip-validate
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref }}
release_name: ${{ github.ref }}
draft: false
prerelease: false
body: |
[CHANGELOG](${{ steps.prep.outputs.CHANGELOG }})

4
.github/workflows/scan.yml vendored
View File

@@ -8,6 +8,10 @@ on:
schedule:
- cron: '18 10 * * 3'
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for codeQL to write security events
jobs:
fossa:
name: FOSSA

29
.goreleaser.yml
View File

@@ -1,14 +1,17 @@
project_name: flagger
builds:
- main: ./cmd/flagger
binary: flagger
ldflags: -s -w -X github.com/fluxcd/flagger/pkg/version.REVISION={{.Commit}}
goos:
- linux
goarch:
- amd64
env:
- CGO_ENABLED=0
archives:
- name_template: "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
files:
- none*
- skip: true
release:
prerelease: auto
source:
enabled: true
name_template: "{{ .ProjectName }}_{{ .Version }}_source_code"
sboms:
- id: source
artifacts: source
documents:
- "{{ .ProjectName }}_{{ .Version }}_sbom.spdx.json"

320
CHANGELOG.md
View File

@@ -2,6 +2,326 @@
All notable changes to this project are documented in this file.
## 1.21.0
**Release date:** 2022-05-06
This release comes with an option to disable cross-namespace references to Kubernetes
custom resources such as `AlertProivders` and `MetricProviders`. When running Flagger
on multi-tenant environments it is advised to set the `-no-cross-namespace-refs=true` flag.
In addition, this version enables Flagger to target Istio and Kuma multi-cluster setups.
When installing Flagger with Helm, the service mesh control plane kubeconfig secret
can be specified using `--set controlplane.kubeconfig.secretName`.
#### Improvements
- Add flag to disable cross namespace refs to custom resources
[#1181](https://github.com/fluxcd/flagger/pull/1181)
- Rename kubeconfig section in helm values
[#1188](https://github.com/fluxcd/flagger/pull/1188)
- Update Flagger overview diagram
[#1187](https://github.com/fluxcd/flagger/pull/1187)
#### Fixes
- Avoid setting owner refs if the service mesh/ingress is on a different cluster
[#1183](https://github.com/fluxcd/flagger/pull/1183)
## 1.20.0
**Release date:** 2022-04-15
This release comes with improvements to the AppMesh, Contour and Istio integrations.
#### Improvements
- AppMesh: Add annotation to enable Envoy access logs
[#1156](https://github.com/fluxcd/flagger/pull/1156)
- Contour: Update the httproxy API and enable RetryOn
[#1164](https://github.com/fluxcd/flagger/pull/1164)
- Istio: Add destination port when port discovery and delegation are true
[#1145](https://github.com/fluxcd/flagger/pull/1145)
- Metrics: Add canary analysis result as Prometheus metrics
[#1148](https://github.com/fluxcd/flagger/pull/1148)
#### Fixes
- Fix canary rollback behaviour
[#1171](https://github.com/fluxcd/flagger/pull/1171)
- Shorten the metric analysis cycle after confirm promotion gate is open
[#1139](https://github.com/fluxcd/flagger/pull/1139)
- Fix unit of time in the Istio Grafana dashboard
[#1162](https://github.com/fluxcd/flagger/pull/1162)
- Fix the service toggle condition in the podinfo helm chart
[#1146](https://github.com/fluxcd/flagger/pull/1146)
## 1.19.0
**Release date:** 2022-03-14
This release comes with support for Kubernetes [Gateway API](https://gateway-api.sigs.k8s.io/) v1alpha2.
For more details see the [Gateway API Progressive Delivery tutorial](https://docs.flagger.app/tutorials/gatewayapi-progressive-delivery).
#### Features
- Add Gateway API as a provider
[#1108](https://github.com/fluxcd/flagger/pull/1108)
#### Improvements
- Add arm64 support for loadtester
[#1128](https://github.com/fluxcd/flagger/pull/1128)
- Restrict source namespaces in flagger-loadtester
[#1119](https://github.com/fluxcd/flagger/pull/1119)
- Remove support for Helm v2 in loadtester
[#1130](https://github.com/fluxcd/flagger/pull/1130)
#### Fixes
- Fix potential canary finalizer duplication
[#1125](https://github.com/fluxcd/flagger/pull/1125)
- Use the primary replicas when scaling up the canary (no hpa)
[#1110](https://github.com/fluxcd/flagger/pull/1110)
## 1.18.0
**Release date:** 2022-02-14
This release comes with a new API field called `canaryReadyThreshold`
that allows setting the percentage of pods that need to be available
to consider the canary deployment as ready.
Starting with version, the canary deployment labels, annotations and
replicas fields are copied to the primary deployment at promotion time.
#### Features
- Add field `spec.analysis.canaryReadyThreshold` for configuring canary threshold
[#1102](https://github.com/fluxcd/flagger/pull/1102)
#### Improvements
- Update metadata during subsequent promote
[#1092](https://github.com/fluxcd/flagger/pull/1092)
- Set primary deployment `replicas` when autoscaler isn't used
[#1106](https://github.com/fluxcd/flagger/pull/1106)
- Update `matchLabels` for `TopologySpreadContstraints` in Deployments
[#1041](https://github.com/fluxcd/flagger/pull/1041)
#### Fixes
- Send warning and error alerts correctly
[#1105](https://github.com/fluxcd/flagger/pull/1105)
- Fix for when Prometheus returns NaN
[#1095](https://github.com/fluxcd/flagger/pull/1095)
- docs: Fix typo ExternalDNS
[#1103](https://github.com/fluxcd/flagger/pull/1103)
## 1.17.0
**Release date:** 2022-01-11
This release comes with support for [Kuma Service Mesh](https://kuma.io/).
For more details see the [Kuma Progressive Delivery tutorial](https://docs.flagger.app/tutorials/kuma-progressive-delivery).
To differentiate alerts based on the cluster name, you can configure Flagger with the `-cluster-name=my-cluster`
command flag, or with Helm `--set clusterName=my-cluster`.
#### Features
- Add kuma support for progressive traffic shifting canaries
[#1085](https://github.com/fluxcd/flagger/pull/1085)
[#1093](https://github.com/fluxcd/flagger/pull/1093)
#### Improvements
- Publish a Software Bill of Materials (SBOM)
[#1094](https://github.com/fluxcd/flagger/pull/1094)
- Add cluster name to flagger cmd args for altering
[#1041](https://github.com/fluxcd/flagger/pull/1041)
## 1.16.1
**Release date:** 2021-12-17
This release contains updates to Kubernetes packages (1.23.0), Alpine (3.15)
and load tester components.
#### Improvements
- Release loadtester v0.21.0
[#1083](https://github.com/fluxcd/flagger/pull/1083)
- Add loadtester image pull secrets to Helm chart
[#1076](https://github.com/fluxcd/flagger/pull/1076)
- Update libraries included in the load tester to newer versions
[#1063](https://github.com/fluxcd/flagger/pull/1063)
[#1080](https://github.com/fluxcd/flagger/pull/1080)
- Update Kubernetes packages to v1.23.0
[#1078](https://github.com/fluxcd/flagger/pull/1078)
- Update Alpine to 3.15
[#1081](https://github.com/fluxcd/flagger/pull/1081)
- Update Go to v1.17
[#1077](https://github.com/fluxcd/flagger/pull/1077)
## 1.16.0
**Release date:** 2021-11-22
This release comes with a new API field called `primaryReadyThreshold`
that allows setting the percentage of pods that need to be available
to consider the primary deployment as ready.
#### Features
- Allow configuring threshold for primary
[#1048](https://github.com/fluxcd/flagger/pull/1048)
#### Improvements
- Append to list of ownerReferences for primary configmaps and secrets
[#1052](https://github.com/fluxcd/flagger/pull/1052)
- Prevent Flux from overriding Flagger managed objects
[#1049](https://github.com/fluxcd/flagger/pull/1049)
- Add warning in docs about ExternalDNS + Istio configuration
[#1044](https://github.com/fluxcd/flagger/pull/1044)
#### Fixes
- Mark `CanaryMetric.Threshold` as omitempty
[#1047](https://github.com/fluxcd/flagger/pull/1047)
- Replace `ioutil` in testing of gchat
[#1045](https://github.com/fluxcd/flagger/pull/1045)
## 1.15.0
**Release date:** 2021-10-28
This release comes with support for NGINX ingress canary metrics.
The nginx-ingress minimum supported version is now v1.0.2.
Starting with version, Flagger will use the `spec.service.apex.annotations`
to annotate the generated apex VirtualService, TrafficSplit or HTTPProxy.
#### Features
- Use nginx controller canary metrics
[#1023](https://github.com/fluxcd/flagger/pull/1023)
- Add metadata annotations to generated apex objects
[#1034](https://github.com/fluxcd/flagger/pull/1034)
#### Improvements
- Update load tester binaries (CVEs fix)
[#1038](https://github.com/fluxcd/flagger/pull/1038)
- Add podLabels to load tester Helm chart
[#1036](https://github.com/fluxcd/flagger/pull/1036)
## 1.14.0
**Release date:** 2021-09-20
This release comes with support for extending the canary analysis with
Dynatrace, InfluxDB and Google Cloud Monitoring (Stackdriver) metrics.
#### Features
- Add Stackdriver metric provider
[#991](https://github.com/fluxcd/flagger/pull/991)
- Add Influxdb metric provider
[#1012](https://github.com/fluxcd/flagger/pull/1012)
- Add Dynatrace metric provider
[#1013](https://github.com/fluxcd/flagger/pull/1013)
#### Fixes
- Fix inline promql query
[#1015](https://github.com/fluxcd/flagger/pull/1015)
- Fix Istio load balancer settings mapping
[#1016](https://github.com/fluxcd/flagger/pull/1016)
## 1.13.0
**Release date:** 2021-08-25
This release comes with support for [Open Service Mesh](https://openservicemesh.io).
For more details see the [OSM Progressive Delivery tutorial](https://docs.flagger.app/tutorials/osm-progressive-delivery).
Starting with this version, Flagger container images are signed with
[sigstore/cosign](https://github.com/sigstore/cosign), for more details see the
[Flagger cosign docs](https://github.com/fluxcd/flagger/blob/main/.cosign/README.md).
#### Features
- Support OSM progressive traffic shifting in Flagger
[#955](https://github.com/fluxcd/flagger/pull/955)
[#977](https://github.com/fluxcd/flagger/pull/977)
- Add support for Google Chat alerts
[#953](https://github.com/fluxcd/flagger/pull/953)
#### Improvements
- Sign Flagger container images with cosign
[#983](https://github.com/fluxcd/flagger/pull/983)
- Update Gloo APIs and e2e tests to Gloo v1.8.9
[#982](https://github.com/fluxcd/flagger/pull/982)
- Update e2e tests to Istio v1.11, Contour v1.18, Linkerd v2.10.2 and NGINX v0.49.0
[#979](https://github.com/fluxcd/flagger/pull/979)
- Update e2e tests to Traefik to 2.4.9
[#960](https://github.com/fluxcd/flagger/pull/960)
- Add support for volumes/volumeMounts in loadtester Helm chart
[#975](https://github.com/fluxcd/flagger/pull/975)
- Add extra podLabels options to Flagger Helm Chart
[#966](https://github.com/fluxcd/flagger/pull/966)
#### Fixes
- Fix for the http client proxy overriding the default client
[#943](https://github.com/fluxcd/flagger/pull/943)
- Drop deprecated io/ioutil
[#964](https://github.com/fluxcd/flagger/pull/964)
- Remove problematic nulls from Grafana dashboard
[#952](https://github.com/fluxcd/flagger/pull/952)
## 1.12.1
**Release date:** 2021-06-17
This release comes with a fix to Flagger when used with Flux v2.
#### Improvements
- Update Go to v1.16 and Kubernetes packages to v1.21.1
[#940](https://github.com/fluxcd/flagger/pull/940)
#### Fixes
- Remove the GitOps Toolkit metadata from generated objects
[#939](https://github.com/fluxcd/flagger/pull/939)
## 1.12.0
**Release date:** 2021-06-16
This release comes with support for disabling the SSL certificate verification
for the Prometheus and Graphite metric providers.
#### Improvements
- Add `insecureSkipVerify` option for Prometheus and Graphite
[#935](https://github.com/fluxcd/flagger/pull/935)
- Copy labels from Gloo upstreams
[#932](https://github.com/fluxcd/flagger/pull/932)
- Improve language and correct typos in FAQs docs
[#925](https://github.com/fluxcd/flagger/pull/925)
- Remove Flux GC markers from generated objects
[#936](https://github.com/fluxcd/flagger/pull/936)
#### Fixes
- Require SMI TrafficSplit Service and Weight
[#878](https://github.com/fluxcd/flagger/pull/878)
## 1.11.0
**Release date:** 2021-06-01

4
Dockerfile
View File

@@ -1,4 +1,4 @@
FROM golang:1.15-alpine as builder
FROM golang:1.17-alpine as builder
ARG TARGETPLATFORM
ARG REVISON
@@ -21,7 +21,7 @@ RUN CGO_ENABLED=0 go build \
-ldflags "-s -w -X github.com/fluxcd/flagger/pkg/version.REVISION=${REVISON}" \
-a -o flagger ./cmd/flagger
FROM alpine:3.13
FROM alpine:3.15
RUN apk --no-cache add ca-certificates

71
Dockerfile.loadtester
View File

@@ -1,59 +1,59 @@
FROM alpine:3.11 as build
FROM golang:1.17-alpine as builder
RUN apk --no-cache add alpine-sdk perl curl
ARG TARGETPLATFORM
ARG TARGETARCH
ARG REVISION
RUN curl -sSLo hey "https://storage.googleapis.com/hey-release/hey_linux_amd64" && \
chmod +x hey && mv hey /usr/local/bin/hey
RUN apk --no-cache add alpine-sdk perl curl bash tar
RUN HELM2_VERSION=2.16.8 && \
curl -sSL "https://get.helm.sh/helm-v${HELM2_VERSION}-linux-amd64.tar.gz" | tar xvz && \
chmod +x linux-amd64/helm && mv linux-amd64/helm /usr/local/bin/helm && \
chmod +x linux-amd64/tiller && mv linux-amd64/tiller /usr/local/bin/tiller
RUN HELM3_VERSION=3.7.2 && \
curl -sSL "https://get.helm.sh/helm-v${HELM3_VERSION}-linux-${TARGETARCH}.tar.gz" | tar xvz && \
chmod +x linux-${TARGETARCH}/helm && mv linux-${TARGETARCH}/helm /usr/local/bin/helm
RUN HELM3_VERSION=3.2.3 && \
curl -sSL "https://get.helm.sh/helm-v${HELM3_VERSION}-linux-amd64.tar.gz" | tar xvz && \
chmod +x linux-amd64/helm && mv linux-amd64/helm /usr/local/bin/helmv3
RUN GRPC_HEALTH_PROBE_VERSION=v0.3.1 && \
wget -qO /usr/local/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-amd64 && \
RUN GRPC_HEALTH_PROBE_VERSION=v0.4.6 && \
wget -qO /usr/local/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-${TARGETARCH} && \
chmod +x /usr/local/bin/grpc_health_probe
RUN GHZ_VERSION=0.39.0 && \
curl -sSL "https://github.com/bojand/ghz/releases/download/v${GHZ_VERSION}/ghz_${GHZ_VERSION}_Linux_x86_64.tar.gz" | tar xz -C /tmp && \
mv /tmp/ghz /usr/local/bin && chmod +x /usr/local/bin/ghz
RUN GHZ_VERSION=0.105.0 && \
curl -sSL "https://github.com/bojand/ghz/archive/refs/tags/v${GHZ_VERSION}.tar.gz" | tar xz -C /tmp && \
cd /tmp/ghz-${GHZ_VERSION}/cmd/ghz && GOARCH=$TARGETARCH go build . && mv ghz /usr/local/bin && \
chmod +x /usr/local/bin/ghz
RUN HELM_TILLER_VERSION=0.9.3 && \
curl -sSL "https://github.com/rimusz/helm-tiller/archive/v${HELM_TILLER_VERSION}.tar.gz" | tar xz -C /tmp && \
mv /tmp/helm-tiller-${HELM_TILLER_VERSION} /tmp/helm-tiller
WORKDIR /workspace
RUN WRK_VERSION=4.0.2 && \
cd /tmp && git clone -b ${WRK_VERSION} https://github.com/wg/wrk
RUN cd /tmp/wrk && make
# copy modules manifests
COPY go.mod go.mod
COPY go.sum go.sum
# cache modules
RUN go mod download
# copy source code
COPY cmd/ cmd/
COPY pkg/ pkg/
# build
RUN CGO_ENABLED=0 go build -o loadtester ./cmd/loadtester/*
FROM bash:5.0
ARG TARGETPLATFORM
RUN addgroup -S app && \
adduser -S -g app app && \
apk --no-cache add ca-certificates curl jq libgcc
apk --no-cache add ca-certificates curl jq libgcc wrk hey
WORKDIR /home/app
COPY --from=bats/bats:v1.1.0 /opt/bats/ /opt/bats/
RUN ln -s /opt/bats/bin/bats /usr/local/bin/
COPY --from=build /usr/local/bin/hey /usr/local/bin/
COPY --from=build /tmp/wrk/wrk /usr/local/bin/
COPY --from=build /usr/local/bin/helm /usr/local/bin/
COPY --from=build /usr/local/bin/tiller /usr/local/bin/
COPY --from=build /usr/local/bin/ghz /usr/local/bin/
COPY --from=build /usr/local/bin/helmv3 /usr/local/bin/
COPY --from=build /usr/local/bin/grpc_health_probe /usr/local/bin/
COPY --from=build /tmp/helm-tiller /tmp/helm-tiller
COPY --from=builder /usr/local/bin/helm /usr/local/bin/
COPY --from=builder /usr/local/bin/ghz /usr/local/bin/
COPY --from=builder /usr/local/bin/grpc_health_probe /usr/local/bin/
ADD https://raw.githubusercontent.com/grpc/grpc-proto/master/grpc/health/v1/health.proto /tmp/ghz/health.proto
COPY ./bin/loadtester .
RUN chown -R app:app ./
RUN chown -R app:app /tmp/ghz
@@ -63,7 +63,6 @@ USER app
RUN hey -n 1 -c 1 https://flagger.app > /dev/null && echo $? | grep 0
RUN wrk -d 1s -c 1 -t 1 https://flagger.app > /dev/null && echo $? | grep 0
# install Helm v2 plugins
RUN helm init --client-only && helm plugin install /tmp/helm-tiller
COPY --from=builder --chown=app:app /workspace/loadtester .
ENTRYPOINT ["./loadtester"]

6
MAINTAINERS
View File

@@ -2,5 +2,7 @@ The maintainers are generally available in Slack at
https://cloud-native.slack.com/messages/flagger/ (obtain an invitation
at https://slack.cncf.io/).
Stefan Prodan, Weaveworks <stefan@weave.works> (Slack: @stefan Twitter: @stefanprodan)
Takeshi Yoneda, DMM.com <cz.rk.t0415y.g@gmail.com> (Slack: @mathetake Twitter: @mathetake)
In alphabetical order:
Stefan Prodan, Weaveworks <stefan@weave.works> (github: @stefanprodan, slack: stefanprodan)
Takeshi Yoneda, Tetrate <takeshi@tetrate.io> (github: @mathetake, slack: mathetake)

14
Makefile
View File

@@ -6,6 +6,7 @@ build:
CGO_ENABLED=0 go build -a -o ./bin/flagger ./cmd/flagger
fmt:
go mod tidy
gofmt -l -s -w ./
goimports -l -w ./
@@ -29,12 +30,12 @@ crd:
version-set:
@next="$(TAG)" && \
current="$(VERSION)" && \
sed -i '' "s/$$current/$$next/g" pkg/version/version.go && \
sed -i '' "s/flagger:$$current/flagger:$$next/g" artifacts/flagger/deployment.yaml && \
sed -i '' "s/tag: $$current/tag: $$next/g" charts/flagger/values.yaml && \
sed -i '' "s/appVersion: $$current/appVersion: $$next/g" charts/flagger/Chart.yaml && \
sed -i '' "s/version: $$current/version: $$next/g" charts/flagger/Chart.yaml && \
sed -i '' "s/newTag: $$current/newTag: $$next/g" kustomize/base/flagger/kustomization.yaml && \
sed -i "s/$$current/$$next/g" pkg/version/version.go && \
sed -i "s/flagger:$$current/flagger:$$next/g" artifacts/flagger/deployment.yaml && \
sed -i "s/tag: $$current/tag: $$next/g" charts/flagger/values.yaml && \
sed -i "s/appVersion: $$current/appVersion: $$next/g" charts/flagger/Chart.yaml && \
sed -i "s/version: $$current/version: $$next/g" charts/flagger/Chart.yaml && \
sed -i "s/newTag: $$current/newTag: $$next/g" kustomize/base/flagger/kustomization.yaml && \
echo "Version $$next set in code, deployment, chart and kustomize"
release:
@@ -42,7 +43,6 @@ release:
git push origin "v$(VERSION)"
loadtester-build:
CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o ./bin/loadtester ./cmd/loadtester/*
docker build -t ghcr.io/fluxcd/flagger-loadtester:$(LT_VERSION) . -f Dockerfile.loadtester
loadtester-push:

92
README.md
View File

@@ -1,4 +1,4 @@
# flagger
# flagger
[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4783/badge)](https://bestpractices.coreinfrastructure.org/projects/4783)
[![build](https://github.com/fluxcd/flagger/workflows/build/badge.svg)](https://github.com/fluxcd/flagger/actions)
@@ -13,10 +13,7 @@ by gradually shifting traffic to the new version while measuring metrics and run
![flagger-overview](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-overview.png)
Flagger implements several deployment strategies (Canary releases, A/B testing, Blue/Green mirroring)
using a service mesh (App Mesh, Istio, Linkerd)
or an ingress controller (Contour, Gloo, NGINX, Skipper, Traefik) for traffic routing.
For release analysis, Flagger can query Prometheus, Datadog, New Relic or CloudWatch
and for alerting it uses Slack, MS Teams, Discord and Rocket.
and integrates with various Kubernetes ingress controllers, service mesh and monitoring solutions.
Flagger is a [Cloud Native Computing Foundation](https://cncf.io/) project
and part of [Flux](https://fluxcd.io) family of GitOps tools.
@@ -38,6 +35,8 @@ Flagger documentation can be found at [docs.flagger.app](https://docs.flagger.ap
* [App Mesh](https://docs.flagger.app/tutorials/appmesh-progressive-delivery)
* [Istio](https://docs.flagger.app/tutorials/istio-progressive-delivery)
* [Linkerd](https://docs.flagger.app/tutorials/linkerd-progressive-delivery)
* [Open Service Mesh (OSM)](https://docs.flagger.app/tutorials/osm-progressive-delivery)
* [Kuma Service Mesh](https://docs.flagger.app/tutorials/kuma-progressive-delivery)
* [Contour](https://docs.flagger.app/tutorials/contour-progressive-delivery)
* [Gloo](https://docs.flagger.app/tutorials/gloo-progressive-delivery)
* [NGINX Ingress](https://docs.flagger.app/tutorials/nginx-progressive-delivery)
@@ -70,7 +69,7 @@ metadata:
namespace: test
spec:
# service mesh provider (optional)
# can be: kubernetes, istio, linkerd, appmesh, nginx, skipper, contour, gloo, supergloo, traefik
# can be: kubernetes, istio, linkerd, appmesh, nginx, skipper, contour, gloo, supergloo, traefik, osm
# for SMI TrafficSplit can be: smi:v1alpha1, smi:v1alpha2, smi:v1alpha3
provider: istio
# deployment reference
@@ -83,7 +82,7 @@ spec:
progressDeadlineSeconds: 60
# HPA reference (optional)
autoscalerRef:
apiVersion: autoscaling/v2beta1
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
name: podinfo
service:
@@ -182,34 +181,52 @@ For more details on how the canary analysis and promotion works please [read the
**Service Mesh**
| Feature | App Mesh | Istio | Linkerd | SMI | Kubernetes CNI |
| ------------------------------------------ | ------------------ | ------------------ | ------------------ | ----------------- | ----------------- |
| Canary deployments (weighted traffic) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: |
| A/B testing (headers and cookies routing) | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: |
| Blue/Green deployments (traffic switch) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Blue/Green deployments (traffic mirroring) | :heavy_minus_sign: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: |
| Webhooks (acceptance/load testing) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Manual gating (approve/pause/resume) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Request success rate check (L7 metric) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_minus_sign: |
| Request duration check (L7 metric) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_minus_sign: |
| Custom metric checks | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
For SMI compatible service mesh solutions like Open Service Mesh, Consul Connect or Nginx Service Mesh,
[Prometheus MetricTemplates](https://docs.flagger.app/usage/metrics#prometheus) can be used to implement
the request success rate and request duration checks.
| Feature | App Mesh | Istio | Linkerd | Kuma | OSM | Kubernetes CNI |
|--------------------------------------------|--------------------|--------------------|--------------------|--------------------|--------------------|--------------------|
| Canary deployments (weighted traffic) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: |
| A/B testing (headers and cookies routing) | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: |
| Blue/Green deployments (traffic switch) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Blue/Green deployments (traffic mirroring) | :heavy_minus_sign: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: |
| Webhooks (acceptance/load testing) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Manual gating (approve/pause/resume) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Request success rate check (L7 metric) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: |
| Request duration check (L7 metric) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: |
| Custom metric checks | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
**Ingress**
| Feature | Contour | Gloo | NGINX | Skipper | Traefik |
| ------------------------------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ |
| Canary deployments (weighted traffic) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| A/B testing (headers and cookies routing) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_minus_sign: |
| Blue/Green deployments (traffic switch) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Webhooks (acceptance/load testing) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Manual gating (approve/pause/resume) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Request success rate check (L7 metric) | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_check_mark: | :heavy_check_mark: |
| Request duration check (L7 metric) | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_check_mark: | :heavy_check_mark: |
| Custom metric checks | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Feature | Contour | Gloo | NGINX | Skipper | Traefik |
|-------------------------------------------|--------------------|--------------------|--------------------|--------------------|--------------------|
| Canary deployments (weighted traffic) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| A/B testing (headers and cookies routing) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_minus_sign: |
| Blue/Green deployments (traffic switch) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Webhooks (acceptance/load testing) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Manual gating (approve/pause/resume) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Request success rate check (L7 metric) | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_check_mark: | :heavy_check_mark: |
| Request duration check (L7 metric) | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_check_mark: | :heavy_check_mark: |
| Custom metric checks | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
**Networking Interface**
| Feature | Gateway API | SMI |
|-----------------------------------------------|--------------------|--------------------|
| Canary deployments (weighted traffic) | :heavy_check_mark: | :heavy_check_mark: |
| A/B testing (headers and cookies routing) | :heavy_check_mark: | :heavy_minus_sign: |
| Blue/Green deployments (traffic switch) | :heavy_check_mark: | :heavy_check_mark: |
| Blue/Green deployments (traffic mirrroring) | :heavy_minus_sign: | :heavy_minus_sign: |
| Webhooks (acceptance/load testing) | :heavy_check_mark: | :heavy_check_mark: |
| Manual gating (approve/pause/resume) | :heavy_check_mark: | :heavy_check_mark: |
| Request success rate check (L7 metric) | :heavy_minus_sign: | :heavy_minus_sign: |
| Request duration check (L7 metric) | :heavy_minus_sign: | :heavy_minus_sign: |
| Custom metric checks | :heavy_check_mark: | :heavy_check_mark: |
For all [Gateway API](https://gateway-api.sigs.k8s.io/) implementations like
[Contour](https://projectcontour.io/guides/gateway-api/) or
[Istio](https://istio.io/latest/docs/tasks/traffic-management/ingress/gateway-api/)
and [SMI](https://smi-spec.io) compatible service mesh solutions like
[Nginx Service Mesh](https://docs.nginx.com/nginx-service-mesh/),
[Prometheus MetricTemplates](https://docs.flagger.app/usage/metrics#prometheus)
can be used to implement the request success rate and request duration checks.
### Roadmap
@@ -222,19 +239,16 @@ the request success rate and request duration checks.
#### Integrations
* Add support for Kubernetes [Ingress v2](https://github.com/kubernetes-sigs/service-apis)
* Add support for ingress controllers like HAProxy and ALB
* Add support for metrics providers like InfluxDB, Stackdriver, SignalFX
* Add support for ingress controllers like HAProxy, ALB and Apache APISIX
### Contributing
Flagger is Apache 2.0 licensed and accepts contributions via GitHub pull requests.
To start contributing please read the [development guide](https://docs.flagger.app/dev/dev-guide).
When submitting bug reports please include as much details as possible:
When submitting bug reports please include as many details as possible:
* which Flagger version
* which Flagger CRD version
* which Kubernetes version
* what configuration (canary, ingress and workloads definitions)
* what happened (Flagger and Proxy logs)
@@ -246,8 +260,8 @@ If you have any questions about Flagger and progressive delivery:
* Read the Flagger [docs](https://docs.flagger.app).
* Invite yourself to the [CNCF community slack](https://slack.cncf.io/)
and join the [#flagger](https://cloud-native.slack.com/messages/flagger/) channel.
* Check out the [Flux talks section](https://fluxcd.io/community/#talks) and to see a list of online talks,
hands-on training and meetups.
* Check out the **[Flux events calendar](https://fluxcd.io/#calendar)**, both with upcoming talks, events and meetings you can attend.
* Or view the **[Flux resources section](https://fluxcd.io/resources)** with past events videos you can watch.
* File an [issue](https://github.com/fluxcd/flagger/issues/new).
Your feedback is always welcome!

50
artifacts/examples/kuma-canary.yaml Normal file
View File

@@ -0,0 +1,50 @@
apiVersion: flagger.app/v1beta1
kind: Canary
metadata:
name: podinfo
namespace: test
annotations:
kuma.io/mesh: default
spec:
targetRef:
apiVersion: apps/v1
kind: Deployment
name: podinfo
progressDeadlineSeconds: 60
service:
port: 9898
targetPort: 9898
apex:
annotations:
9898.service.kuma.io/protocol: "http"
canary:
annotations:
9898.service.kuma.io/protocol: "http"
primary:
annotations:
9898.service.kuma.io/protocol: "http"
analysis:
interval: 15s
threshold: 15
maxWeight: 50
stepWeight: 10
metrics:
- name: request-success-rate
threshold: 99
interval: 1m
- name: request-duration
threshold: 500
interval: 30s
webhooks:
- name: acceptance-test
type: pre-rollout
url: http://flagger-loadtester.test/
timeout: 30s
metadata:
type: bash
cmd: "curl -sd 'test' http://podinfo-canary.test:9898/token | grep token"
- name: load-test
type: rollout
url: http://flagger-loadtester.test/
metadata:
cmd: "hey -z 2m -q 10 -c 2 http://podinfo-canary.test:9898/"

42
artifacts/examples/osm-canary-steps.yaml Normal file
View File

@@ -0,0 +1,42 @@
apiVersion: flagger.app/v1beta1
kind: Canary
metadata:
name: podinfo
namespace: test
spec:
provider: osm
targetRef:
apiVersion: apps/v1
kind: Deployment
name: podinfo
progressDeadlineSeconds: 600
service:
port: 9898
targetPort: 9898
analysis:
interval: 15s
threshold: 10
stepWeights: [5, 10, 15, 20, 25, 30, 35, 40, 45, 50, 55]
metrics:
- name: request-success-rate
thresholdRange:
min: 99
interval: 1m
- name: request-duration
thresholdRange:
max: 500
interval: 30s
webhooks:
- name: acceptance-test
type: pre-rollout
url: http://flagger-loadtester.test/
timeout: 15s
metadata:
type: bash
cmd: "curl -sd 'test' http://podinfo-canary.test:9898/token | grep token"
- name: load-test
type: rollout
url: http://flagger-loadtester.test/
timeout: 5s
metadata:
cmd: "hey -z 1m -q 10 -c 2 http://podinfo-canary.test:9898/"

43
artifacts/examples/osm-canary.yaml Normal file
View File

@@ -0,0 +1,43 @@
apiVersion: flagger.app/v1beta1
kind: Canary
metadata:
name: podinfo
namespace: test
spec:
provider: osm
targetRef:
apiVersion: apps/v1
kind: Deployment
name: podinfo
progressDeadlineSeconds: 600
service:
port: 9898
targetPort: 9898
analysis:
interval: 15s
threshold: 10
maxWeight: 50
stepWeight: 5
metrics:
- name: request-success-rate
thresholdRange:
min: 99
interval: 1m
- name: request-duration
thresholdRange:
max: 500
interval: 30s
webhooks:
- name: acceptance-test
type: pre-rollout
url: http://flagger-loadtester.test/
timeout: 15s
metadata:
type: bash
cmd: "curl -sd 'test' http://podinfo-canary.test:9898/token | grep token"
- name: load-test
type: rollout
url: http://flagger-loadtester.test/
timeout: 5s
metadata:
cmd: "hey -z 1m -q 10 -c 2 http://podinfo-canary.test:9898/"

26
artifacts/flagger/account.yaml
View File

@@ -187,6 +187,32 @@ rules:
- update
- patch
- delete
- apiGroups:
- kuma.io
resources:
- trafficroutes
- trafficroutes/finalizers
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes
- httproutes/finalizers
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- nonResourceURLs:
- /version
verbs:

49
artifacts/flagger/crd.yaml
View File

@@ -495,6 +495,40 @@ spec:
type: array
items:
type: string
gatewayRefs:
description: The list of parent Gateways for a HTTPRoute
maxItems: 32
type: array
items:
required:
- name
type: object
properties:
group:
default: gateway.networking.k8s.io
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Gateway
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
maxLength: 253
minLength: 1
type: string
namespace:
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
sectionName:
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
corsPolicy:
description: Istio Cross-Origin Resource Sharing policy (CORS)
type: object
@@ -826,6 +860,12 @@ spec:
mirrorWeight:
description: Weight of traffic to be mirrored
type: number
primaryReadyThreshold:
description: Percentage of pods that need to be available to consider primary as ready
type: number
canaryReadyThreshold:
description: Percentage of pods that need to be available to consider canary as ready
type: number
match:
description: A/B testing match conditions
type: array
@@ -1009,6 +1049,9 @@ spec:
lastAppliedSpec:
description: LastAppliedSpec of this canary
type: string
lastPromotedSpec:
description: LastPromotedSpec of this canary
type: string
lastTransitionTime:
description: LastTransitionTime of this canary
format: date-time
@@ -1104,9 +1147,11 @@ spec:
- prometheus
- influxdb
- datadog
- stackdriver
- cloudwatch
- newrelic
- graphite
- dynatrace
address:
description: API address of this provider
type: string
@@ -1122,6 +1167,9 @@ spec:
region:
description: Region of the provider
type: string
insecureSkipVerify:
description: Disable SSL certificate validation for the provider address
type: boolean
query:
description: Query of this metric template
type: string
@@ -1188,6 +1236,7 @@ spec:
- msteams
- discord
- rocket
- gchat
channel:
description: Alert channel for this provider
type: string

2
artifacts/flagger/deployment.yaml
View File

@@ -22,7 +22,7 @@ spec:
serviceAccountName: flagger
containers:
- name: flagger
image: ghcr.io/fluxcd/flagger:1.11.0
image: ghcr.io/fluxcd/flagger:1.21.0
imagePullPolicy: IfNotPresent
ports:
- name: http

9
charts/flagger/Chart.yaml
View File

@@ -1,8 +1,8 @@
apiVersion: v1
name: flagger
version: 1.11.0
appVersion: 1.11.0
kubeVersion: ">=1.16.0-0"
version: 1.21.0
appVersion: 1.21.0
kubeVersion: ">=1.19.0-0"
engine: gotpl
description: Flagger is a progressive delivery operator for Kubernetes
home: https://flagger.app
@@ -18,6 +18,9 @@ keywords:
- istio
- appmesh
- linkerd
- kuma
- osm
- smi
- gloo
- contour
- nginx

132
charts/flagger/README.md
View File

@@ -1,22 +1,18 @@
# Flagger
[Flagger](https://github.com/fluxcd/flagger) is an operator that automates the release process of applications on Kubernetes.
[Flagger](https://github.com/fluxcd/flagger) is a progressive delivery tool that automates the release process
for applications running on Kubernetes. It reduces the risk of introducing a new software version in production
by gradually shifting traffic to the new version while measuring metrics and running conformance tests.
Flagger can run automated application analysis, testing, promotion and rollback for the following deployment strategies:
* Canary Release (progressive traffic shifting)
* A/B Testing (HTTP headers and cookies traffic routing)
* Blue/Green (traffic switching and mirroring)
Flagger works with service mesh solutions (Istio, Linkerd, AWS App Mesh) and with Kubernetes ingress controllers
(NGINX, Skipper, Gloo, Contour, Traefik).
Flagger can be configured to send alerts to various chat platforms such as Slack, Microsoft Teams, Discord and Rocket.
Flagger implements several deployment strategies (Canary releases, A/B testing, Blue/Green mirroring)
and integrates with various Kubernetes ingress controllers, service mesh and monitoring solutions.
Flagger is a [Cloud Native Computing Foundation](https://cncf.io/) project
and part of [Flux](https://fluxcd.io) family of GitOps tools.
## Prerequisites
* Kubernetes >= 1.16
* Kubernetes >= 1.19
## Installing the Chart
@@ -59,6 +55,25 @@ $ helm upgrade -i flagger flagger/flagger \
--set metricsServer=http://appmesh-prometheus:9090
```
To install Flagger for **Open Service Mesh** (requires OSM to have been installed with Prometheus):
```console
$ helm upgrade -i flagger flagger/flagger \
--namespace=osm-system \
--set meshProvider=osm \
--set metricsServer=http://osm-prometheus.osm-system.svc:7070
```
To install Flagger for **Kuma Service Mesh** (requires Kuma to have been installed with Prometheus):
```console
$ helm upgrade -i flagger flagger/flagger \
--namespace=kuma-system \
--set meshProvider=kuma \
--set metricsServer=http://prometheus-server.kuma-metrics:80
```
To install Flagger and Prometheus for **NGINX** Ingress (requires controller metrics enabled):
```console
@@ -112,53 +127,56 @@ The command removes all the Kubernetes components associated with the chart and
The following tables lists the configurable parameters of the Flagger chart and their default values.
Parameter | Description | Default
--- | --- | ---
`image.repository` | Image repository | `ghcr.io/fluxcd/flagger`
`image.tag` | Image tag | `<VERSION>`
`image.pullPolicy` | Image pull policy | `IfNotPresent`
`logLevel` | Log level | `info`
`metricsServer` | Prometheus URL, used when `prometheus.install` is `false` | `http://prometheus.istio-system:9090`
`prometheus.install` | If `true`, installs Prometheus configured to scrape all pods in the custer | `false`
`prometheus.retention` | Prometheus data retention | `2h`
`selectorLabels` | List of labels that Flagger uses to create pod selectors | `app,name,app.kubernetes.io/name`
`configTracking.enabled` | If `true`, flagger will track changes in Secrets and ConfigMaps referenced in the target deployment | `true`
`eventWebhook` | If set, Flagger will publish events to the given webhook | None
`slack.url` | Slack incoming webhook | None
`slack.proxyUrl` | Slack proxy url | None
`slack.channel` | Slack channel | None
`slack.user` | Slack username | `flagger`
`msteams.url` | Microsoft Teams incoming webhook | None
`msteams.proxyUrl` | Microsoft Teams proxy url | None
`podMonitor.enabled` | If `true`, create a PodMonitor for [monitoring the metrics](https://docs.flagger.app/usage/monitoring#metrics) | `false`
`podMonitor.namespace` | Namespace where the PodMonitor is created | the same namespace
`podMonitor.interval` | Interval at which metrics should be scraped | `15s`
`podMonitor.podMonitor` | Additional labels to add to the PodMonitor | `{}`
`leaderElection.enabled` | If `true`, Flagger will run in HA mode | `false`
`leaderElection.replicaCount` | Number of replicas | `1`
`serviceAccount.create` | If `true`, Flagger will create service account | `true`
`serviceAccount.name` | The name of the service account to create or use. If not set and `serviceAccount.create` is `true`, a name is generated using the Flagger fullname | `""`
`serviceAccount.annotations` | Annotations for service account | `{}`
`ingressAnnotationsPrefix` | Annotations prefix for ingresses | `custom.ingress.kubernetes.io`
`includeLabelPrefix` | List of prefixes of labels that are copied when creating primary deployments or daemonsets. Use * to include all | `""`
`rbac.create` | If `true`, create and use RBAC resources | `true`
`rbac.pspEnabled` | If `true`, create and use a restricted pod security policy | `false`
`crd.create` | If `true`, create Flagger's CRDs (should be enabled for Helm v2 only) | `false`
`resources.requests/cpu` | Pod CPU request | `10m`
`resources.requests/memory` | Pod memory request | `32Mi`
`resources.limits/cpu` | Pod CPU limit | `1000m`
`resources.limits/memory` | Pod memory limit | `512Mi`
`affinity` | Node/pod affinities | None
`nodeSelector` | Node labels for pod assignment | `{}`
`threadiness` | Number of controller workers | `2`
`tolerations` | List of node taints to tolerate | `[]`
`istio.kubeconfig.secretName` | The name of the Kubernetes secret containing the Istio shared control plane kubeconfig | None
`istio.kubeconfig.key` | The name of Kubernetes secret data key that contains the Istio control plane kubeconfig | `kubeconfig`
`ingressAnnotationsPrefix` | Annotations prefix for NGINX ingresses | None
`ingressClass` | Ingress class used for annotating HTTPProxy objects, e.g. `contour` | None
`podPriorityClassName` | PriorityClass name for pod priority configuration | ""
`podDisruptionBudget.enabled` | A PodDisruptionBudget will be created if `true` | `false`
`podDisruptionBudget.minAvailable` | The minimal number of available replicas that will be set in the PodDisruptionBudget | `1`
| Parameter | Description | Default |
|--------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------|
| `image.repository` | Image repository | `ghcr.io/fluxcd/flagger` |
| `image.tag` | Image tag | `<VERSION>` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `logLevel` | Log level | `info` |
| `metricsServer` | Prometheus URL, used when `prometheus.install` is `false` | `http://prometheus.istio-system:9090` |
| `prometheus.install` | If `true`, installs Prometheus configured to scrape all pods in the custer | `false` |
| `prometheus.retention` | Prometheus data retention | `2h` |
| `selectorLabels` | List of labels that Flagger uses to create pod selectors | `app,name,app.kubernetes.io/name` |
| `configTracking.enabled` | If `true`, flagger will track changes in Secrets and ConfigMaps referenced in the target deployment | `true` |
| `eventWebhook` | If set, Flagger will publish events to the given webhook | None |
| `slack.url` | Slack incoming webhook | None |
| `slack.proxyUrl` | Slack proxy url | None |
| `slack.channel` | Slack channel | None |
| `slack.user` | Slack username | `flagger` |
| `msteams.url` | Microsoft Teams incoming webhook | None |
| `msteams.proxyUrl` | Microsoft Teams proxy url | None |
| `clusterName` | When specified, Flagger will add the cluster name to alerts | `""` |
| `podMonitor.enabled` | If `true`, create a PodMonitor for [monitoring the metrics](https://docs.flagger.app/usage/monitoring#metrics) | `false` |
| `podMonitor.namespace` | Namespace where the PodMonitor is created | the same namespace |
| `podMonitor.interval` | Interval at which metrics should be scraped | `15s` |
| `podMonitor.podMonitor` | Additional labels to add to the PodMonitor | `{}` |
| `leaderElection.enabled` | If `true`, Flagger will run in HA mode | `false` |
| `leaderElection.replicaCount` | Number of replicas | `1` |
| `serviceAccount.create` | If `true`, Flagger will create service account | `true` |
| `serviceAccount.name` | The name of the service account to create or use. If not set and `serviceAccount.create` is `true`, a name is generated using the Flagger fullname | `""` |
| `serviceAccount.annotations` | Annotations for service account | `{}` |
| `ingressAnnotationsPrefix` | Annotations prefix for ingresses | `custom.ingress.kubernetes.io` |
| `includeLabelPrefix` | List of prefixes of labels that are copied when creating primary deployments or daemonsets. Use * to include all | `""` |
| `rbac.create` | If `true`, create and use RBAC resources | `true` |
| `rbac.pspEnabled` | If `true`, create and use a restricted pod security policy | `false` |
| `crd.create` | If `true`, create Flagger's CRDs (should be enabled for Helm v2 only) | `false` |
| `resources.requests/cpu` | Pod CPU request | `10m` |
| `resources.requests/memory` | Pod memory request | `32Mi` |
| `resources.limits/cpu` | Pod CPU limit | `1000m` |
| `resources.limits/memory` | Pod memory limit | `512Mi` |
| `affinity` | Node/pod affinities | None |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `threadiness` | Number of controller workers | `2` |
| `tolerations` | List of node taints to tolerate | `[]` |
| `controlplane.kubeconfig.secretName` | The name of the Kubernetes secret containing the service mesh control plane kubeconfig | None |
| `controlplane.kubeconfig.key` | The name of Kubernetes secret data key that contains the service mesh control plane kubeconfig | `kubeconfig` |
| `ingressAnnotationsPrefix` | Annotations prefix for NGINX ingresses | None |
| `ingressClass` | Ingress class used for annotating HTTPProxy objects, e.g. `contour` | None |
| `podPriorityClassName` | PriorityClass name for pod priority configuration | "" |
| `podDisruptionBudget.enabled` | A PodDisruptionBudget will be created if `true` | `false` |
| `podDisruptionBudget.minAvailable` | The minimal number of available replicas that will be set in the PodDisruptionBudget | `1` |
| `podDisruptionBudget.minAvailable` | The minimal number of available replicas that will be set in the PodDisruptionBudget | `1` |
| `noCrossNamespaceRefs` | If `true`, cross namespace references to custom resources will be disabled | `false` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade`. For example,

49
charts/flagger/crds/crd.yaml
View File

@@ -495,6 +495,40 @@ spec:
type: array
items:
type: string
gatewayRefs:
description: The list of parent Gateways for a HTTPRoute
maxItems: 32
type: array
items:
required:
- name
type: object
properties:
group:
default: gateway.networking.k8s.io
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Gateway
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
maxLength: 253
minLength: 1
type: string
namespace:
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
sectionName:
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
corsPolicy:
description: Istio Cross-Origin Resource Sharing policy (CORS)
type: object
@@ -826,6 +860,12 @@ spec:
mirrorWeight:
description: Weight of traffic to be mirrored
type: number
primaryReadyThreshold:
description: Percentage of pods that need to be available to consider primary as ready
type: number
canaryReadyThreshold:
description: Percentage of pods that need to be available to consider canary as ready
type: number
match:
description: A/B testing match conditions
type: array
@@ -1009,6 +1049,9 @@ spec:
lastAppliedSpec:
description: LastAppliedSpec of this canary
type: string
lastPromotedSpec:
description: LastPromotedSpec of this canary
type: string
lastTransitionTime:
description: LastTransitionTime of this canary
format: date-time
@@ -1104,9 +1147,11 @@ spec:
- prometheus
- influxdb
- datadog
- stackdriver
- cloudwatch
- newrelic
- graphite
- dynatrace
address:
description: API address of this provider
type: string
@@ -1122,6 +1167,9 @@ spec:
region:
description: Region of the provider
type: string
insecureSkipVerify:
description: Disable SSL certificate validation for the provider address
type: boolean
query:
description: Query of this metric template
type: string
@@ -1188,6 +1236,7 @@ spec:
- msteams
- discord
- rocket
- gchat
channel:
description: Alert channel for this provider
type: string

23
charts/flagger/templates/deployment.yaml
View File

@@ -22,6 +22,11 @@ spec:
labels:
app.kubernetes.io/name: {{ template "flagger.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{- range $key, $value := .Values.podLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
annotations:
{{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | indent 8 }}
@@ -43,10 +48,10 @@ spec:
- name: {{ .Values.image.pullSecret }}
{{- end }}
volumes:
{{- if .Values.istio.kubeconfig.secretName }}
{{- if .Values.controlplane.kubeconfig.secretName }}
- name: kubeconfig
secret:
secretName: "{{ .Values.istio.kubeconfig.secretName }}"
secretName: "{{ .Values.controlplane.kubeconfig.secretName }}"
{{- end }}
{{- if .Values.podPriorityClassName }}
priorityClassName: {{ .Values.podPriorityClassName }}
@@ -58,9 +63,9 @@ spec:
{{ toYaml .Values.securityContext.context | indent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.istio.kubeconfig.secretName }}
{{- if .Values.controlplane.kubeconfig.secretName }}
- name: kubeconfig
mountPath: "/tmp/istio-host"
mountPath: "/tmp/controlplane"
{{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
@@ -127,12 +132,18 @@ spec:
{{- if .Values.kubeconfigBurst }}
- -kubeconfig-burst={{ .Values.kubeconfigBurst }}
{{- end }}
{{- if .Values.istio.kubeconfig.secretName }}
- -kubeconfig-service-mesh=/tmp/istio-host/{{ .Values.istio.kubeconfig.key }}
{{- if .Values.controlplane.kubeconfig.secretName }}
- -kubeconfig-service-mesh=/tmp/controlplane/{{ .Values.controlplane.kubeconfig.key }}
{{- end }}
{{- if .Values.threadiness }}
- -threadiness={{ .Values.threadiness }}
{{- end }}
{{- if .Values.clusterName }}
- -cluster-name={{ .Values.clusterName }}
{{- end }}
{{- if .Values.noCrossNamespaceRefs }}
- -no-cross-namespace-refs={{ .Values.noCrossNamespaceRefs }}
{{- end }}
livenessProbe:
exec:
command:

26
charts/flagger/templates/rbac.yaml
View File

@@ -195,6 +195,32 @@ rules:
- update
- patch
- delete
- apiGroups:
- kuma.io
resources:
- trafficroutes
- trafficroutes/finalizers
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes
- httproutes/finalizers
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- nonResourceURLs:
- /version
verbs:

22
charts/flagger/values.yaml
View File

@@ -2,7 +2,7 @@
image:
repository: ghcr.io/fluxcd/flagger
tag: 1.11.0
tag: 1.21.0
pullPolicy: IfNotPresent
pullSecret:
@@ -19,7 +19,7 @@ podPriorityClassName: ""
metricsServer: "http://prometheus:9090"
# accepted values are kubernetes, istio, linkerd, appmesh, contour, nginx, gloo, skipper, traefik
# accepted values are kubernetes, istio, linkerd, appmesh, contour, nginx, gloo, skipper, traefik, osm
meshProvider: ""
# single namespace restriction
@@ -50,6 +50,9 @@ securityContext:
# when specified, flagger will publish events to the provided webhook
eventWebhook: ""
# when specified, flagger will add the cluster name to alerts
clusterName: ""
slack:
user: flagger
channel:
@@ -135,7 +138,7 @@ tolerations: []
prometheus:
# to be used with ingress controllers
install: false
image: docker.io/prom/prometheus:v2.23.0
image: docker.io/prom/prometheus:v2.34.0
pullSecret:
retention: 2h
# when enabled, it will add a security context for the prometheus pod
@@ -148,15 +151,18 @@ prometheus:
kubeconfigQPS: ""
kubeconfigBurst: ""
# Istio multi-cluster service mesh (shared control plane single-network)
# https://istio.io/docs/setup/install/multicluster/shared-vpn/
istio:
# Multi-cluster service mesh (shared control plane single-network)
controlplane:
kubeconfig:
# istio.kubeconfig.secretName: The name of the secret containing the Istio control plane kubeconfig
# controlplane.kubeconfig.secretName: The name of the secret containing the mesh control plane kubeconfig
secretName: ""
# istio.kubeconfig.key: The name of secret data key that contains the Istio control plane kubeconfig
# controlplane.kubeconfig.key: The name of secret data key that contains the mesh control plane kubeconfig
key: "kubeconfig"
podDisruptionBudget:
enabled: false
minAvailable: 1
podLabels: {}
noCrossNamespaceRefs: false

2
charts/grafana/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v1
name: grafana
version: 1.5.0
version: 1.7.0
appVersion: 7.2.0
description: Grafana dashboards for monitoring Flagger canary deployments
icon: https://raw.githubusercontent.com/fluxcd/flagger/main/docs/logo/flagger-icon.png

3
charts/grafana/dashboards/appmesh.json
View File

@@ -1146,7 +1146,6 @@
"list": [
{
"allValue": null,
"current": null,
"datasource": "prometheus",
"definition": "query_result(sum(envoy_cluster_upstream_rq) by (kubernetes_namespace))",
"hide": 0,
@@ -1168,7 +1167,6 @@
},
{
"allValue": null,
"current": null,
"datasource": "prometheus",
"definition": "query_result(sum(envoy_cluster_upstream_rq{kubernetes_namespace=\"$namespace\",app=~\".*-primary\"}) by (app))",
"hide": 0,
@@ -1190,7 +1188,6 @@
},
{
"allValue": null,
"current": null,
"datasource": "prometheus",
"definition": "query_result(sum(envoy_cluster_upstream_rq{kubernetes_namespace=\"$namespace\",app!~\".*-primary\"}) by (app))",
"hide": 0,

12
charts/grafana/dashboards/istio.json
View File

@@ -403,7 +403,7 @@
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$primary\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))",
"expr": "histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$primary\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000",
"format": "time_series",
"interval": "",
"intervalFactor": 1,
@@ -411,7 +411,7 @@
"refId": "A"
},
{
"expr": "histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$primary\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))",
"expr": "histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$primary\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
@@ -419,7 +419,7 @@
"refId": "B"
},
{
"expr": "histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$primary\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))",
"expr": "histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$primary\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
@@ -509,7 +509,7 @@
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$canary\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))",
"expr": "histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$canary\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000",
"format": "time_series",
"interval": "",
"intervalFactor": 1,
@@ -517,7 +517,7 @@
"refId": "A"
},
{
"expr": "histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$canary\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))",
"expr": "histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$canary\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
@@ -525,7 +525,7 @@
"refId": "B"
},
{
"expr": "histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$canary\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))",
"expr": "histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$canary\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000",
"format": "time_series",
"hide": false,
"intervalFactor": 1,

6
charts/loadtester/Chart.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: v1
name: loadtester
version: 0.19.0
appVersion: 0.18.0
version: 0.22.0
appVersion: 0.22.0
kubeVersion: ">=1.11.0-0"
engine: gotpl
description: Flagger's load testing services based on rakyll/hey and bojand/ghz that generates traffic during canary analysis when configured as a webhook.
@@ -19,5 +19,7 @@ keywords:
- appmesh
- linkerd
- gloo
- osm
- smi
- gitops
- load testing

3
charts/loadtester/README.md
View File

@@ -26,7 +26,7 @@ helm upgrade -i flagger-loadtester flagger/loadtester
The command deploys loadtester on the Kubernetes cluster in the default namespace.
> **Tip**: Note that the namespace where you deploy the load tester should
> have the Istio, App Mesh or Linkerd sidecar injection enabled
> have the Istio, App Mesh, Linkerd or Open Service Mesh sidecar injection enabled
The [configuration](#configuration) section lists the parameters that can be configured during installation.
@@ -59,6 +59,7 @@ Parameter | Description | Default
`service.type` | Type of service | `ClusterIP`
`service.port` | ClusterIP port | `80`
`cmd.timeout` | Command execution timeout | `1h`
`cmd.namespaceRegexp` | Restrict access to canaries in matching namespaces | ""
`logLevel` | Log level can be debug, info, warning, error or panic | `info`
`appmesh.enabled` | Create AWS App Mesh v1beta2 virtual node | `false`
`appmesh.backends` | AWS App Mesh virtual services | `none`

17
charts/loadtester/templates/deployment.yaml
View File

@@ -17,8 +17,12 @@ spec:
labels:
app: {{ include "loadtester.name" . }}
app.kubernetes.io/name: {{ include "loadtester.name" . }}
{{- range $key, $value := .Values.podLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
annotations:
appmesh.k8s.aws/ports: "444"
openservicemesh.io/inbound-port-exclusion-list: "80, 8080"
{{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | indent 8 }}
{{- end }}
@@ -47,6 +51,7 @@ spec:
- -port=8080
- -log-level={{ .Values.logLevel }}
- -timeout={{ .Values.cmd.timeout }}
- -namespace-regexp={{ .Values.cmd.namespaceRegexp }}
livenessProbe:
exec:
command:
@@ -73,6 +78,18 @@ spec:
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.image.pullSecret }}
imagePullSecrets:
- name: {{ .Values.image.pullSecret }}
{{- end }}
{{ with .Values.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}

9
charts/loadtester/values.yaml
View File

@@ -2,8 +2,11 @@ replicaCount: 1
image:
repository: ghcr.io/fluxcd/flagger-loadtester
tag: 0.18.0
tag: 0.22.0
pullPolicy: IfNotPresent
pullSecret:
podLabels: {}
podAnnotations:
prometheus.io/scrape: "true"
@@ -14,6 +17,7 @@ podPriorityClassName: ""
logLevel: info
cmd:
timeout: 1h
namespaceRegexp: ""
nameOverride: ""
fullnameOverride: ""
@@ -29,6 +33,9 @@ resources:
cpu: 10m
memory: 64Mi
volumes: []
volumeMounts: []
nodeSelector: {}
tolerations: []

4
charts/podinfo/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v1
version: 5.0.0
appVersion: 5.0.0
version: 6.1.3
appVersion: 6.1.3
name: podinfo
engine: gotpl
description: Flagger canary deployment demo application

2
charts/podinfo/templates/service.yaml
View File

@@ -1,4 +1,4 @@
{{- if not .Values.canary.enabled }}
{{- if and .Values.service.enabled (not .Values.canary.enabled) }}
apiVersion: v1
kind: Service
metadata:

1
charts/podinfo/templates/tests/jwt.yaml
View File

@@ -12,6 +12,7 @@ metadata:
sidecar.istio.io/inject: "false"
linkerd.io/inject: disabled
appmesh.k8s.aws/sidecarInjectorWebhook: disabled
openservicemesh.io/sidecar-injection: disabled
spec:
containers:
- name: tools

2
charts/podinfo/values.yaml
View File

@@ -1,7 +1,7 @@
# Default values for podinfo.
image:
repository: ghcr.io/stefanprodan/podinfo
tag: 5.0.0
tag: 6.1.3
pullPolicy: IfNotPresent
podAnnotations: {}

25
cmd/flagger/main.go
View File

@@ -83,6 +83,8 @@ var (
enableConfigTracking bool
ver bool
kubeconfigServiceMesh string
clusterName string
noCrossNamespaceRefs bool
)
func init() {
@@ -106,7 +108,7 @@ func init() {
flag.BoolVar(&zapReplaceGlobals, "zap-replace-globals", false, "Whether to change the logging level of the global zap logger.")
flag.StringVar(&zapEncoding, "zap-encoding", "json", "Zap logger encoding.")
flag.StringVar(&namespace, "namespace", "", "Namespace that flagger would watch canary object.")
flag.StringVar(&meshProvider, "mesh-provider", "istio", "Service mesh provider, can be istio, linkerd, appmesh, contour, gloo, nginx, skipper or traefik.")
flag.StringVar(&meshProvider, "mesh-provider", "istio", "Service mesh provider, can be istio, linkerd, appmesh, contour, gloo, nginx, skipper, traefik, osm or kuma.")
flag.StringVar(&selectorLabels, "selector-labels", "app,name,app.kubernetes.io/name", "List of pod labels that Flagger uses to create pod selectors.")
flag.StringVar(&ingressAnnotationsPrefix, "ingress-annotations-prefix", "nginx.ingress.kubernetes.io", "Annotations prefix for NGINX ingresses.")
flag.StringVar(&ingressClass, "ingress-class", "", "Ingress class used for annotating HTTPProxy objects.")
@@ -115,6 +117,8 @@ func init() {
flag.BoolVar(&enableConfigTracking, "enable-config-tracking", true, "Enable secrets and configmaps tracking.")
flag.BoolVar(&ver, "version", false, "Print version")
flag.StringVar(&kubeconfigServiceMesh, "kubeconfig-service-mesh", "", "Path to a kubeconfig for the service mesh control plane cluster.")
flag.StringVar(&clusterName, "cluster-name", "", "Cluster name to be included in alert msgs.")
flag.BoolVar(&noCrossNamespaceRefs, "no-cross-namespace-refs", false, "When set to true, Flagger can only refer to resources in the same namespace.")
}
func main() {
@@ -164,15 +168,15 @@ func main() {
if kubeconfigServiceMesh == "" {
kubeconfigServiceMesh = kubeconfig
}
cfgHost, err := clientcmd.BuildConfigFromFlags(masterURL, kubeconfigServiceMesh)
serviceMeshCfg, err := clientcmd.BuildConfigFromFlags(masterURL, kubeconfigServiceMesh)
if err != nil {
logger.Fatalf("Error building host kubeconfig: %v", err)
}
cfgHost.QPS = float32(kubeconfigQPS)
cfgHost.Burst = kubeconfigBurst
serviceMeshCfg.QPS = float32(kubeconfigQPS)
serviceMeshCfg.Burst = kubeconfigBurst
meshClient, err := clientset.NewForConfig(cfgHost)
meshClient, err := clientset.NewForConfig(serviceMeshCfg)
if err != nil {
logger.Fatalf("Error building mesh clientset: %v", err)
}
@@ -208,7 +212,14 @@ func main() {
// start HTTP server
go server.ListenAndServe(port, 3*time.Second, logger, stopCh)
routerFactory := router.NewFactory(cfg, kubeClient, flaggerClient, ingressAnnotationsPrefix, ingressClass, logger, meshClient)
setOwnerRefs := true
// Router shouldn't set OwnerRefs on resources that they create since the
// service mesh/ingress controller is in a different cluster.
if cfg.Host != serviceMeshCfg.Host {
setOwnerRefs = false
}
routerFactory := router.NewFactory(cfg, kubeClient, flaggerClient, ingressAnnotationsPrefix, ingressClass, logger, meshClient, setOwnerRefs)
var configTracker canary.Tracker
if enableConfigTracking {
@@ -238,6 +249,8 @@ func main() {
meshProvider,
version.VERSION,
fromEnv("EVENT_WEBHOOK_URL", eventWebhook),
clusterName,
noCrossNamespaceRefs,
)
// leader election context

16
cmd/loadtester/main.go
View File

@@ -1,5 +1,5 @@
/*
Copyright 2020 The Flux authors
Copyright 2020, 2022 The Flux authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@ package main
import (
"flag"
"log"
"regexp"
"time"
"github.com/fluxcd/flagger/pkg/loadtester"
@@ -27,11 +28,12 @@ import (
"go.uber.org/zap"
)
var VERSION = "0.18.0"
var VERSION = "0.22.0"
var (
logLevel string
port string
timeout time.Duration
namespaceRegexp string
zapReplaceGlobals bool
zapEncoding string
)
@@ -40,6 +42,7 @@ func init() {
flag.StringVar(&logLevel, "log-level", "debug", "Log level can be: debug, info, warning, error.")
flag.StringVar(&port, "port", "9090", "Port to listen on.")
flag.DurationVar(&timeout, "timeout", time.Hour, "Load test exec timeout.")
flag.StringVar(&namespaceRegexp, "namespace-regexp", "", "Restrict access to canaries in matching namespaces.")
flag.BoolVar(&zapReplaceGlobals, "zap-replace-globals", false, "Whether to change the logging level of the global zap logger.")
flag.StringVar(&zapEncoding, "zap-encoding", "json", "Zap logger encoding.")
}
@@ -66,5 +69,12 @@ func main() {
logger.Infof("Starting load tester v%s API on port %s", VERSION, port)
gateStorage := loadtester.NewGateStorage("in-memory")
loadtester.ListenAndServe(port, time.Minute, logger, taskRunner, gateStorage, stopCh)
var namespaceRegexpCompiled *regexp.Regexp
if namespaceRegexp != "" {
namespaceRegexpCompiled = regexp.MustCompile(namespaceRegexp)
}
authorizer := loadtester.NewAuthorizer(namespaceRegexpCompiled)
loadtester.ListenAndServe(port, time.Minute, logger, taskRunner, gateStorage, authorizer, stopCh)
}

BIN
docs/diagrams/flagger-gatewayapi-canary.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 39 KiB

BIN
docs/diagrams/flagger-kuma-canary.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 121 KiB

BIN
docs/diagrams/flagger-osm-traffic-split.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 124 KiB

BIN
docs/diagrams/flagger-overview.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 48 KiB

After

Width:  |  Height:  |  Size: 56 KiB

8
docs/gitbook/README.md
View File

@@ -10,10 +10,10 @@ version in production by gradually shifting traffic to the new version while mea
and running conformance tests.
Flagger implements several deployment strategies (Canary releases, A/B testing, Blue/Green mirroring)
using a service mesh (App Mesh, Istio, Linkerd)
using a service mesh (App Mesh, Istio, Linkerd, Kuma, Open Service Mesh)
or an ingress controller (Contour, Gloo, NGINX, Skipper, Traefik) for traffic routing.
For release analysis, Flagger can query Prometheus, Datadog, New Relic, CloudWatch or Graphite
and for alerting it uses Slack, MS Teams, Discord and Rocket.
For release analysis, Flagger can query Prometheus, InfluxDB, Datadog, New Relic, CloudWatch, Stackdriver
or Graphite and for alerting it uses Slack, MS Teams, Discord and Rocket.
![Flagger overview diagram](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-overview.png)
@@ -36,6 +36,8 @@ After installing Flagger, you can follow one of these tutorials to get started:
* [Istio](tutorials/istio-progressive-delivery.md)
* [Linkerd](tutorials/linkerd-progressive-delivery.md)
* [AWS App Mesh](tutorials/appmesh-progressive-delivery.md)
* [Open Service Mesh](tutorials/osm-progressive-delivery.md)
* [Kuma](tutorials/kuma-progressive-delivery.md)
**Ingress controller tutorials**

3
docs/gitbook/SUMMARY.md
View File

@@ -30,6 +30,9 @@
* [NGINX Canary Deployments](tutorials/nginx-progressive-delivery.md)
* [Skipper Canary Deployments](tutorials/skipper-progressive-delivery.md)
* [Traefik Canary Deployments](tutorials/traefik-progressive-delivery.md)
* [Open Service Mesh Deployments](tutorials/osm-progressive-delivery.md)
* [Kuma Canary Deployments](tutorials/kuma-progressive-delivery.md)
* [Gateway API Canary Deployments](tutorials/gatewayapi-progressive-delivery.md)
* [Blue/Green Deployments](tutorials/kubernetes-blue-green.md)
* [Canary analysis with Prometheus Operator](tutorials/prometheus-operator.md)
* [Zero downtime deployments](tutorials/zero-downtime-deployments.md)

20
docs/gitbook/dev/dev-guide.md
View File

@@ -8,17 +8,17 @@ Flagger is written in Go and uses Go modules for dependency management.
On your dev machine install the following tools:
* go &gt;= 1.14
* git &gt;= 2.20
* bash &gt;= 5.0
* make &gt;= 3.81
* kubectl &gt;= 1.16
* kustomize &gt;= 3.5
* helm &gt;= 3.0
* docker &gt;= 19.03
* go >= 1.17
* git >;= 2.20
* bash >= 5.0
* make >= 3.81
* kubectl >= 1.22
* kustomize >= 4.4
* helm >= 3.0
* docker >= 19.03
You'll also need a Kubernetes cluster for testing Flagger.
You can use Minikube, Kind, Docker desktop or any remote cluster (AKS/EKS/GKE/etc) Kubernetes version 1.16 or newer.
You can use Minikube, Kind, Docker desktop or any remote cluster (AKS/EKS/GKE/etc) Kubernetes version 1.22 or newer.
To start contributing to Flagger, fork the [repository](https://github.com/fluxcd/flagger) on GitHub.
@@ -100,6 +100,8 @@ make codegen
Run code formatters:
```bash
go install golang.org/x/tools/cmd/goimports@latest
make fmt
```

141
docs/gitbook/faq.md
View File

@@ -49,12 +49,40 @@ spec:
timestamp: "2020-03-10T14:24:48+0000"
```
#### How to change replicas for a deployment when not using HPA?
To change replicas for a deployment when not using HPA, you have to update the canary deployment with the desired replica count
and trigger an analysis by annotating the template. After the analysis finishes, Flagger will promote the `spec.replicas` changes to the primary deployment.
Example:
```yaml
apiVersion: apps/v1
kind: Deployment
spec:
replicas: 4 #update replicas
template:
metadata:
annotations:
timestamp: "2022-02-10T14:24:48+0000" #add annotation to trigger analysis
```
#### Why is there a window of downtime during the canary initializing process when analysis is disabled?
A window of downtime is the intended behavior when the analysis is disabled. This allows instant rollback and also mimics the way
a Kubernetes deployment initialization works. To avoid this, enable the analysis (`skipAnalysis: true`), wait for the initialization
to finish, and disable it afterward (`skipAnalysis: false`).
#### How to disable cross namespace references?
Flagger by default can access resources across namespaces (`AlertProivder`, `MetricProvider` and Gloo `Upsteream`).
If you're in a multi-tenant environment and wish to disable this, you can do so through the `no-cross-namespace-refs` flag.
```
flagger \
-no-cross-namespace-refs=true \
...
```
## Kubernetes services
#### How is an application exposed inside the cluster?
@@ -85,19 +113,19 @@ spec:
If the `service.name` is not specified, then `targetRef.name` is used for
the apex domain and canary/primary services name prefix.
You should treat the service name as an immutable field, changing it could result in routing conflicts.
You should treat the service name as an immutable field; changing its could result in routing conflicts.
Based on the canary spec service, Flagger generates the following Kubernetes ClusterIP service:
* `<service.name>.<namespace>.svc.cluster.local`
* `<service.name>.<namespace>.svc.cluster.local`
selector `app=<name>-primary`
* `<service.name>-primary.<namespace>.svc.cluster.local`
* `<service.name>-primary.<namespace>.svc.cluster.local`
selector `app=<name>-primary`
* `<service.name>-canary.<namespace>.svc.cluster.local`
* `<service.name>-canary.<namespace>.svc.cluster.local`
selector `app=<name>`
@@ -221,7 +249,14 @@ spec:
```
Besides `app`, Flagger supports `name` and `app.kubernetes.io/name` selectors.
If you use a different convention you can specify your label with the `-selector-labels` flag.
If you use a different convention, you can specify your label with the `-selector-labels` flag.
For example:
```
flagger \
-selector-labels=service,name,app.kubernetes.io/name \
...
```
#### Is pod affinity and anti affinity supported?
@@ -332,7 +367,7 @@ spec:
#### How does Flagger measure the request success rate and duration?
Flagger measures the request success rate and duration using Prometheus queries.
By default, Flagger measures the request success rate and duration using Prometheus queries.
#### HTTP requests success rate percentage
@@ -361,8 +396,8 @@ sum(
response_code!~"5.*"
}[$interval]
)
)
/
)
/
sum(
rate(
istio_requests_total{
@@ -385,8 +420,8 @@ sum(
envoy_response_code!~"5.*"
}[$interval]
)
)
/
)
/
sum(
rate(
envoy_cluster_upstream_rq{
@@ -436,10 +471,10 @@ Spec:
Istio query:
```javascript
histogram_quantile(0.99,
histogram_quantile(0.99,
sum(
irate(
istio_request_duration_seconds_bucket{
istio_request_duration_milliseconds_bucket{
reporter="destination",
destination_workload=~"$workload",
destination_workload_namespace=~"$namespace"
@@ -452,7 +487,7 @@ histogram_quantile(0.99,
Envoy query (App Mesh, Contour and Gloo):
```javascript
histogram_quantile(0.99,
histogram_quantile(0.99,
sum(
irate(
envoy_cluster_upstream_rq_time_bucket{
@@ -469,7 +504,34 @@ histogram_quantile(0.99,
#### Can I use custom metrics?
The analysis can be extended with metrics provided by Prometheus, Datadog, AWS CloudWatch, New Relic and Graphite.
For more details on how custom metrics can be used please read the [metrics docs](usage/metrics.md).
For more details on how custom metrics can be used, please read the [metrics docs](usage/metrics.md).
#### Istio Gateway API
If you're using Istio with Gateway API, the Prometheus query needs to include `reporter="source"`. For example, to calculate HTTP requests error percentage, the query would be:
```javascript
100 - sum(
rate(
istio_requests_total{
reporter="source",
destination_workload_namespace=~"$namespace",
destination_workload=~"$workload",
response_code!~"5.*"
}[$interval]
)
)
/
sum(
rate(
istio_requests_total{
reporter="source",
destination_workload_namespace=~"$namespace",
destination_workload=~"$workload"
}[$interval]
)
) * 100
```
## Istio routing
@@ -712,7 +774,7 @@ spec:
weight: 0
```
Therefore, The following virtual service forward the traffic to `/podinfo` by the above delegate VirtualService.
Therefore, the following virtual service forwards the traffic to `/podinfo` by the above delegate VirtualService.
```yaml
apiVersion: networking.istio.io/v1alpha3
@@ -738,7 +800,7 @@ spec:
namespace: test
```
Note that pilot env `PILOT_ENABLE_VIRTUAL_SERVICE_DELEGATE` must also be set.
Note that pilot env `PILOT_ENABLE_VIRTUAL_SERVICE_DELEGATE` must also be set.
For the use of Istio Delegation, you can refer to the documentation of
[Virtual Service](https://istio.io/latest/docs/reference/config/networking/virtual-service/#Delegate)
and [pilot environment variables](https://istio.io/latest/docs/reference/commands/pilot-discovery/#envvars).
@@ -747,8 +809,8 @@ and [pilot environment variables](https://istio.io/latest/docs/reference/command
#### How can I expose multiple canaries on the same external domain?
Assuming you have two apps, one that servers the main website and one that serves the REST API.
For each app you can define a canary object as:
Assuming you have two apps -- one that serves the main website and one that serves its REST API --
you can define a canary object for each app as:
```yaml
apiVersion: flagger.app/v1beta1
@@ -792,7 +854,7 @@ Istio Pilot will
[merge](https://istio.io/help/ops/traffic-management/deploy-guidelines/#multiple-virtual-services-and-destination-rules-for-the-same-host)
the two services and the website rule will be moved to the end of the list in the merged configuration.
Note that host merging only works if the canaries are bounded to a ingress gateway other than the `mesh` gateway.
Note that host merging only works if the canaries are bounded to an ingress gateway other than the `mesh` gateway.
## Istio Mutual TLS
@@ -810,7 +872,7 @@ spec:
mode: ISTIO_MUTUAL
```
If you run Istio in permissive mode you can disable TLS:
If you run Istio in permissive mode, you can disable TLS:
```yaml
apiVersion: flagger.app/v1beta1
@@ -851,3 +913,42 @@ spec:
mtls:
mode: DISABLE
```
## ExternalDNS
### Can I use annotations?
Flagger propagates annotations (and labels) to all the generated apex,
primary and canary objects. This allows using external-dns annotations.
You can configure Flagger to set annotations with:
```yaml
spec:
service:
apex:
annotations:
external-dns.alpha.kubernetes.io/hostname: "mydomain.com"
primary:
annotations:
external-dns.alpha.kubernetes.io/hostname: "primary.mydomain.com"
canary:
annotations:
external-dns.alpha.kubernetes.io/hostname: "canary.mydomain.com"
```
### Multiple sources and Istio
**/!\\** The apex annotations are added to both the generated Kubernetes Services and the generated Istio
VirtualServices objects. If you have configured external-dns to use both sources,
this will create conflicts!
```yaml
spec:
containers:
args:
- --source=service # choose only one
- --source=istio-virtualservice # of these two
```
[Checkout ExternalDNS documentation](https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/istio.md)

24
docs/gitbook/install/flagger-install-on-kubernetes.md
View File

@@ -43,8 +43,8 @@ helm upgrade -i flagger flagger/flagger \
--set crd.create=false \
--set meshProvider=istio \
--set metricsServer=http://istio-cluster-prometheus:9090 \
--set istio.kubeconfig.secretName=istio-kubeconfig \
--set istio.kubeconfig.key=kubeconfig
--set controlplane.kubeconfig.secretName=istio-kubeconfig \
--set controlplane.kubeconfig.key=kubeconfig
```
Note that the Istio kubeconfig must be stored in a Kubernetes secret with a data key named `kubeconfig`.
@@ -71,6 +71,16 @@ helm upgrade -i flagger flagger/flagger \
--set metricsServer=http://appmesh-prometheus:9090
```
Deploy Flagger for **Open Service Mesh (OSM)** (requires OSM to have been installed with Prometheus):
```console
$ helm upgrade -i flagger flagger/flagger \
--namespace=osm-system \
--set crd.create=false \
--set meshProvider=osm \
--set metricsServer=http://osm-prometheus.osm-system.svc:7070
```
You can install Flagger in any namespace as long as it can talk to the Prometheus service on port 9090.
For ingress controllers, the install instructions are:
@@ -173,6 +183,14 @@ kustomize build https://github.com/fluxcd/flagger/kustomize/linkerd?ref=main | k
This deploys Flagger in the `linkerd` namespace and sets the metrics server URL to Linkerd's Prometheus instance.
Install Flagger for Open Service Mesh:
```bash
kustomize build https://github.com/fluxcd/flagger/kustomize/osm?ref=main | kubectl apply -f -
```
This deploys Flagger in the `osm-system` namespace and sets the metrics server URL to OSM's Prometheus instance.
If you want to install a specific Flagger release, add the version number to the URL:
```bash
@@ -202,7 +220,7 @@ metadata:
name: app
namespace: test
spec:
# can be: kubernetes, istio, linkerd, appmesh, nginx, skipper, gloo, traefik
# can be: kubernetes, istio, linkerd, appmesh, nginx, skipper, gloo, traefik, osm
# use the kubernetes provider for Blue/Green style deployments
provider: nginx
```

9
docs/gitbook/tutorials/appmesh-progressive-delivery.md
View File

@@ -62,6 +62,9 @@ Create a canary definition:
apiVersion: flagger.app/v1beta1
kind: Canary
metadata:
annotations:
# Enable Envoy access logging to stdout.
appmesh.flagger.app/accesslog: enabled
name: podinfo
namespace: test
spec:
@@ -242,7 +245,7 @@ Trigger a canary deployment by updating the container image:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:3.1.1
podinfod=ghcr.io/stefanprodan/podinfo:6.0.1
```
Flagger detects that the deployment revision changed and starts a new rollout:
@@ -307,7 +310,7 @@ Trigger a canary deployment:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:3.1.2
podinfod=ghcr.io/stefanprodan/podinfo:6.0.2
```
Exec into the load tester pod with:
@@ -399,7 +402,7 @@ Trigger a canary deployment by updating the container image:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:3.1.3
podinfod=ghcr.io/stefanprodan/podinfo:6.0.3
```
Flagger detects that the deployment revision changed and starts the A/B test:

2
docs/gitbook/tutorials/canary-helm-gitops.md
View File

@@ -320,7 +320,7 @@ After a couple of seconds Flux will apply the Kubernetes resources from Git and
A CI/CD pipeline for the `frontend` release could look like this:
* cut a release from the master branch of the podinfo code repo with the git tag `3.1.1`
* CI builds the image and pushes the `podinfo:3.1.1` image to the container registry
* CI builds the image and pushes the `podinfo:6.0.1` image to the container registry
* Flux scans the registry and updates the Helm release `image.tag` to `3.1.1`
* Flux commits and push the change to the cluster repo
* Flux applies the updated Helm release on the cluster

6
docs/gitbook/tutorials/contour-progressive-delivery.md
View File

@@ -224,7 +224,7 @@ Trigger a canary deployment by updating the container image:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:3.1.1
podinfod=ghcr.io/stefanprodan/podinfo:6.0.1
```
Flagger detects that the deployment revision changed and starts a new rollout:
@@ -281,7 +281,7 @@ Trigger a canary deployment:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:3.1.2
podinfod=ghcr.io/stefanprodan/podinfo:6.0.2
```
Exec into the load tester pod with:
@@ -369,7 +369,7 @@ Trigger a canary deployment by updating the container image:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:3.1.3
podinfod=ghcr.io/stefanprodan/podinfo:6.0.3
```
Flagger detects that the deployment revision changed and starts the A/B test:

484
docs/gitbook/tutorials/gatewayapi-progressive-delivery.md Normal file
View File

@@ -0,0 +1,484 @@
# Gateway API Canary Deployments
This guide shows you how to use [Gateway API](https://gateway-api.sigs.k8s.io/) and Flagger to automate canary deployments and A/B testing.
![Flagger Canary Stages](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-gatewayapi-canary.png)
## Prerequisites
Flagger requires a Kubernetes cluster **v1.16** or newer and any mesh/ingress that implements the `v1alpha2` of Gateway API. We'll be using Contour for the sake of this tutorial, but you can use any other implementation.
Install the GatewayAPI CRDs:
```bash
kubectl apply -k github.com/kubernetes-sigs/gateway-api/config/crd?ref=v0.4.1
```
Install a cluster-wide GatewayClass; a Gateway belonging to the GatewayClass and Contour components in the `projectcontour` namespace:
```bash
kubectl apply -f https://raw.githubusercontent.com/projectcontour/contour/release-1.20/examples/render/contour-gateway.yaml
```
Install Flagger in the `flagger-system` namespace:
```bash
kubectl apply -k github.com/fluxcd/flagger//kustomize/gatewayapi
```
## Bootstrap
Flagger takes a Kubernetes deployment and optionally a horizontal pod autoscaler \(HPA\), then creates a series of objects \(Kubernetes deployments, ClusterIP services, HTTPRoutes for the Gateway\). These objects expose the application inside the mesh and drive the canary analysis and promotion.
Create a test namespace:
```bash
kubectl create ns test
```
Create a deployment and a horizontal pod autoscaler:
```bash
kubectl apply -k https://github.com/fluxcd/flagger//kustomize/podinfo?ref=main
```
Deploy the load testing service to generate traffic during the canary analysis:
```bash
kubectl apply -k https://github.com/fluxcd/flagger//kustomize/tester?ref=main
```
Create metric templates targeting the Prometheus server in the `flagger-system` namespace. The PromQL queries below are meant for `Envoy`, but you can [change it to your ingress/mesh provider](https://docs.flagger.app/faq#metrics) accordingly.
```yaml
apiVersion: flagger.app/v1beta1
kind: MetricTemplate
metadata:
name: latency
namespace: flagger-system
spec:
provider:
type: prometheus
address: http://flagger-prometheus:9090
query: |
histogram_quantile(0.99,
sum(
rate(
envoy_cluster_upstream_rq_time_bucket{
envoy_cluster_name=~"{{ namespace }}_{{ target }}-canary_[0-9a-zA-Z-]+",
}[{{ interval }}]
)
) by (le)
)/1000
---
apiVersion: flagger.app/v1beta1
kind: MetricTemplate
metadata:
name: error-rate
namespace: flagger-system
spec:
provider:
type: prometheus
address: http://flagger-prometheus:9090
query: |
100 - sum(
rate(
envoy_cluster_upstream_rq{
envoy_cluster_name=~"{{ namespace }}_{{ target }}-canary_[0-9a-zA-Z-]+",
envoy_response_code!~"5.*"
}[{{ interval }}]
)
)
/
sum(
rate(
envoy_cluster_upstream_rq{
envoy_cluster_name=~"{{ namespace }}_{{ target }}-canary_[0-9a-zA-Z-]+",
}[{{ interval }}]
)
)
* 100
```
Save the above resource as metric-templates.yaml and then apply it:
```bash
kubectl apply -f metric-templates.yaml
```
Create a canary custom resource \(replace "loaclproject.contour.io" with your own domain\):
```yaml
apiVersion: flagger.app/v1beta1
kind: Canary
metadata:
name: podinfo
namespace: test
spec:
# deployment reference
targetRef:
apiVersion: apps/v1
kind: Deployment
name: podinfo
# the maximum time in seconds for the canary deployment
# to make progress before it is rollback (default 600s)
progressDeadlineSeconds: 60
# HPA reference (optional)
autoscalerRef:
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
name: podinfo
service:
# service port number
port: 9898
# container port number or name (optional)
targetPort: 9898
# Gateway API HTTPRoute host names
hosts:
- localproject.contour.io
# Reference to the Gateway that the generated HTTPRoute would attach to.
gatewayRefs:
- name: contour
namespace: projectcontour
analysis:
# schedule interval (default 60s)
interval: 1m
# max number of failed metric checks before rollback
threshold: 5
# max traffic percentage routed to canary
# percentage (0-100)
maxWeight: 50
# canary increment step
# percentage (0-100)
stepWeight: 10
metrics:
- name: error-rate
# max error rate (5xx responses)
# percentage (0-100)
templateRef:
name: error-rate
namespace: flagger-system
thresholdRange:
max: 1
interval: 1m
- name: latency
templateRef:
name: latency
namespace: flagger-system
# seconds
thresholdRange:
max: 0.5
interval: 30s
# testing (optional)
webhooks:
- name: smoke-test
type: pre-rollout
url: http://flagger-loadtester.test/
timeout: 15s
metadata:
type: bash
cmd: "curl -sd 'anon' http://podinfo-canary.test:9898/token | grep token"
- name: load-test
url: http://flagger-loadtester.test/
timeout: 5s
metadata:
cmd: "hey -z 2m -q 10 -c 2 -host localproject.contour.io http://envoy.projectcontour/"
```
Save the above resource as podinfo-canary.yaml and then apply it:
```bash
kubectl apply -f ./podinfo-canary.yaml
```
When the canary analysis starts, Flagger will call the pre-rollout webhooks before routing traffic to the canary. The canary analysis will run for five minutes while validating the HTTP metrics and rollout hooks every minute.
After a couple of seconds Flagger will create the canary objects:
```bash
# applied
deployment.apps/podinfo
horizontalpodautoscaler.autoscaling/podinfo
canary.flagger.app/podinfo
# generated
deployment.apps/podinfo-primary
horizontalpodautoscaler.autoscaling/podinfo-primary
service/podinfo
service/podinfo-canary
service/podinfo-primary
httproutes.gateway.networking.k8s.io/podinfo
```
## Expose the app outside the cluster
Find the external address of Contour's Envoy load balancer:
```bash
export ADDRESS="$(kubectl -n projectcontour get svc/envoy -ojson \
| jq -r ".status.loadBalancer.ingress[].hostname")"
echo $ADDRESS
```
Configure your DNS server with a CNAME record \(AWS\) or A record \(GKE/AKS/DOKS\) and point a domain e.g. `localproject.contour.io` to the LB address.
Now you can access the podinfo UI using your domain address.
Note that you should be using HTTPS when exposing production workloads on internet. You can obtain free TLS certs from Let's Encrypt, read this [guide](https://github.com/stefanprodan/eks-contour-ingress) on how to configure cert-manager to secure Contour with TLS certificates.
If you're using a local cluster via kind/k3s you can port forward the Envoy LoadBalancer service:
```bash
kubectl port-forward -n projectcontour svc/envoy 8080:80
```
Now you can access podinfo via `curl -H "Host: localproject.contour.io" localhost:8080`
## Automated canary promotion
Trigger a canary deployment by updating the container image:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:6.0.1
```
Flagger detects that the deployment revision changed and starts a new rollout:
```text
kubectl -n test describe canary/podinfo
Status:
Canary Weight: 0
Failed Checks: 0
Phase: Succeeded
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Synced 3m flagger New revision detected podinfo.test
Normal Synced 3m flagger Scaling up podinfo.test
Warning Synced 3m flagger Waiting for podinfo.test rollout to finish: 0 of 1 updated replicas are available
Normal Synced 3m flagger Advance podinfo.test canary weight 5
Normal Synced 3m flagger Advance podinfo.test canary weight 10
Normal Synced 3m flagger Advance podinfo.test canary weight 15
Normal Synced 2m flagger Advance podinfo.test canary weight 20
Normal Synced 2m flagger Advance podinfo.test canary weight 25
Normal Synced 1m flagger Advance podinfo.test canary weight 30
Normal Synced 1m flagger Advance podinfo.test canary weight 35
Normal Synced 55s flagger Advance podinfo.test canary weight 40
Normal Synced 45s flagger Advance podinfo.test canary weight 45
Normal Synced 35s flagger Advance podinfo.test canary weight 50
Normal Synced 25s flagger Copying podinfo.test template spec to podinfo-primary.test
Warning Synced 15s flagger Waiting for podinfo-primary.test rollout to finish: 1 of 2 updated replicas are available
Normal Synced 5s flagger Promotion completed! Scaling down podinfo.test
```
**Note** that if you apply new changes to the deployment during the canary analysis, Flagger will restart the analysis.
A canary deployment is triggered by changes in any of the following objects:
* Deployment PodSpec \(container image, command, ports, env, resources, etc\)
* ConfigMaps mounted as volumes or mapped to environment variables
* Secrets mounted as volumes or mapped to environment variables
You can monitor how Flagger progressively changes the weights of the HTTPRoute object that is attahed to the Gateway with:
```bash
watch kubectl get httproute -n test podinfo -o=jsonpath='{.spec.rules}'
```
You can monitor all canaries with:
```bash
watch kubectl get canaries --all-namespaces
NAMESPACE NAME STATUS WEIGHT LASTTRANSITIONTIME
test podinfo Progressing 15 2022-01-16T14:05:07Z
prod frontend Succeeded 0 2022-01-15T16:15:07Z
prod backend Failed 0 2022-01-14T17:05:07Z
```
## Automated rollback
During the canary analysis you can generate HTTP 500 errors and high latency to test if Flagger pauses the rollout.
Trigger another canary deployment:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:6.0.2
```
Exec into the load tester pod with:
```bash
kubectl -n test exec -it flagger-loadtester-xx-xx sh
```
Generate HTTP 500 errors:
```bash
watch curl http://podinfo-canary:9898/status/500
```
Generate latency:
```bash
watch curl http://podinfo-canary:9898/delay/1
```
When the number of failed checks reaches the canary analysis threshold, the traffic is routed back to the primary, the canary is scaled to zero and the rollout is marked as failed.
```text
kubectl -n test describe canary/podinfo
Status:
Canary Weight: 0
Failed Checks: 10
Phase: Failed
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Synced 3m flagger Starting canary deployment for podinfo.test
Normal Synced 3m flagger Advance podinfo.test canary weight 5
Normal Synced 3m flagger Advance podinfo.test canary weight 10
Normal Synced 3m flagger Advance podinfo.test canary weight 15
Normal Synced 3m flagger Halt podinfo.test advancement error rate 69.17% > 1%
Normal Synced 2m flagger Halt podinfo.test advancement error rate 61.39% > 1%
Normal Synced 2m flagger Halt podinfo.test advancement error rate 55.06% > 1%
Normal Synced 2m flagger Halt podinfo.test advancement error rate 47.00% > 1%
Normal Synced 2m flagger (combined from similar events): Halt podinfo.test advancement error rate 38.08% > 1%
Warning Synced 1m flagger Rolling back podinfo.test failed checks threshold reached 10
Warning Synced 1m flagger Canary failed! Scaling down podinfo.test
```
# A/B Testing
Besides weighted routing, Flagger can be configured to route traffic to the canary based on HTTP match conditions. In an A/B testing scenario, you'll be using HTTP headers or cookies to target a certain segment of your users. This is particularly useful for frontend applications that require session affinity.
![Flagger A/B Testing Stages](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-abtest-steps.png)
Create a canary custom resource \(replace "loaclproject.contour.io" with your own domain\):
```yaml
apiVersion: flagger.app/v1beta1
kind: Canary
metadata:
name: podinfo
namespace: test
spec:
# deployment reference
targetRef:
apiVersion: apps/v1
kind: Deployment
name: podinfo
# the maximum time in seconds for the canary deployment
# to make progress before it is rollback (default 600s)
progressDeadlineSeconds: 60
# HPA reference (optional)
autoscalerRef:
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
name: podinfo
service:
# service port number
port: 9898
# container port number or name (optional)
targetPort: 9898
# Gateway API HTTPRoute host names
hosts:
- localproject.contour.io
# Reference to the Gateway that the generated HTTPRoute would attach to.
gatewayRefs:
- name: contour
namespace: projectcontour
analysis:
# schedule interval (default 60s)
interval: 1m
# max number of failed metric checks before rollback
threshold: 5
# max traffic percentage routed to canary
# percentage (0-100)
maxWeight: 50
# canary increment step
# percentage (0-100)
stepWeight: 10
metrics:
- name: error-rate
# max error rate (5xx responses)
# percentage (0-100)
templateRef:
name: error-rate
namespace: flagger-system
thresholdRange:
max: 1
interval: 1m
- name: latency
templateRef:
name: latency
namespace: flagger-system
# seconds
thresholdRange:
max: 0.5
interval: 30s
# testing (optional)
webhooks:
- name: smoke-test
type: pre-rollout
url: http://flagger-loadtester.test/
timeout: 15s
metadata:
type: bash
cmd: "curl -sd 'anon' http://podinfo-canary.test:9898/token | grep token"
- name: load-test
url: http://flagger-loadtester.test/
timeout: 5s
metadata:
cmd: "hey -z 2m -q 10 -c 2 -host localproject.contour.io -H 'X-Canary: insider' http://envoy.projectcontour/"
```
The above configuration will run an analysis for ten minutes targeting those users that have an insider cookie.
Save the above resource as podinfo-ab-canary.yaml and then apply it:
```bash
kubectl apply -f ./podinfo-ab-canary.yaml
```
Trigger a canary deployment by updating the container image:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:6.0.3
```
Flagger detects that the deployment revision changed and starts a new rollout:
```text
kubectl -n test describe canary/abtest
Status:
Failed Checks: 0
Phase: Succeeded
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Synced 3m flagger New revision detected podinfo.test
Normal Synced 3m flagger Scaling up podinfo.test
Warning Synced 3m flagger Waiting for podinfo.test rollout to finish: 0 of 1 updated replicas are available
Normal Synced 3m flagger Advance podinfo.test canary iteration 1/10
Normal Synced 3m flagger Advance podinfo.test canary iteration 2/10
Normal Synced 3m flagger Advance podinfo.test canary iteration 3/10
Normal Synced 2m flagger Advance podinfo.test canary iteration 4/10
Normal Synced 2m flagger Advance podinfo.test canary iteration 5/10
Normal Synced 1m flagger Advance podinfo.test canary iteration 6/10
Normal Synced 1m flagger Advance podinfo.test canary iteration 7/10
Normal Synced 55s flagger Advance podinfo.test canary iteration 8/10
Normal Synced 45s flagger Advance podinfo.test canary iteration 9/10
Normal Synced 35s flagger Advance podinfo.test canary iteration 10/10
Normal Synced 25s flagger Copying podinfo.test template spec to podinfo-primary.test
Warning Synced 15s flagger Waiting for podinfo-primary.test rollout to finish: 1 of 2 updated replicas are available
Normal Synced 5s flagger Promotion completed! Scaling down podinfo.test
```
The above procedures can be extended with [custom metrics](../usage/metrics.md) checks, [webhooks](../usage/webhooks.md), [manual promotion](../usage/webhooks.md#manual-gating) approval and [Slack or MS Teams](../usage/alerting.md) notifications.

10
docs/gitbook/tutorials/gloo-progressive-delivery.md
View File

@@ -160,6 +160,8 @@ spec:
cmd: "hey -z 2m -q 5 -c 2 -host app.example.com http://gateway-proxy.gloo-system"
```
*Note: when using upstreamRef the following fields are copied over from the original upstream: `Labels, SslConfig, CircuitBreakers, ConnectionConfig, UseHttp2, InitialStreamWindowSize`*
Save the above resource as podinfo-canary.yaml and then apply it:
```bash
@@ -207,7 +209,7 @@ Trigger a canary deployment by updating the container image:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:3.1.1
podinfod=ghcr.io/stefanprodan/podinfo:6.0.1
```
Flagger detects that the deployment revision changed and starts a new rollout:
@@ -262,7 +264,7 @@ Trigger another canary deployment:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:3.1.2
podinfod=ghcr.io/stefanprodan/podinfo:6.0.2
```
Generate HTTP 500 errors:
@@ -363,7 +365,7 @@ Trigger a canary deployment by updating the container image:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:3.1.3
podinfod=ghcr.io/stefanprodan/podinfo:6.0.3
```
Generate 404s:
@@ -425,7 +427,7 @@ Trigger a canary deployment by updating the container image:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:3.1.4
podinfod=ghcr.io/stefanprodan/podinfo:6.0.4
```
Flagger detects that the deployment revision changed and starts the A/B test:

2
docs/gitbook/tutorials/istio-ab-testing.md
View File

@@ -173,7 +173,7 @@ Trigger a canary deployment by updating the container image:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:3.1.1
podinfod=ghcr.io/stefanprodan/podinfo:6.0.1
```
Flagger detects that the deployment revision changed and starts a new rollout:

5
docs/gitbook/tutorials/istio-progressive-delivery.md
View File

@@ -13,6 +13,7 @@ Install Istio with telemetry support and Prometheus:
```bash
istioctl manifest install --set profile=default
# Suggestion: Please change release-1.8 in below command, to your real istio version.
kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.8/samples/addons/prometheus.yaml
```
@@ -185,7 +186,7 @@ Trigger a canary deployment by updating the container image:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:3.1.1
podinfod=ghcr.io/stefanprodan/podinfo:6.0.1
```
Flagger detects that the deployment revision changed and starts a new rollout:
@@ -245,7 +246,7 @@ Trigger another canary deployment:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:3.1.2
podinfod=ghcr.io/stefanprodan/podinfo:6.0.2
```
Exec into the load tester pod with:

4
docs/gitbook/tutorials/kubernetes-blue-green.md
View File

@@ -171,7 +171,7 @@ Trigger a deployment by updating the container image:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:3.1.1
podinfod=ghcr.io/stefanprodan/podinfo:6.0.1
```
Flagger detects that the deployment revision changed and starts a new rollout:
@@ -311,7 +311,7 @@ Trigger a deployment by updating the container image:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:3.1.3
podinfod=ghcr.io/stefanprodan/podinfo:6.0.3
```
Generate 404s:

252
docs/gitbook/tutorials/kuma-progressive-delivery.md Normal file
View File

@@ -0,0 +1,252 @@
# Kuma Canary Deployments
This guide shows you how to use Kuma and Flagger to automate canary deployments.
![Flagger Kuma Canary](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-kuma-canary.png)
## Prerequisites
Flagger requires a Kubernetes cluster **v1.16** or newer and Kuma **1.3** or newer.
Install Kuma and Prometheus (part of Kuma Metrics):
```bash
kumactl install control-plane | kubectl apply -f -
kumactl install metrics | kubectl apply -f -
```
Install Flagger in the `kuma-system` namespace:
```bash
kubectl apply -k github.com/fluxcd/flagger//kustomize/kuma
```
## Bootstrap
Flagger takes a Kubernetes deployment and optionally a horizontal pod autoscaler (HPA),
then creates a series of objects (Kubernetes deployments, ClusterIP services and Kuma `TrafficRoute`).
These objects expose the application inside the mesh and drive the canary analysis and promotion.
Create a test namespace and enable Kuma sidecar injection:
```bash
kubectl create ns test
kubectl annotate namespace test kuma.io/sidecar-injection=enabled
```
Install the load testing service to generate traffic during the canary analysis:
```bash
kubectl apply -k https://github.com/fluxcd/flagger//kustomize/tester?ref=main
```
Create a deployment and a horizontal pod autoscaler:
```bash
kubectl apply -k https://github.com/fluxcd/flagger//kustomize/podinfo?ref=main
```
Create a canary custom resource for the `podinfo` deployment:
```yaml
apiVersion: flagger.app/v1beta1
kind: Canary
metadata:
name: podinfo
namespace: test
annotations:
kuma.io/mesh: default
spec:
targetRef:
apiVersion: apps/v1
kind: Deployment
name: podinfo
progressDeadlineSeconds: 60
service:
port: 9898
targetPort: 9898
apex:
annotations:
9898.service.kuma.io/protocol: "http"
canary:
annotations:
9898.service.kuma.io/protocol: "http"
primary:
annotations:
9898.service.kuma.io/protocol: "http"
analysis:
# schedule interval (default 60s)
interval: 30s
# max number of failed metric checks before rollback
threshold: 5
# max traffic percentage routed to canary
# percentage (0-100)
maxWeight: 50
# canary increment step
# percentage (0-100)
stepWeight: 5
metrics:
- name: request-success-rate
threshold: 99
interval: 1m
- name: request-duration
threshold: 500
interval: 30s
webhooks:
- name: acceptance-test
type: pre-rollout
url: http://flagger-loadtester.test/
timeout: 30s
metadata:
type: bash
cmd: "curl -sd 'test' http://podinfo-canary.test:9898/token | grep token"
- name: load-test
type: rollout
url: http://flagger-loadtester.test/
metadata:
cmd: "hey -z 2m -q 10 -c 2 http://podinfo-canary.test:9898/"
```
Save the above resource as `podinfo-canary.yaml` and then apply it:
```bash
kubectl apply -f ./podinfo-canary.yaml
```
When the canary analysis starts, Flagger will call the pre-rollout webhooks before routing traffic to the canary. The canary analysis will run for five minutes while validating the HTTP metrics and rollout hooks every half a minute.
After a couple of seconds Flagger will create the canary objects:
```bash
# applied
deployment.apps/podinfo
horizontalpodautoscaler.autoscaling/podinfo
ingresses.extensions/podinfo
canary.flagger.app/podinfo
# generated
deployment.apps/podinfo-primary
horizontalpodautoscaler.autoscaling/podinfo-primary
service/podinfo
service/podinfo-canary
service/podinfo-primary
trafficroutes.kuma.io/podinfo
```
After the boostrap, the podinfo deployment will be scaled to zero and the traffic to `podinfo.test` will be routed to the primary pods. During the canary analysis, the `podinfo-canary.test` address can be used to target directly the canary pods.
## Automated canary promotion
Flagger implements a control loop that gradually shifts traffic to the canary while measuring key performance indicators like HTTP requests success rate, requests average duration and pod health. Based on analysis of the KPIs a canary is promoted or aborted, and the analysis result is published to Slack.
![Flagger Canary Stages](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-canary-steps.png)
Trigger a canary deployment by updating the container image:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=ghcr.io/stefanprodan/podinfo:6.0.1
```
Flagger detects that the deployment revision changed and starts a new rollout:
```text
kubectl -n test describe canary/podinfo
Status:
Canary Weight: 0
Failed Checks: 0
Phase: Succeeded
Events:
New revision detected! Scaling up podinfo.test
Waiting for podinfo.test rollout to finish: 0 of 1 updated replicas are available
Pre-rollout check acceptance-test passed
Advance podinfo.test canary weight 5
Advance podinfo.test canary weight 10
Advance podinfo.test canary weight 15
Advance podinfo.test canary weight 20
Advance podinfo.test canary weight 25
Waiting for podinfo.test rollout to finish: 1 of 2 updated replicas are available
Advance podinfo.test canary weight 30
Advance podinfo.test canary weight 35
Advance podinfo.test canary weight 40
Advance podinfo.test canary weight 45
Advance podinfo.test canary weight 50
Copying podinfo.test template spec to podinfo-primary.test
Waiting for podinfo-primary.test rollout to finish: 1 of 2 updated replicas are available
Promotion completed! Scaling down podinfo.test
```
**Note** that if you apply new changes to the deployment during the canary analysis, Flagger will restart the analysis.
A canary deployment is triggered by changes in any of the following objects:
* Deployment PodSpec \(container image, command, ports, env, resources, etc\)
* ConfigMaps mounted as volumes or mapped to environment variables
* Secrets mounted as volumes or mapped to environment variables
You can monitor all canaries with:
```bash
watch kubectl get canaries --all-namespaces
NAMESPACE NAME STATUS WEIGHT LASTTRANSITIONTIME
test podinfo Progressing 15 2019-06-30T14:05:07Z
prod frontend Succeeded 0 2019-06-30T16:15:07Z
prod backend Failed 0 2019-06-30T17:05:07Z
```
## Automated rollback
During the canary analysis you can generate HTTP 500 errors and high latency to test if Flagger pauses and rolls back the faulted version.
Trigger another canary deployment:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=ghcr.io/stefanprodan/podinfo:6.0.2
```
Exec into the load tester pod with:
```bash
kubectl -n test exec -it flagger-loadtester-xx-xx sh
```
Generate HTTP 500 errors:
```bash
watch -n 1 curl http://podinfo-canary.test:9898/status/500
```
Generate latency:
```bash
watch -n 1 curl http://podinfo-canary.test:9898/delay/1
```
When the number of failed checks reaches the canary analysis threshold, the traffic is routed back to the primary, the canary is scaled to zero and the rollout is marked as failed.
```text
kubectl -n test describe canary/podinfo
Status:
Canary Weight: 0
Failed Checks: 10
Phase: Failed
Events:
Starting canary analysis for podinfo.test
Pre-rollout check acceptance-test passed
Advance podinfo.test canary weight 5
Advance podinfo.test canary weight 10
Advance podinfo.test canary weight 15
Halt podinfo.test advancement success rate 69.17% < 99%
Halt podinfo.test advancement success rate 61.39% < 99%
Halt podinfo.test advancement success rate 55.06% < 99%
Halt podinfo.test advancement request duration 1.20s > 0.5s
Halt podinfo.test advancement request duration 1.45s > 0.5s
Rolling back podinfo.test failed checks threshold reached 5
Canary failed! Scaling down podinfo.test
```
The above procedures can be extended with [custom metrics](../usage/metrics.md) checks, [webhooks](../usage/webhooks.md), [manual promotion](../usage/webhooks.md#manual-gating) approval and [Slack or MS Teams](../usage/alerting.md) notifications.

8
docs/gitbook/tutorials/linkerd-progressive-delivery.md
View File

@@ -152,7 +152,7 @@ Trigger a canary deployment by updating the container image:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:3.1.1
podinfod=ghcr.io/stefanprodan/podinfo:6.0.1
```
Flagger detects that the deployment revision changed and starts a new rollout:
@@ -211,7 +211,7 @@ Trigger another canary deployment:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:3.1.2
podinfod=ghcr.io/stefanprodan/podinfo:6.0.2
```
Exec into the load tester pod with:
@@ -297,7 +297,7 @@ Trigger a canary deployment by updating the container image:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:3.1.3
podinfod=ghcr.io/stefanprodan/podinfo:6.0.3
```
Generate 404s:
@@ -442,7 +442,7 @@ Trigger a canary deployment by updating the container image:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:3.1.4
podinfod=ghcr.io/stefanprodan/podinfo:6.0.4
```
Flagger detects that the deployment revision changed and starts the A/B testing:

10
docs/gitbook/tutorials/nginx-progressive-delivery.md
View File

@@ -6,7 +6,7 @@ This guide shows you how to use the NGINX ingress controller and Flagger to auto
## Prerequisites
Flagger requires a Kubernetes cluster **v1.19** or newer and NGINX ingress **v0.46** or newer.
Flagger requires a Kubernetes cluster **v1.19** or newer and NGINX ingress **v1.0.2** or newer.
Install the NGINX ingress controller with Helm v3:
@@ -192,7 +192,7 @@ Trigger a canary deployment by updating the container image:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:3.1.1
podinfod=ghcr.io/stefanprodan/podinfo:6.0.1
```
Flagger detects that the deployment revision changed and starts a new rollout:
@@ -246,7 +246,7 @@ Trigger another canary deployment:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:3.1.2
podinfod=ghcr.io/stefanprodan/podinfo:6.0.2
```
Generate HTTP 500 errors:
@@ -334,7 +334,7 @@ Trigger a canary deployment by updating the container image:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:3.1.3
podinfod=ghcr.io/stefanprodan/podinfo:6.0.3
```
Generate high response latency:
@@ -407,7 +407,7 @@ Trigger a canary deployment by updating the container image:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=stefanprodan/podinfo:3.1.4
podinfod=ghcr.io/stefanprodan/podinfo:6.0.4
```
Flagger detects that the deployment revision changed and starts the A/B testing:

363
docs/gitbook/tutorials/osm-progressive-delivery.md Normal file
View File

@@ -0,0 +1,363 @@
# Open Service Mesh Canary Deployments
This guide shows you how to use Open Service Mesh (OSM) and Flagger to automate canary deployments.
![Flagger OSM Traffic Split](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-osm-traffic-split.png)
## Prerequisites
Flagger requires a Kubernetes cluster **v1.16** or newer and Open Service Mesh **0.9.1** or newer.
OSM must have permissive traffic policy enabled and have an instance of Prometheus for metrics.
- If the OSM CLI is being used for installation, install OSM using the following command:
```bash
osm install \
--set=OpenServiceMesh.deployPrometheus=true \
--set=OpenServiceMesh.enablePermissiveTrafficPolicy=true
```
- If a managed instance of OSM is being used:
- [Bring your own instance](docs.openservicemesh.io/docs/guides/observability/metrics/#byo-prometheus) of Prometheus,
setting the namespace to match the managed OSM controller namespace
- Enable permissive traffic policy after installation by updating the OSM MeshConfig resource:
```bash
# Replace <osm-namespace> with OSM controller's namespace
kubectl patch meshconfig osm-mesh-config -n <osm-namespace> -p '{"spec":{"traffic":{"enablePermissiveTrafficPolicyMode":true}}}' --type=merge
```
To install Flagger in the default `osm-system` namespace, use:
```bash
kubectl apply -k https://github.com/fluxcd/flagger//kustomize/osm?ref=main
```
Alternatively, if a non-default namespace or managed instance of OSM is in use, install Flagger with Helm, replacing the <osm-namespace>
values as appropriate. If a custom instance of Prometheus is being used, replace `osm-prometheus` with the relevant Prometheus service name.
```bash
helm upgrade -i flagger flagger/flagger \
--namespace=<osm-namespace> \
--set meshProvider=osm \
--set metricsServer=http://osm-prometheus.<osm-namespace>.svc:7070
```
## Bootstrap
Flagger takes a Kubernetes deployment and optionally a horizontal pod autoscaler (HPA),
then creates a series of objects (Kubernetes deployments, ClusterIP services and SMI traffic split).
These objects expose the application inside the mesh and drive the canary analysis and promotion.
Create a `test` namespace and enable OSM namespace monitoring and metrics scraping for the namespace.
```bash
kubectl create namespace test
osm namespace add test
osm metrics enable --namespace test
```
Create a `podinfo` deployment and a horizontal pod autoscaler:
```bash
kubectl apply -k https://github.com/fluxcd/flagger//kustomize/podinfo?ref=main
```
Install the load testing service to generate traffic during the canary analysis:
```bash
kubectl apply -k https://github.com/fluxcd/flagger//kustomize/tester?ref=main
```
Create a canary custom resource for the `podinfo` deployment.
The following `podinfo` canary custom resource instructs Flagger to:
1. monitor any changes to the `podinfo` deployment created earlier,
2. detect `podinfo` deployment revision changes, and
3. start a Flagger canary analysis, rollout, and promotion if there were deployment revision changes.
```yaml
apiVersion: flagger.app/v1beta1
kind: Canary
metadata:
name: podinfo
namespace: test
spec:
provider: osm
# deployment reference
targetRef:
apiVersion: apps/v1
kind: Deployment
name: podinfo
# HPA reference (optional)
autoscalerRef:
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
name: podinfo
# the maximum time in seconds for the canary deployment
# to make progress before it is rolled back (default 600s)
progressDeadlineSeconds: 60
service:
# ClusterIP port number
port: 9898
# container port number or name (optional)
targetPort: 9898
analysis:
# schedule interval (default 60s)
interval: 30s
# max number of failed metric checks before rollback
threshold: 5
# max traffic percentage routed to canary
# percentage (0-100)
maxWeight: 50
# canary increment step
# percentage (0-100)
stepWeight: 5
# OSM Prometheus checks
metrics:
- name: request-success-rate
# minimum req success rate (non 5xx responses)
# percentage (0-100)
thresholdRange:
min: 99
interval: 1m
- name: request-duration
# maximum req duration P99
# milliseconds
thresholdRange:
max: 500
interval: 30s
# testing (optional)
webhooks:
- name: acceptance-test
type: pre-rollout
url: http://flagger-loadtester.test/
timeout: 30s
metadata:
type: bash
cmd: "curl -sd 'test' http://podinfo-canary.test:9898/token | grep token"
- name: load-test
type: rollout
url: http://flagger-loadtester.test/
timeout: 5s
metadata:
cmd: "hey -z 2m -q 10 -c 2 http://podinfo-canary.test:9898/"
```
Save the above resource as podinfo-canary.yaml and then apply it:
```bash
kubectl apply -f ./podinfo-canary.yaml
```
When the canary analysis starts, Flagger will call the pre-rollout webhooks before routing traffic to the canary.
The canary analysis will run for five minutes while validating the HTTP metrics and rollout hooks every half a minute.
After a couple of seconds Flagger will create the canary objects.
```bash
# applied
deployment.apps/podinfo
horizontalpodautoscaler.autoscaling/podinfo
ingresses.extensions/podinfo
canary.flagger.app/podinfo
# generated
deployment.apps/podinfo-primary
horizontalpodautoscaler.autoscaling/podinfo-primary
service/podinfo
service/podinfo-canary
service/podinfo-primary
trafficsplits.split.smi-spec.io/podinfo
```
After the boostrap, the `podinfo` deployment will be scaled to zero and the traffic to `podinfo.test` will be routed to the primary pods.
During the canary analysis, the `podinfo-canary.test` address can be used to target directly the canary pods.
## Automated Canary Promotion
Flagger implements a control loop that gradually shifts traffic to the canary while measuring key performance indicators like HTTP requests success rate, requests average duration and pod health.
Based on analysis of the KPIs a canary is promoted or aborted.
![Flagger Canary Stages](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-canary-steps.png)
Trigger a canary deployment by updating the container image:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=ghcr.io/stefanprodan/podinfo:6.0.1
```
Flagger detects that the deployment revision changed and starts a new rollout.
```text
kubectl -n test describe canary/podinfo
Status:
Canary Weight: 0
Failed Checks: 0
Phase: Succeeded
Events:
New revision detected! Scaling up podinfo.test
Waiting for podinfo.test rollout to finish: 0 of 1 updated replicas are available
Pre-rollout check acceptance-test passed
Advance podinfo.test canary weight 5
Advance podinfo.test canary weight 10
Advance podinfo.test canary weight 15
Advance podinfo.test canary weight 20
Advance podinfo.test canary weight 25
Waiting for podinfo.test rollout to finish: 1 of 2 updated replicas are available
Advance podinfo.test canary weight 30
Advance podinfo.test canary weight 35
Advance podinfo.test canary weight 40
Advance podinfo.test canary weight 45
Advance podinfo.test canary weight 50
Copying podinfo.test template spec to podinfo-primary.test
Waiting for podinfo-primary.test rollout to finish: 1 of 2 updated replicas are available
Promotion completed! Scaling down podinfo.test
```
**Note** that if you apply any new changes to the `podinfo` deployment during the canary analysis, Flagger will restart the analysis.
A canary deployment is triggered by changes in any of the following objects:
* Deployment PodSpec \(container image, command, ports, env, resources, etc\)
* ConfigMaps mounted as volumes or mapped to environment variables
* Secrets mounted as volumes or mapped to environment variables
You can monitor all canaries with:
```bash
watch kubectl get canaries --all-namespaces
NAMESPACE NAME STATUS WEIGHT LASTTRANSITIONTIME
test podinfo Progressing 15 2019-06-30T14:05:07Z
prod frontend Succeeded 0 2019-06-30T16:15:07Z
prod backend Failed 0 2019-06-30T17:05:07Z
```
## Automated Rollback
During the canary analysis you can generate HTTP 500 errors and high latency to test if Flagger pauses and rolls back the faulted version.
Trigger another canary deployment:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=ghcr.io/stefanprodan/podinfo:6.0.2
```
Exec into the load tester pod with:
```bash
kubectl -n test exec -it flagger-loadtester-xx-xx sh
```
Repeatedly generate HTTP 500 errors until the `kubectl describe` output below shows canary rollout failure:
```bash
watch -n 0.1 curl http://podinfo-canary.test:9898/status/500
```
Repeatedly generate latency until canary rollout fails:
```bash
watch -n 0.1 curl http://podinfo-canary.test:9898/delay/1
```
When the number of failed checks reaches the canary analysis thresholds defined in the `podinfo` canary custom resource earlier, the traffic is routed back to the primary, the canary is scaled to zero and the rollout is marked as failed.
```text
kubectl -n test describe canary/podinfo
Status:
Canary Weight: 0
Failed Checks: 10
Phase: Failed
Events:
Starting canary analysis for podinfo.test
Pre-rollout check acceptance-test passed
Advance podinfo.test canary weight 5
Advance podinfo.test canary weight 10
Advance podinfo.test canary weight 15
Halt podinfo.test advancement success rate 69.17% < 99%
Halt podinfo.test advancement success rate 61.39% < 99%
Halt podinfo.test advancement success rate 55.06% < 99%
Halt podinfo.test advancement request duration 1.20s > 0.5s
Halt podinfo.test advancement request duration 1.45s > 0.5s
Rolling back podinfo.test failed checks threshold reached 5
Canary failed! Scaling down podinfo.test
```
## Custom Metrics
The canary analysis can be extended with Prometheus queries.
Let's define a check for 404 not found errors.
Edit the canary analysis (`podinfo-canary.yaml` file) and add the following metric.
For more information on creating additional custom metrics using OSM metrics, please check the [metrics available in OSM](https://docs.openservicemesh.io/docs/guides/observability/metrics/#available-metrics).
```yaml
analysis:
metrics:
- name: "404s percentage"
threshold: 3
query: |
100 - (
sum(
rate(
osm_request_total{
destination_namespace="test",
destination_kind="Deployment",
destination_name="podinfo",
response_code!="404"
}[1m]
)
)
/
sum(
rate(
osm_request_total{
destination_namespace="test",
destination_kind="Deployment",
destination_name="podinfo"
}[1m]
)
) * 100
)
```
The above configuration validates the canary version by checking if the HTTP 404 req/sec percentage is below three percent of the total traffic.
If the 404s rate reaches the 3% threshold, then the analysis is aborted and the canary is marked as failed.
Trigger a canary deployment by updating the container image:
```bash
kubectl -n test set image deployment/podinfo \
podinfod=ghcr.io/stefanprodan/podinfo:6.0.3
```
Exec into the load tester pod with:
```bash
kubectl -n test exec -it flagger-loadtester-xx-xx sh
```
Repeatedly generate 404s until canary rollout fails:
```bash
watch -n 0.1 curl http://podinfo-canary.test:9898/status/404
```
Watch Flagger logs to confirm successful canary rollback.
```text
kubectl -n osm-system logs deployment/flagger -f | jq .msg
Starting canary deployment for podinfo.test
Pre-rollout check acceptance-test passed
Advance podinfo.test canary weight 5
Halt podinfo.test advancement 404s percentage 6.20 > 3
Halt podinfo.test advancement 404s percentage 6.45 > 3
Halt podinfo.test advancement 404s percentage 7.22 > 3
Halt podinfo.test advancement 404s percentage 6.50 > 3
Halt podinfo.test advancement 404s percentage 6.34 > 3
Rolling back podinfo.test failed checks threshold reached 5
Canary failed! Scaling down podinfo.test
```

14
docs/gitbook/tutorials/traefik-progressive-delivery.md
View File

@@ -13,9 +13,17 @@ Install Traefik with Helm v3:
```bash
helm repo add traefik https://helm.traefik.io/traefik
kubectl create ns traefik
helm upgrade -i traefik traefik/traefik \
--namespace traefik \
--set additionalArguments="{--metrics.prometheus=true}"
cat <<EOF | helm upgrade -i traefik traefik/traefik --namespace traefik -f -
deployment:
podAnnotations:
prometheus.io/port: "9100"
prometheus.io/scrape: "true"
prometheus.io/path: "/metrics"
metrics:
prometheus:
entryPoint: metrics
EOF
```
Install Flagger and the Prometheus add-on in the same namespace as Traefik:

8
docs/gitbook/usage/alerting.md
View File

@@ -20,9 +20,10 @@ Once the webhook has been generated. Flagger can be configured to send Slack not
```bash
helm upgrade -i flagger flagger/flagger \
--set slack.url=https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK \
--set slack.proxy-url=my-http-proxy.com \ # optional http/s proxy
--set slack.proxy=my-http-proxy.com \ # optional http/s proxy
--set slack.channel=general \
--set slack.user=flagger
--set slack.user=flagger \
--set clusterName=my-cluster
```
Once configured with a Slack incoming **webhook**,
@@ -127,6 +128,9 @@ Alert fields:
When the severity is set to `warn`, Flagger will alert when waiting on manual confirmation or if the analysis fails.
When the severity is set to `error`, Flagger will alert only if the canary analysis fails.
To differentiate alerts based on the cluster name, you can configure Flagger with the `-cluster-name=my-cluster`
command flag, or with Helm `--set clusterName=my-cluster`.
## Prometheus Alert Manager
You can use Alertmanager to trigger alerts when a canary deployment failed:

8
docs/gitbook/usage/deployment-strategies.md
View File

@@ -3,11 +3,11 @@
Flagger can run automated application analysis, promotion and rollback for the following deployment strategies:
* **Canary Release** \(progressive traffic shifting\)
* Istio, Linkerd, App Mesh, NGINX, Skipper, Contour, Gloo Edge, Traefik
* Istio, Linkerd, App Mesh, NGINX, Skipper, Contour, Gloo Edge, Traefik, Open Service Mesh, Kuma, Gateway API
* **A/B Testing** \(HTTP headers and cookies traffic routing\)
* Istio, App Mesh, NGINX, Contour, Gloo Edge
* Istio, App Mesh, NGINX, Contour, Gloo Edge, Gateway API
* **Blue/Green** \(traffic switching\)
* Kubernetes CNI, Istio, Linkerd, App Mesh, NGINX, Contour, Gloo Edge
* Kubernetes CNI, Istio, Linkerd, App Mesh, NGINX, Contour, Gloo Edge, Open Service Mesh, Gateway API
* **Blue/Green Mirroring** \(traffic shadowing\)
* Istio
@@ -326,7 +326,7 @@ Blue/Green rollout steps for service mesh:
* run conformance tests for the canary pods
* run load tests and metric checks for the canary pods every minute
* abort the canary release if the failure threshold is reached
* route traffic to canary
* route traffic to canary (This doesn't happen when using the kubernetes provider)
* promote canary spec over primary (blue)
* wait for primary rollout
* route traffic to primary

16
docs/gitbook/usage/how-it-works.md
View File

@@ -115,6 +115,10 @@ but disabling config-tracking using the per Secret/ConfigMap annotation may fit
The autoscaler reference is optional, when specified,
Flagger will pause the traffic increase while the target and primary deployments are scaled up or down.
HPA can help reduce the resource usage during the canary analysis.
When the autoscaler reference is specified, any changes made to the autoscaler are only made active
in the primary autoscaler when a rollout for the deployment starts and completes successfully.
Optionally, you can create two HPAs, one for canary and one for the primary to update the HPA without
doing a new rollout. As the canary deployment will be scaled to 0, the HPA on the canary will be inactive.
The progress deadline represents the maximum time in seconds for the canary deployment to
make progress before it is rolled back, defaults to ten minutes.
@@ -184,6 +188,10 @@ spec:
test: "test"
```
Note that the `apex` annotations are added to both the generated Kubernetes Service and the
generated service mesh/ingress object. This allows using external-dns with Istio `VirtualServices`
and `TraefikServices`. Beware of configuration conflicts [here](../faq.md#ExternalDNS).
Besides port mapping and metadata, the service specification can
contain URI match and rewrite rules, timeout and retry polices:
@@ -331,6 +339,14 @@ Spec:
# total number of iterations
# used for A/B Testing and Blue/Green
iterations:
# threshold of primary pods that need to be available to consider it ready
# before starting rollout. this is optional and the default is 100
# percentage (0-100)
primaryReadyThreshold: 100
# threshold of canary pods that need to be available to consider it ready
# before starting rollout. this is optional and the default is 100
# percentage (0-100)
canaryReadyThreshold: 100
# canary match conditions
# used for A/B Testing
match:

137
docs/gitbook/usage/metrics.md
View File

@@ -46,8 +46,9 @@ metadata:
name: my-metric
spec:
provider:
type: # can be prometheus or datadog
type: # can be prometheus, datadog, etc
address: # API URL
insecureSkipVerify: # if set to true, disables the TLS cert validation
secretRef:
name: # name of the secret containing the API credentials
query: # metric query
@@ -476,3 +477,137 @@ spec:
secretRef:
name: graphite-basic-auth
```
## Google Cloud Monitoring (Stackdriver)
Enable Workload Identity on your cluster, create a service account key that has read access to the
Cloud Monitoring API and then create an IAM policy binding between the GCP service account and the Flagger
service account on Kubernetes. You can take a look at this [guide](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity)
Annotate the flagger service account
```shell script
kubectl annotate serviceaccount flagger \
--namespace <namespace> \
iam.gke.io/gcp-service-account=<gcp-serviceaccount-name>@<project-id>.iam.gserviceaccount.com
```
Alternatively, you can download the json keys and add it to your secret with the key `serviceAccountKey` (This method is not recommended).
Create a secret that contains your project-id (and, if workload identity is not enabled on your cluster,
your [service account json](https://cloud.google.com/docs/authentication/production#create_service_account)).
```
kubectl create secret generic gcloud-sa --from-literal=project=<project-id>
```
Then reference the secret in the metric template.
Note: The particular MQL query used here works if [Istio is installed on GKE](https://cloud.google.com/istio/docs/istio-on-gke/installing).
```yaml
apiVersion: flagger.app/v1beta1
kind: MetricTemplate
metadata:
name: bytes-sent
namespace: test
spec:
provider:
type: stackdriver
secretRef:
name: gcloud-sa
query: |
fetch k8s_container
| metric 'istio.io/service/server/response_latencies'
| filter
(metric.destination_service_name == '{{ service }}-canary'
&& metric.destination_service_namespace == '{{ namespace }}')
| align delta(1m)
| every 1m
| group_by [],
[value_response_latencies_percentile:
percentile(value.response_latencies, 99)]
```
The reference for the query language can be found [here](https://cloud.google.com/monitoring/mql/reference)
## InfluxDB
The InfluxDB provider uses the [flux](https://docs.influxdata.com/influxdb/v2.0/query-data/get-started/) query language.
Create a secret that contains your authentication token that can be found in the InfluxDB UI.
```
kubectl create secret generic influx-token --from-literal=token=<token>
```
Then reference the secret in the metric template.
Note: The particular MQL query used here works if [Istio is installed on GKE](https://cloud.google.com/istio/docs/istio-on-gke/installing).
```yaml
apiVersion: flagger.app/v1beta1
kind: MetricTemplate
metadata:
name: not-found
namespace: test
spec:
provider:
type: influxdb
secretRef:
name: influx-token
query: |
from(bucket: "default")
|> range(start: -2h)
|> filter(fn: (r) => r["_measurement"] == "istio_requests_total")
|> filter(fn: (r) => r[" destination_workload_namespace"] == "{{ namespace }}")
|> filter(fn: (r) => r["destination_workload"] == "{{ target }}")
|> filter(fn: (r) => r["response_code"] == "500")
|> count()
|> yield(name: "count")
```
## Dynatrace
You can create custom metric checks using the Dynatrace provider.
Create a secret with your Dynatrace token:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: dynatrace
namespace: istio-system
data:
dynatrace_token: ZHQwYz...
```
Dynatrace metric template example:
```yaml
apiVersion: flagger.app/v1beta1
kind: MetricTemplate
metadata:
name: response-time-95pct
namespace: istio-system
spec:
provider:
type: dynatrace
address: https://xxxxxxxx.live.dynatrace.com
secretRef:
name: dynatrace
query: |
builtin:service.response.time:filter(eq(dt.entity.service,SERVICE-ABCDEFG0123456789)):percentile(95)
```
Reference the template in the canary analysis:
```yaml
analysis:
metrics:
- name: "response-time-95pct"
templateRef:
name: response-time-95pct
namespace: istio-system
thresholdRange:
max: 1000
interval: 1m
```

4
docs/gitbook/usage/monitoring.md
View File

@@ -117,4 +117,8 @@ flagger_canary_duration_seconds_bucket{name="podinfo",namespace="test",le="10"}
flagger_canary_duration_seconds_bucket{name="podinfo",namespace="test",le="+Inf"} 6
flagger_canary_duration_seconds_sum{name="podinfo",namespace="test"} 17.3561329
flagger_canary_duration_seconds_count{name="podinfo",namespace="test"} 6
# Last canary metric analysis result per different metrics
flagger_canary_metric_analysis{metric="podinfo-http-successful-rate",name="podinfo",namespace="test"} 1
flagger_canary_metric_analysis{metric="podinfo-custom-metric",name="podinfo",namespace="test"} 0.918223108974359
```

39
docs/gitbook/usage/webhooks.md
View File

@@ -143,7 +143,8 @@ helm repo add flagger https://flagger.app
helm upgrade -i flagger-loadtester flagger/loadtester \
--namespace=test \
--set cmd.timeout=1h
--set cmd.timeout=1h \
--set cmd.namespaceRegexp=''
```
When deployed the load tester API will be available at `http://flagger-loadtester.test/`.
@@ -253,6 +254,42 @@ to the nGrinder server and start a new performance test. the load tester will pe
poll the nGrinder server for the status of the test,
and prevent duplicate requests from being sent in subsequent analysis loops.
### K6 Load Tester
You can also delegate load testing to a third-party webhook. An example of this is the [`k6 webhook`](https://github.com/grafana/flagger-k6-webhook). This webhook uses [`k6`](https://k6.io/), a very featureful load tester, to run load or smoke tests on canaries. For all features available, see the source repository.
Here's an example integrating this webhook as a `pre-rollout` step, to load test a service before any traffic is sent to it:
```yaml
webhooks:
- name: k6-load-test
timeout: 5m
type: pre-rollout
url: http://k6-loadtester.flagger/launch-test
metadata:
script: |
import http from 'k6/http';
import { sleep } from 'k6';
export const options = {
vus: 2,
duration: '30s',
thresholds: {
http_req_duration: ['p(95)<50']
},
ext: {
loadimpact: {
name: '<cluster>/<your_service>',
projectID: <project id>,
},
},
};
export default function () {
http.get('http://<your_service>-canary.<namespace>:80/');
sleep(0.10);
}
```
## Integration Testing
Flagger comes with a testing service that can run Helm tests, Bats tests or Concord tests when configured as a webhook.

79
go.mod
View File

@@ -1,21 +1,78 @@
module github.com/fluxcd/flagger
go 1.15
go 1.17
require (
cloud.google.com/go/monitoring v0.1.0
github.com/Masterminds/semver/v3 v3.0.3
github.com/aws/aws-sdk-go v1.37.32
github.com/davecgh/go-spew v1.1.1
github.com/go-logr/zapr v0.3.0
github.com/google/go-cmp v0.5.2
github.com/prometheus/client_golang v1.9.0
github.com/go-logr/zapr v1.2.0
github.com/google/go-cmp v0.5.6
github.com/googleapis/gax-go/v2 v2.0.5
github.com/influxdata/influxdb-client-go/v2 v2.5.0
github.com/prometheus/client_golang v1.11.1
github.com/stretchr/testify v1.7.0
go.uber.org/zap v1.14.1
golang.org/x/tools v0.1.0 // indirect
go.uber.org/zap v1.19.1
google.golang.org/api v0.54.0
google.golang.org/genproto v0.0.0-20210813162853-db860fec028c
google.golang.org/grpc v1.39.1
google.golang.org/protobuf v1.27.1
gopkg.in/h2non/gock.v1 v1.0.15
k8s.io/api v0.20.4
k8s.io/apimachinery v0.20.4
k8s.io/client-go v0.20.4
k8s.io/code-generator v0.20.4
k8s.io/klog/v2 v2.4.0
k8s.io/api v0.23.3
k8s.io/apimachinery v0.23.3
k8s.io/client-go v0.23.3
k8s.io/code-generator v0.23.3
k8s.io/klog/v2 v2.40.1
)
require (
cloud.google.com/go v0.92.3 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/cespare/xxhash/v2 v2.1.1 // indirect
github.com/deepmap/oapi-codegen v1.8.2 // indirect
github.com/evanphx/json-patch v4.12.0+incompatible // indirect
github.com/go-logr/logr v1.2.2 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/google/gofuzz v1.1.0 // indirect
github.com/google/uuid v1.1.2 // indirect
github.com/googleapis/gnostic v0.5.5 // indirect
github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 // indirect
github.com/imdario/mergo v0.3.5 // indirect
github.com/influxdata/line-protocol v0.0.0-20200327222509-2487e7298839 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/prometheus/client_model v0.2.0 // indirect
github.com/prometheus/common v0.26.0 // indirect
github.com/prometheus/procfs v0.6.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
go.opencensus.io v0.23.0 // indirect
go.uber.org/atomic v1.7.0 // indirect
go.uber.org/multierr v1.6.0 // indirect
golang.org/x/mod v0.5.1 // indirect
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect
golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f // indirect
golang.org/x/sys v0.0.0-20220209214540-3681064d5158 // indirect
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
golang.org/x/text v0.3.7 // indirect
golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
golang.org/x/tools v0.1.9 // indirect
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
google.golang.org/appengine v1.6.7 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
k8s.io/gengo v0.0.0-20211129171323-c02415ce4185 // indirect
k8s.io/kube-openapi v0.0.0-20220124234850-424119656bbf // indirect
k8s.io/utils v0.0.0-20211116205334-6203023598ed // indirect
sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
)

695
go.sum
View File

File diff suppressed because it is too large Load Diff

4
hack/update-codegen.sh
View File

@@ -7,7 +7,7 @@ set -o pipefail
SCRIPT_ROOT=$(git rev-parse --show-toplevel)
# Grab code-generator version from go.sum.
CODEGEN_VERSION=$(grep 'k8s.io/code-generator' go.sum | awk '{print $2}' | head -1)
CODEGEN_VERSION=$(grep 'k8s.io/code-generator' go.sum | awk '{print $2}' | tail -1 | awk -F '/' '{print $1}')
CODEGEN_PKG=$(echo `go env GOPATH`"/pkg/mod/k8s.io/code-generator@${CODEGEN_VERSION}")
echo ">> Using ${CODEGEN_PKG}"
@@ -30,7 +30,7 @@ chmod +x ${CODEGEN_PKG}/generate-groups.sh
${CODEGEN_PKG}/generate-groups.sh all \
github.com/fluxcd/flagger/pkg/client github.com/fluxcd/flagger/pkg/apis \
"flagger:v1beta1 appmesh:v1beta2 appmesh:v1beta1 istio:v1alpha3 smi:v1alpha1 smi:v1alpha2 smi:v1alpha3 gloo/gloo:v1 gloo/gateway:v1 projectcontour:v1 traefik:v1alpha1" \
"flagger:v1beta1 appmesh:v1beta2 appmesh:v1beta1 istio:v1alpha3 smi:v1alpha1 smi:v1alpha2 smi:v1alpha3 gloo/gloo:v1 gloo/gateway:v1 projectcontour:v1 traefik:v1alpha1 kuma:v1alpha1 gatewayapi:v1alpha2" \
--output-base "${TEMP_DIR}" \
--go-header-file ${SCRIPT_ROOT}/hack/boilerplate.go.txt

10
kustomize/README.md
View File

@@ -34,6 +34,14 @@ kustomize build https://github.com/fluxcd/flagger/kustomize/linkerd?ref=main | k
This deploys Flagger in the `linkerd` namespace and sets the metrics server URL to linkerd-viz extension's Prometheus instance
which lives under `linkerd-viz` namespace by default.
Install Flagger for Open Service Mesh:
```bash
kustomize build https://github.com/fluxcd/flagger/kustomize/osm?ref=main | kubectl apply -f -
```
This deploys Flagger in the `osm-system` namespace and sets the metrics server URL to OSM's Prometheus instance.
If you want to install a specific Flagger release, add the version number to the URL:
```bash
@@ -68,7 +76,7 @@ metadata:
name: app
namespace: test
spec:
# can be: kubernetes, istio, linkerd, appmesh, nginx, skipper, gloo
# can be: kubernetes, istio, linkerd, appmesh, nginx, skipper, gloo, osm
# use the kubernetes provider for Blue/Green style deployments
provider: nginx
```

49
kustomize/base/flagger/crd.yaml
View File

@@ -495,6 +495,40 @@ spec:
type: array
items:
type: string
gatewayRefs:
description: The list of parent Gateways for a HTTPRoute
maxItems: 32
type: array
items:
required:
- name
type: object
properties:
group:
default: gateway.networking.k8s.io
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Gateway
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
maxLength: 253
minLength: 1
type: string
namespace:
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
sectionName:
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
corsPolicy:
description: Istio Cross-Origin Resource Sharing policy (CORS)
type: object
@@ -826,6 +860,12 @@ spec:
mirrorWeight:
description: Weight of traffic to be mirrored
type: number
primaryReadyThreshold:
description: Percentage of pods that need to be available to consider primary as ready
type: number
canaryReadyThreshold:
description: Percentage of pods that need to be available to consider canary as ready
type: number
match:
description: A/B testing match conditions
type: array
@@ -1006,6 +1046,9 @@ spec:
iterations:
description: Iteration count of the current canary analysis
type: number
lastPromotedSpec:
description: LastPromotedSpec of this canary
type: string
lastAppliedSpec:
description: LastAppliedSpec of this canary
type: string
@@ -1104,9 +1147,11 @@ spec:
- prometheus
- influxdb
- datadog
- stackdriver
- cloudwatch
- newrelic
- graphite
- dynatrace
address:
description: API address of this provider
type: string
@@ -1122,6 +1167,9 @@ spec:
region:
description: Region of the provider
type: string
insecureSkipVerify:
description: Disable SSL certificate validation for the provider address
type: boolean
query:
description: Query of this metric template
type: string
@@ -1188,6 +1236,7 @@ spec:
- msteams
- discord
- rocket
- gchat
channel:
description: Alert channel for this provider
type: string

2
kustomize/base/flagger/kustomization.yaml
View File

@@ -9,4 +9,4 @@ resources:
images:
- name: ghcr.io/fluxcd/flagger
newName: ghcr.io/fluxcd/flagger
newTag: 1.11.0
newTag: 1.21.0

26
kustomize/base/flagger/rbac.yaml
View File

@@ -177,6 +177,32 @@ rules:
- update
- patch
- delete
- apiGroups:
- kuma.io
resources:
- trafficroutes
- trafficroutes/finalizers
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes
- httproutes/finalizers
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- nonResourceURLs:
- /version
verbs:

4
kustomize/base/prometheus/deployment.yaml
View File

@@ -19,7 +19,7 @@ spec:
serviceAccountName: flagger-prometheus
containers:
- name: prometheus
image: prom/prometheus:v2.23.0
image: prom/prometheus:v2.34.0
imagePullPolicy: IfNotPresent
args:
- '--storage.tsdb.retention=2h'
@@ -49,4 +49,4 @@ spec:
configMap:
name: flagger-prometheus
- name: data-volume
emptyDir: {}
emptyDir: {}

7
kustomize/gatewayapi/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
bases:
- ../base/flagger/
- ../base/prometheus/
resources:
- namespace.yaml
patchesStrategicMerge:
- patch.yaml

4
kustomize/gatewayapi/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: flagger-system

14
kustomize/gatewayapi/patch.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: flagger
spec:
template:
spec:
containers:
- name: flagger
args:
- -log-level=info
- -include-label-prefix=app.kubernetes.io
- -mesh-provider=gatewayapi:v1alpha2
- -metrics-server=http://flagger-prometheus:9090

5
kustomize/kuma/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
namespace: kuma-system
bases:
- ../base/flagger/
patchesStrategicMerge:
- patch.yaml

14
kustomize/kuma/patch.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: flagger
spec:
template:
spec:
containers:
- name: flagger
args:
- -log-level=info
- -include-label-prefix=app.kubernetes.io
- -mesh-provider=kuma
- -metrics-server=http://prometheus-server.kuma-metrics:80

5
kustomize/osm/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
namespace: osm-system
bases:
- ../base/flagger/
patchesStrategicMerge:
- patch.yaml

27
kustomize/osm/patch.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: flagger
spec:
template:
spec:
containers:
- name: flagger
args:
- -log-level=info
- -include-label-prefix=app.kubernetes.io
- -mesh-provider=osm
- -metrics-server=http://osm-prometheus.osm-system.svc:7070
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: flagger
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flagger
subjects:
- kind: ServiceAccount
name: flagger
namespace: osm-system

2
kustomize/podinfo/deployment.yaml
View File

@@ -25,7 +25,7 @@ spec:
spec:
containers:
- name: podinfod
image: stefanprodan/podinfo:3.1.0
image: ghcr.io/stefanprodan/podinfo:6.0.0
imagePullPolicy: IfNotPresent
ports:
- name: http

3
kustomize/tester/deployment.yaml
View File

@@ -15,10 +15,11 @@ spec:
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
openservicemesh.io/inbound-port-exclusion-list: "80, 8080"
spec:
containers:
- name: loadtester
image: ghcr.io/fluxcd/flagger-loadtester:0.18.0
image: ghcr.io/fluxcd/flagger-loadtester:0.22.0
imagePullPolicy: IfNotPresent
ports:
- name: http

4
pkg/apis/appmesh/register.go
View File

@@ -3,3 +3,7 @@ package appmesh
const (
GroupName = "appmesh.k8s.aws"
)
const AccessLogAnnotation = "appmesh.flagger.app/accesslog"
const EnabledValue = "enabled"

1
pkg/apis/appmesh/v1beta1/zz_generated.deepcopy.go
View File

@@ -1,3 +1,4 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
/*

1
pkg/apis/appmesh/v1beta2/zz_generated.deepcopy.go
View File

@@ -1,3 +1,4 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
/*

57
pkg/apis/flagger/v1beta1/canary.go
View File

@@ -20,6 +20,7 @@ import (
"fmt"
"time"
"github.com/fluxcd/flagger/pkg/apis/gatewayapi/v1alpha2"
istiov1alpha3 "github.com/fluxcd/flagger/pkg/apis/istio/v1alpha3"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/intstr"
@@ -29,6 +30,8 @@ const (
CanaryKind = "Canary"
ProgressDeadlineSeconds = 600
AnalysisInterval = 60 * time.Second
PrimaryReadyThreshold = 100
CanaryReadyThreshold = 100
MetricInterval = "1m"
)
@@ -67,15 +70,15 @@ type CanarySpec struct {
MetricsServer string `json:"metricsServer,omitempty"`
// TargetRef references a target resource
TargetRef CrossNamespaceObjectReference `json:"targetRef"`
TargetRef LocalObjectReference `json:"targetRef"`
// AutoscalerRef references an autoscaling resource
// +optional
AutoscalerRef *CrossNamespaceObjectReference `json:"autoscalerRef,omitempty"`
AutoscalerRef *LocalObjectReference `json:"autoscalerRef,omitempty"`
// Reference to NGINX ingress resource
// +optional
IngressRef *CrossNamespaceObjectReference `json:"ingressRef,omitempty"`
IngressRef *LocalObjectReference `json:"ingressRef,omitempty"`
// Reference to Gloo Upstream resource. Upstream config is copied from
// the referenced upstream to the upstreams generated by flagger.
@@ -137,7 +140,12 @@ type CanaryService struct {
// +optional
Gateways []string `json:"gateways,omitempty"`
// Hosts attached to the generated Istio virtual service
// Gateways that the HTTPRoute needs to attach itself to.
// Must be specified while using the Gateway API as a provider.
// +optional
GatewayRefs []v1alpha2.ParentReference `json:"gatewayRefs,omitempty"`
// Hosts attached to the generated Istio virtual service or Gateway API HTTPRoute.
// Defaults to the service name
// +optional
Hosts []string `json:"hosts,omitempty"`
@@ -229,6 +237,12 @@ type CanaryAnalysis struct {
// Max number of failed checks before the canary is terminated
Threshold int `json:"threshold"`
// Percentage of pods that need to be available to consider primary as ready
PrimaryReadyThreshold *int `json:"primaryReadyThreshold,omitempty"`
// Percentage of pods that need to be available to consider canary as ready
CanaryReadyThreshold *int `json:"canaryReadyThreshold,omitempty"`
// Alert list for this canary analysis
Alerts []CanaryAlert `json:"alerts,omitempty"`
@@ -254,7 +268,7 @@ type CanaryMetric struct {
Interval string `json:"interval,omitempty"`
// Deprecated: Max value accepted for this metric (replaced by ThresholdRange)
Threshold float64 `json:"threshold"`
Threshold float64 `json:"threshold,omitempty"`
// Range value accepted for this metric
// +optional
@@ -309,7 +323,7 @@ const (
RolloutHook HookType = "rollout"
// PreRolloutHook execute webhook before routing traffic to canary
PreRolloutHook HookType = "pre-rollout"
// PreRolloutHook execute webhook after the canary analysis
// PostRolloutHook execute webhook after the canary analysis
PostRolloutHook HookType = "post-rollout"
// ConfirmRolloutHook halt canary analysis until webhook returns HTTP 200
ConfirmRolloutHook HookType = "confirm-rollout"
@@ -379,6 +393,21 @@ type CrossNamespaceObjectReference struct {
Namespace string `json:"namespace,omitempty"`
}
// LocalObjectReference contains enough information to let you locate the typed
// referenced object in the same namespace.
type LocalObjectReference struct {
// API version of the referent
// +optional
APIVersion string `json:"apiVersion,omitempty"`
// Kind of the referent
// +optional
Kind string `json:"kind,omitempty"`
// Name of the referent
Name string `json:"name"`
}
// CustomMetadata holds labels and annotations to set on generated objects.
type CustomMetadata struct {
Labels map[string]string `json:"labels,omitempty"`
@@ -440,6 +469,22 @@ func (c *Canary) GetAnalysisThreshold() int {
return 1
}
// GetAnalysisPrimaryReadyThreshold returns the canary primaryReadyThreshold (default 100)
func (c *Canary) GetAnalysisPrimaryReadyThreshold() int {
if c.GetAnalysis().PrimaryReadyThreshold != nil {
return *c.GetAnalysis().PrimaryReadyThreshold
}
return PrimaryReadyThreshold
}
// GetAnalysisCanaryReadyThreshold returns the canary canaryReadyThreshold (default 100)
func (c *Canary) GetAnalysisCanaryReadyThreshold() int {
if c.GetAnalysis().CanaryReadyThreshold != nil {
return *c.GetAnalysis().CanaryReadyThreshold
}
return CanaryReadyThreshold
}
// GetMetricInterval returns the metric interval default value (1m)
func (c *Canary) GetMetricInterval() string {
return MetricInterval

4
pkg/apis/flagger/v1beta1/metric.go
View File

@@ -74,6 +74,10 @@ type MetricTemplateProvider struct {
// Region of the provider
// +optional
Region string `json:"region,omitempty"`
// InsecureSkipVerify disables certificate verification for the provider
// +optional
InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty"`
}
// MetricTemplateModel is the query template model

3
pkg/apis/flagger/v1beta1/provider.go
View File

@@ -11,4 +11,7 @@ const (
KubernetesProvider string = "kubernetes"
SkipperProvider string = "skipper"
TraefikProvider string = "traefik"
OsmProvider string = "osm"
KumaProvider string = "kuma"
GatewayAPIProvider string = "gatewayapi"
)

39
pkg/apis/flagger/v1beta1/zz_generated.deepcopy.go
View File

@@ -1,3 +1,4 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
/*
@@ -21,6 +22,7 @@ limitations under the License.
package v1beta1
import (
v1alpha2 "github.com/fluxcd/flagger/pkg/apis/gatewayapi/v1alpha2"
v1alpha3 "github.com/fluxcd/flagger/pkg/apis/istio/v1alpha3"
v1 "k8s.io/api/core/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
@@ -202,6 +204,16 @@ func (in *CanaryAnalysis) DeepCopyInto(out *CanaryAnalysis) {
*out = make([]int, len(*in))
copy(*out, *in)
}
if in.PrimaryReadyThreshold != nil {
in, out := &in.PrimaryReadyThreshold, &out.PrimaryReadyThreshold
*out = new(int)
**out = **in
}
if in.CanaryReadyThreshold != nil {
in, out := &in.CanaryReadyThreshold, &out.CanaryReadyThreshold
*out = new(int)
**out = **in
}
if in.Alerts != nil {
in, out := &in.Alerts, &out.Alerts
*out = make([]CanaryAlert, len(*in))
@@ -327,6 +339,13 @@ func (in *CanaryService) DeepCopyInto(out *CanaryService) {
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.GatewayRefs != nil {
in, out := &in.GatewayRefs, &out.GatewayRefs
*out = make([]v1alpha2.ParentReference, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.Hosts != nil {
in, out := &in.Hosts, &out.Hosts
*out = make([]string, len(*in))
@@ -403,12 +422,12 @@ func (in *CanarySpec) DeepCopyInto(out *CanarySpec) {
out.TargetRef = in.TargetRef
if in.AutoscalerRef != nil {
in, out := &in.AutoscalerRef, &out.AutoscalerRef
*out = new(CrossNamespaceObjectReference)
*out = new(LocalObjectReference)
**out = **in
}
if in.IngressRef != nil {
in, out := &in.IngressRef, &out.IngressRef
*out = new(CrossNamespaceObjectReference)
*out = new(LocalObjectReference)
**out = **in
}
if in.UpstreamRef != nil {
@@ -602,6 +621,22 @@ func (in *CustomMetadata) DeepCopy() *CustomMetadata {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *LocalObjectReference) DeepCopyInto(out *LocalObjectReference) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalObjectReference.
func (in *LocalObjectReference) DeepCopy() *LocalObjectReference {
if in == nil {
return nil
}
out := new(LocalObjectReference)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *MetricTemplate) DeepCopyInto(out *MetricTemplate) {
*out = *in

5
pkg/apis/gatewayapi/register.go Normal file
View File

@@ -0,0 +1,5 @@
package gatewayapi
const (
GroupName = "gateway.networking.k8s.io"
)

6
pkg/apis/gatewayapi/v1alpha2/doc.go Normal file
View File

@@ -0,0 +1,6 @@
// +k8s:deepcopy-gen=package
// Package v1alpha2 contains API Schema definitions for the
// gateway.networking.k8s.io API group.
package v1alpha2

879
pkg/apis/gatewayapi/v1alpha2/httproute_types.go Normal file
View File

@@ -0,0 +1,879 @@
/*
Copyright 2020 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:categories=gateway-api
// +kubebuilder:subresource:status
// +kubebuilder:storageversion
// +kubebuilder:printcolumn:name="Hostnames",type=string,JSONPath=`.spec.hostnames`
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
// HTTPRoute provides a way to route HTTP requests. This includes the capability
// to match requests by hostname, path, header, or query param. Filters can be
// used to specify additional processing steps. Backends specify where matching
// requests should be routed.
type HTTPRoute struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Spec defines the desired state of HTTPRoute.
Spec HTTPRouteSpec `json:"spec"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// HTTPRouteList contains a list of HTTPRoute.
type HTTPRouteList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []HTTPRoute `json:"items"`
}
// HTTPRouteSpec defines the desired state of HTTPRoute
type HTTPRouteSpec struct {
CommonRouteSpec `json:",inline"`
// Hostnames defines a set of hostname that should match against the HTTP
// Host header to select a HTTPRoute to process the request. This matches
// the RFC 1123 definition of a hostname with 2 notable exceptions:
//
// 1. IPs are not allowed.
// 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard
// label must appear by itself as the first label.
//
// If a hostname is specified by both the Listener and HTTPRoute, there
// must be at least one intersecting hostname for the HTTPRoute to be
// attached to the Listener. For example:
//
// * A Listener with `test.example.com` as the hostname matches HTTPRoutes
// that have either not specified any hostnames, or have specified at
// least one of `test.example.com` or `*.example.com`.
// * A Listener with `*.example.com` as the hostname matches HTTPRoutes
// that have either not specified any hostnames or have specified at least
// one hostname that matches the Listener hostname. For example,
// `test.example.com` and `*.example.com` would both match. On the other
// hand, `example.com` and `test.example.net` would not match.
//
// If both the Listener and HTTPRoute have specified hostnames, any
// HTTPRoute hostnames that do not match the Listener hostname MUST be
// ignored. For example, if a Listener specified `*.example.com`, and the
// HTTPRoute specified `test.example.com` and `test.example.net`,
// `test.example.net` must not be considered for a match.
//
// If both the Listener and HTTPRoute have specified hostnames, and none
// match with the criteria above, then the HTTPRoute is not accepted. The
// implementation must raise an 'Accepted' Condition with a status of
// `False` in the corresponding RouteParentStatus.
//
// Support: Core
//
// +optional
// +kubebuilder:validation:MaxItems=16
Hostnames []Hostname `json:"hostnames,omitempty"`
// Rules are a list of HTTP matchers, filters and actions.
//
// +optional
// +kubebuilder:validation:MaxItems=16
// +kubebuilder:default={{matches: {{path: {type: "PathPrefix", value: "/"}}}}}
Rules []HTTPRouteRule `json:"rules,omitempty"`
}
// HTTPRouteRule defines semantics for matching an HTTP request based on
// conditions (matches), processing it (filters), and forwarding the request to
// an API object (backendRefs).
type HTTPRouteRule struct {
// Matches define conditions used for matching the rule against incoming
// HTTP requests. Each match is independent, i.e. this rule will be matched
// if **any** one of the matches is satisfied.
//
// For example, take the following matches configuration:
//
// ```
// matches:
// - path:
// value: "/foo"
// headers:
// - name: "version"
// value: "v2"
// - path:
// value: "/v2/foo"
// ```
//
// For a request to match against this rule, a request must satisfy
// EITHER of the two conditions:
//
// - path prefixed with `/foo` AND contains the header `version: v2`
// - path prefix of `/v2/foo`
//
// See the documentation for HTTPRouteMatch on how to specify multiple
// match conditions that should be ANDed together.
//
// If no matches are specified, the default is a prefix
// path match on "/", which has the effect of matching every
// HTTP request.
//
// Proxy or Load Balancer routing configuration generated from HTTPRoutes
// MUST prioritize rules based on the following criteria, continuing on
// ties. Precedence must be given to the the Rule with the largest number
// of:
//
// * Characters in a matching non-wildcard hostname.
// * Characters in a matching hostname.
// * Characters in a matching path.
// * Header matches.
// * Query param matches.
//
// If ties still exist across multiple Routes, matching precedence MUST be
// determined in order of the following criteria, continuing on ties:
//
// * The oldest Route based on creation timestamp.
// * The Route appearing first in alphabetical order by
// "{namespace}/{name}".
//
// If ties still exist within the Route that has been given precedence,
// matching precedence MUST be granted to the first matching rule meeting
// the above criteria.
//
// +optional
// +kubebuilder:validation:MaxItems=8
// +kubebuilder:default={{path:{ type: "PathPrefix", value: "/"}}}
Matches []HTTPRouteMatch `json:"matches,omitempty"`
// Filters define the filters that are applied to requests that match
// this rule.
//
// The effects of ordering of multiple behaviors are currently unspecified.
// This can change in the future based on feedback during the alpha stage.
//
// Conformance-levels at this level are defined based on the type of filter:
//
// - ALL core filters MUST be supported by all implementations.
// - Implementers are encouraged to support extended filters.
// - Implementation-specific custom filters have no API guarantees across
// implementations.
//
// Specifying a core filter multiple times has unspecified or custom
// conformance.
//
// Support: Core
//
// +optional
// +kubebuilder:validation:MaxItems=16
Filters []HTTPRouteFilter `json:"filters,omitempty"`
// BackendRefs defines the backend(s) where matching requests should be
// sent.
// If unspecified or invalid (refers to a non-existent resource or a Service
// with no endpoints), the rule performs no forwarding. If there are also no
// filters specified that would result in a response being sent, a HTTP 503
// status code is returned. 503 responses must be sent so that the overall
// weight is respected; if an invalid backend is requested to have 80% of
// requests, then 80% of requests must get a 503 instead.
//
// Support: Core for Kubernetes Service
// Support: Custom for any other resource
//
// Support for weight: Core
//
// +optional
// +kubebuilder:validation:MaxItems=16
BackendRefs []HTTPBackendRef `json:"backendRefs,omitempty"`
}
// PathMatchType specifies the semantics of how HTTP paths should be compared.
// Valid PathMatchType values are:
//
// * "Exact"
// * "PathPrefix"
// * "RegularExpression"
//
// PathPrefix and Exact paths must be syntactically valid:
//
// - Must begin with the `/` character
// - Must not contain consecutive `/` characters (e.g. `/foo///`, `//`).
//
// +kubebuilder:validation:Enum=Exact;PathPrefix;RegularExpression
type PathMatchType string
const (
// Matches the URL path exactly and with case sensitivity.
PathMatchExact PathMatchType = "Exact"
// Matches based on a URL path prefix split by `/`. Matching is
// case sensitive and done on a path element by element basis. A
// path element refers to the list of labels in the path split by
// the `/` separator. When specified, a trailing `/` is ignored.
//
// For example. the paths `/abc`, `/abc/`, and `/abc/def` would all match
// the prefix `/abc`, but the path `/abcd` would not.
//
// "PathPrefix" is semantically equivalent to the "Prefix" path type in the
// Kubernetes Ingress API.
PathMatchPathPrefix PathMatchType = "PathPrefix"
// Matches if the URL path matches the given regular expression with
// case sensitivity.
//
// Since `"RegularExpression"` has custom conformance, implementations
// can support POSIX, PCRE, RE2 or any other regular expression dialect.
// Please read the implementation's documentation to determine the supported
// dialect.
PathMatchRegularExpression PathMatchType = "RegularExpression"
)
// HTTPPathMatch describes how to select a HTTP route by matching the HTTP request path.
type HTTPPathMatch struct {
// Type specifies how to match against the path Value.
//
// Support: Core (Exact, PathPrefix)
//
// Support: Custom (RegularExpression)
//
// +optional
// +kubebuilder:default=PathPrefix
Type *PathMatchType `json:"type,omitempty"`
// Value of the HTTP path to match against.
//
// +optional
// +kubebuilder:default="/"
// +kubebuilder:validation:MaxLength=1024
Value *string `json:"value,omitempty"`
}
// HeaderMatchType specifies the semantics of how HTTP header values should be
// compared. Valid HeaderMatchType values are:
//
// * "Exact"
// * "RegularExpression"
//
// +kubebuilder:validation:Enum=Exact;RegularExpression
type HeaderMatchType string
// HeaderMatchType constants.
const (
HeaderMatchExact HeaderMatchType = "Exact"
HeaderMatchRegularExpression HeaderMatchType = "RegularExpression"
)
// HTTPHeaderName is the name of an HTTP header.
//
// Valid values include:
//
// * "Authorization"
// * "Set-Cookie"
//
// Invalid values include:
//
// * ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
// headers are not currently supported by this type.
// * "/invalid" - "/" is an invalid character
//
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=256
// +kubebuilder:validation:Pattern=`^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$`
type HTTPHeaderName string
// HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request
// headers.
type HTTPHeaderMatch struct {
// Type specifies how to match against the value of the header.
//
// Support: Core (Exact)
//
// Support: Custom (RegularExpression)
//
// Since RegularExpression HeaderMatchType has custom conformance,
// implementations can support POSIX, PCRE or any other dialects of regular
// expressions. Please read the implementation's documentation to determine
// the supported dialect.
//
// +optional
// +kubebuilder:default=Exact
Type *HeaderMatchType `json:"type,omitempty"`
// Name is the name of the HTTP Header to be matched. Name matching MUST be
// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
//
// If multiple entries specify equivalent header names, only the first
// entry with an equivalent name MUST be considered for a match. Subsequent
// entries with an equivalent header name MUST be ignored. Due to the
// case-insensitivity of header names, "foo" and "Foo" are considered
// equivalent.
//
// When a header is repeated in an HTTP request, it is
// implementation-specific behavior as to how this is represented.
// Generally, proxies should follow the guidance from the RFC:
// https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
// processing a repeated header, with special handling for "Set-Cookie".
Name HTTPHeaderName `json:"name"`
// Value is the value of HTTP Header to be matched.
//
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=4096
Value string `json:"value"`
}
// QueryParamMatchType specifies the semantics of how HTTP query parameter
// values should be compared. Valid QueryParamMatchType values are:
//
// * "Exact"
// * "RegularExpression"
//
// +kubebuilder:validation:Enum=Exact;RegularExpression
type QueryParamMatchType string
// QueryParamMatchType constants.
const (
QueryParamMatchExact QueryParamMatchType = "Exact"
QueryParamMatchRegularExpression QueryParamMatchType = "RegularExpression"
)
// HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP
// query parameters.
type HTTPQueryParamMatch struct {
// Type specifies how to match against the value of the query parameter.
//
// Support: Extended (Exact)
//
// Support: Custom (RegularExpression)
//
// Since RegularExpression QueryParamMatchType has custom conformance,
// implementations can support POSIX, PCRE or any other dialects of regular
// expressions. Please read the implementation's documentation to determine
// the supported dialect.
//
// +optional
// +kubebuilder:default=Exact
Type *QueryParamMatchType `json:"type,omitempty"`
// Name is the name of the HTTP query param to be matched. This must be an
// exact string match. (See
// https://tools.ietf.org/html/rfc7230#section-2.7.3).
//
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=256
Name string `json:"name"`
// Value is the value of HTTP query param to be matched.
//
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=1024
Value string `json:"value"`
}
// HTTPMethod describes how to select a HTTP route by matching the HTTP
// method as defined by
// [RFC 7231](https://datatracker.ietf.org/doc/html/rfc7231#section-4) and
// [RFC 5789](https://datatracker.ietf.org/doc/html/rfc5789#section-2).
// The value is expected in upper case.
// +kubebuilder:validation:Enum=GET;HEAD;POST;PUT;DELETE;CONNECT;OPTIONS;TRACE;PATCH
type HTTPMethod string
const (
HTTPMethodGet HTTPMethod = "GET"
HTTPMethodHead HTTPMethod = "HEAD"
HTTPMethodPost HTTPMethod = "POST"
HTTPMethodPut HTTPMethod = "PUT"
HTTPMethodDelete HTTPMethod = "DELETE"
HTTPMethodConnect HTTPMethod = "CONNECT"
HTTPMethodOptions HTTPMethod = "OPTIONS"
HTTPMethodTrace HTTPMethod = "TRACE"
HTTPMethodPatch HTTPMethod = "PATCH"
)
// HTTPRouteMatch defines the predicate used to match requests to a given
// action. Multiple match types are ANDed together, i.e. the match will
// evaluate to true only if all conditions are satisfied.
//
// For example, the match below will match a HTTP request only if its path
// starts with `/foo` AND it contains the `version: v1` header:
//
// ```
// match:
// path:
// value: "/foo"
// headers:
// - name: "version"
// value "v1"
// ```
type HTTPRouteMatch struct {
// Path specifies a HTTP request path matcher. If this field is not
// specified, a default prefix match on the "/" path is provided.
//
// +optional
// +kubebuilder:default={type: "PathPrefix", value: "/"}
Path *HTTPPathMatch `json:"path,omitempty"`
// Headers specifies HTTP request header matchers. Multiple match values are
// ANDed together, meaning, a request must match all the specified headers
// to select the route.
//
// +listType=map
// +listMapKey=name
// +optional
// +kubebuilder:validation:MaxItems=16
Headers []HTTPHeaderMatch `json:"headers,omitempty"`
// QueryParams specifies HTTP query parameter matchers. Multiple match
// values are ANDed together, meaning, a request must match all the
// specified query parameters to select the route.
//
// +listType=map
// +listMapKey=name
// +optional
// +kubebuilder:validation:MaxItems=16
QueryParams []HTTPQueryParamMatch `json:"queryParams,omitempty"`
// Method specifies HTTP method matcher.
// When specified, this route will be matched only if the request has the
// specified method.
//
// Support: Extended
//
// +optional
Method *HTTPMethod `json:"method,omitempty"`
}
// HTTPRouteFilter defines processing steps that must be completed during the
// request or response lifecycle. HTTPRouteFilters are meant as an extension
// point to express processing that may be done in Gateway implementations. Some
// examples include request or response modification, implementing
// authentication strategies, rate-limiting, and traffic shaping. API
// guarantee/conformance is defined based on the type of the filter.
type HTTPRouteFilter struct {
// Type identifies the type of filter to apply. As with other API fields,
// types are classified into three conformance levels:
//
// - Core: Filter types and their corresponding configuration defined by
// "Support: Core" in this package, e.g. "RequestHeaderModifier". All
// implementations must support core filters.
//
// - Extended: Filter types and their corresponding configuration defined by
// "Support: Extended" in this package, e.g. "RequestMirror". Implementers
// are encouraged to support extended filters.
//
// - Custom: Filters that are defined and supported by specific vendors.
// In the future, filters showing convergence in behavior across multiple
// implementations will be considered for inclusion in extended or core
// conformance levels. Filter-specific configuration for such filters
// is specified using the ExtensionRef field. `Type` should be set to
// "ExtensionRef" for custom filters.
//
// Implementers are encouraged to define custom implementation types to
// extend the core API with implementation-specific behavior.
//
// If a reference to a custom filter type cannot be resolved, the filter
// MUST NOT be skipped. Instead, requests that would have been processed by
// that filter MUST receive a HTTP error response.
//
// +unionDiscriminator
// +kubebuilder:validation:Enum=RequestHeaderModifier;RequestMirror;RequestRedirect;ExtensionRef
// <gateway:experimental:validation:Enum=RequestHeaderModifier;RequestMirror;RequestRedirect;URLRewrite;ExtensionRef>
Type HTTPRouteFilterType `json:"type"`
// RequestHeaderModifier defines a schema for a filter that modifies request
// headers.
//
// Support: Core
//
// +optional
RequestHeaderModifier *HTTPRequestHeaderFilter `json:"requestHeaderModifier,omitempty"`
// RequestMirror defines a schema for a filter that mirrors requests.
// Requests are sent to the specified destination, but responses from
// that destination are ignored.
//
// Support: Extended
//
// +optional
RequestMirror *HTTPRequestMirrorFilter `json:"requestMirror,omitempty"`
// RequestRedirect defines a schema for a filter that responds to the
// request with an HTTP redirection.
//
// Support: Core
//
// +optional
RequestRedirect *HTTPRequestRedirectFilter `json:"requestRedirect,omitempty"`
// URLRewrite defines a schema for a filter that responds to the
// request with an HTTP redirection.
//
// Support: Extended
//
// <gateway:experimental>
// +optional
URLRewrite *HTTPURLRewriteFilter `json:"urlRewrite,omitempty"`
// ExtensionRef is an optional, implementation-specific extension to the
// "filter" behavior. For example, resource "myroutefilter" in group
// "networking.example.net"). ExtensionRef MUST NOT be used for core and
// extended filters.
//
// Support: Implementation-specific
//
// +optional
ExtensionRef *LocalObjectReference `json:"extensionRef,omitempty"`
}
// HTTPRouteFilterType identifies a type of HTTPRoute filter.
type HTTPRouteFilterType string
const (
// HTTPRouteFilterRequestHeaderModifier can be used to add or remove an HTTP
// header from an HTTP request before it is sent to the upstream target.
//
// Support in HTTPRouteRule: Core
//
// Support in HTTPBackendRef: Extended
HTTPRouteFilterRequestHeaderModifier HTTPRouteFilterType = "RequestHeaderModifier"
// HTTPRouteFilterRequestRedirect can be used to redirect a request to
// another location. This filter can also be used for HTTP to HTTPS
// redirects. This may not be used on the same Route rule or BackendRef as a
// URLRewrite filter.
//
// Support in HTTPRouteRule: Core
//
// Support in HTTPBackendRef: Extended
HTTPRouteFilterRequestRedirect HTTPRouteFilterType = "RequestRedirect"
// HTTPRouteFilterURLRewrite can be used to modify a request during
// forwarding. At most one of these filters may be used on a Route rule.
// This may not be used on the same Route rule or BackendRef as a
// RequestRedirect filter.
//
// Support in HTTPRouteRule: Extended
//
// Support in HTTPBackendRef: Extended
//
// <gateway:experimental>
HTTPRouteFilterURLRewrite HTTPRouteFilterType = "URLRewrite"
// HTTPRouteFilterRequestMirror can be used to mirror HTTP requests to a
// different backend. The responses from this backend MUST be ignored by
// the Gateway.
//
// Support in HTTPRouteRule: Extended
//
// Support in HTTPBackendRef: Extended
HTTPRouteFilterRequestMirror HTTPRouteFilterType = "RequestMirror"
// HTTPRouteFilterExtensionRef should be used for configuring custom
// HTTP filters.
//
// Support in HTTPRouteRule: Custom
//
// Support in HTTPBackendRef: Custom
HTTPRouteFilterExtensionRef HTTPRouteFilterType = "ExtensionRef"
)
// HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
type HTTPHeader struct {
// Name is the name of the HTTP Header to be matched. Name matching MUST be
// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
//
// If multiple entries specify equivalent header names, the first entry with
// an equivalent name MUST be considered for a match. Subsequent entries
// with an equivalent header name MUST be ignored. Due to the
// case-insensitivity of header names, "foo" and "Foo" are considered
// equivalent.
Name HTTPHeaderName `json:"name"`
// Value is the value of HTTP Header to be matched.
//
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=4096
Value string `json:"value"`
}
// HTTPRequestHeaderFilter defines configuration for the RequestHeaderModifier
// filter.
type HTTPRequestHeaderFilter struct {
// Set overwrites the request with the given header (name, value)
// before the action.
//
// Input:
// GET /foo HTTP/1.1
// my-header: foo
//
// Config:
// set:
// - name: "my-header"
// value: "bar"
//
// Output:
// GET /foo HTTP/1.1
// my-header: bar
//
// +optional
// +listType=map
// +listMapKey=name
// +kubebuilder:validation:MaxItems=16
Set []HTTPHeader `json:"set,omitempty"`
// Add adds the given header(s) (name, value) to the request
// before the action. It appends to any existing values associated
// with the header name.
//
// Input:
// GET /foo HTTP/1.1
// my-header: foo
//
// Config:
// add:
// - name: "my-header"
// value: "bar"
//
// Output:
// GET /foo HTTP/1.1
// my-header: foo
// my-header: bar
//
// +optional
// +listType=map
// +listMapKey=name
// +kubebuilder:validation:MaxItems=16
Add []HTTPHeader `json:"add,omitempty"`
// Remove the given header(s) from the HTTP request before the action. The
// value of Remove is a list of HTTP header names. Note that the header
// names are case-insensitive (see
// https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
//
// Input:
// GET /foo HTTP/1.1
// my-header1: foo
// my-header2: bar
// my-header3: baz
//
// Config:
// remove: ["my-header1", "my-header3"]
//
// Output:
// GET /foo HTTP/1.1
// my-header2: bar
//
// +optional
// +kubebuilder:validation:MaxItems=16
Remove []string `json:"remove,omitempty"`
}
// HTTPPathModifierType defines the type of path redirect.
type HTTPPathModifierType string
const (
// This type of modifier indicates that the complete path will be replaced
// by the path redirect value.
AbsoluteHTTPPathModifier HTTPPathModifierType = "Absolute"
// This type of modifier indicates that any prefix path matches will be
// replaced by the substitution value. For example, a path with a prefix
// match of "/foo" and a ReplacePrefixMatch substitution of "/bar" will have
// the "/foo" prefix replaced with "/bar" in matching requests.
PrefixMatchHTTPPathModifier HTTPPathModifierType = "ReplacePrefixMatch"
)
// HTTPPathModifier defines configuration for path modifiers.
// <gateway:experimental>
type HTTPPathModifier struct {
// Type defines the type of path modifier.
//
// <gateway:experimental>
// +kubebuilder:validation:Enum=Absolute;ReplacePrefixMatch
Type HTTPPathModifierType `json:"type"`
// Substitution defines the HTTP path value to substitute. An empty value
// ("") indicates that the portion of the path to be changed should be
// removed from the resulting path. For example, a request to "/foo/bar"
// with a prefix match of "/foo" would be modified to "/bar".
//
// <gateway:experimental>
// +kubebuilder:validation:MaxLength=1024
Substitution string `json:"substitution"`
}
// HTTPRequestRedirect defines a filter that redirects a request. This filter
// MUST not be used on the same Route rule as a HTTPURLRewrite filter.
type HTTPRequestRedirectFilter struct {
// Scheme is the scheme to be used in the value of the `Location`
// header in the response.
// When empty, the scheme of the request is used.
//
// Support: Extended
//
// +optional
// +kubebuilder:validation:Enum=http;https
Scheme *string `json:"scheme,omitempty"`
// Hostname is the hostname to be used in the value of the `Location`
// header in the response.
// When empty, the hostname of the request is used.
//
// Support: Core
//
// +optional
Hostname *PreciseHostname `json:"hostname,omitempty"`
// Path defines parameters used to modify the path of the incoming request.
// The modified path is then used to construct the `Location` header. When
// empty, the request path is used as-is.
//
// Support: Extended
//
// <gateway:experimental>
// +optional
Path *HTTPPathModifier `json:"path,omitempty"`
// Port is the port to be used in the value of the `Location`
// header in the response.
// When empty, port (if specified) of the request is used.
//
// Support: Extended
//
// +optional
Port *PortNumber `json:"port,omitempty"`
// StatusCode is the HTTP status code to be used in response.
//
// Support: Core
//
// +optional
// +kubebuilder:default=302
// +kubebuilder:validation:Enum=301;302
StatusCode *int `json:"statusCode,omitempty"`
}
// HTTPURLRewriteFilter defines a filter that modifies a request during
// forwarding. At most one of these filters may be used on a Route rule. This
// may not be used on the same Route rule as a HTTPRequestRedirect filter.
//
// <gateway:experimental>
// Support: Extended
type HTTPURLRewriteFilter struct {
// Hostname is the value to be used to replace the Host header value during
// forwarding.
//
// Support: Extended
//
// <gateway:experimental>
// +optional
Hostname *Hostname `json:"hostname,omitempty"`
// Path defines a path rewrite.
//
// Support: Extended
//
// <gateway:experimental>
// +optional
Path *HTTPPathModifier `json:"path,omitempty"`
}
// HTTPRequestMirrorFilter defines configuration for the RequestMirror filter.
type HTTPRequestMirrorFilter struct {
// BackendRef references a resource where mirrored requests are sent.
//
// If the referent cannot be found, this BackendRef is invalid and must be
// dropped from the Gateway. The controller must ensure the "ResolvedRefs"
// condition on the Route status is set to `status: False` and not configure
// this backend in the underlying implementation.
//
// If there is a cross-namespace reference to an *existing* object
// that is not allowed by a ReferencePolicy, the controller must ensure the
// "ResolvedRefs" condition on the Route is set to `status: False`,
// with the "RefNotPermitted" reason and not configure this backend in the
// underlying implementation.
//
// In either error case, the Message of the `ResolvedRefs` Condition
// should be used to provide more detail about the problem.
//
// Support: Extended for Kubernetes Service
// Support: Custom for any other resource
BackendRef BackendObjectReference `json:"backendRef"`
}
// HTTPBackendRef defines how a HTTPRoute should forward an HTTP request.
type HTTPBackendRef struct {
// BackendRef is a reference to a backend to forward matched requests to.
//
// If the referent cannot be found, this HTTPBackendRef is invalid and must
// be dropped from the Gateway. The controller must ensure the
// "ResolvedRefs" condition on the Route is set to `status: False` and not
// configure this backend in the underlying implementation.
//
// If there is a cross-namespace reference to an *existing* object
// that is not covered by a ReferencePolicy, the controller must ensure the
// "ResolvedRefs" condition on the Route is set to `status: False`,
// with the "RefNotPermitted" reason and not configure this backend in the
// underlying implementation.
//
// In either error case, the Message of the `ResolvedRefs` Condition
// should be used to provide more detail about the problem.
//
// Support: Custom
//
// +optional
BackendRef `json:",inline"`
// Filters defined at this level should be executed if and only if the
// request is being forwarded to the backend defined here.
//
// Support: Custom (For broader support of filters, use the Filters field
// in HTTPRouteRule.)
//
// +optional
// +kubebuilder:validation:MaxItems=16
Filters []HTTPRouteFilter `json:"filters,omitempty"`
}
// HTTPRouteStatus defines the observed state of HTTPRoute.
type HTTPRouteStatus struct {
RouteStatus `json:",inline"`
}
// Hostname is the fully qualified domain name of a network host. This matches
// the RFC 1123 definition of a hostname with 2 notable exceptions:
//
// 1. IPs are not allowed.
// 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard
// label must appear by itself as the first label.
//
// Hostname can be "precise" which is a domain name without the terminating
// dot of a network host (e.g. "foo.example.com") or "wildcard", which is a
// domain name prefixed with a single wildcard label (e.g. `*.example.com`).
//
// Note that as per RFC1035 and RFC1123, a *label* must consist of lower case
// alphanumeric characters or '-', and must start and end with an alphanumeric
// character. No other punctuation is allowed.
//
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=253
// +kubebuilder:validation:Pattern=`^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
type Hostname string
// PortNumber defines a network port.
//
// +kubebuilder:validation:Minimum=1
// +kubebuilder:validation:Maximum=65535
type PortNumber int32

131
pkg/apis/gatewayapi/v1alpha2/object_reference_types.go Normal file
View File

@@ -0,0 +1,131 @@
/*
Copyright 2020 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
// LocalObjectReference identifies an API object within the namespace of the
// referrer.
// The API object must be valid in the cluster; the Group and Kind must
// be registered in the cluster for this reference to be valid.
//
// References to objects with invalid Group and Kind are not valid, and must
// be rejected by the implementation, with appropriate Conditions set
// on the containing object.
type LocalObjectReference struct {
// Group is the group of the referent. For example, "networking.k8s.io".
// When unspecified (empty string), core API group is inferred.
Group Group `json:"group"`
// Kind is kind of the referent. For example "HTTPRoute" or "Service".
Kind Kind `json:"kind"`
// Name is the name of the referent.
Name ObjectName `json:"name"`
}
// SecretObjectReference identifies an API object including its namespace,
// defaulting to Secret.
//
// The API object must be valid in the cluster; the Group and Kind must
// be registered in the cluster for this reference to be valid.
//
// References to objects with invalid Group and Kind are not valid, and must
// be rejected by the implementation, with appropriate Conditions set
// on the containing object.
type SecretObjectReference struct {
// Group is the group of the referent. For example, "networking.k8s.io".
// When unspecified (empty string), core API group is inferred.
//
// +optional
// +kubebuilder:default=""
Group *Group `json:"group"`
// Kind is kind of the referent. For example "HTTPRoute" or "Service".
//
// +optional
// +kubebuilder:default=Secret
Kind *Kind `json:"kind"`
// Name is the name of the referent.
Name ObjectName `json:"name"`
// Namespace is the namespace of the backend. When unspecified, the local
// namespace is inferred.
//
// Note that when a namespace is specified, a ReferencePolicy object
// is required in the referent namespace to allow that namespace's
// owner to accept the reference. See the ReferencePolicy documentation
// for details.
//
// Support: Core
//
// +optional
Namespace *Namespace `json:"namespace,omitempty"`
}
// BackendObjectReference defines how an ObjectReference that is
// specific to BackendRef. It includes a few additional fields and features
// than a regular ObjectReference.
//
// Note that when a namespace is specified, a ReferencePolicy object
// is required in the referent namespace to allow that namespace's
// owner to accept the reference. See the ReferencePolicy documentation
// for details.
//
// The API object must be valid in the cluster; the Group and Kind must
// be registered in the cluster for this reference to be valid.
//
// References to objects with invalid Group and Kind are not valid, and must
// be rejected by the implementation, with appropriate Conditions set
// on the containing object.
type BackendObjectReference struct {
// Group is the group of the referent. For example, "networking.k8s.io".
// When unspecified (empty string), core API group is inferred.
//
// +optional
// +kubebuilder:default=""
Group *Group `json:"group,omitempty"`
// Kind is kind of the referent. For example "HTTPRoute" or "Service".
//
// +optional
// +kubebuilder:default=Service
Kind *Kind `json:"kind,omitempty"`
// Name is the name of the referent.
Name ObjectName `json:"name"`
// Namespace is the namespace of the backend. When unspecified, the local
// namespace is inferred.
//
// Note that when a namespace is specified, a ReferencePolicy object
// is required in the referent namespace to allow that namespace's
// owner to accept the reference. See the ReferencePolicy documentation
// for details.
//
// Support: Core
//
// +optional
Namespace *Namespace `json:"namespace,omitempty"`
// Port specifies the destination port number to use for this resource.
// Port is required when the referent is a Kubernetes Service.
// For other resources, destination port might be derived from the referent
// resource or this field.
//
// +optional
Port *PortNumber `json:"port,omitempty"`
}

39
pkg/apis/gatewayapi/v1alpha2/register.go Normal file
View File

@@ -0,0 +1,39 @@
package v1alpha2
import (
"github.com/fluxcd/flagger/pkg/apis/gatewayapi"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
)
// SchemeGroupVersion is the identifier for the API which includes
// the name of the group and the version of the API
var SchemeGroupVersion = schema.GroupVersion{Group: gatewayapi.GroupName, Version: "v1alpha2"}
// Resource takes an unqualified resource and returns a Group qualified GroupResource
func Resource(resource string) schema.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}
var (
// SchemeBuilder collects functions that add things to a scheme. It's to allow
// code to compile without explicitly referencing generated types. You should
// declare one in each package that will have generated deep copy or conversion
// functions.
SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
// AddToScheme applies all the stored functions to the scheme. A non-nil error
// indicates that one function failed and the attempt was abandoned.
AddToScheme = SchemeBuilder.AddToScheme
)
// Adds the list of known types to Scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&HTTPRoute{},
&HTTPRouteList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil
}

427
pkg/apis/gatewayapi/v1alpha2/shared_types.go Normal file
View File

@@ -0,0 +1,427 @@
/*
Copyright 2020 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// ParentReference identifies an API object (usually a Gateway) that can be considered
// a parent of this resource (usually a route). The only kind of parent resource
// with "Core" support is Gateway. This API may be extended in the future to
// support additional kinds of parent resources, such as HTTPRoute.
//
// The API object must be valid in the cluster; the Group and Kind must
// be registered in the cluster for this reference to be valid.
//
// References to objects with invalid Group and Kind are not valid, and must
// be rejected by the implementation, with appropriate Conditions set
// on the containing object.
type ParentReference struct {
// Group is the group of the referent.
//
// Support: Core
//
// +kubebuilder:default=gateway.networking.k8s.io
// +optional
Group *Group `json:"group,omitempty"`
// Kind is kind of the referent.
//
// Support: Core (Gateway)
// Support: Custom (Other Resources)
//
// +kubebuilder:default=Gateway
// +optional
Kind *Kind `json:"kind,omitempty"`
// Namespace is the namespace of the referent. When unspecified (or empty
// string), this refers to the local namespace of the Route.
//
// Support: Core
//
// +optional
Namespace *Namespace `json:"namespace,omitempty"`
// Name is the name of the referent.
//
// Support: Core
Name ObjectName `json:"name"`
// SectionName is the name of a section within the target resource. In the
// following resources, SectionName is interpreted as the following:
//
// * Gateway: Listener Name
//
// Implementations MAY choose to support attaching Routes to other resources.
// If that is the case, they MUST clearly document how SectionName is
// interpreted.
//
// When unspecified (empty string), this will reference the entire resource.
// For the purpose of status, an attachment is considered successful if at
// least one section in the parent resource accepts it. For example, Gateway
// listeners can restrict which Routes can attach to them by Route kind,
// namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
// the referencing Route, the Route MUST be considered successfully
// attached. If no Gateway listeners accept attachment from this Route, the
// Route MUST be considered detached from the Gateway.
//
// Support: Core
//
// +optional
SectionName *SectionName `json:"sectionName,omitempty"`
}
// CommonRouteSpec defines the common attributes that all Routes MUST include
// within their spec.
type CommonRouteSpec struct {
// ParentRefs references the resources (usually Gateways) that a Route wants
// to be attached to. Note that the referenced parent resource needs to
// allow this for the attachment to be complete. For Gateways, that means
// the Gateway needs to allow attachment from Routes of this kind and
// namespace.
//
// The only kind of parent resource with "Core" support is Gateway. This API
// may be extended in the future to support additional kinds of parent
// resources such as one of the route kinds.
//
// It is invalid to reference an identical parent more than once. It is
// valid to reference multiple distinct sections within the same parent
// resource, such as 2 Listeners within a Gateway.
//
// It is possible to separately reference multiple distinct objects that may
// be collapsed by an implementation. For example, some implementations may
// choose to merge compatible Gateway Listeners together. If that is the
// case, the list of routes attached to those resources should also be
// merged.
//
// +optional
// +kubebuilder:validation:MaxItems=32
ParentRefs []ParentReference `json:"parentRefs,omitempty"`
}
// BackendRef defines how a Route should forward a request to a Kubernetes
// resource.
//
// Note that when a namespace is specified, a ReferencePolicy object
// is required in the referent namespace to allow that namespace's
// owner to accept the reference. See the ReferencePolicy documentation
// for details.
type BackendRef struct {
// BackendObjectReference references a Kubernetes object.
BackendObjectReference `json:",inline"`
// Weight specifies the proportion of requests forwarded to the referenced
// backend. This is computed as weight/(sum of all weights in this
// BackendRefs list). For non-zero values, there may be some epsilon from
// the exact proportion defined here depending on the precision an
// implementation supports. Weight is not a percentage and the sum of
// weights does not need to equal 100.
//
// If only one backend is specified and it has a weight greater than 0, 100%
// of the traffic is forwarded to that backend. If weight is set to 0, no
// traffic should be forwarded for this entry. If unspecified, weight
// defaults to 1.
//
// Support for this field varies based on the context where used.
//
// +optional
// +kubebuilder:default=1
// +kubebuilder:validation:Minimum=0
// +kubebuilder:validation:Maximum=1000000
Weight *int32 `json:"weight,omitempty"`
}
// RouteConditionType is a type of condition for a route.
type RouteConditionType string
const (
// This condition indicates whether the route has been accepted or rejected
// by a Gateway, and why.
ConditionRouteAccepted RouteConditionType = "Accepted"
// This condition indicates whether the controller was able to resolve all
// the object references for the Route.
ConditionRouteResolvedRefs RouteConditionType = "ResolvedRefs"
)
// RouteParentStatus describes the status of a route with respect to an
// associated Parent.
type RouteParentStatus struct {
// ParentRef corresponds with a ParentRef in the spec that this
// RouteParentStatus struct describes the status of.
ParentRef ParentReference `json:"parentRef"`
// ControllerName is a domain/path string that indicates the name of the
// controller that wrote this status. This corresponds with the
// controllerName field on GatewayClass.
//
// Example: "example.net/gateway-controller".
//
// The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are
// valid Kubernetes names
// (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
ControllerName GatewayController `json:"controllerName"`
// Conditions describes the status of the route with respect to the Gateway.
// Note that the route's availability is also subject to the Gateway's own
// status conditions and listener status.
//
// If the Route's ParentRef specifies an existing Gateway that supports
// Routes of this kind AND that Gateway's controller has sufficient access,
// then that Gateway's controller MUST set the "Accepted" condition on the
// Route, to indicate whether the route has been accepted or rejected by the
// Gateway, and why.
//
// A Route MUST be considered "Accepted" if at least one of the Route's
// rules is implemented by the Gateway.
//
// There are a number of cases where the "Accepted" condition may not be set
// due to lack of controller visibility, that includes when:
//
// * The Route refers to a non-existent parent.
// * The Route is of a type that the controller does not support.
// * The Route is in a namespace the the controller does not have access to.
//
// +listType=map
// +listMapKey=type
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:MaxItems=8
Conditions []metav1.Condition `json:"conditions,omitempty"`
}
// RouteStatus defines the common attributes that all Routes MUST include within
// their status.
type RouteStatus struct {
// Parents is a list of parent resources (usually Gateways) that are
// associated with the route, and the status of the route with respect to
// each parent. When this route attaches to a parent, the controller that
// manages the parent must add an entry to this list when the controller
// first sees the route and should update the entry as appropriate when the
// route or gateway is modified.
//
// Note that parent references that cannot be resolved by an implementation
// of this API will not be added to this list. Implementations of this API
// can only populate Route status for the Gateways/parent resources they are
// responsible for.
//
// A maximum of 32 Gateways will be represented in this list. An empty list
// means the route has not been attached to any Gateway.
//
// +kubebuilder:validation:MaxItems=32
Parents []RouteParentStatus `json:"parents"`
}
// PreciseHostname is the fully qualified domain name of a network host. This matches
// the RFC 1123 definition of a hostname with 1 notable exception that
// numeric IP addresses are not allowed.
//
// PreciseHostname can be "precise" which is a domain name without the terminating
// dot of a network host (e.g. "foo.example.com").
//
// Note that as per RFC1035 and RFC1123, a *label* must consist of lower case
// alphanumeric characters or '-', and must start and end with an alphanumeric
// character. No other punctuation is allowed.
//
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=253
// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
type PreciseHostname string
// Group refers to a Kubernetes Group. It must either be an empty string or a
// RFC 1123 subdomain.
//
// This validation is based off of the corresponding Kubernetes validation:
// https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L208
//
// Valid values include:
//
// * "" - empty string implies core Kubernetes API group
// * "networking.k8s.io"
// * "foo.example.com"
//
// Invalid values include:
//
// * "example.com/bar" - "/" is an invalid character
//
// +kubebuilder:validation:MaxLength=253
// +kubebuilder:validation:Pattern=`^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
type Group string
// Kind refers to a Kubernetes Kind.
//
// Valid values include:
//
// * "Service"
// * "HTTPRoute"
//
// Invalid values include:
//
// * "invalid/kind" - "/" is an invalid character
//
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=63
// +kubebuilder:validation:Pattern=`^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$`
type Kind string
// ObjectName refers to the name of a Kubernetes object.
// Object names can have a variety of forms, including RFC1123 subdomains,
// RFC 1123 labels, or RFC 1035 labels.
//
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=253
type ObjectName string
// Namespace refers to a Kubernetes namespace. It must be a RFC 1123 label.
//
// This validation is based off of the corresponding Kubernetes validation:
// https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L187
//
// This is used for Namespace name validation here:
// https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/api/validation/generic.go#L63
//
// Valid values include:
//
// * "example"
//
// Invalid values include:
//
// * "example.com" - "." is an invalid character
//
// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?$`
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=63
type Namespace string
// SectionName is the name of a section in a Kubernetes resource.
//
// This validation is based off of the corresponding Kubernetes validation:
// https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L208
//
// Valid values include:
//
// * "example.com"
// * "foo.example.com"
//
// Invalid values include:
//
// * "example.com/bar" - "/" is an invalid character
//
// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=253
type SectionName string
// GatewayController is the name of a Gateway API controller. It must be a
// domain prefixed path.
//
// Valid values include:
//
// * "example.com/bar"
//
// Invalid values include:
//
// * "example.com" - must include path
// * "foo.example.com" - must include path
//
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=253
// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$`
type GatewayController string
// AddressRouteMatches defines AddressMatch rules for inbound traffic according to
// source and/or destination address of a packet or connection.
type AddressRouteMatches struct {
// SourceAddresses indicates the originating (source) network
// addresses which are valid for routing traffic.
//
// Support: Extended
SourceAddresses []AddressMatch `json:"sourceAddresses"`
// DestinationAddresses indicates the destination network addresses
// which are valid for routing traffic.
//
// Support: Extended
DestinationAddresses []AddressMatch `json:"destinationAddresses"`
}
// AddressMatch defines matching rules for network addresses by type.
type AddressMatch struct {
// Type of the address, either IPAddress or NamedAddress.
//
// If NamedAddress is used this is a custom and specific value for each
// implementation to handle (and add validation for) according to their
// own needs.
//
// For IPAddress the implementor may expect either IPv4 or IPv6.
//
// Support: Core (IPAddress)
// Support: Custom (NamedAddress)
//
// +optional
// +kubebuilder:validation:Enum=IPAddress;NamedAddress
// +kubebuilder:default=IPAddress
Type *AddressType `json:"type,omitempty"`
// Value of the address. The validity of the values will depend
// on the type and support by the controller.
//
// If implementations support proxy-protocol (see:
// https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) they
// must respect the connection metadata from proxy-protocol
// in the match logic implemented for these address values.
//
// Examples: `1.2.3.4`, `128::1`, `my-named-address`.
//
// Support: Core
//
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=253
Value string `json:"value"`
}
// AddressType defines how a network address is represented as a text string.
type AddressType string
const (
// A textual representation of a numeric IP address. IPv4
// addresses must be in dotted-decimal form. IPv6 addresses
// must be in a standard IPv6 text representation
// (see [RFC 5952](https://tools.ietf.org/html/rfc5952)).
//
// This type is intended for specific addresses. Address ranges are not
// supported (e.g. you can not use a CIDR range like 127.0.0.0/24 as an
// IPAddress).
//
// Support: Extended
IPAddressType AddressType = "IPAddress"
// A Hostname represents a DNS based ingress point. This is similar to the
// corresponding hostname field in Kubernetes load balancer status. For
// example, this concept may be used for cloud load balancers where a DNS
// name is used to expose a load balancer.
//
// Support: Extended
HostnameAddressType AddressType = "Hostname"
// A NamedAddress provides a way to reference a specific IP address by name.
// For example, this may be a name or other unique identifier that refers
// to a resource on a cloud provider such as a static IP.
//
// Support: Implementation-Specific
NamedAddressType AddressType = "NamedAddress"
)

Some files were not shown because too many files have changed in this diff Show More