Bump website build

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>

.gitbook.yaml

@@ -1,11 +1,11 @@
 root: ./docs/gitbook
 
+
 redirects:
   how-it-works: usage/how-it-works.md
   usage/progressive-delivery: tutorials/istio-progressive-delivery.md
   usage/ab-testing: tutorials/istio-ab-testing.md
   usage/blue-green: tutorials/kubernetes-blue-green.md
-  usage/appmesh-progressive-delivery: tutorials/appmesh-progressive-delivery.md
   usage/linkerd-progressive-delivery: tutorials/linkerd-progressive-delivery.md
   usage/contour-progressive-delivery: tutorials/contour-progressive-delivery.md
   usage/gloo-progressive-delivery: tutorials/gloo-progressive-delivery.md
@@ -13,6 +13,7 @@ redirects:
   usage/skipper-progressive-delivery: tutorials/skipper-progressive-delivery.md
   usage/crossover-progressive-delivery: tutorials/crossover-progressive-delivery.md
   usage/traefik-progressive-delivery: tutorials/traefik-progressive-delivery.md
-  usage/osm-progressive-delivery: tutorials/osm-progressive-delivery.md
   usage/kuma-progressive-delivery: tutorials/kuma-progressive-delivery.md
   usage/gatewayapi-progressive-delivery: tutorials/gatewayapi-progressive-delivery.md
+  usage/apisix-progressive-delivery: tutorials/apisix-progressive-delivery.md
+  usage/knative-progressive-delivery: tutorials/knative-progressive-delivery.md

.github/CODEOWNERS

@@ -1 +1 @@
-*   @stefanprodan
+*   @stefanprodan @aryan9600

.github/dependabot.yml

@@ -3,5 +3,15 @@ version: 2
 updates:
   - package-ecosystem: "github-actions"
     directory: "/"
+    labels: ["area/ci", "dependencies"]
+    groups:
+      # Group all updates together, so that they are all applied in a single PR.
+      # Grouped updates are currently in beta and is subject to change.
+      # xref: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups
+      ci:
+        patterns:
+          - "*"
     schedule:
+      # By default, this will be on a monday.
       interval: "weekly"
+

.github/workflows/build.yaml

@@ -14,27 +14,25 @@ permissions:
 
 jobs:
   build-flagger:
-    runs-on: ubuntu-latest
+    runs-on:
+      group: "Default Larger Runners"
+      labels: ubuntu-latest-16-cores
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
-      - name: Restore Go cache
-        uses: actions/cache@v3.0.11
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
+        uses: actions/checkout@v5
       - name: Setup Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v6
         with:
-          go-version: 1.19.x
+          go-version: 1.25.x
+          cache-dependency-path: |
+            **/go.sum
+            **/go.mod
       - name: Download modules
         run: |
           go mod download
-          go install golang.org/x/tools/cmd/goimports
+          go install golang.org/x/tools/cmd/goimports@latest
       - name: Run linters
-        run: make test-fmt test-codegen
+        run: make fmt test-codegen
       - name: Verify CRDs
         run: make verify-crd
       - name: Run tests
@@ -47,7 +45,7 @@ jobs:
             exit 1
           fi
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v5
         with:
           file: ./coverage.txt
       - name: Build container image

.github/workflows/e2e.yaml

@@ -14,7 +14,9 @@ permissions:
 
 jobs:
   e2e-test:
-    runs-on: ubuntu-latest
+    runs-on:
+      group: "Default Larger Runners"
+      labels: ubuntu-latest-16-cores
     strategy:
       fail-fast: false
       matrix:
@@ -22,7 +24,6 @@ jobs:
           # service mesh
           - istio
           - linkerd
-          - osm
           - kuma
           # ingress controllers
           - contour
@@ -33,14 +34,25 @@ jobs:
           - kubernetes
           - gatewayapi
           - keda
+          - apisix
+          - knative
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5
       - name: Setup Kubernetes
-        uses: engineerd/setup-kind@v0.5.0
+        uses: helm/kind-action@v1.12.0
+        if: matrix.provider != 'skipper'
         with:
-          version: "v0.14.0"
-          image: kindest/node:v1.23.6@sha256:b1fa224cc6c7ff32455e0b1fd9cbfd3d3bc87ecaa8fcb06961ed1afb3db0f9ae
+          version: v0.23.0
+          cluster_name: kind
+          node_image: kindest/node:v1.30.0@sha256:047357ac0cfea04663786a612ba1eaba9702bef25227a794b52890dd8bcd692e
+      - name: Setup Kubernetes for skipper
+        uses: helm/kind-action@v1.12.0
+        if: matrix.provider == 'skipper'
+        with:
+          version: v0.23.0
+          cluster_name: kind
+          node_image: kindest/node:v1.24.12@sha256:0bdca26bd7fe65c823640b14253ea7bac4baad9336b332c94850f84d8102f873
       - name: Build container image
         run: |
           docker build -t test/flagger:latest .

.github/workflows/helm.yaml

@@ -12,9 +12,9 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
       - name: Publish Helm charts
-        uses: stefanprodan/helm-gh-pages@v1.6.0
+        uses: stefanprodan/helm-gh-pages@v1.7.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           charts_url: https://flagger.app

.github/workflows/push-ld.yml

@@ -10,40 +10,42 @@ permissions:
 
 jobs:
   release-load-tester:
-    runs-on: ubuntu-latest
+    runs-on:
+      group: "Default Larger Runners"
     permissions:
       id-token: write
       packages: write
     steps:
-      - uses: actions/checkout@v3
-      - uses: sigstore/cosign-installer@v2.8.1
+      - uses: actions/checkout@v5
+      - uses: sigstore/cosign-installer@v3.10.0
       - name: Prepare
         id: prep
         run: |
           VERSION=$(grep 'VERSION' cmd/loadtester/main.go | head -1 | awk '{ print $4 }' | tr -d '"')
-          echo ::set-output name=BUILD_DATE::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
-          echo ::set-output name=VERSION::${VERSION}
+          echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
+          echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
       - name: Setup QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
       - name: Setup Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: fluxcdbot
           password: ${{ secrets.GHCR_TOKEN }}
       - name: Generate image meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: |
             ${{ env.IMAGE }}
           tags: |
             type=raw,value=${{ steps.prep.outputs.VERSION }}
       - name: Publish image
-        uses: docker/build-push-action@v3
+        id: build-push
+        uses: docker/build-push-action@v6
         with:
           push: true
           builder: ${{ steps.buildx.outputs.name }}
@@ -58,4 +60,4 @@ jobs:
         env:
           COSIGN_EXPERIMENTAL: 1
         run: |
-          cosign sign ${{ env.IMAGE }}:${{ steps.prep.outputs.VERSION }}
+          cosign sign --yes ${{ env.IMAGE }}@${{ steps.build-push.outputs.digest }}

.github/workflows/release.yml

@@ -3,6 +3,12 @@ on:
   push:
     tags:
       - 'v*'
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'image tag prefix'
+        default: 'rc'
+        required: true
 
 permissions:
   contents: read
@@ -12,45 +18,59 @@ env:
 
 jobs:
   release-flagger:
-    runs-on: ubuntu-latest
+    outputs:
+      hashes: ${{ steps.slsa.outputs.hashes }}
+    runs-on:
+      group: "Default Larger Runners"
     permissions:
       contents: write # needed to write releases
       id-token: write # needed for keyless signing
       packages: write # needed for ghcr access
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
+      - name: Setup Go
+        uses: actions/setup-go@v6
+        with:
+          go-version: 1.25.x
       - uses: fluxcd/flux2/action@main
-      - uses: sigstore/cosign-installer@v2.8.1
+      - uses: sigstore/cosign-installer@v3.10.0
       - name: Prepare
         id: prep
         run: |
-          VERSION=$(grep 'VERSION' pkg/version/version.go | awk '{ print $4 }' | tr -d '"')
+          if [[ ${GITHUB_EVENT_NAME} = "workflow_dispatch" ]]; then
+            VERSION="${{ github.event.inputs.tag }}-${GITHUB_SHA::8}"
+          else
+            VERSION=$(grep 'VERSION' pkg/version/version.go | awk '{ print $4 }' | tr -d '"')
+          fi
           CHANGELOG="https://github.com/fluxcd/flagger/blob/main/CHANGELOG.md#$(echo $VERSION | tr -d '.')"
           echo "[CHANGELOG](${CHANGELOG})" > notes.md
-          echo ::set-output name=BUILD_DATE::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
-          echo ::set-output name=VERSION::${VERSION}
+          echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
+          echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
       - name: Setup QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
       - name: Setup Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: fluxcdbot
           password: ${{ secrets.GHCR_TOKEN }}
       - name: Generate image meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: |
             ${{ env.IMAGE }}
           tags: |
             type=raw,value=${{ steps.prep.outputs.VERSION }}
       - name: Publish image
-        uses: docker/build-push-action@v3
+        id: build-push
+        uses: docker/build-push-action@v6
         with:
+          sbom: true
+          provenance: true
           push: true
           builder: ${{ steps.buildx.outputs.name }}
           context: .
@@ -64,38 +84,70 @@ jobs:
         env:
           COSIGN_EXPERIMENTAL: 1
         run: |
-          cosign sign ${{ env.IMAGE }}:${{ steps.prep.outputs.VERSION }}
+          cosign sign --yes ${{ env.IMAGE }}@${{ steps.build-push.outputs.digest }}
+      - name: Publish signed manifests to GHCR
+        if: startsWith(github.ref, 'refs/tags/v')
+        env:
+          COSIGN_EXPERIMENTAL: 1
+        run: |
+          OCI_URL=$(flux push artifact \
+            oci://ghcr.io/fluxcd/flagger-manifests:${{ steps.prep.outputs.VERSION }} \
+            --path="./kustomize" \
+            --source="$(git config --get remote.origin.url)" \
+            --revision="${{ steps.prep.outputs.VERSION }}/$(git rev-parse HEAD)" \
+            --output json | \
+            jq -r '. | .repository + "@" + .digest')
+          cosign sign --yes ${OCI_URL}
       - name: Publish Helm charts
-        uses: stefanprodan/helm-gh-pages@v1.6.0
+        if: startsWith(github.ref, 'refs/tags/v')
+        uses: stefanprodan/helm-gh-pages@v1.7.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           charts_url: https://flagger.app
           linting: off
       - uses: fluxcd/pkg/actions/helm@main
         with:
-          version: 3.10.1
+          version: 3.12.3
       - name: Publish signed Helm chart to GHCR
+        if: startsWith(github.ref, 'refs/tags/v')
         env:
           COSIGN_EXPERIMENTAL: 1
         run: |
           helm package charts/flagger
-          helm push flagger-${{ steps.prep.outputs.VERSION }}.tgz oci://ghcr.io/fluxcd/charts
-          cosign sign ghcr.io/fluxcd/charts/flagger:${{ steps.prep.outputs.VERSION }}
+          helm push flagger-${{ steps.prep.outputs.VERSION }}.tgz oci://ghcr.io/fluxcd/charts |& tee .digest
+          cosign sign --yes ghcr.io/fluxcd/charts/flagger@$(cat .digest | awk -F "[, ]+" '/Digest/{print $NF}')
           rm flagger-${{ steps.prep.outputs.VERSION }}.tgz
-      - name: Publish signed manifests to GHCR
-        env:
-          COSIGN_EXPERIMENTAL: 1
-        run: |
-          flux push artifact oci://ghcr.io/fluxcd/flagger-manifests:${{ steps.prep.outputs.VERSION }} \
-          --path="./kustomize" \
-          --source="$(git config --get remote.origin.url)" \
-          --revision="${{ steps.prep.outputs.VERSION }}/$(git rev-parse HEAD)"
-          cosign sign ghcr.io/fluxcd/flagger-manifests:${{ steps.prep.outputs.VERSION }}
+          rm .digest
       - uses: anchore/sbom-action/download-syft@v0
       - name: Create release and SBOM
-        uses: goreleaser/goreleaser-action@v3
+        id: run-goreleaser
+        uses: goreleaser/goreleaser-action@v6
+        if: startsWith(github.ref, 'refs/tags/v')
         with:
           version: latest
-          args: release --release-notes=notes.md --rm-dist --skip-validate
+          args: release --release-notes=notes.md --clean --skip=validate
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Generate SLSA metadata
+        id: slsa
+        if: startsWith(github.ref, 'refs/tags/v')
+        env:
+          ARTIFACTS: "${{ steps.run-goreleaser.outputs.artifacts }}"
+        run: |
+          set -euo pipefail
+          
+          hashes=$(echo -E $ARTIFACTS | jq --raw-output '.[] | {name, "digest": (.extra.Digest // .extra.Checksum)} | select(.digest) | {digest} + {name} | join("  ") | sub("^sha256:";"")' | base64 -w0)
+          echo "hashes=$hashes" >> $GITHUB_OUTPUT
+
+  release-provenance:
+    needs: [release-flagger]
+    if: startsWith(github.ref, 'refs/tags/v')
+    permissions:
+      actions: read # for detecting the Github Actions environment.
+      id-token: write # for creating OIDC tokens for signing.
+      contents: write # for uploading attestations to GitHub releases.
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0
+    with:
+      provenance-name: "provenance.intoto.jsonl"
+      base64-subjects: "${{ needs.release-flagger.outputs.hashes }}"
+      upload-assets: true

.github/workflows/scan.yml

@@ -17,9 +17,9 @@ jobs:
     permissions:
       security-events: write
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
       - name: Run FOSSA scan and upload build data
-        uses: fossa-contrib/fossa-action@v1
+        uses: fossa-contrib/fossa-action@v3
         with:
           # FOSSA Push-Only API Token
           fossa-api-key: 5ee8bf422db1471e0bcf2bcb289185de
@@ -30,12 +30,16 @@ jobs:
       security-events: write
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5
+      - name: Setup Go
+        uses: actions/setup-go@v6
+        with:
+          go-version: 1.25.x
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v4
         with:
           languages: go
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v4
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v4

.goreleaser.yml

@@ -23,6 +23,7 @@ signs:
     certificate: '${artifact}.pem'
     args:
       - sign-blob
+      - "--yes"
       - '--output-certificate=${certificate}'
       - '--output-signature=${signature}'
       - '${artifact}'

CHANGELOG.md

@@ -2,6 +2,658 @@
 
 All notable changes to this project are documented in this file.
 
+## 1.42.0
+
+**Release date:** 2025-10-16
+
+This release comes with enhancements to Gateway API support, new metrics capabilities, and various bug fixes.
+
+Flagger now supports Gateway API v1.4.0 and adds CORS policy configuration for Gateway API HTTPRoutes.
+For more information, please see the [Gateway API tutorial](https://docs.flagger.app/main/tutorials/gatewayapi-progressive-delivery#customising-the-httproute).
+
+Session affinity support has been enhanced with [cookie attributes](https://docs.flagger.app/main/usage/deployment-strategies#configuring-additional-cookie-attributes)
+configuration for better control over session management.
+
+A new `.spec.service.unmanagedMetadata` field has been added to the Canary API to allow 3rd-party
+controllers to set labels and annotations on the Kubernetes Services created by Flagger.
+
+When running Flagger on Kubernetes 1.33 or later, users can now specify the traffic distribution
+using the new `.spec.service.trafficDistribution` Canary field. Depending on the Kubernetes version
+the traffic distribution can be set to `PreferClose`, `PreferSameZone` or `PreferSameNode`.
+See the [Kubernetes Service docs](https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution) for more details.
+
+This release is built with Go 1.25. The Kubernetes dependencies have been updated to 1.34,
+and the Traefik API has been migrated from `traefik.containo.us` to `traefik.io`.
+
+#### Improvements
+- Update Gateway API to v1.4.0
+  [#1842](https://github.com/fluxcd/flagger/pull/1842)
+- Add support for CORS policy to Gateway API
+  [#1843](https://github.com/fluxcd/flagger/pull/1843)
+- Add support for setting traffic distribution
+  [#1844](https://github.com/fluxcd/flagger/pull/1844)
+- Add count metrics for canary successes and failures
+  [#1812](https://github.com/fluxcd/flagger/pull/1812)
+- Add support for cookie attributes in session affinity
+  [#1826](https://github.com/fluxcd/flagger/pull/1826)
+- Add `unmanagedMetadata` to canary service specification
+  [#1823](https://github.com/fluxcd/flagger/pull/1823)
+- Update dependencies to Kubernetes 1.34
+  [#1832](https://github.com/fluxcd/flagger/pull/1832)
+- Build with Go 1.25
+  [#1832](https://github.com/fluxcd/flagger/pull/1832)
+- Update Traefik API from traefik.containo.us to traefik.io
+  [#1835](https://github.com/fluxcd/flagger/pull/1835)
+- Update GitOps install docs to latest Flux APIs
+  [#1845](https://github.com/fluxcd/flagger/pull/1845)
+- loadtester: add pod security context
+  [#1803](https://github.com/fluxcd/flagger/pull/1803)
+- Release loadtester 0.36.0
+  [#1846](https://github.com/fluxcd/flagger/pull/1846)
+
+#### Fixes
+- Fix: Gateway router should wait for accepted condition
+  [#1791](https://github.com/fluxcd/flagger/pull/1791)
+- Fix: Send succeeded webhooks with correct phase
+  [#1792](https://github.com/fluxcd/flagger/pull/1792)
+- Fix: Honor event webhook timeout
+  [#1797](https://github.com/fluxcd/flagger/pull/1797)
+- Fix: Default namespace for cross-namespace ref validation
+  [#1828](https://github.com/fluxcd/flagger/pull/1828)
+- Fix: APISIX E2E test
+  [#1831](https://github.com/fluxcd/flagger/pull/1831)
+- Fix: Correct typo in AutoscalerReference type name
+  [#1739](https://github.com/fluxcd/flagger/pull/1739)
+
+## 1.41.0
+
+**Release date:** 2025-04-02
+
+This release comes with major features and minor bug fixes.
+
+Flagger now supports Knative as a networking provider. This works a bit
+differently than compared to other service meshes/ingresses. Flagger does not
+generate any Kubernetes objects. It instead modifies the Knative service itself
+to configure weighted traffic routing. To learn more, please see the [tutorial](https://docs.flagger.app/tutorials/knative-progressive-delivery).
+
+The session affinity canary release strategy has also been improved. Flagger can
+now configure Gateway API HTTPRoutes to also set a cookie for the primary
+deployment's response. For more info, see the [strategy docs](https://docs.flagger.app/usage/deployment-strategies#canary-release-with-session-affinity).
+
+Furthermore, there's a new `.spec.service.headless` field which when set to
+true, tells Flagger to generate headless Kubernetes services. Also, support has
+been added for adding headers to the request Flagger sends to Prometheus for
+collecting metrics during an analysis via the `.spec.headers` field in the
+`MetricTemplate` object.
+
+Finally, both Flagger and the load tester have been updated to use Go 1.24 and
+their dependencies have been updated as well.
+
+#### Improvements 
+- Allow headers to be added to Prometheus requests
+  [#1757](https://github.com/fluxcd/flagger/pull/1757)
+- feat: Add support for primary backend cookies in session affinity (Gateway API)
+  [#1783](https://github.com/fluxcd/flagger/pull/1783)
+- Update Go dependencies
+  [#1787](https://github.com/fluxcd/flagger/pull/1787)
+- Build with Go 1.24
+  [#1784](https://github.com/fluxcd/flagger/pull/1784)
+- Add support for Knative
+  [#1682](https://github.com/fluxcd/flagger/pull/1682)
+- chart: add support for deploymentLabels
+  [#1707](https://github.com/fluxcd/flagger/pull/1707)
+- chart: add support for deploymentLabels
+  [#1707](https://github.com/fluxcd/flagger/pull/1707)
+- feat: add option to generate headless services
+  [#1755](https://github.com/fluxcd/flagger/pull/1755)
+
+#### Fixes
+- Fix: Do not evaluate incomplete samples from Datadog
+  [#1763](https://github.com/fluxcd/flagger/pull/1763)
+- Prevent primary HPA collision for KEDA scaled objects when migrating from an HPA
+  [#1677](https://github.com/fluxcd/flagger/pull/1677)
+
+## 1.40.0
+
+**Release date:** 2024-12-17
+
+This release comes with support for Splunk Observability (formerly SignalFx) as a metrics provider.
+For more information on how to write `MetricTemplates` for Splunk, please see the
+[Splunk metrics tutorial](https://docs.flagger.app/usage/metrics#s#splunk).
+
+Starting with this version, Flagger is compatible with the
+[AWS Gateway API Controller](https://www.gateway-api-controller.eks.aws.dev/latest/).
+
+Both Flagger and the load tester Go dependencies have been updated to fix various CVEs.
+
+#### Improvements
+- Add Splunk as a metrics provider
+  [#1733](https://github.com/fluxcd/flagger/pull/1733)
+- Preserve HTTPRoute annotations injected by AWS Gateway API
+  [#1746](https://github.com/fluxcd/flagger/pull/1746)
+- Automate `zz_generated.deepcopy.go` updates with make codegen
+  [#1735](https://github.com/fluxcd/flagger/pull/1735)
+- Update dependencies
+  [#1744](https://github.com/fluxcd/flagger/pull/1744)
+
+## 1.39.0
+
+**Release date:** 2024-11-26
+
+This release comes with fixes and improvements. There is a new
+`.spec.analysis.webhooks[].disableTLS` field which disables TLS verification
+for that webhook request.
+A bug in the Gateway API provider was fixed which could lead to unecessary restarts.
+
+This release is built with Go 1.23. Lastly, all Go dependencies, Alpine and
+Kubernetes libraries were updated.
+
+#### Improvements
+- Add validation for `primaryScalerReplicas` field in the CRD
+  [#1702](https://github.com/fluxcd/flagger/pull/1702)
+- feat: add `disableTLS` option for webhooks request
+  [#1709](https://github.com/fluxcd/flagger/pull/1709)
+- Update dependencies to Kubernetes v1.31.3
+  [#1723](https://github.com/fluxcd/flagger/pull/1723)
+- Update generated client for Kubernetes 1.31
+  [#1725](https://github.com/fluxcd/flagger/pull/1725)
+- Build with Go 1.23
+  [#1726](https://github.com/fluxcd/flagger/pull/1726)
+
+#### Fixes
+- Gateway API: Sort header filters to avoid canary restarts
+  [#1713](https://github.com/fluxcd/flagger/pull/1713)
+- fix: fix codegen script and update generated code
+  [#1724](https://github.com/fluxcd/flagger/pull/1724)
+- fix(helm): podinfo fails to create the hpa object
+  [#1721](https://github.com/fluxcd/flagger/pull/1721)
+
+## 1.38.0
+
+**Release date:** 2024-07-30
+
+This release comes with several fixes and improvements. There is a new [Keptn
+metrics provider](https://docs.flagger.app/usage/metrics#keptn) that can be used
+for flexible grading logic and analysis.
+The loadtester chart now supports ServiceAccount annotations and the Flagger
+chart now supports specifying `honorLabels` for the PodMonitor.
+
+Support for Kuma has been fixed and verified against Kuma 2.7.5. Also, the
+Deployment scaling has been updated to use `Patch` instead of `Update` to avoid
+intermittent conflict errors. Furthermore, a potential panic that could be
+caused due to Prometheus returning a range vector has been fixed. Also, the
+`request-duration` inbuilt query for Nginx has been updated to be more accurate.
+
+Lastly, all Go dependencies, Alpine and Kubernetes libraries were updated.
+
+#### Important
+
+The update to Kubernetes libraries also brings an unwanted side-effect. Due to
+a change in upstream Kubernetes, sidecar support is done through a new field,
+which may be utilized by other services in your cluster. This would change the
+hash calculated by Flagger between runs and trigger an unwanted Canary
+analysis. Unfortunately, this is unavoidable. To get around this, users could
+set the `.spec.suspend` field to be true before updating to this version and
+switch it back when they update their application.
+
+#### Improvements
+- Bumps golang.org/x/net to v0.23.0
+  [#1628](https://github.com/fluxcd/flagger/pull/1628)
+- feat: implement a Keptn metrics provider
+  [#1630](https://github.com/fluxcd/flagger/pull/1630)
+- Update dependencies to Kubernetes 1.30
+  [#1638](https://github.com/fluxcd/flagger/pull/1638)
+- loadtester: add support for annotation on service account
+  [#1649](https://github.com/fluxcd/flagger/pull/1649)
+- Bump golang.org/x/net to v0.25.0 and other deps.
+  [#1653](https://github.com/fluxcd/flagger/pull/1653)
+- Update Go dependencies and Alpine
+  [#1656](https://github.com/fluxcd/flagger/pull/1656)
+- Helm - Add podMonitor.honor labels
+  [#1676](https://github.com/fluxcd/flagger/pull/1676)
+- kuma: bump e2e version to 2.7.5
+  [#1683](https://github.com/fluxcd/flagger/pull/1683)
+- Release loadtester 0.33.0
+  [#1690](https://github.com/fluxcd/flagger/pull/1690)
+- Bump google.golang.org/grpc from 1.64.0 to 1.64.1
+  [#1675](https://github.com/fluxcd/flagger/pull/1675)
+
+#### Fixes
+- Use `Patch` instead of `Update` for Deployment scaling
+  [#1634](https://github.com/fluxcd/flagger/pull/1634)
+- block panic when prom returns range vector
+  [#1637](https://github.com/fluxcd/flagger/pull/1637)
+- Fix removal of empty keys from flagger chart
+  [#1657](https://github.com/fluxcd/flagger/pull/1657)
+- doc: fix KEDA doc regarding namespaces
+  [#1666](https://github.com/fluxcd/flagger/pull/1666)
+- Fix Nginx request-duration query
+  [#1686](https://github.com/fluxcd/flagger/pull/1686)
+
+## 1.37.0
+
+**Release date:** 2024-03-26
+
+This release updates the Istio APIs to `v1beta1` and fixes several issues related
+to Gloo routing and custom metrics.
+
+Both Flagger and the load tester Go dependencies have been updated to fix various CVEs.
+Flagger and the load tester are now built with Go 1.22.
+
+#### Improvements
+- Migrate Istio VirtualService/DestinationRule APIs to `v1beta1`
+  [#1602](https://github.com/fluxcd/flagger/pull/1602)
+- Add `omitempty` to CRD statuses to allow better marshalling
+  [#1621](https://github.com/fluxcd/flagger/pull/1621)
+- Update dependencies (Go 1.22)
+  [#1622](https://github.com/fluxcd/flagger/pull/1622)
+- Update `google.golang.org/protobuf` to v1.33.0
+  [#1614](https://github.com/fluxcd/flagger/pull/1614)
+
+#### Fixes
+- Update reconciler to detect change in Gloo upstream spec
+  [#1617](https://github.com/fluxcd/flagger/pull/1617)
+- Fix regression bug where query with no metric template returned an error
+  [#1611](https://github.com/fluxcd/flagger/pull/1611)
+
+## 1.36.1
+
+**Release date:** 2024-03-06
+
+This release fixes a bug where `.spec..progressDeadlineSeconds` wasn't respected and the Canary
+was stuck forever waiting for the Deployment to be ready.
+
+Furthermore, the Go dependencies have been updated.
+
+#### Improvements
+- Update Go dependencies
+  [#1607](https://github.com/fluxcd/flagger/pull/1607)
+
+#### Fixes
+- Fix broken link in readme
+  [#1599](https://github.com/fluxcd/flagger/pull/1599)
+- scheduler: fail canary according to progress deadline
+  [#1603](https://github.com/fluxcd/flagger/pull/1603)
+- Actualize link to flux in-depth guide
+  [#1606](https://github.com/fluxcd/flagger/pull/1606)
+
+## 1.36.0
+
+**Release date:** 2024-02-07
+
+This release comes with support for canary releases with traffic shifting using
+Istio TCP routing. For more information on how to enable TCP routing please
+see the [Istio tutorial](https://docs.flagger.app/tutorials/istio-progressive-delivery#canary-deployments-for-tcp-services).
+
+Both Flagger and the load tester Go dependencies have been updated to fix various CVEs.
+Flagger is now built with Go 1.21 and the container base image has been updated to Alpine 3.19.
+
+#### Improvements
+- Istio Canary TCP service support
+  [#1564](https://github.com/fluxcd/flagger/pull/1564)
+- Update Go dependencies
+  [#1595](https://github.com/fluxcd/flagger/pull/1595)
+- Build with Go 1.21 and Alpine 3.19
+  [#1594](https://github.com/fluxcd/flagger/pull/1594)
+
+#### Fixes
+- return an error for missing metric templates
+  [#1582](https://github.com/fluxcd/flagger/pull/1582)
+- istio: make retry attempts a mandatory field
+  [#1571](https://github.com/fluxcd/flagger/pull/1571)
+- fix(pdb): use the full capabilities comparison for PDBs
+  [#1511](https://github.com/fluxcd/flagger/pull/1511)
+
+## 1.35.0
+
+**Release date:** 2023-11-30
+
+This release comes with support for Gateway API `v1`. Furthermore, following the
+deprecation period, support for the `v1alpha2` API has been dropped.
+A new field `.spec.webhooks[].retries` has been added to allow specifying the
+number of retry attempts to make if the webhook server returns an unsuccessful
+response.
+Another new field `.spec.service.trafficPolicy.loadBalancer.warmupDurationSeconds`
+has been added for the corresponding field in Istio's `DestinationRule` API.
+
+Lastly, two bugs related to deleting a Canary object with
+`.spec.revertOnDeletion: true` have been fixed.
+
+#### Improvements
+- Support Istio DestinationRule WarmupDurationSecs
+  [#1540](https://github.com/fluxcd/flagger/pull/1540)
+- feat: Webhook retries
+  [#1541](https://github.com/fluxcd/flagger/pull/1541)
+- gatewayapi: add support for `v1`
+  [#1557](https://github.com/fluxcd/flagger/pull/1557)
+- Update Go dependencies
+  [#1558](https://github.com/fluxcd/flagger/pull/1558)
+
+#### Fixes
+- set original node selector value when finalizing service
+  [#1537](https://github.com/fluxcd/flagger/pull/1537)
+- controller: wait for canary deployment to be ready before removing finalizers
+  [#1552](https://github.com/fluxcd/flagger/pull/1552)
+
+## 1.34.0
+
+**Release date:** 2023-10-04
+
+This release comes with several new features. The Gateway API integration
+has been significantly improved with support for
+* [Canary releases with session affinty](https://docs.flagger.app/tutorials/gatewayapi-progressive-delivery#session-affinty)
+* [B/G deployments with traffic mirroring](https://docs.flagger.app/tutorials/gatewayapi-progressive-delivery#traffic-mirroring)
+* Filters in the generated `HTTPRoute` (`.spec.rules[].filters`)
+
+Most of the Filters are derived from existing fields in the Canary spec like
+`.spec.service.headers`. To support arbitary request mirroring through the
+`RequestMirror` filter, a new field `.spec.service.mirror` has been introduced.
+
+A new field `checksum` has been added to the Canary webhook payload. This field
+is computed by hashing the `.status.lastAppliedSpec` and
+`.status.trackedConfigs`. It can be used to distinguish between Canary runs.
+
+Furthermore, the Gloo integration now uses strings for specifying time durations
+in order to be better compatible with protobuf duration parsing.
+
+Lastly, Kubernetes packages were updated to be on 1.27.
+
+#### Improvements
+- Update Kubernetes to v1.27
+  [#1506](https://github.com/fluxcd/flagger/pull/1506)
+- gatewayapi: add support for session affinity
+  [#1507](https://github.com/fluxcd/flagger/pull/1507)
+- gatewayapi: add support for route rule filters
+  [#1512](https://github.com/fluxcd/flagger/pull/1512)
+- Update Linkerd tutorial to use Kubernetes Gateway API
+  [#1516](https://github.com/fluxcd/flagger/pull/1516)
+- Add Checksum field to the Webhook payload to distinguish canary runs
+  [#1521](https://github.com/fluxcd/flagger/pull/1521)
+- gatewayapi: add support for b/g mirroring
+  [#1525](https://github.com/fluxcd/flagger/pull/1525)
+- Update Go dependencies
+  [#1528](https://github.com/fluxcd/flagger/pull/1528)
+
+#### Fixes
+- chore: fix incorrect canary name on document
+  [#1502](https://github.com/fluxcd/flagger/pull/1502)
+- fix: Support for queryParams in canary match condition #880
+  [#1505](https://github.com/fluxcd/flagger/pull/1505)
+- docs: fix error example in deployment strategies
+  [#1518](https://github.com/fluxcd/flagger/pull/1518)
+- Change Gloo Duration type to string
+  [#1524](https://github.com/fluxcd/flagger/pull/1524)
+
+## 1.33.0
+
+**Release date:** 2023-08-29
+
+This release fixes bugs related to the Canary lifecycle. The
+`confirm-traffic-increase` webhook is no longer called if the Canary is in the
+`WaitingPromotion` phase. Furthermore, a bug which caused downtime when
+initializing the Canary deployment has been fixed.
+Also, a bug in the `request-duration` metric for Traefik which assumed the
+result to be in milliseconds instead of seconds has been addressed.
+
+The loadtester now also supports running `kubectl` commands.
+
+#### Improvements
+- Helm: Add option to configure honorLabels for serviceMonitor
+  [#1442](https://github.com/fluxcd/flagger/pull/1442)
+- Helm: Use PodDisruptionBudget API policy/v1 if available
+  [#1476](https://github.com/fluxcd/flagger/pull/1476)
+- podinfo: Update hpa version from autoscaling/v2beta2 to autoscaling/v2
+  [#1477](https://github.com/fluxcd/flagger/pull/1477)
+- Helm: Allow custom labels for servicemonitor
+  [#1483](https://github.com/fluxcd/flagger/pull/1483)
+- feat: loadtester support kubectl type
+  [#1485](https://github.com/fluxcd/flagger/pull/1485)
+- Update Istio Gateway reference format
+  [#1489](https://github.com/fluxcd/flagger/pull/1489)
+- e2e: Update Istio to v1.18
+  [#1492](https://github.com/fluxcd/flagger/pull/1492)
+- add docs for kubectl in loadtester
+  [#1494](https://github.com/fluxcd/flagger/pull/1494)
+
+#### Fixes
+- fix: typo on "Parase", should be "Parse".
+  [#1443](https://github.com/fluxcd/flagger/pull/1443)
+- Fix Traefik request-duration metric
+  [#1446](https://github.com/fluxcd/flagger/pull/1446)
+- Fix initial deployment downtime
+  [#1451](https://github.com/fluxcd/flagger/pull/1451)
+- Fix FAQ templating format and change reference of $workload to $target.
+  [#1456](https://github.com/fluxcd/flagger/pull/1456)
+- Update doc.go
+  [#1466](https://github.com/fluxcd/flagger/pull/1466)
+- Avoid running traffic increase hooks when waiting for promotion or promoting
+  [#1470](https://github.com/fluxcd/flagger/pull/1470)
+
+## 1.32.0
+
+**Release date:** 2023-07-14
+
+This release adds support for suspending a Canary using `.spec.suspend`.
+It also fixes a bug where the target deployment gets stuck at 0 replicas
+after the Canary has been deleted.
+Furthermore, the Canary API has been modified to allow specifying the
+HTTPRoute port using `.service.gatewayRefs[].port`.
+
+#### Improvements
+- Helm: Add option to create service and serviceMonitor
+  [#1425](https://github.com/fluxcd/flagger/pull/1425)
+- Update Alpine to 3.18
+  [#1426](https://github.com/fluxcd/flagger/pull/1426)
+- Add `spec.suspend` to allow suspending canary
+  [#1431](https://github.com/fluxcd/flagger/pull/1431)
+- Add support for istio LEAST_REQUEST destination rule load balancing
+  [#1439](https://github.com/fluxcd/flagger/pull/1439)
+- Add gatewayRef port to Canary CRD
+  [#1453](https://github.com/fluxcd/flagger/pull/1453)
+- feat: Copy slowStartConfig for Gloo upstreams
+  [#1455](https://github.com/fluxcd/flagger/pull/1455)
+- Update Go dependencies
+  [#1459](https://github.com/fluxcd/flagger/pull/1459)
+
+#### Fixes
+- Resume target scaler during finalization
+  [#1429](https://github.com/fluxcd/flagger/pull/1429)
+- Fix panic when annotation of ingress is empty
+  [#1437](https://github.com/fluxcd/flagger/pull/1437)
+- Fixing namespace of HelmRepository in installation docs
+  [#1458](https://github.com/fluxcd/flagger/pull/1458)
+
+## 1.31.0
+
+**Release date:** 2023-05-10
+
+⚠️  __Breaking Changes__
+
+This release adds support for Linkerd 2.12 and later. Due to changes in Linkerd
+the default namespace for Flagger's installation had to be changed from
+`linkerd` to `flagger-system` and the `flagger` Deployment is now injected with
+the Linkerd proxy. Furthermore, installing Flagger for Linkerd will result in
+the creation of an `AuthorizationPolicy` that allows access to the Prometheus
+instance in the `linkerd-viz` namespace. To upgrade your Flagger installation,
+please see the below migration guide.
+
+If you use Kustomize, then follow these steps:
+* `kubectl delete -n linkerd deploy/flagger`
+* `kubectl delete -n linkerd serviceaccount flagger`
+* If you're on Linkerd >= 2.12, you'll need to install the SMI extension to enable
+  support for `TrafficSplit`s:
+  ```bash
+  curl -sL https://linkerd.github.io/linkerd-smi/install | sh
+  linkerd smi install | kubectl apply -f -
+  ```
+* `kubectl apply -k github.com/fluxcd/flagger//kustomize/linkerd`
+
+  Note: If you're on Linkerd < 2.12, this will report an error about missing CRDs.
+  It is safe to ignore this error.
+
+If you use Helm and are on Linkerd < 2.12, then you can use `helm upgrade` to do
+a regular upgrade.
+
+If you use Helm and are on Linkerd >= 2.12, then follow these steps:
+* `helm uninstall flagger -n linkerd`
+* Install the Linkerd SMI extension:
+  ```bash
+  helm repo add l5d-smi https://linkerd.github.io/linkerd-smi
+  helm install linkerd-smi l5d-smi/linkerd-smi -n linkerd-smi --create-namespace
+  ```
+* Install Flagger in the `flagger-system` namespace
+  and create an `AuthorizationPolicy`:
+  ```bash
+  helm repo update flagger
+  helm install flagger flagger/flagger \
+  --namespace flagger-system \
+  --set meshProvider=linkerd \
+  --set metricsServer=http://prometheus.linkerd-viz:9090 \
+  --set linkerdAuthPolicy.create=true
+  ```
+
+Furthermore, a bug which led the `confirm-rollout` webhook to be executed at
+every step of the Canary instead of only being executed before the canary
+Deployment is scaled up, has been fixed.
+
+#### Improvements
+
+- Add support for Linkerd 2.13
+  [#1417](https://github.com/fluxcd/flagger/pull/1417)
+
+#### Fixes
+
+- Fix the loadtester install with flux documentation
+  [#1384](https://github.com/fluxcd/flagger/pull/1384)
+- Run `confirm-rollout` checks only before scaling up deployment
+  [#1414](https://github.com/fluxcd/flagger/pull/1414)
+- e2e: Remove OSM tests
+  [#1423](https://github.com/fluxcd/flagger/pull/1423)
+
+## 1.30.0
+
+**Release date:** 2023-04-12
+
+This release fixes a bug related to the lack of updates to the generated
+object's metadata according to the metadata specified in `spec.service.apex`.
+Furthermore, a bug where labels were wrongfully copied over from the canary
+deployment to primary deployment when no value was provided for
+`--include-label-prefix` has been fixed.
+This release also makes Flagger compatible with Flux's helm-controller drift
+detection.
+
+#### Improvements
+
+- build(deps): bump actions/cache from 3.2.5 to 3.3.1
+  [#1385](https://github.com/fluxcd/flagger/pull/1385)
+- helm: Added the option to supply additional volumes
+  [#1393](https://github.com/fluxcd/flagger/pull/1393)
+- build(deps): bump actions/setup-go from 3 to 4
+  [#1394](https://github.com/fluxcd/flagger/pull/1394)
+- update Kuma version and docs
+  [#1402](https://github.com/fluxcd/flagger/pull/1402)
+- ci: bump k8s to 1.24 and kind to 1.18 
+  [#1406](https://github.com/fluxcd/flagger/pull/1406)
+- Helm: Allow configuring deployment `annotations`
+  [#1411](https://github.com/fluxcd/flagger/pull/1411)
+- update dependencies
+  [#1412](https://github.com/fluxcd/flagger/pull/1412)
+
+#### Fixes
+
+- Enable updates for labels and annotations
+  [#1392](https://github.com/fluxcd/flagger/pull/1392)
+- Update flagger-install-with-flux.md
+  [#1398](https://github.com/fluxcd/flagger/pull/1398)
+- avoid copying canary labels to primary on promotion
+  [#1405](https://github.com/fluxcd/flagger/pull/1405)
+- Disable Flux helm drift detection for managed resources
+  [#1408](https://github.com/fluxcd/flagger/pull/1408)
+
+## 1.29.0
+
+**Release date:** 2023-02-21
+
+This release comes with support for template variables for analysis metrics.
+A canary analysis metric can reference a set of custom variables with
+`.spec.analysis.metrics[].templateVariables`. For more info see the [docs](https://fluxcd.io/flagger/usage/metrics/#custom-metrics).
+Furthemore, a bug related to Canary releases with session affinity has been
+fixed.
+
+#### Improvements
+
+- update dependencies
+  [#1374](https://github.com/fluxcd/flagger/pull/1374)
+- build(deps): bump golang.org/x/net from 0.4.0 to 0.7.0
+  [#1373](https://github.com/fluxcd/flagger/pull/1373)
+- build(deps): bump fossa-contrib/fossa-action from 1 to 2
+  [#1372](https://github.com/fluxcd/flagger/pull/1372)
+- Allow custom affinities for flagger deployment in helm chart
+  [#1371](https://github.com/fluxcd/flagger/pull/1371)
+- Add namespace to namespaced resources in helm chart
+  [#1370](https://github.com/fluxcd/flagger/pull/1370)
+- build(deps): bump actions/cache from 3.2.4 to 3.2.5
+  [#1366](https://github.com/fluxcd/flagger/pull/1366)
+- build(deps): bump actions/cache from 3.2.3 to 3.2.4
+  [#1362](https://github.com/fluxcd/flagger/pull/1362)
+- build(deps): bump docker/build-push-action from 3 to 4
+  [#1361](https://github.com/fluxcd/flagger/pull/1361)
+- modify release workflow to publish rc images
+  [#1359](https://github.com/fluxcd/flagger/pull/1359)
+- build: Enable SBOM and SLSA Provenance
+  [#1356](https://github.com/fluxcd/flagger/pull/1356)
+- Add support for custom variables in metric templates
+  [#1355](https://github.com/fluxcd/flagger/pull/1355)
+- docs(readme.md): add additional tutorial
+  [#1346](https://github.com/fluxcd/flagger/pull/1346)
+
+#### Fixes
+
+- use regex to match against headers in istio
+  [#1364](https://github.com/fluxcd/flagger/pull/1364)
+
+## 1.28.0
+
+**Release date:** 2023-01-26
+
+This release comes with support for setting a different autoscaling
+configuration for the primary workload.
+The `.spec.autoscalerRef.primaryScalerReplicas` is useful in the
+situation where the user does not want to scale the canary workload
+to the exact same size as the primary, especially when opting for a
+canary deployment pattern where only a small portion of traffic is
+routed to the canary workload pods.
+
+#### Improvements
+
+- Support for overriding primary scaler replicas
+  [#1343](https://github.com/fluxcd/flagger/pull/1343)
+- Allow access to Prometheus in OpenShift via SA token
+  [#1338](https://github.com/fluxcd/flagger/pull/1338)
+- Update Kubernetes packages to v1.26.1
+  [#1352](https://github.com/fluxcd/flagger/pull/1352)
+
+## 1.27.0
+
+**Release date:** 2022-12-15
+
+This release comes with support for Apache APISIX. For more details see the
+[tutorial](https://fluxcd.io/flagger/tutorials/apisix-progressive-delivery).
+
+#### Improvements
+
+- [apisix] Implement router interface and observer interface
+  [#1281](https://github.com/fluxcd/flagger/pull/1281)
+- Bump stefanprodan/helm-gh-pages from 1.6.0 to 1.7.0
+  [#1326](https://github.com/fluxcd/flagger/pull/1326)
+- Release loadtester v0.28.0
+  [#1328](https://github.com/fluxcd/flagger/pull/1328)
+
+#### Fixes
+
+- Update release docs
+  [#1324](https://github.com/fluxcd/flagger/pull/1324)
+
 ## 1.26.0
 
 **Release date:** 2022-11-23
@@ -931,7 +1583,7 @@ The upgrade procedure from 0.x to 1.0 can be found [here](https://docs.flagger.a
 Two new resources were added to the API: `MetricTemplate` and `AlertProvider`.
 The analysis can reference [metric templates](https://docs.flagger.app//usage/metrics#custom-metrics)
 to query Prometheus, Datadog and AWS CloudWatch.
-[Alerting](https://docs.flagger.app/v/master/usage/alerting#canary-configuration) can be configured on a per
+[Alerting](https://docs.flagger.app/v/main/usage/alerting#canary-configuration) can be configured on a per
 canary basis for Slack, MS Teams, Discord and Rocket.
 
 #### Features
@@ -1095,7 +1747,7 @@ The upgrade procedure from 0.x to 1.0 can be found [here](https://docs.flagger.a
 Two new resources were added to the API: `MetricTemplate` and `AlertProvider`.
 The analysis can reference [metric templates](https://docs.flagger.app//usage/metrics#custom-metrics)
 to query Prometheus, Datadog and AWS CloudWatch.
-[Alerting](https://docs.flagger.app/v/master/usage/alerting#canary-configuration) can be configured on a per
+[Alerting](https://docs.flagger.app/v/main/usage/alerting#canary-configuration) can be configured on a per
 canary basis for Slack, MS Teams, Discord and Rocket.
 
 #### Features

Dockerfile

@@ -1,4 +1,11 @@
-FROM golang:1.19-alpine as builder
+ARG GO_VERSION=1.25
+ARG XX_VERSION=1.6.1
+
+FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
+FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine AS builder
+
+# copy build utilities
+COPY --from=xx / /
 
 ARG TARGETPLATFORM
 ARG REVISON
@@ -17,11 +24,12 @@ COPY cmd/ cmd/
 COPY pkg/ pkg/
 
 # build
-RUN CGO_ENABLED=0 go build \
+ENV CGO_ENABLED=0
+RUN xx-go build \
     -ldflags "-s -w -X github.com/fluxcd/flagger/pkg/version.REVISION=${REVISON}" \
     -a -o flagger ./cmd/flagger
 
-FROM alpine:3.16
+FROM alpine:3.22
 
 RUN apk --no-cache add ca-certificates
 

Dockerfile.loadtester

@@ -1,4 +1,4 @@
-FROM golang:1.19-alpine as builder
+FROM golang:1.25-alpine AS builder
 
 ARG TARGETPLATFORM
 ARG TARGETARCH
@@ -6,15 +6,19 @@ ARG REVISION
 
 RUN apk --no-cache add alpine-sdk perl curl bash tar
 
-RUN HELM3_VERSION=3.9.4 && \
+RUN HELM3_VERSION=3.19.0 && \
 curl -sSL "https://get.helm.sh/helm-v${HELM3_VERSION}-linux-${TARGETARCH}.tar.gz" | tar xvz && \
 chmod +x linux-${TARGETARCH}/helm && mv linux-${TARGETARCH}/helm /usr/local/bin/helm
 
-RUN GRPC_HEALTH_PROBE_VERSION=v0.4.12 && \
+RUN KUBECTL_VERSION=v1.34.1 &&  \
+curl -LO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl" && \
+chmod +x kubectl && mv kubectl /usr/local/bin/kubectl
+
+RUN GRPC_HEALTH_PROBE_VERSION=v0.4.35 && \
 wget -qO /usr/local/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-${TARGETARCH} && \
 chmod +x /usr/local/bin/grpc_health_probe
 
-RUN GHZ_VERSION=0.109.0 && \
+RUN GHZ_VERSION=0.120.0 && \
 curl -sSL "https://github.com/bojand/ghz/archive/refs/tags/v${GHZ_VERSION}.tar.gz" | tar xz -C /tmp && \
 cd /tmp/ghz-${GHZ_VERSION}/cmd/ghz && GOARCH=$TARGETARCH go build . && mv ghz /usr/local/bin && \
 chmod +x /usr/local/bin/ghz
@@ -35,22 +39,23 @@ COPY pkg/ pkg/
 # build
 RUN CGO_ENABLED=0 go build -o loadtester ./cmd/loadtester/*
 
-FROM bash:5.0
+FROM bash:5.2
 
 ARG TARGETPLATFORM
 
 RUN addgroup -S app && \
 adduser -S -g app app && \
-apk --no-cache add ca-certificates curl jq libgcc wrk hey
+apk --no-cache add ca-certificates curl jq libgcc wrk hey git
 
 WORKDIR /home/app
 
-COPY --from=bats/bats:v1.1.0 /opt/bats/ /opt/bats/
+COPY --from=bats/bats:1.11.1 /opt/bats/ /opt/bats/
 RUN ln -s /opt/bats/bin/bats /usr/local/bin/
 
 COPY --from=builder /usr/local/bin/helm /usr/local/bin/
 COPY --from=builder /usr/local/bin/ghz /usr/local/bin/
 COPY --from=builder /usr/local/bin/grpc_health_probe /usr/local/bin/
+COPY --from=builder /usr/local/bin/kubectl /usr/local/bin/
 
 ADD https://raw.githubusercontent.com/grpc/grpc-proto/master/grpc/health/v1/health.proto /tmp/ghz/health.proto
 

MAINTAINERS

@@ -4,6 +4,6 @@ at https://slack.cncf.io/).
 
 In alphabetical order:
 
-Stefan Prodan, Weaveworks <stefan@weave.works> (github: @stefanprodan, slack: stefanprodan)
+Sanskar Jaiswal, Independent <jaiswalsanskar078@gmail.com> (github: @aryan9600, slack: aryan9600)
+Stefan Prodan, ControlPlane <stefan.prodan@gmail.com> (github: @stefanprodan, slack: stefanprodan)
 Takeshi Yoneda, Tetrate <takeshi@tetrate.io> (github: @mathetake, slack: mathetake)
-Sanskar Jaiswal, Weaveworks <sanskar.jaiswal@weave.works> (github: @aryan9600, slack: aryan9600)

Makefile

@@ -6,19 +6,13 @@ build:
 	CGO_ENABLED=0 go build -a -o ./bin/flagger ./cmd/flagger
 
 tidy:
-	rm -f go.sum; go mod tidy -compat=1.19
+	rm -f go.sum; go mod tidy -compat=1.25
 
 vet:
 	go vet ./...
 
 fmt:
-	go mod tidy
-	gofmt -l -s -w ./
-	goimports -l -w ./
-
-test-fmt:
-	gofmt -l -s ./ | grep ".*\.go"; if [ "$$?" = "0" ]; then exit 1; fi
-	goimports -l ./ | grep ".*\.go"; if [ "$$?" = "0" ]; then exit 1; fi
+	go fmt ./...
 
 codegen:
 	./hack/update-codegen.sh
@@ -26,9 +20,14 @@ codegen:
 test-codegen:
 	./hack/verify-codegen.sh
 
-test: test-fmt test-codegen
+test: fmt test-codegen
 	go test ./...
 
+test-coverage: fmt test-codegen
+	go test -coverprofile cover.out ./...
+	go tool cover -html=cover.out
+	rm cover.out
+
 crd:
 	cat artifacts/flagger/crd.yaml > charts/flagger/crds/crd.yaml
 	cat artifacts/flagger/crd.yaml > kustomize/base/flagger/crd.yaml

README.md

@@ -1,4 +1,4 @@
- # flagger
+ # Flagger
 
 [![release](https://img.shields.io/github/release/fluxcd/flagger/all.svg)](https://github.com/fluxcd/flagger/releases)
 [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4783/badge)](https://bestpractices.coreinfrastructure.org/projects/4783)
@@ -16,41 +16,29 @@ by gradually shifting traffic to the new version while measuring metrics and run
 Flagger implements several deployment strategies (Canary releases, A/B testing, Blue/Green mirroring)
 and integrates with various Kubernetes ingress controllers, service mesh, and monitoring solutions.
 
-Flagger is a [Cloud Native Computing Foundation](https://cncf.io/) project
+Flagger is a [Cloud Native Computing Foundation](https://cncf.io/) graduated project
 and part of the [Flux](https://fluxcd.io) family of GitOps tools.
 
 ### Documentation
 
-Flagger documentation can be found at [fluxcd.io/flagger](https://fluxcd.io/flagger/).
+The Flagger documentation can be found at [docs.flagger.app](https://docs.flagger.app/main).
 
 * Install
-  * [Flagger install on Kubernetes](https://fluxcd.io/flagger/install/flagger-install-on-kubernetes)
+  * [Flagger Install with Flux](https://docs.flagger.app/main/install/flagger-install-with-flux)
 * Usage
-  * [How it works](https://fluxcd.io/flagger/usage/how-it-works)
-  * [Deployment strategies](https://fluxcd.io/flagger/usage/deployment-strategies)
-  * [Metrics analysis](https://fluxcd.io/flagger/usage/metrics)
-  * [Webhooks](https://fluxcd.io/flagger/usage/webhooks)
-  * [Alerting](https://fluxcd.io/flagger/usage/alerting)
-  * [Monitoring](https://fluxcd.io/flagger/usage/monitoring)
-* Tutorials
-  * [App Mesh](https://fluxcd.io/flagger/tutorials/appmesh-progressive-delivery)
-  * [Istio](https://fluxcd.io/flagger/tutorials/istio-progressive-delivery)
-  * [Linkerd](https://fluxcd.io/flagger/tutorials/linkerd-progressive-delivery)
-  * [Open Service Mesh (OSM)](https://dfluxcd.io/flagger/tutorials/osm-progressive-delivery)
-  * [Kuma Service Mesh](https://fluxcd.io/flagger/tutorials/kuma-progressive-delivery)
-  * [Contour](https://fluxcd.io/flagger/tutorials/contour-progressive-delivery)
-  * [Gloo](https://fluxcd.io/flagger/tutorials/gloo-progressive-delivery)
-  * [NGINX Ingress](https://fluxcd.io/flagger/tutorials/nginx-progressive-delivery)
-  * [Skipper](https://fluxcd.io/flagger/tutorials/skipper-progressive-delivery)
-  * [Traefik](https://fluxcd.io/flagger/tutorials/traefik-progressive-delivery)
-  * [Kubernetes Blue/Green](https://fluxcd.io/flagger/tutorials/kubernetes-blue-green)
+  * [How it works](https://docs.flagger.app/main/usage/how-it-works)
+  * [Deployment strategies](https://docs.flagger.app/main/usage/deployment-strategies)
+  * [Metrics analysis](https://docs.flagger.app/main/usage/metrics)
+  * [Webhooks](https://docs.flagger.app/main/usage/webhooks)
+  * [Alerting](https://docs.flagger.app/main/usage/alerting)
+  * [Monitoring](https://docs.flagger.app/main/usage/monitoring)
 
 ### Adopters
 
-**Our list of production users has moved to <https://fluxcd.io/adopters/#flagger>**.
+The list of production users can be found at [fluxcd.io/adopters/#flagger](https://fluxcd.io/adopters/#flagger).
 
 If you are using Flagger, please
-[submit a PR to add your organization](https://github.com/fluxcd/website/tree/main/adopters#readme) to the list!
+[submit a PR to add your organization](https://github.com/fluxcd/website/blob/main/data/adopters/2-flagger.yaml) to the list!
 
 ### Canary CRD
 
@@ -71,8 +59,8 @@ metadata:
   namespace: test
 spec:
   # service mesh provider (optional)
-  # can be: kubernetes, istio, linkerd, appmesh, nginx, skipper, contour, gloo, supergloo, traefik, osm
-  # for SMI TrafficSplit can be: smi:v1alpha1, smi:v1alpha2, smi:v1alpha3
+  # can be: kubernetes, istio, linkerd, kuma, knative, nginx, contour, gloo, traefik, skipper
+  # for Gateway API implementations: gatewayapi:v1 and gatewayapi:v1beta1
   provider: istio
   # deployment reference
   targetRef:
@@ -84,7 +72,7 @@ spec:
   progressDeadlineSeconds: 60
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:
@@ -177,62 +165,59 @@ spec:
           name: on-call-msteams
 ```
 
-For more details on how the canary analysis and promotion works please [read the docs](https://fluxcd.io/flagger/usage/how-it-works).
+For more details on how the canary analysis and promotion works please [read the docs](https://docs.flagger.app/usage/how-it-works).
 
 ### Features
 
 **Service Mesh**
 
-| Feature                                    | App Mesh           | Istio              | Linkerd            | Kuma               | OSM                | Kubernetes CNI     |
-|--------------------------------------------|--------------------|--------------------|--------------------|--------------------|--------------------|--------------------|
-| Canary deployments (weighted traffic)      | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: |
-| A/B testing (headers and cookies routing)  | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: |
-| Blue/Green deployments (traffic switch)    | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
-| Blue/Green deployments (traffic mirroring) | :heavy_minus_sign: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: |
-| Webhooks (acceptance/load testing)         | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
-| Manual gating (approve/pause/resume)       | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
-| Request success rate check (L7 metric)     | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: |
-| Request duration check (L7 metric)         | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: |
-| Custom metric checks                       | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Feature                                    | Istio              | Linkerd            | Kuma               | Knative            | Kubernetes CNI     |
+|--------------------------------------------|--------------------|--------------------|--------------------|--------------------|--------------------|
+| Canary deployments (weighted traffic)      | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: |
+| A/B testing (headers and cookies routing)  | :heavy_check_mark: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: |
+| Blue/Green deployments (traffic switch)    | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_check_mark: |
+| Blue/Green deployments (traffic mirroring) | :heavy_check_mark: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: |
+| Webhooks (acceptance/load testing)         | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Manual gating (approve/pause/resume)       | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Request success rate check (L7 metric)     | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_check_mark: |
+| Request duration check (L7 metric)         | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_check_mark: |
+| Custom metric checks                       | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
 
 **Ingress**
 
-| Feature                                   | Contour            | Gloo               | NGINX              | Skipper            | Traefik            |
-|-------------------------------------------|--------------------|--------------------|--------------------|--------------------|--------------------|
-| Canary deployments (weighted traffic)     | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
-| A/B testing (headers and cookies routing) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_minus_sign: |
-| Blue/Green deployments (traffic switch)   | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
-| Webhooks (acceptance/load testing)        | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
-| Manual gating (approve/pause/resume)      | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
-| Request success rate check (L7 metric)    | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_check_mark: | :heavy_check_mark: |
-| Request duration check (L7 metric)        | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_check_mark: | :heavy_check_mark: |
-| Custom metric checks                      | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Feature                                   | Contour            | Gloo               | NGINX              | Skipper            | Traefik            | Apache APISIX      |
+|-------------------------------------------|--------------------|--------------------|--------------------|--------------------|--------------------|--------------------|
+| Canary deployments (weighted traffic)     | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| A/B testing (headers and cookies routing) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: |
+| Blue/Green deployments (traffic switch)   | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Webhooks (acceptance/load testing)        | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Manual gating (approve/pause/resume)      | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Request success rate check (L7 metric)    | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Request duration check (L7 metric)        | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Custom metric checks                      | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
 
 **Networking Interface**
 
-| Feature                                       | Gateway API        | SMI                |
-|-----------------------------------------------|--------------------|--------------------|
-| Canary deployments (weighted traffic)         | :heavy_check_mark: | :heavy_check_mark: |
-| A/B testing (headers and cookies routing)     | :heavy_check_mark: | :heavy_minus_sign: |
-| Blue/Green deployments (traffic switch)       | :heavy_check_mark: | :heavy_check_mark: |
-| Blue/Green deployments (traffic mirrroring)   | :heavy_minus_sign: | :heavy_minus_sign: |
-| Webhooks (acceptance/load testing)            | :heavy_check_mark: | :heavy_check_mark: |
-| Manual gating (approve/pause/resume)          | :heavy_check_mark: | :heavy_check_mark: |
-| Request success rate check (L7 metric)        | :heavy_minus_sign: | :heavy_minus_sign: |
-| Request duration check (L7 metric)            | :heavy_minus_sign: | :heavy_minus_sign: |
-| Custom metric checks                          | :heavy_check_mark: | :heavy_check_mark: |
+| Feature                                    | Gateway API        | SMI                |
+|--------------------------------------------|--------------------|--------------------|
+| Canary deployments (weighted traffic)      | :heavy_check_mark: | :heavy_check_mark: |
+| Canary deployments with session affinity   | :heavy_check_mark: | :heavy_minus_sign: |
+| A/B testing (headers and cookies routing)  | :heavy_check_mark: | :heavy_minus_sign: |
+| Blue/Green deployments (traffic switch)    | :heavy_check_mark: | :heavy_check_mark: |
+| Blue/Green deployments (traffic mirroring) | :heavy_minus_sign: | :heavy_minus_sign: |
+| Webhooks (acceptance/load testing)         | :heavy_check_mark: | :heavy_check_mark: |
+| Manual gating (approve/pause/resume)       | :heavy_check_mark: | :heavy_check_mark: |
+| Request success rate check (L7 metric)     | :heavy_minus_sign: | :heavy_minus_sign: |
+| Request duration check (L7 metric)         | :heavy_minus_sign: | :heavy_minus_sign: |
+| Custom metric checks                       | :heavy_check_mark: | :heavy_check_mark: |
 
-For all [Gateway API](https://gateway-api.sigs.k8s.io/) implementations like
-[Contour](https://projectcontour.io/guides/gateway-api/) or
-[Istio](https://istio.io/latest/docs/tasks/traffic-management/ingress/gateway-api/)
-and [SMI](https://smi-spec.io) compatible service mesh solutions like 
-[Nginx Service Mesh](https://docs.nginx.com/nginx-service-mesh/),
-[Prometheus MetricTemplates](https://docs.flagger.app/usage/metrics#prometheus)
+For all the [Gateway API](https://gateway-api.sigs.k8s.io/) compatible ingress controllers and service meshes,
+the [Prometheus MetricTemplates](https://docs.flagger.app/usage/metrics#prometheus)
 can be used to implement the request success rate and request duration checks.
 
 ### Roadmap
 
-#### [GitOps Toolkit](https://github.com/fluxcd/flux2) compatibility
+#### [GitOps Toolkit](https://fluxcd.io/flux/components/) compatibility
 
 - Migrate Flagger to Kubernetes controller-runtime and [kubebuilder](https://github.com/kubernetes-sigs/kubebuilder)
 - Make the Canary status compatible with [kstatus](https://github.com/kubernetes-sigs/cli-utils)
@@ -241,8 +226,7 @@ can be used to implement the request success rate and request duration checks.
 
 #### Integrations
 
-- Add support for ingress controllers like HAProxy, ALB, and Apache APISIX
-- Add support for Knative Serving
+- Migrate Linkerd, Kuma and other service mesh integrations to Gateway API
 
 ### Contributing
 

artifacts/examples/appmesh-abtest.yaml

@@ -1,62 +0,0 @@
-apiVersion: flagger.app/v1beta1
-kind: Canary
-metadata:
-  name: podinfo
-  namespace: test
-spec:
-  provider: appmesh
-  progressDeadlineSeconds: 600
-  targetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: podinfo
-  autoscalerRef:
-    apiVersion: autoscaling/v2beta1
-    kind: HorizontalPodAutoscaler
-    name: podinfo
-  service:
-    port: 80
-    targetPort: 9898
-    meshName: global
-    retries:
-      attempts: 3
-      perTryTimeout: 5s
-      retryOn: "gateway-error,client-error,stream-error"
-    timeout: 35s
-    match:
-      - uri:
-          prefix: /
-    rewrite:
-      uri: /
-  analysis:
-    interval: 15s
-    threshold: 10
-    iterations: 10
-    match:
-    - headers:
-        x-canary:
-          exact: "insider"
-    metrics:
-    - name: request-success-rate
-      thresholdRange:
-        min: 99
-      interval: 1m
-    - name: request-duration
-      thresholdRange:
-        max: 500
-      interval: 30s
-    webhooks:
-    - name: conformance-test
-      type: pre-rollout
-      url: http://flagger-loadtester.test/
-      timeout: 15s
-      metadata:
-        type: "bash"
-        cmd: "curl -sd 'test' http://podinfo-canary.test/token | grep token"
-    - name: load-test
-      type: rollout
-      url: http://flagger-loadtester.test/
-      timeout: 5s
-      metadata:
-        type: cmd
-        cmd: "hey -z 1m -q 10 -c 2 -H 'X-Canary: insider' http://podinfo-canary.test/"

artifacts/examples/appmesh-canary.yaml

@@ -1,59 +0,0 @@
-apiVersion: flagger.app/v1beta1
-kind: Canary
-metadata:
-  name: podinfo
-  namespace: test
-spec:
-  provider: appmesh
-  progressDeadlineSeconds: 600
-  targetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: podinfo
-  autoscalerRef:
-    apiVersion: autoscaling/v2beta1
-    kind: HorizontalPodAutoscaler
-    name: podinfo
-  service:
-    port: 80
-    targetPort: http
-    meshName: global
-    retries:
-      attempts: 3
-      perTryTimeout: 5s
-      retryOn: "gateway-error,client-error,stream-error"
-    timeout: 35s
-    match:
-      - uri:
-          prefix: /
-    rewrite:
-      uri: /
-  analysis:
-    interval: 15s
-    threshold: 10
-    maxWeight: 50
-    stepWeight: 5
-    metrics:
-    - name: request-success-rate
-      thresholdRange:
-        min: 99
-      interval: 1m
-    - name: request-duration
-      thresholdRange:
-        max: 500
-      interval: 30s
-    webhooks:
-    - name: conformance-test
-      type: pre-rollout
-      url: http://flagger-loadtester.test/
-      timeout: 15s
-      metadata:
-        type: "bash"
-        cmd: "curl -sd 'test' http://podinfo-canary.test/token | grep token"
-    - name: load-test
-      type: rollout
-      url: http://flagger-loadtester.test/
-      timeout: 5s
-      metadata:
-        type: cmd
-        cmd: "hey -z 1m -q 10 -c 2 http://podinfo-canary.test/"

artifacts/examples/istio-abtest.yaml

@@ -10,7 +10,7 @@ spec:
     kind: Deployment
     name: podinfo
   autoscalerRef:
-    apiVersion: autoscaling/v2beta1
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:
@@ -20,7 +20,7 @@ spec:
     portName: http
     portDiscovery: true
     gateways:
-      - public-gateway.istio-system.svc.cluster.local
+      - istio-system/public-gateway
       - mesh
     hosts:
       - app.example.com

artifacts/examples/istio-canary.yaml

@@ -11,7 +11,7 @@ spec:
     kind: Deployment
     name: podinfo
   autoscalerRef:
-    apiVersion: autoscaling/v2beta1
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:
@@ -21,7 +21,7 @@ spec:
     portName: http
     portDiscovery: true
     gateways:
-    - public-gateway.istio-system.svc.cluster.local
+    - istio-system/public-gateway
     - mesh
     hosts:
     - app.example.com

artifacts/examples/linkerd-canary-steps.yaml

@@ -11,7 +11,7 @@ spec:
     kind: Deployment
     name: podinfo
   autoscalerRef:
-    apiVersion: autoscaling/v2beta1
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:

artifacts/examples/linkerd-canary.yaml

@@ -11,7 +11,7 @@ spec:
     kind: Deployment
     name: podinfo
   autoscalerRef:
-    apiVersion: autoscaling/v2beta1
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:

artifacts/examples/osm-canary-steps.yaml

@@ -1,42 +0,0 @@
-apiVersion: flagger.app/v1beta1
-kind: Canary
-metadata:
-  name: podinfo
-  namespace: test
-spec:
-  provider: osm
-  targetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: podinfo
-  progressDeadlineSeconds: 600
-  service:
-    port: 9898
-    targetPort: 9898
-  analysis:
-    interval: 15s
-    threshold: 10
-    stepWeights: [5, 10, 15, 20, 25, 30, 35, 40, 45, 50, 55]
-    metrics:
-    - name: request-success-rate
-      thresholdRange:
-        min: 99
-      interval: 1m
-    - name: request-duration
-      thresholdRange:
-        max: 500
-      interval: 30s
-    webhooks:
-      - name: acceptance-test
-        type: pre-rollout
-        url: http://flagger-loadtester.test/
-        timeout: 15s
-        metadata:
-          type: bash
-          cmd: "curl -sd 'test' http://podinfo-canary.test:9898/token | grep token"
-      - name: load-test
-        type: rollout
-        url: http://flagger-loadtester.test/
-        timeout: 5s
-        metadata:
-          cmd: "hey -z 1m -q 10 -c 2 http://podinfo-canary.test:9898/"

artifacts/examples/osm-canary.yaml

@@ -1,43 +0,0 @@
-apiVersion: flagger.app/v1beta1
-kind: Canary
-metadata:
-  name: podinfo
-  namespace: test
-spec:
-  provider: osm
-  targetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: podinfo
-  progressDeadlineSeconds: 600
-  service:
-    port: 9898
-    targetPort: 9898
-  analysis:
-    interval: 15s
-    threshold: 10
-    maxWeight: 50
-    stepWeight: 5
-    metrics:
-    - name: request-success-rate
-      thresholdRange:
-        min: 99
-      interval: 1m
-    - name: request-duration
-      thresholdRange:
-        max: 500
-      interval: 30s
-    webhooks:
-      - name: acceptance-test
-        type: pre-rollout
-        url: http://flagger-loadtester.test/
-        timeout: 15s
-        metadata:
-          type: bash
-          cmd: "curl -sd 'test' http://podinfo-canary.test:9898/token | grep token"
-      - name: load-test
-        type: rollout
-        url: http://flagger-loadtester.test/
-        timeout: 5s
-        metadata:
-          cmd: "hey -z 1m -q 10 -c 2 http://podinfo-canary.test:9898/"

artifacts/flagger/account.yaml

@@ -239,6 +239,18 @@ rules:
       - update
       - patch
       - delete
+  - apiGroups:
+      - apisix.apache.org
+    resources:
+      - apisixroutes
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
   - nonResourceURLs:
       - /version
     verbs:

artifacts/flagger/crd.yaml

@@ -27,6 +27,10 @@ spec:
         - name: Weight
           type: string
           jsonPath: .status.canaryWeight
+        - name: Suspended
+          type: boolean
+          jsonPath: .spec.suspend
+          priority: 1
         - name: FailedChecks
           type: string
           jsonPath: .status.failedChecks
@@ -76,7 +80,6 @@ spec:
               type: object
               required:
                 - targetRef
-                - service
                 - analysis
               properties:
                 provider:
@@ -121,6 +124,15 @@ spec:
                       type: object
                       additionalProperties:
                         type: string
+                    primaryScalerReplicas:
+                      type: object
+                      properties:
+                        minReplicas:
+                          type: integer
+                          minimum: 1
+                        maxReplicas:
+                          type: integer
+                          minimum: 1
                 ingressRef:
                   description: Ingress selector
                   type: object
@@ -134,6 +146,19 @@ spec:
                         - Ingress
                     name:
                       type: string
+                routeRef:
+                  description: APISIX route selector
+                  type: object
+                  required: [ "apiVersion", "kind", "name" ]
+                  properties:
+                    apiVersion:
+                      type: string
+                    kind:
+                      type: string
+                      enum:
+                        - ApisixRoute
+                    name:
+                      type: string
                 upstreamRef:
                   description: Gloo Upstream selector
                   type: object
@@ -166,11 +191,21 @@ spec:
                     appProtocol:
                       description: Application protocol of the port
                       type: string
+                    trafficDistribution:
+                      description: Traffic distribution of the service
+                      type: string
+                      enum:
+                        - PreferClose
+                        - PreferSameZone
+                        - PreferSameNode
                     targetPort:
                       description: Container target port name
                       x-kubernetes-int-or-string: true
                     portDiscovery:
-                      description: Enable port dicovery
+                      description: Enable port discovery
+                      type: boolean
+                    headless:
+                      description: Headless if set to true, generates headless Kubernetes services.
                       type: boolean
                     timeout:
                       description: HTTP or gRPC request timeout
@@ -458,6 +493,54 @@ spec:
                         uri:
                           format: string
                           type: string
+                        authority:
+                          format: string
+                          type: string
+                        type:
+                          format: string
+                          type: string
+                    mirror:
+                      description: Mirror defines a schema for a filter that mirrors requests.
+                      type: array
+                      items:
+                        type: object
+                        properties:
+                          backendRef:
+                            properties:
+                              group:
+                                default: ""
+                                maxLength: 253
+                                pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                                type: string
+                              kind:
+                                default: Service
+                                maxLength: 63
+                                minLength: 1
+                                pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+                                type: string
+                              name:
+                                maxLength: 253
+                                minLength: 1
+                                type: string
+                              namespace:
+                                maxLength: 63
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+                                type: string
+                              port:
+                                format: int32
+                                maximum: 65535
+                                minimum: 1
+                                type: integer
+                            required:
+                            - name
+                            type: object
+                            x-kubernetes-validations:
+                            - message: Must have port for Service reference
+                              rule: '(size(self.group) == 0 && self.kind == ''Service'')
+                                ? has(self.port) : true'
+                      required:
+                      - backendRef
                     headers:
                       description: Headers operations
                       type: object
@@ -537,6 +620,11 @@ spec:
                             minLength: 1
                             pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                             type: string
+                          port:
+                            format: int32
+                            maximum: 65535
+                            minimum: 1
+                            type: integer
                     corsPolicy:
                       description: Istio Cross-Origin Resource Sharing policy (CORS)
                       type: object
@@ -727,6 +815,10 @@ spec:
                                 - LEAST_CONN
                                 - RANDOM
                                 - PASSTHROUGH
+                                - LEAST_REQUEST
+                              type: string
+                            warmupDurationSecs:
+                              description: Represents the warmup duration of Service.
                               type: string
                         outlierDetection:
                           description: Settings controlling eviction of unhealthy hosts from the load balancing pool.
@@ -824,12 +916,27 @@ spec:
                           type: object
                           additionalProperties:
                             type: string
+                    unmanagedMetadata:
+                      description: UnmanagedMetadata is a list of metadata keys that should be ignored by Flagger.
+                      type: object
+                      properties:
+                        annotations:
+                          type: array
+                          items:
+                            type: string
+                        labels:
+                          type: array
+                          items:
+                            type: string
                 skipAnalysis:
                   description: Skip analysis and promote canary
                   type: boolean
                 revertOnDeletion:
                   description: Revert mutated resources to original spec on deletion
                   type: boolean
+                suspend:
+                  description: Suspend Canary disabling/pausing all canary runs
+                  type: boolean
                 analysis:
                   description: Canary analysis for this canary
                   type: object
@@ -903,6 +1010,34 @@ spec:
                                   description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)
                                   format: string
                                   type: string
+                          queryParams:
+                            description: Query parameters for matching.
+                            type: object
+                            additionalProperties:
+                              oneOf:
+                              - not:
+                                  anyOf:
+                                  - required:
+                                    - exact
+                                  - required:
+                                    - prefix
+                                  - required:
+                                    - regex
+                              - required:
+                                - exact
+                              - required:
+                                - prefix
+                              - required:
+                                - regex
+                              properties:
+                                exact:
+                                  type: string
+                                prefix:
+                                  type: string
+                                regex:
+                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
+                                  type: string
+                              type: object
                           sourceLabels:
                             description: Applicable only when the 'mesh' gateway is included in the service.gateways list
                             type: object
@@ -950,6 +1085,11 @@ spec:
                               namespace:
                                 description: Namespace of this metric template
                                 type: string
+                          templateVariables:
+                            description: Additional variables to be used in the metrics query (key-value pairs)
+                            type: object
+                            additionalProperties:
+                              type: string
                     alerts:
                       description: Alert list for this canary analysis
                       type: array
@@ -1015,6 +1155,12 @@ spec:
                             description: Request timeout for this webhook
                             type: string
                             pattern: "^[0-9]+(m|s)"
+                          retries:
+                            description: Number of retries for this webhook
+                            type: number
+                          disableTLS:
+                            description: Disable TLS verification for this webhook
+                            type: boolean
                           metadata:
                             description: Metadata (key-value pairs) for this webhook
                             type: object
@@ -1028,10 +1174,35 @@ spec:
                         cookieName:
                           description: CookieName is the key that will be used for the session affinity cookie.
                           type: string
+                        primaryCookieName:
+                          description: CookieName is the key that will be used for the session affinity cookie.
+                          type: string
+                        domain:
+                          description: Domain defines the host to which the cookie will be sent.
+                          type: string
+                        httpOnly:
+                          description: HttpOnly forbids JavaScript from accessing the cookie, for example, through the Document.cookie property.
+                          type: boolean
                         maxAge:
                           description: MaxAge indicates the number of seconds until the session affinity cookie will expire.
                           default: 86400
                           type: number
+                        partitioned:
+                          description: Partitioned indicates that the cookie should be stored using partitioned storage.
+                          type: boolean
+                        path:
+                          description: Path indicates the path that must exist in the requested URL for the browser to send the Cookie header.
+                          type: string
+                        sameSite:
+                          description: SameSite controls whether or not a cookie is sent with cross-site requests.
+                          type: string
+                          enum:
+                            - Strict
+                            - Lax
+                            - None
+                        secure:
+                          description: "Secure indicates that the cookie is sent to the server only when a request is made with the https: scheme (except on localhost)"
+                          type: boolean
             status:
               description: CanaryStatus defines the observed state of a canary.
               type: object
@@ -1178,9 +1349,18 @@ spec:
                         - newrelic
                         - graphite
                         - dynatrace
+                        - keptn
+                        - splunk
                     address:
                       description: API address of this provider
                       type: string
+                    headers:
+                      description: Headers to add to HTTP(S) requests
+                      type: object
+                      additionalProperties:
+                        type: array
+                        items:
+                          type: string
                     secretRef:
                       description: Kubernetes secret reference containing the provider credentials
                       type: object

artifacts/flagger/deployment.yaml

@@ -22,7 +22,7 @@ spec:
       serviceAccountName: flagger
       containers:
       - name: flagger
-        image: ghcr.io/fluxcd/flagger:1.26.0
+        image: ghcr.io/fluxcd/flagger:1.42.0
         imagePullPolicy: IfNotPresent
         ports:
         - name: http

charts/flagger/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 name: flagger
-version: 1.26.0
-appVersion: 1.26.0
+version: 1.42.0
+appVersion: 1.42.0
 kubeVersion: ">=1.19.0-0"
 engine: gotpl
 description: Flagger is a progressive delivery operator for Kubernetes
@@ -19,7 +19,6 @@ keywords:
   - appmesh
   - linkerd
   - kuma
-  - osm
   - smi
   - gloo
   - contour

charts/flagger/README.md

@@ -40,10 +40,13 @@ $ helm upgrade -i flagger flagger/flagger \
 To install Flagger for **Linkerd** (requires Linkerd Viz extension):
 
 ```console
+# Note that linkerdAuthPolicy.create=true is only required for Linkerd 2.12 and
+# later
 $ helm upgrade -i flagger flagger/flagger \
-    --namespace=linkerd \
+    --namespace=flagger-system \
     --set meshProvider=linkerd \
-    --set metricsServer=http://prometheus.linkerd-viz:9090
+    --set metricsServer=http://prometheus.linkerd-viz:9090 \
+    --set linkerdAuthPolicy.create=true
 ```
 
 To install Flagger for **AWS App Mesh**:
@@ -56,15 +59,6 @@ $ helm upgrade -i flagger flagger/flagger \
 ```
 
 
-To install Flagger for **Open Service Mesh** (requires OSM to have been installed with Prometheus):
-
-```console
-$ helm upgrade -i flagger flagger/flagger \
-    --namespace=osm-system \
-    --set meshProvider=osm \
-    --set metricsServer=http://osm-prometheus.osm-system.svc:7070
-```
-
 To install Flagger for **Kuma Service Mesh** (requires Kuma to have been installed with Prometheus):
 
 ```console
@@ -111,6 +105,15 @@ $ helm upgrade -i flagger flagger/flagger \
     --set meshProvider=traefik
 ```
 
+If you need to add labels to the flagger deployment or pods, you can pass the labels as parameters as shown below.
+
+```console
+helm upgrade -i flagger flagger/flagger \
+<other parameters> \
+--set podLabels.<labelName>=<labelValue> \
+--set deploymentLabels.<labelName>=<labelValue> 
+```
+
 The [configuration](#configuration) section lists the parameters that can be configured during installation.
 
 ## Uninstalling the Chart
@@ -137,6 +140,10 @@ The following tables lists the configurable parameters of the Flagger chart and
 | `prometheus.install`                 | If `true`, installs Prometheus configured to scrape all pods in the custer                                                                         | `false`                               |
 | `prometheus.retention`               | Prometheus data retention                                                                                                                          | `2h`                                  |
 | `selectorLabels`                     | List of labels that Flagger uses to create pod selectors                                                                                           | `app,name,app.kubernetes.io/name`     |
+| `serviceMonitor.enabled`             | If `true`, creates service and serviceMonitor for monitoring Flagger metrics                                                                       | `false`                               |
+| `serviceMonitor.honorLabels`         | If `true`, label conflicts are resolved by keeping label values from the scraped data and ignoring the conflicting server-side labels              | `false`                               |
+| `serviceMonitor.namespace`           | Namespace Servicemonitor is installed in                                                                                                           | the same namespace                    |
+| `serviceMonitor.labels`              | labels for the ServiceMonitor passed to Prometheus Operator                                                                                        | `{}`                                  |
 | `configTracking.enabled`             | If `true`, flagger will track changes in Secrets and ConfigMaps referenced in the target deployment                                                | `true`                                |
 | `eventWebhook`                       | If set, Flagger will publish events to the given webhook                                                                                           | None                                  |
 | `slack.url`                          | Slack incoming webhook                                                                                                                             | None                                  |
@@ -150,6 +157,7 @@ The following tables lists the configurable parameters of the Flagger chart and
 | `podMonitor.namespace`               | Namespace where the PodMonitor is created                                                                                                          | the same namespace                    |
 | `podMonitor.interval`                | Interval at which metrics should be scraped                                                                                                        | `15s`                                 |
 | `podMonitor.podMonitor`              | Additional labels to add to the PodMonitor                                                                                                         | `{}`                                  |
+| `podMonitor.honorLabels`             | If `true`, label conflicts are resolved by keeping label values from the scraped data and ignoring the conflicting server-side labels              | `false`                               |
 | `leaderElection.enabled`             | If `true`, Flagger will run in HA mode                                                                                                             | `false`                               |
 | `leaderElection.replicaCount`        | Number of replicas                                                                                                                                 | `1`                                   |
 | `serviceAccount.create`              | If `true`, Flagger will create service account                                                                                                     | `true`                                |
@@ -164,7 +172,7 @@ The following tables lists the configurable parameters of the Flagger chart and
 | `resources.requests/memory`          | Pod memory request                                                                                                                                 | `32Mi`                                |
 | `resources.limits/cpu`               | Pod CPU limit                                                                                                                                      | `1000m`                               |
 | `resources.limits/memory`            | Pod memory limit                                                                                                                                   | `512Mi`                               |
-| `affinity`                           | Node/pod affinities                                                                                                                                | None                                  |
+| `affinity`                           | Node/pod affinities                                                                                                                                | prefer spread across hosts            |
 | `nodeSelector`                       | Node labels for pod assignment                                                                                                                     | `{}`                                  |
 | `threadiness`                        | Number of controller workers                                                                                                                       | `2`                                   |
 | `tolerations`                        | List of node taints to tolerate                                                                                                                    | `[]`                                  |
@@ -177,7 +185,9 @@ The following tables lists the configurable parameters of the Flagger chart and
 | `podDisruptionBudget.minAvailable`   | The minimal number of available replicas that will be set in the PodDisruptionBudget                                                               | `1`                                   |
 | `podDisruptionBudget.minAvailable`   | The minimal number of available replicas that will be set in the PodDisruptionBudget                                                               | `1`                                   |
 | `noCrossNamespaceRefs`               | If `true`, cross namespace references to custom resources will be disabled                                                                         | `false`                               |
-| `namespace`                          | When specified, Flagger will restrict itself to watching Canary objects from that namespace                                                                   | `""`                                  |
+| `namespace`                          | When specified, Flagger will restrict itself to watching Canary objects from that namespace                                                        | `""`                                  |
+| `deploymentLabels`                   | Labels to add to Flagger deployment                                                                                                                | `{}`                                  |
+| `podLabels`                          | Labels to add to pods of Flagger deployment                                                                                                        | `{}`                                  |
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade`. For example,
 

charts/flagger/crds/crd.yaml

@@ -27,6 +27,10 @@ spec:
         - name: Weight
           type: string
           jsonPath: .status.canaryWeight
+        - name: Suspended
+          type: boolean
+          jsonPath: .spec.suspend
+          priority: 1
         - name: FailedChecks
           type: string
           jsonPath: .status.failedChecks
@@ -76,7 +80,6 @@ spec:
               type: object
               required:
                 - targetRef
-                - service
                 - analysis
               properties:
                 provider:
@@ -121,6 +124,15 @@ spec:
                       type: object
                       additionalProperties:
                         type: string
+                    primaryScalerReplicas:
+                      type: object
+                      properties:
+                        minReplicas:
+                          type: integer
+                          minimum: 1
+                        maxReplicas:
+                          type: integer
+                          minimum: 1
                 ingressRef:
                   description: Ingress selector
                   type: object
@@ -134,6 +146,19 @@ spec:
                         - Ingress
                     name:
                       type: string
+                routeRef:
+                  description: APISIX route selector
+                  type: object
+                  required: [ "apiVersion", "kind", "name" ]
+                  properties:
+                    apiVersion:
+                      type: string
+                    kind:
+                      type: string
+                      enum:
+                        - ApisixRoute
+                    name:
+                      type: string
                 upstreamRef:
                   description: Gloo Upstream selector
                   type: object
@@ -166,11 +191,21 @@ spec:
                     appProtocol:
                       description: Application protocol of the port
                       type: string
+                    trafficDistribution:
+                      description: Traffic distribution of the service
+                      type: string
+                      enum:
+                        - PreferClose
+                        - PreferSameZone
+                        - PreferSameNode
                     targetPort:
                       description: Container target port name
                       x-kubernetes-int-or-string: true
                     portDiscovery:
-                      description: Enable port dicovery
+                      description: Enable port discovery
+                      type: boolean
+                    headless:
+                      description: Headless if set to true, generates headless Kubernetes services.
                       type: boolean
                     timeout:
                       description: HTTP or gRPC request timeout
@@ -458,6 +493,54 @@ spec:
                         uri:
                           format: string
                           type: string
+                        authority:
+                          format: string
+                          type: string
+                        type:
+                          format: string
+                          type: string
+                    mirror:
+                      description: Mirror defines a schema for a filter that mirrors requests.
+                      type: array
+                      items:
+                        type: object
+                        properties:
+                          backendRef:
+                            properties:
+                              group:
+                                default: ""
+                                maxLength: 253
+                                pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                                type: string
+                              kind:
+                                default: Service
+                                maxLength: 63
+                                minLength: 1
+                                pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+                                type: string
+                              name:
+                                maxLength: 253
+                                minLength: 1
+                                type: string
+                              namespace:
+                                maxLength: 63
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+                                type: string
+                              port:
+                                format: int32
+                                maximum: 65535
+                                minimum: 1
+                                type: integer
+                            required:
+                            - name
+                            type: object
+                            x-kubernetes-validations:
+                            - message: Must have port for Service reference
+                              rule: '(size(self.group) == 0 && self.kind == ''Service'')
+                                ? has(self.port) : true'
+                      required:
+                      - backendRef
                     headers:
                       description: Headers operations
                       type: object
@@ -537,6 +620,11 @@ spec:
                             minLength: 1
                             pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                             type: string
+                          port:
+                            format: int32
+                            maximum: 65535
+                            minimum: 1
+                            type: integer
                     corsPolicy:
                       description: Istio Cross-Origin Resource Sharing policy (CORS)
                       type: object
@@ -727,6 +815,10 @@ spec:
                                 - LEAST_CONN
                                 - RANDOM
                                 - PASSTHROUGH
+                                - LEAST_REQUEST
+                              type: string
+                            warmupDurationSecs:
+                              description: Represents the warmup duration of Service.
                               type: string
                         outlierDetection:
                           description: Settings controlling eviction of unhealthy hosts from the load balancing pool.
@@ -824,12 +916,27 @@ spec:
                           type: object
                           additionalProperties:
                             type: string
+                    unmanagedMetadata:
+                      description: UnmanagedMetadata is a list of metadata keys that should be ignored by Flagger.
+                      type: object
+                      properties:
+                        annotations:
+                          type: array
+                          items:
+                            type: string
+                        labels:
+                          type: array
+                          items:
+                            type: string
                 skipAnalysis:
                   description: Skip analysis and promote canary
                   type: boolean
                 revertOnDeletion:
                   description: Revert mutated resources to original spec on deletion
                   type: boolean
+                suspend:
+                  description: Suspend Canary disabling/pausing all canary runs
+                  type: boolean
                 analysis:
                   description: Canary analysis for this canary
                   type: object
@@ -903,6 +1010,34 @@ spec:
                                   description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)
                                   format: string
                                   type: string
+                          queryParams:
+                            description: Query parameters for matching.
+                            type: object
+                            additionalProperties:
+                              oneOf:
+                              - not:
+                                  anyOf:
+                                  - required:
+                                    - exact
+                                  - required:
+                                    - prefix
+                                  - required:
+                                    - regex
+                              - required:
+                                - exact
+                              - required:
+                                - prefix
+                              - required:
+                                - regex
+                              properties:
+                                exact:
+                                  type: string
+                                prefix:
+                                  type: string
+                                regex:
+                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
+                                  type: string
+                              type: object
                           sourceLabels:
                             description: Applicable only when the 'mesh' gateway is included in the service.gateways list
                             type: object
@@ -950,6 +1085,11 @@ spec:
                               namespace:
                                 description: Namespace of this metric template
                                 type: string
+                          templateVariables:
+                            description: Additional variables to be used in the metrics query (key-value pairs)
+                            type: object
+                            additionalProperties:
+                              type: string
                     alerts:
                       description: Alert list for this canary analysis
                       type: array
@@ -1015,6 +1155,12 @@ spec:
                             description: Request timeout for this webhook
                             type: string
                             pattern: "^[0-9]+(m|s)"
+                          retries:
+                            description: Number of retries for this webhook
+                            type: number
+                          disableTLS:
+                            description: Disable TLS verification for this webhook
+                            type: boolean
                           metadata:
                             description: Metadata (key-value pairs) for this webhook
                             type: object
@@ -1028,10 +1174,35 @@ spec:
                         cookieName:
                           description: CookieName is the key that will be used for the session affinity cookie.
                           type: string
+                        primaryCookieName:
+                          description: CookieName is the key that will be used for the session affinity cookie.
+                          type: string
+                        domain:
+                          description: Domain defines the host to which the cookie will be sent.
+                          type: string
+                        httpOnly:
+                          description: HttpOnly forbids JavaScript from accessing the cookie, for example, through the Document.cookie property.
+                          type: boolean
                         maxAge:
                           description: MaxAge indicates the number of seconds until the session affinity cookie will expire.
                           default: 86400
                           type: number
+                        partitioned:
+                          description: Partitioned indicates that the cookie should be stored using partitioned storage.
+                          type: boolean
+                        path:
+                          description: Path indicates the path that must exist in the requested URL for the browser to send the Cookie header.
+                          type: string
+                        sameSite:
+                          description: SameSite controls whether or not a cookie is sent with cross-site requests.
+                          type: string
+                          enum:
+                            - Strict
+                            - Lax
+                            - None
+                        secure:
+                          description: "Secure indicates that the cookie is sent to the server only when a request is made with the https: scheme (except on localhost)"
+                          type: boolean
             status:
               description: CanaryStatus defines the observed state of a canary.
               type: object
@@ -1178,9 +1349,18 @@ spec:
                         - newrelic
                         - graphite
                         - dynatrace
+                        - keptn
+                        - splunk
                     address:
                       description: API address of this provider
                       type: string
+                    headers:
+                      description: Headers to add to HTTP(S) requests
+                      type: object
+                      additionalProperties:
+                        type: array
+                        items:
+                          type: string
                     secretRef:
                       description: Kubernetes secret reference containing the provider credentials
                       type: object

charts/flagger/templates/account.yaml

@@ -3,8 +3,9 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ template "flagger.serviceAccountName" . }}
-  annotations:
+  namespace: {{ .Release.Namespace }}
   {{- if .Values.serviceAccount.annotations }}
+  annotations:
 {{ toYaml .Values.serviceAccount.annotations | indent 4 }}
   {{- end }}
   labels:

charts/flagger/templates/authorizationpolicy.yaml

@@ -0,0 +1,16 @@
+{{- if .Values.linkerdAuthPolicy.create }}
+apiVersion: policy.linkerd.io/v1alpha1
+kind: AuthorizationPolicy
+metadata:
+  namespace: {{ .Values.linkerdAuthPolicy.namespace }}
+  name: prometheus-admin-flagger
+spec:
+  targetRef:
+    group: policy.linkerd.io
+    kind: Server
+    name: prometheus-admin
+  requiredAuthenticationRefs:
+    - kind: ServiceAccount
+      name: {{ template "flagger.serviceAccountName" . }}
+      namespace: {{ .Release.Namespace }}
+{{- end }}

charts/flagger/templates/deployment.yaml

@@ -2,12 +2,22 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "flagger.fullname" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
     helm.sh/chart: {{ template "flagger.chart" . }}
     app.kubernetes.io/name: {{ template "flagger.name" . }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
+  {{- if .Values.deploymentLabels }}
+  {{- range $key, $value := .Values.deploymentLabels }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
+  {{- end }}
+  {{- with .Values.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   replicas: {{ .Values.leaderElection.replicaCount }}
   {{- if eq .Values.leaderElection.enabled false }}
@@ -35,25 +45,22 @@ spec:
         {{- end }}
     spec:
       serviceAccountName: {{ template "flagger.serviceAccountName" . }}
+      {{- if .Values.affinity }}
       affinity:
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-            - weight: 100
-              podAffinityTerm:
-                labelSelector:
-                  matchLabels:
-                    app.kubernetes.io/name: {{ template "flagger.name" . }}
-                    app.kubernetes.io/instance: {{ .Release.Name }}
-                topologyKey: kubernetes.io/hostname
+        {{- tpl (toYaml .Values.affinity) . | nindent 8 }}
+      {{- end }}
       {{- if .Values.image.pullSecret }}
       imagePullSecrets:
         - name: {{ .Values.image.pullSecret }}
       {{- end }}
+      {{- if .Values.controlplane.kubeconfig.secretName }}
       volumes:
-        {{- if .Values.controlplane.kubeconfig.secretName }}
         - name: kubeconfig
           secret:
             secretName: "{{ .Values.controlplane.kubeconfig.secretName }}"
+      {{- end }}
+        {{- if .Values.additionalVolumes }}
+          {{- toYaml .Values.additionalVolumes | nindent 8 -}}
         {{- end }}
       {{- if .Values.podPriorityClassName }}
       priorityClassName: {{ .Values.podPriorityClassName }}
@@ -64,11 +71,11 @@ spec:
           securityContext:
 {{ toYaml .Values.securityContext.context | indent 12 }}
           {{- end }}
+          {{- if .Values.controlplane.kubeconfig.secretName }}
           volumeMounts:
-            {{- if .Values.controlplane.kubeconfig.secretName }}
             - name: kubeconfig
               mountPath: "/tmp/controlplane"
-            {{- end }}
+          {{- end }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:

charts/flagger/templates/pdb.yaml

@@ -1,8 +1,13 @@
 {{- if .Values.podDisruptionBudget.enabled }}
+{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" -}}
+apiVersion: policy/v1
+{{- else }}
 apiVersion: policy/v1beta1
+{{- end }}
 kind: PodDisruptionBudget
 metadata:
   name: {{ template "flagger.name" . }}
+  namespace: {{ .Release.Namespace }}
 spec:
   minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
   selector:

charts/flagger/templates/podmonitor.yaml

@@ -17,6 +17,7 @@ spec:
   - interval: {{ .Values.podMonitor.interval }}
     path: /metrics
     port: http
+    honorLabels: {{ .Values.podMonitor.honorLabels }}
   namespaceSelector:
     matchNames:
     - {{ .Release.Namespace }}

charts/flagger/templates/psp.yaml

@@ -50,6 +50,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: {{ template "flagger.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
   labels:
     helm.sh/chart: {{ template "flagger.chart" . }}
     app.kubernetes.io/name: {{ template "flagger.name" . }}

charts/flagger/templates/rbac.yaml

@@ -197,7 +197,7 @@ rules:
       - patch
       - delete
   - apiGroups:
-    - traefik.containo.us
+    - traefik.io 
     resources:
     - traefikservices
     verbs:
@@ -247,10 +247,48 @@ rules:
       - update
       - patch
       - delete
+  - apiGroups:
+      - apisix.apache.org
+    resources:
+      - apisixroutes
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - metrics.keptn.sh
+    resources:
+      - keptnmetrics
+      - analyses
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
   - nonResourceURLs:
       - /version
     verbs:
       - get
+  - apiGroups:
+      - serving.knative.dev
+    resources:
+      - services
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - serving.knative.dev
+    resources:
+      - revisions
+    verbs:
+      - get
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding

charts/flagger/templates/service.yaml

@@ -0,0 +1,19 @@
+{{- if .Values.serviceMonitor.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "flagger.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ template "flagger.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  ports:
+    - name: http
+      port: 8080
+      targetPort: http
+      protocol: TCP
+  selector:
+    app.kubernetes.io/name: {{ template "flagger.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/flagger/templates/servicemonitor.yaml

@@ -0,0 +1,29 @@
+{{- if .Values.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "flagger.name" . }}
+{{- if .Values.serviceMonitor.namespace }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
+  labels:
+    app.kubernetes.io/name: {{ template "flagger.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- with .Values.serviceMonitor.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  endpoints:
+    - path: /metrics
+      port: http
+      interval: 30s
+      scrapeTimeout: 30s
+      honorLabels: {{ .Values.serviceMonitor.honorLabels }}
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "flagger.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/flagger/values.yaml

@@ -1,8 +1,11 @@
 # Default values for flagger.
 
+## Deployment annotations
+# annotations: {}
+
 image:
   repository: ghcr.io/fluxcd/flagger
-  tag: 1.26.0
+  tag: 1.42.0
   pullPolicy: IfNotPresent
   pullSecret:
 
@@ -13,13 +16,23 @@ podAnnotations:
   prometheus.io/scrape: "true"
   prometheus.io/port: "8080"
   appmesh.k8s.aws/sidecarInjectorWebhook: disabled
+  linkerd.io/inject: enabled
 
 # priority class name for pod priority configuration
 podPriorityClassName: ""
 
 metricsServer: "http://prometheus:9090"
 
-# accepted values are kubernetes, istio, linkerd, appmesh, contour, nginx, gloo, skipper, traefik, osm
+# creates serviceMonitor for monitoring Flagger metrics
+serviceMonitor:
+  enabled: false
+  honorLabels: false
+  # Set the namespace the ServiceMonitor should be deployed
+  # namespace: monitoring
+  # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
+  # labels:
+
+# accepted values are kubernetes, istio, linkerd, appmesh, contour, nginx, gloo, skipper, traefik, apisix
 meshProvider: ""
 
 # single namespace restriction
@@ -69,6 +82,7 @@ podMonitor:
   namespace:
   interval: 15s
   additionalLabels: {}
+  honorLabels: false
 
 #env:
 #- name: SLACK_URL
@@ -120,6 +134,13 @@ crd:
   # crd.create: `true` if custom resource definitions should be created
   create: false
 
+linkerdAuthPolicy:
+  # linkerdAuthPolicy.create: Whether to create an AuthorizationPolicy in
+  # linkerd viz' namespace to allow flagger to reach viz' prometheus service
+  create: false
+  # linkerdAuthPolicy.namespace: linkerd-viz' namespace
+  namespace: linkerd-viz
+
 nameOverride: ""
 fullnameOverride: ""
 
@@ -135,10 +156,21 @@ nodeSelector: {}
 
 tolerations: []
 
+affinity:
+  podAntiAffinity:
+    preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 100
+        podAffinityTerm:
+          labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: '{{ template "flagger.name" . }}'
+              app.kubernetes.io/instance: '{{ .Release.Name }}'
+          topologyKey: kubernetes.io/hostname
+
 prometheus:
   # to be used with ingress controllers
   install: false
-  image: docker.io/prom/prometheus:v2.39.1
+  image: docker.io/prom/prometheus:v2.41.0
   pullSecret:
   retention: 2h
   # when enabled, it will add a security context for the prometheus pod
@@ -163,6 +195,15 @@ podDisruptionBudget:
   enabled: false
   minAvailable: 1
 
+# Additional labels to be added to pods
 podLabels: {}
 
+# Additional labels to be added to deployments
+deploymentLabels: { }
+
 noCrossNamespaceRefs: false
+
+#Placeholder to supply additional volumes to the flagger pod
+additionalVolumes: {}
+  # - name: tmpfs
+  #   emptyDir: {}

charts/loadtester/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 name: loadtester
-version: 0.27.0
-appVersion: 0.27.0
+version: 0.36.0
+appVersion: 0.36.0
 kubeVersion: ">=1.19.0-0"
 engine: gotpl
 description: Flagger's load testing services based on rakyll/hey and bojand/ghz that generates traffic during canary analysis when configured as a webhook.
@@ -19,7 +19,6 @@ keywords:
   - appmesh
   - linkerd
   - gloo
-  - osm
   - smi
   - gitops
   - load testing

charts/loadtester/README.md

@@ -69,8 +69,10 @@ The following tables lists the configurable parameters of the load tester chart
 | `istio.tls.enabled`                | Enable TLS in gateway ( TLS secrets should be in namespace )                         | `false`                             |
 | `istio.tls.httpsRedirect`          | Redirect traffic to TLS port                                                         | `false`                             |
 | `podPriorityClassName`             | PriorityClass name for pod priority configuration                                    | ""                                  |
-| `securityContext.enabled`          | Add securityContext to container                                                     | ""                                  |
-| `securityContext.context`          | securityContext to add                                                               | ""                                  |
+| `securityContext.enabled`          | Add securityContext to container                                                     | `false`                             |
+| `SecurityContext.context`          | securityContext to add                                                               | ""                                  |
+| `podSecurityContext.enabled`       | Add securityContext to pod                                                           | `false`                             |
+| `podSecurityContext.context`       | securityContext to add                                                               | ""                                  |
 | `podDisruptionBudget.enabled`      | A PodDisruptionBudget will be created if `true`                                      | `false`                             |
 | `podDisruptionBudget.minAvailable` | The minimal number of available replicas that will be set in the PodDisruptionBudget | `1`                                 |
 

charts/loadtester/templates/deployment.yaml

@@ -24,7 +24,7 @@ spec:
         appmesh.k8s.aws/ports: "444"
         openservicemesh.io/inbound-port-exclusion-list: "80, 8080"
         {{- if .Values.podAnnotations }}
-{{ toYaml .Values.podAnnotations | indent 8 }}
+          {{- toYaml .Values.podAnnotations | nindent 8 }}
         {{- end }}
     spec:
       {{- if .Values.serviceAccountName }}
@@ -39,7 +39,7 @@ spec:
         - name: {{ .Chart.Name }}
           {{- if .Values.securityContext.enabled }}
           securityContext:
-{{ toYaml .Values.securityContext.context | indent 12 }}
+            {{- toYaml .Values.securityContext.context | nindent 12 }}
           {{- end }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
@@ -102,3 +102,7 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
     {{- end }}
+    {{- if .Values.podSecurityContext.enabled }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext.context | nindent 12 }}
+    {{- end }}

charts/loadtester/templates/istio-gw.yaml

@@ -1,5 +1,5 @@
 {{- if and (.Values.istio.enabled) (.Values.istio.gateway.enabled) }}
-apiVersion: networking.istio.io/v1alpha3
+apiVersion: networking.istio.io/v1beta1
 kind: Gateway
 metadata:
   name: {{ include "loadtester.fullname" . }}

charts/loadtester/templates/istio-vs.yaml

@@ -1,5 +1,5 @@
 {{- if .Values.istio.enabled }}
-apiVersion: networking.istio.io/v1alpha3
+apiVersion: networking.istio.io/v1beta1
 kind: VirtualService
 metadata:
   name: {{ include "loadtester.fullname" . }}

charts/loadtester/templates/pdb.yaml

@@ -1,5 +1,9 @@
 {{- if .Values.podDisruptionBudget.enabled }}
+{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" -}}
+apiVersion: policy/v1
+{{- else }}
 apiVersion: policy/v1beta1
+{{- end }}
 kind: PodDisruptionBudget
 metadata:
   name: {{ include "loadtester.fullname" . }}

charts/loadtester/templates/rbac.yaml

@@ -51,4 +51,7 @@ metadata:
     app.kubernetes.io/name: {{ template "loadtester.name" . }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/instance: {{ .Release.Name }}
+  {{- if .Values.rbac.serviceAccountAnnotations }}
+  annotations: {{ tpl (toYaml .Values.rbac.serviceAccountAnnotations) . | nindent 4 }}
+  {{- end }}
 {{- end }}

charts/loadtester/values.yaml

@@ -2,7 +2,7 @@ replicaCount: 1
 
 image:
   repository: ghcr.io/fluxcd/flagger-loadtester
-  tag: 0.27.0
+  tag: 0.36.0
   pullPolicy: IfNotPresent
   pullSecret:
 
@@ -54,6 +54,8 @@ rbac:
   #   resources: ["pods"]
   #   verbs: ["list", "get"]
   rules: []
+  # annotations to add to the service account
+  serviceAccountAnnotations: {}
 
 # name of an existing service account to use - if not creating rbac resources
 serviceAccountName: ""
@@ -89,6 +91,12 @@ securityContext:
     runAsUser: 100
     runAsGroup: 101
 
+podSecurityContext:
+  enabled: false
+  context:
+    fsGroup: 101
+    fsGroupChangePolicy: "OnRootMismatch"
+
 podDisruptionBudget:
   enabled: false
   minAvailable: 1

charts/podinfo/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
-version: 6.1.3
+version: 6.1.4
 appVersion: 6.1.3
 name: podinfo
 engine: gotpl

charts/podinfo/README.md

@@ -20,7 +20,7 @@ helm upgrade -i frontend flagger/podinfo \
 --set backend=http://backend.test:9898/echo \
 --set canary.enabled=true \
 --set canary.istioIngress.enabled=true \
---set canary.istioIngress.gateway=public-gateway.istio-system.svc.cluster.local \
+--set canary.istioIngress.gateway=istio-system/public-gateway \
 --set canary.istioIngress.host=frontend.istio.example.com
 ```
 

charts/podinfo/templates/canary.yaml

@@ -14,7 +14,7 @@ spec:
     kind: Deployment
     name:  {{ template "podinfo.fullname" . }}
   autoscalerRef:
-    apiVersion: autoscaling/v2beta1
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name:  {{ template "podinfo.fullname" . }}
   service:
@@ -57,4 +57,4 @@ spec:
         metadata:
           cmd: "hey -z 1m -q 5 -c 2 http://{{ template "podinfo.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }}"
       {{- end }}
-{{- end }}
+{{- end }}

charts/podinfo/templates/hpa.yaml

@@ -1,5 +1,5 @@
 {{- if .Values.hpa.enabled -}}
-apiVersion: autoscaling/v2beta1
+apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
   name: {{ template "podinfo.fullname" . }}
@@ -20,12 +20,16 @@ spec:
   - type: Resource
     resource:
       name: cpu
-      targetAverageUtilization: {{ .Values.hpa.cpu }}
+      target:
+        type: Utilization
+        averageUtilization: {{ .Values.hpa.cpu }}
   {{- end }}
   {{- if .Values.hpa.memory }}
   - type: Resource
     resource:
       name: memory
-      targetAverageValue: {{ .Values.hpa.memory }}
+      target:
+        type: AverageValue 
+        averageValue: {{ .Values.hpa.memory }}
   {{- end }}
 {{- end }}

charts/podinfo/values.yaml

@@ -25,7 +25,7 @@ canary:
   istioIngress:
     enabled: false
     # Istio ingress gateway name
-    gateway: public-gateway.istio-system.svc.cluster.local
+    gateway: istio-system/public-gateway
     # external host name eg. podinfo.example.com
     host:
   analysis:

cmd/flagger/main.go

@@ -51,6 +51,8 @@ import (
 	"github.com/fluxcd/flagger/pkg/server"
 	"github.com/fluxcd/flagger/pkg/signals"
 	"github.com/fluxcd/flagger/pkg/version"
+
+	knative "knative.dev/serving/pkg/client/clientset/versioned"
 )
 
 var (
@@ -110,7 +112,7 @@ func init() {
 	flag.BoolVar(&zapReplaceGlobals, "zap-replace-globals", false, "Whether to change the logging level of the global zap logger.")
 	flag.StringVar(&zapEncoding, "zap-encoding", "json", "Zap logger encoding.")
 	flag.StringVar(&namespace, "namespace", "", "Namespace that flagger would watch canary object.")
-	flag.StringVar(&meshProvider, "mesh-provider", "istio", "Service mesh provider, can be istio, linkerd, appmesh, contour, gloo, nginx, skipper, traefik, osm or kuma.")
+	flag.StringVar(&meshProvider, "mesh-provider", "istio", "Service mesh provider, can be istio, linkerd, appmesh, contour, knative, gloo, nginx, skipper, traefik, apisix, osm or kuma.")
 	flag.StringVar(&selectorLabels, "selector-labels", "app,name,app.kubernetes.io/name", "List of pod labels that Flagger uses to create pod selectors.")
 	flag.StringVar(&ingressAnnotationsPrefix, "ingress-annotations-prefix", "nginx.ingress.kubernetes.io", "Annotations prefix for NGINX ingresses.")
 	flag.StringVar(&ingressClass, "ingress-class", "", "Ingress class used for annotating HTTPProxy objects.")
@@ -166,6 +168,11 @@ func main() {
 		logger.Fatalf("Error building flagger clientset: %s", err.Error())
 	}
 
+	knativeClient, err := knative.NewForConfig(cfg)
+	if err != nil {
+		logger.Fatalf("Error building knative clientset: %s", err.Error())
+	}
+
 	// use a remote cluster for routing if a service mesh kubeconfig is specified
 	if kubeconfigServiceMesh == "" {
 		kubeconfigServiceMesh = kubeconfig
@@ -221,7 +228,7 @@ func main() {
 		setOwnerRefs = false
 	}
 
-	routerFactory := router.NewFactory(cfg, kubeClient, flaggerClient, ingressAnnotationsPrefix, ingressClass, logger, meshClient, setOwnerRefs)
+	routerFactory := router.NewFactory(cfg, kubeClient, flaggerClient, knativeClient, ingressAnnotationsPrefix, ingressClass, logger, meshClient, setOwnerRefs)
 
 	var configTracker canary.Tracker
 	if enableConfigTracking {
@@ -236,10 +243,11 @@ func main() {
 
 	includeLabelPrefixArray := strings.Split(includeLabelPrefix, ",")
 
-	canaryFactory := canary.NewFactory(kubeClient, flaggerClient, configTracker, labels, includeLabelPrefixArray, logger)
+	canaryFactory := canary.NewFactory(kubeClient, flaggerClient, knativeClient, configTracker, labels, includeLabelPrefixArray, logger)
 
 	c := controller.NewController(
 		kubeClient,
+		knativeClient,
 		flaggerClient,
 		infos,
 		controlLoopInterval,
@@ -253,6 +261,7 @@ func main() {
 		fromEnv("EVENT_WEBHOOK_URL", eventWebhook),
 		clusterName,
 		noCrossNamespaceRefs,
+		cfg,
 	)
 
 	// leader election context
@@ -327,7 +336,7 @@ func startLeaderElection(ctx context.Context, run func(), ns string, kubeClient
 	id = id + "_" + string(uuid.NewUUID())
 
 	lock, err := resourcelock.New(
-		resourcelock.ConfigMapsLeasesResourceLock,
+		resourcelock.LeasesResourceLock,
 		ns,
 		configMapName,
 		kubeClient.CoreV1(),

cmd/loadtester/main.go

@@ -22,13 +22,14 @@ import (
 	"regexp"
 	"time"
 
+	"go.uber.org/zap"
+
 	"github.com/fluxcd/flagger/pkg/loadtester"
 	"github.com/fluxcd/flagger/pkg/logger"
 	"github.com/fluxcd/flagger/pkg/signals"
-	"go.uber.org/zap"
 )
 
-var VERSION = "0.27.0"
+var VERSION = "0.36.0"
 var (
 	logLevel          string
 	port              string

docs/gitbook/README.md

@@ -10,8 +10,7 @@ version in production by gradually shifting traffic to the new version while mea
 and running conformance tests.
 
 Flagger implements several deployment strategies (Canary releases, A/B testing, Blue/Green mirroring)
-using a service mesh (App Mesh, Istio, Linkerd, Kuma, Open Service Mesh)
-or an ingress controller (Contour, Gloo, NGINX, Skipper, Traefik) for traffic routing.
+using a service mesh or an ingress controller for traffic routing.
 For release analysis, Flagger can query Prometheus, InfluxDB, Datadog, New Relic, CloudWatch, Stackdriver
 or Graphite and for alerting it uses Slack, MS Teams, Discord and Rocket.
 
@@ -19,25 +18,23 @@ or Graphite and for alerting it uses Slack, MS Teams, Discord and Rocket.
 
 Flagger can be configured with Kubernetes custom resources and is compatible with
 any CI/CD solutions made for Kubernetes. Since Flagger is declarative and reacts to Kubernetes events,
-it can be used in **GitOps** pipelines together with tools like [Flux](install/flagger-install-with-flux.md),
-JenkinsX, Carvel, Argo, etc.
+it can be used in **GitOps** pipelines together with tools like [Flux CD](install/flagger-install-with-flux.md).
 
-Flagger is a [Cloud Native Computing Foundation](https://cncf.io/) project
+Flagger is a [Cloud Native Computing Foundation](https://cncf.io/) graduated project
 and part of [Flux](https://fluxcd.io) family of GitOps tools.
 
 ## Getting started
 
 To get started with Flagger, choose one of the supported routing providers and
-[install](install/flagger-install-on-kubernetes.md) Flagger with Helm or Kustomize.
+[install](install/flagger-install-with-flux.md) Flagger with Flux CD.
 
 After installing Flagger, you can follow one of these tutorials to get started:
 
 **Service mesh tutorials**
 
+* [Gateway API](tutorials/gatewayapi-progressive-delivery.md)
 * [Istio](tutorials/istio-progressive-delivery.md)
 * [Linkerd](tutorials/linkerd-progressive-delivery.md)
-* [AWS App Mesh](tutorials/appmesh-progressive-delivery.md)
-* [Open Service Mesh](tutorials/osm-progressive-delivery.md)
 * [Kuma](tutorials/kuma-progressive-delivery.md)
 
 **Ingress controller tutorials**
@@ -47,9 +44,7 @@ After installing Flagger, you can follow one of these tutorials to get started:
 * [NGINX Ingress](tutorials/nginx-progressive-delivery.md)
 * [Skipper Ingress](tutorials/skipper-progressive-delivery.md)
 * [Traefik](tutorials/traefik-progressive-delivery.md)
+* [Apache APISIX](tutorials/apisix-progressive-delivery.md)
 
-**Hands-on GitOps workshops**
-
-* [Istio](https://github.com/stefanprodan/gitops-istio)
-* [Linkerd](https://helm.workshop.flagger.dev)
-* [AWS App Mesh](https://eks.handson.flagger.dev)
+The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, 
+please see our [Trademark Usage page](https://www.linuxfoundation.org/legal/trademark-usage).

docs/gitbook/SUMMARY.md

@@ -7,9 +7,6 @@
 
 * [Flagger Install on Kubernetes](install/flagger-install-on-kubernetes.md)
 * [Flagger Install with Flux](install/flagger-install-with-flux.md)
-* [Flagger Install on GKE Istio](install/flagger-install-on-google-cloud.md)
-* [Flagger Install on EKS App Mesh](install/flagger-install-on-eks-appmesh.md)
-* [Flagger Install on Alibaba ServiceMesh](install/flagger-install-on-alibaba-servicemesh.md)
 
 ## Usage
 
@@ -22,18 +19,18 @@
 
 ## Tutorials
 
+* [Gateway API Canary Deployments](tutorials/gatewayapi-progressive-delivery.md)
 * [Istio Canary Deployments](tutorials/istio-progressive-delivery.md)
 * [Istio A/B Testing](tutorials/istio-ab-testing.md)
 * [Linkerd Canary Deployments](tutorials/linkerd-progressive-delivery.md)
-* [App Mesh Canary Deployments](tutorials/appmesh-progressive-delivery.md)
+* [Kuma Canary Deployments](tutorials/kuma-progressive-delivery.md)
+* [Knative Canary Deployments](tutorials/knative-progressive-delivery.md)
 * [Contour Canary Deployments](tutorials/contour-progressive-delivery.md)
 * [Gloo Canary Deployments](tutorials/gloo-progressive-delivery.md)
 * [NGINX Canary Deployments](tutorials/nginx-progressive-delivery.md)
 * [Skipper Canary Deployments](tutorials/skipper-progressive-delivery.md)
 * [Traefik Canary Deployments](tutorials/traefik-progressive-delivery.md)
-* [Open Service Mesh Deployments](tutorials/osm-progressive-delivery.md)
-* [Kuma Canary Deployments](tutorials/kuma-progressive-delivery.md)
-* [Gateway API Canary Deployments](tutorials/gatewayapi-progressive-delivery.md)
+* [Apache APISIX Canary Deployments](tutorials/apisix-progressive-delivery.md)
 * [Blue/Green Deployments](tutorials/kubernetes-blue-green.md)
 * [Canary analysis with Prometheus Operator](tutorials/prometheus-operator.md)
 * [Canary analysis with KEDA ScaledObjects](tutorials/keda-scaledobject.md)

docs/gitbook/dev/dev-guide.md

@@ -8,17 +8,13 @@ Flagger is written in Go and uses Go modules for dependency management.
 
 On your dev machine install the following tools:
 
-* go >= 1.19
-* git >;= 2.20
-* bash >= 5.0
-* make >= 3.81
-* kubectl >= 1.22
-* kustomize >= 4.4
+* go >= 1.25
+* kubectl >= 1.30
+* kustomize >= 5.0
 * helm >= 3.0
-* docker >= 19.03
 
 You'll also need a Kubernetes cluster for testing Flagger.
-You can use Minikube, Kind, Docker desktop or any remote cluster (AKS/EKS/GKE/etc) Kubernetes version 1.22 or newer.
+You can use Minikube, Kind, Docker desktop or any remote cluster (AKS/EKS/GKE/etc).
 
 To start contributing to Flagger, fork the [repository](https://github.com/fluxcd/flagger) on GitHub.
 
@@ -195,7 +191,6 @@ docker build -t test/flagger:latest .
 kind load docker-image test/flagger:latest
 ```
 
-
 Run the Istio e2e tests:
 
 ```bash

docs/gitbook/dev/release-guide.md

@@ -4,13 +4,28 @@ This document describes how to release Flagger.
 
 ## Release
 
+### Flagger 
+
 To release a new Flagger version (e.g. `2.0.0`) follow these steps:
 
-* create a branch `git checkout -b prep-2.0.0`
+* create a branch `git checkout -b release-2.0.0`
 * set the version in code and manifests `TAG=2.0.0 make version-set`
 * commit changes and merge PR
-* checkout master `git checkout main && git pull`
-* tag master `make release`
+* checkout main `git checkout main && git pull`
+* tag main `make release`
+
+### Flagger load tester
+
+To release a new Flagger load tester version (e.g. `2.0.0`) follow these steps:
+
+* create a branch `git checkout -b release-ld-2.0.0`
+* set the version in code (`cmd/loadtester/main.go#VERSION`)
+* set the version in the Helm chart (`charts/loadtester/Chart.yaml` and `values.yaml`)
+* set the version in manifests (`kustomize/tester/deployment.yaml`)
+* commit changes and push the branch upstream
+* in GitHub UI, navigate to Actions and run the `push-ld` workflow selecting the release branch
+* after the workflow finishes, open the PR which will run the e2e tests using the new tester version
+* merge the PR if the tests pass
 
 ## CI
 
@@ -18,7 +33,9 @@ After the tag has been pushed to GitHub, the CI release pipeline does the follow
 
 * creates a GitHub release
 * pushes the Flagger binary and change log to GitHub release
-* pushes the Flagger container image to Docker Hub
+* pushes the Flagger container image to GitHub Container Registry
+* pushed the Flagger install manifests to GitHub Container Registry
+* signs all OCI artifacts and release assets with Cosign and GitHub OIDC
 * pushes the Helm chart to github-pages branch
 * GitHub pages publishes the new chart version on the Helm repository
 
@@ -32,3 +49,6 @@ After a Flagger release, publish the docs with:
 * `git checkout docs`
 * `git rebase main`
 * `git push origin docs`
+
+Lastly open a PR with all the docs changes on [fluxcd/website](https://github.com/fluxcd/website) to 
+update [fluxcd.io/flagger](https://fluxcd.io/flagger/).

docs/gitbook/faq.md

@@ -391,10 +391,10 @@ sum(
     rate(
         istio_requests_total{
           reporter="destination",
-          destination_workload_namespace=~"$namespace",
-          destination_workload=~"$workload",
+          destination_workload_namespace=~"{{ namespace }}",
+          destination_workload=~"{{ target }}",
           response_code!~"5.*"
-        }[$interval]
+        }[{{ interval }}]
     )
 )
 /
@@ -402,9 +402,9 @@ sum(
     rate(
         istio_requests_total{
           reporter="destination",
-          destination_workload_namespace=~"$namespace",
-          destination_workload=~"$workload"
-        }[$interval]
+          destination_workload_namespace=~"{{ namespace }}",
+          destination_workload=~"{{ target }}"
+        }[{{ interval }}]
     )
 )
 ```
@@ -415,19 +415,19 @@ Envoy query (App Mesh):
 sum(
     rate(
         envoy_cluster_upstream_rq{
-          kubernetes_namespace="$namespace",
-          kubernetes_pod_name=~"$workload",
+          kubernetes_namespace="{{ namespace }}",
+          kubernetes_pod_name=~"{{ target }}",
           envoy_response_code!~"5.*"
-        }[$interval]
+        }[{{ interval }}]
     )
 )
 /
 sum(
     rate(
         envoy_cluster_upstream_rq{
-          kubernetes_namespace="$namespace",
-          kubernetes_pod_name=~"$workload"
-        }[$interval]
+          kubernetes_namespace="{{ namespace }}",
+          kubernetes_pod_name=~"{{ target }}"
+        }[{{ interval }}]
     )
 )
 ```
@@ -438,17 +438,17 @@ Envoy query (Contour and Gloo):
 sum(
     rate(
         envoy_cluster_upstream_rq{
-            envoy_cluster_name=~"$namespace-$workload",
+            envoy_cluster_name=~"{{ namespace }}-{{ target }}",
             envoy_response_code!~"5.*"
-        }[$interval]
+        }[{{ interval }}]
     )
 )
 /
 sum(
     rate(
         envoy_cluster_upstream_rq{
-            envoy_cluster_name=~"$namespace-$workload",
-        }[$interval]
+            envoy_cluster_name=~"{{ namespace }}-{{ target }}",
+        }[{{ interval }}]
     )
 )
 ```
@@ -476,9 +476,9 @@ histogram_quantile(0.99,
     irate(
       istio_request_duration_milliseconds_bucket{
         reporter="destination",
-        destination_workload=~"$workload",
-        destination_workload_namespace=~"$namespace"
-      }[$interval]
+        destination_workload=~"{{ target }}",
+        destination_workload_namespace=~"{{ namespace }}"
+      }[{{ interval }}]
     )
   ) by (le)
 )
@@ -491,9 +491,9 @@ histogram_quantile(0.99,
   sum(
     irate(
       envoy_cluster_upstream_rq_time_bucket{
-        kubernetes_pod_name=~"$workload",
-        kubernetes_namespace=~"$namespace"
-      }[$interval]
+        kubernetes_pod_name=~"{{ target }}",
+        kubernetes_namespace=~"{{ namespace }}"
+      }[{{ interval }}]
     )
   ) by (le)
 )
@@ -515,10 +515,10 @@ If you're using Istio with Gateway API, the Prometheus query needs to include `r
     rate(
         istio_requests_total{
           reporter="source",
-          destination_workload_namespace=~"$namespace",
-          destination_workload=~"$workload",
+          destination_workload_namespace=~"{{ namespace }}",
+          destination_workload=~"{{ target }}",
           response_code!~"5.*"
-        }[$interval]
+        }[{{ interval }}]
     )
 )
 /
@@ -526,9 +526,9 @@ sum(
     rate(
         istio_requests_total{
           reporter="source",
-          destination_workload_namespace=~"$namespace",
-          destination_workload=~"$workload"
-        }[$interval]
+          destination_workload_namespace=~"{{ namespace }}",
+          destination_workload=~"{{ target }}"
+        }[{{ interval }}]
     )
 ) * 100
 ```
@@ -558,7 +558,7 @@ spec:
     portName: http-frontend
     # Istio gateways (optional)
     gateways:
-    - public-gateway.istio-system.svc.cluster.local
+    - istio-system/public-gateway
     - mesh
     # Istio virtual service host names (optional)
     hosts:
@@ -600,7 +600,7 @@ spec:
 For the above spec Flagger will generate the following virtual service:
 
 ```yaml
-apiVersion: networking.istio.io/v1alpha3
+apiVersion: networking.istio.io/v1beta1
 kind: VirtualService
 metadata:
   name: frontend
@@ -614,7 +614,7 @@ metadata:
       uid: 3a4a40dd-3875-11e9-8e1d-42010a9c0fd1
 spec:
   gateways:
-    - public-gateway.istio-system.svc.cluster.local
+    - istio-system/public-gateway
     - mesh
   hosts:
     - frontend.example.com
@@ -653,7 +653,7 @@ spec:
 For each destination in the virtual service a rule is generated:
 
 ```yaml
-apiVersion: networking.istio.io/v1alpha3
+apiVersion: networking.istio.io/v1beta1
 kind: DestinationRule
 metadata:
   name: frontend-primary
@@ -664,7 +664,7 @@ spec:
     tls:
       mode: DISABLE
 ---
-apiVersion: networking.istio.io/v1alpha3
+apiVersion: networking.istio.io/v1beta1
 kind: DestinationRule
 metadata:
   name: frontend-canary
@@ -751,7 +751,7 @@ spec:
 Based on the above spec, Flagger will create the following virtual service:
 
 ```yaml
-apiVersion: networking.istio.io/v1alpha3
+apiVersion: networking.istio.io/v1beta1
 kind: VirtualService
 metadata:
   name: backend
@@ -777,14 +777,14 @@ spec:
 Therefore, the following virtual service forwards the traffic to `/podinfo` by the above delegate VirtualService.
 
 ```yaml
-apiVersion: networking.istio.io/v1alpha3
+apiVersion: networking.istio.io/v1beta1
 kind: VirtualService
 metadata:
   name: frontend
   namespace: test
 spec:
   gateways:
-    - public-gateway.istio-system.svc.cluster.local
+    - istio-system/public-gateway
     - mesh
   hosts:
     - frontend.example.com
@@ -821,7 +821,7 @@ spec:
   service:
     port: 8080
     gateways:
-    - public-gateway.istio-system.svc.cluster.local
+    - istio-system/public-gateway
     hosts:
     - my-site.com
     match:
@@ -838,7 +838,7 @@ spec:
   service:
     port: 8080
     gateways:
-    - public-gateway.istio-system.svc.cluster.local
+    - istio-system/public-gateway
     hosts:
     - my-site.com
     match:

docs/gitbook/install/flagger-install-on-alibaba-servicemesh.md

@@ -1,57 +0,0 @@
-# Flagger Install on Alibaba ServiceMesh
-
-This guide walks you through setting up Flagger on Alibaba ServiceMesh.
-
-## Prerequisites
-- Created an ACK([Alibabacloud Container Service for Kubernetes](https://cs.console.aliyun.com)) cluster instance.
-- Create an ASM([Alibaba ServiceMesh](https://servicemesh.console.aliyun.com)) enterprise instance and add ACK cluster.
-
-### Variables declaration
-- `$ACK_CONFIG`: the kubeconfig file path of ACK, which be treated as`$HOME/.kube/config` in the rest of guide.
-- `$MESH_CONFIG`: the kubeconfig file path of ASM.
-
-### Enable Data-plane KubeAPI access in ASM
-
-In the Alibaba Cloud Service Mesh (ASM) console, on the basic information page, make sure Data-plane KubeAPI access is enabled. When enabled, the Istio resources of the control plane can be managed through the Kubeconfig of the data plane cluster.
-
-## Enable Prometheus
-
-In the Alibaba Cloud Service Mesh (ASM) console, click  Settings to enable the collection of Prometheus monitoring metrics. You can use the self-built Prometheus monitoring, or you can use the Alibaba Cloud ARMS Prometheus monitoring plug-in that has joined the ACK cluster, and use ARMS Prometheus to collect monitoring indicators.
-
-## Install Flagger
-
-Add Flagger Helm repository:
-
-```bash
-helm repo add flagger https://flagger.app
-```
-
-Install Flagger's Canary CRD:
-
-```bash
-kubectl apply -f https://raw.githubusercontent.com/fluxcd/flagger/v1.21.0/artifacts/flagger/crd.yaml
-```
-## Deploy Flagger for Istio
-
-### Add data plane cluster to Alibaba Cloud Service Mesh (ASM)
-
-In the Alibaba Cloud Service Mesh (ASM) console, click Cluster & Workload Management, select the Kubernetes cluster, select the target ACK cluster, and add it to ASM.
-
-### Prometheus address
-
-If you are using Alibaba Cloud Container Service for Kubernetes (ACK) ARMS Prometheus monitoring, replace {Region-ID} in the link below with your region ID, such as cn-hangzhou. {ACKID} is the ACK ID of the data plane cluster that you added to Alibaba Cloud Service Mesh (ASM). Visit the following links to query the public and intranet addresses monitored by ACK's ARMS Prometheus:
-[https://arms.console.aliyun.com/#/promDetail/{Region-ID}/{ACK-ID}/setting](https://arms.console.aliyun.com/)
-
-An example of an intranet address is as follows:
-[http://{Region-ID}-intranet.arms.aliyuncs.com:9090/api/v1/prometheus/{Prometheus-ID}/{u-id}/{ACK-ID}/{Region-ID}](https://arms.console.aliyun.com/)
-
-## Deploy Flagger
-Replace the value of metricsServer with your Prometheus address.
-
-```bash
-helm upgrade -i flagger flagger/flagger \
---namespace=istio-system \
---set crd.create=false \
---set meshProvider=istio \
---set metricsServer=http://prometheus:9090
-```

docs/gitbook/install/flagger-install-on-eks-appmesh.md

@@ -1,151 +0,0 @@
-# Flagger Install on EKS App Mesh
-
-This guide walks you through setting up Flagger and AWS App Mesh on EKS.
-
-## App Mesh
-
-The App Mesh integration with EKS is made out of the following components:
-
-* Kubernetes custom resources
-  * `mesh.appmesh.k8s.aws` defines a logical boundary for network traffic between the services 
-  * `virtualnode.appmesh.k8s.aws` defines a logical pointer to a Kubernetes workload
-  * `virtualservice.appmesh.k8s.aws` defines the routing rules for a workload inside the mesh
-* CRD controller - keeps the custom resources in sync with the App Mesh control plane
-* Admission controller - injects the Envoy sidecar and assigns Kubernetes pods to App Mesh virtual nodes
-* Telemetry service - Prometheus instance that collects and stores Envoy's metrics
-
-## Create a Kubernetes cluster
-
-In order to create an EKS cluster you can use [eksctl](https://eksctl.io).
-Eksctl is an open source command-line utility made by Weaveworks in collaboration with Amazon.
-
-On MacOS you can install eksctl with Homebrew:
-
-```bash
-brew tap weaveworks/tap
-brew install weaveworks/tap/eksctl
-```
-
-Create an EKS cluster with:
-
-```bash
-eksctl create cluster --name=appmesh \
---region=us-west-2 \
---nodes 3 \
---node-volume-size=120 \
---appmesh-access
-```
-
-The above command will create a two nodes cluster with
-App Mesh [IAM policy](https://docs.aws.amazon.com/app-mesh/latest/userguide/MESH_IAM_user_policies.html)
-attached to the EKS node instance role.
-
-Verify the install with:
-
-```bash
-kubectl get nodes
-```
-
-## Install Helm
-
-Install the [Helm](https://docs.helm.sh/using_helm/#installing-helm) v3 command-line tool:
-
-```text
-brew install helm
-```
-
-Add the EKS repository to Helm:
-
-```bash
-helm repo add eks https://aws.github.io/eks-charts
-```
-
-## Enable horizontal pod auto-scaling
-
-Install the Horizontal Pod Autoscaler (HPA) metrics provider:
-
-```bash
-helm upgrade -i metrics-server stable/metrics-server \
---namespace kube-system \
---set args[0]=--kubelet-preferred-address-types=InternalIP
-```
-
-After a minute, the metrics API should report CPU and memory usage for pods. You can very the metrics API with:
-
-```bash
-kubectl -n kube-system top pods
-```
-
-## Install the App Mesh components
-
-Install the App Mesh CRDs:
-
-```bash
-kubectl apply -k github.com/aws/eks-charts/stable/appmesh-controller//crds?ref=master
-```
-
-Create the `appmesh-system` namespace:
-
-```bash
-kubectl create ns appmesh-system
-```
-
-Install the App Mesh controller:
-
-```bash
-helm upgrade -i appmesh-controller eks/appmesh-controller \
---wait --namespace appmesh-system
-```
-
-In order to collect the App Mesh metrics that Flagger needs to run the canary analysis,
-you'll need to setup a Prometheus instance to scrape the Envoy sidecars.
-
-Install the App Mesh Prometheus:
-
-```bash
-helm upgrade -i appmesh-prometheus eks/appmesh-prometheus \
---wait --namespace appmesh-system
-```
-
-## Install Flagger
-
-Add Flagger Helm repository:
-
-```bash
-helm repo add flagger https://flagger.app
-```
-
-Install Flagger's Canary CRD:
-
-```yaml
-kubectl apply -f https://raw.githubusercontent.com/fluxcd/flagger/main/artifacts/flagger/crd.yaml
-```
-
-Deploy Flagger in the _**appmesh-system**_ namespace:
-
-```bash
-helm upgrade -i flagger flagger/flagger \
---namespace=appmesh-system \
---set crd.create=false \
---set meshProvider=appmesh:v1beta2 \
---set metricsServer=http://appmesh-prometheus:9090
-```
-
-## Install Grafana
-
-Deploy App Mesh Grafana that comes with a dashboard for monitoring Flagger's canary releases:
-
-```bash
-helm upgrade -i appmesh-grafana eks/appmesh-grafana \
---namespace appmesh-system
-```
-
-You can access Grafana using port forwarding:
-
-```bash
-kubectl -n appmesh-system port-forward svc/appmesh-grafana 3000:3000
-```
-
-Now that you have Flagger running, you can try the
-[App Mesh canary deployments tutorial](https://docs.flagger.app/usage/appmesh-progressive-delivery).
-

docs/gitbook/install/flagger-install-on-google-cloud.md

@@ -1,400 +0,0 @@
-# Flagger Install on GKE Istio
-
-This guide walks you through setting up Flagger and Istio on Google Kubernetes Engine.
-
-![GKE Cluster Overview](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-gke-istio.png)
-
-## Prerequisites
-
-You will be creating a cluster on Google’s Kubernetes Engine \(GKE\), if you don’t have an account you can sign up [here](https://cloud.google.com/free/) for free credits.
-
-Login into Google Cloud, create a project and enable billing for it.
-
-Install the [gcloud](https://cloud.google.com/sdk/) command line utility and configure your project with `gcloud init`.
-
-Set the default project \(replace `PROJECT_ID` with your own project\):
-
-```text
-gcloud config set project PROJECT_ID
-```
-
-Set the default compute region and zone:
-
-```text
-gcloud config set compute/region us-central1
-gcloud config set compute/zone us-central1-a
-```
-
-Enable the Kubernetes and Cloud DNS services for your project:
-
-```text
-gcloud services enable container.googleapis.com
-gcloud services enable dns.googleapis.com
-```
-
-Install the kubectl command-line tool:
-
-```text
-gcloud components install kubectl
-```
-
-## GKE cluster setup
-
-Create a cluster with the Istio add-on:
-
-```bash
-K8S_VERSION=$(gcloud container get-server-config --format=json \
-| jq -r '.validMasterVersions[0]')
-
-gcloud beta container clusters create istio \
---cluster-version=${K8S_VERSION} \
---zone=us-central1-a \
---num-nodes=2 \
---machine-type=n1-highcpu-4 \
---preemptible \
---no-enable-cloud-logging \
---no-enable-cloud-monitoring \
---disk-size=30 \
---enable-autorepair \
---addons=HorizontalPodAutoscaling,Istio \
---istio-config=auth=MTLS_PERMISSIVE
-```
-
-The above command will create a default node pool consisting of two `n1-highcpu-4` \(vCPU: 4, RAM 3.60GB, DISK: 30GB\) preemptible VMs. Preemptible VMs are up to 80% cheaper than regular instances and are terminated and replaced after a maximum of 24 hours.
-
-Set up credentials for `kubectl`:
-
-```bash
-gcloud container clusters get-credentials istio
-```
-
-Create a cluster admin role binding:
-
-```bash
-kubectl create clusterrolebinding "cluster-admin-$(whoami)" \
---clusterrole=cluster-admin \
---user="$(gcloud config get-value core/account)"
-```
-
-Validate your setup with:
-
-```bash
-kubectl -n istio-system get svc
-```
-
-In a couple of seconds GCP should allocate an external IP to the `istio-ingressgateway` service.
-
-## Cloud DNS setup
-
-You will need an internet domain and access to the registrar to change the name servers to Google Cloud DNS.
-
-Create a managed zone named `istio` in Cloud DNS \(replace `example.com` with your domain\):
-
-```bash
-gcloud dns managed-zones create \
---dns-name="example.com." \
---description="Istio zone" "istio"
-```
-
-Look up your zone's name servers:
-
-```bash
-gcloud dns managed-zones describe istio
-```
-
-Update your registrar's name server records with the records returned by the above command.
-
-Wait for the name servers to change \(replace `example.com` with your domain\):
-
-```bash
-watch dig +short NS example.com
-```
-
-Create a static IP address named `istio-gateway` using the Istio ingress IP:
-
-```bash
-export GATEWAY_IP=$(kubectl -n istio-system get svc/istio-ingressgateway -ojson \
-| jq -r .status.loadBalancer.ingress[0].ip)
-
-gcloud compute addresses create istio-gateway --addresses ${GATEWAY_IP} --region us-central1
-```
-
-Create the following DNS records \(replace `example.com` with your domain\):
-
-```bash
-DOMAIN="example.com"
-
-gcloud dns record-sets transaction start --zone=istio
-
-gcloud dns record-sets transaction add --zone=istio \
---name="${DOMAIN}" --ttl=300 --type=A ${GATEWAY_IP}
-
-gcloud dns record-sets transaction add --zone=istio \
---name="www.${DOMAIN}" --ttl=300 --type=A ${GATEWAY_IP}
-
-gcloud dns record-sets transaction add --zone=istio \
---name="*.${DOMAIN}" --ttl=300 --type=A ${GATEWAY_IP}
-
-gcloud dns record-sets transaction execute --zone istio
-```
-
-Verify that the wildcard DNS is working \(replace `example.com` with your domain\):
-
-```bash
-watch host test.example.com
-```
-
-## Install Helm
-
-Install the [Helm](https://docs.helm.sh/using_helm/#installing-helm) command-line tool:
-
-```text
-brew install kubernetes-helm
-```
-
-Create a service account and a cluster role binding for Tiller:
-
-```bash
-kubectl -n kube-system create sa tiller
-
-kubectl create clusterrolebinding tiller-cluster-rule \
---clusterrole=cluster-admin \
---serviceaccount=kube-system:tiller
-```
-
-Deploy Tiller in the `kube-system` namespace:
-
-```bash
-helm init --service-account tiller
-```
-
-You should consider using SSL between Helm and Tiller, for more information on securing your Helm installation see [docs.helm.sh](https://docs.helm.sh/using_helm/#securing-your-helm-installation).
-
-## Install cert-manager
-
-Jetstack's [cert-manager](https://github.com/jetstack/cert-manager) is a Kubernetes operator that automatically creates and manages TLS certs issued by Let’s Encrypt.
-
-You'll be using cert-manager to provision a wildcard certificate for the Istio ingress gateway.
-
-Install cert-manager's CRDs:
-
-```bash
-CERT_REPO=https://raw.githubusercontent.com/jetstack/cert-manager
-
-kubectl apply -f ${CERT_REPO}/release-0.10/deploy/manifests/00-crds.yaml
-```
-
-Create the cert-manager namespace and disable resource validation:
-
-```bash
-kubectl create namespace cert-manager
-
-kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true
-```
-
-Install cert-manager with Helm:
-
-```bash
-helm repo add jetstack https://charts.jetstack.io && \
-helm repo update && \
-helm upgrade -i cert-manager \
---namespace cert-manager \
---version v0.10.0 \
-jetstack/cert-manager
-```
-
-## Istio Gateway TLS setup
-
-![Istio Let's Encrypt](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/istio-cert-manager-gke.png)
-
-Create a generic Istio Gateway to expose services outside the mesh on HTTPS:
-
-```bash
-REPO=https://raw.githubusercontent.com/fluxcd/flagger/main
-
-kubectl apply -f ${REPO}/artifacts/gke/istio-gateway.yaml
-```
-
-Create a service account with Cloud DNS admin role \(replace `my-gcp-project` with your project ID\):
-
-```bash
-GCP_PROJECT=my-gcp-project
-
-gcloud iam service-accounts create dns-admin \
---display-name=dns-admin \
---project=${GCP_PROJECT}
-
-gcloud iam service-accounts keys create ./gcp-dns-admin.json \
---iam-account=dns-admin@${GCP_PROJECT}.iam.gserviceaccount.com \
---project=${GCP_PROJECT}
-
-gcloud projects add-iam-policy-binding ${GCP_PROJECT} \
---member=serviceAccount:dns-admin@${GCP_PROJECT}.iam.gserviceaccount.com \
---role=roles/dns.admin
-```
-
-Create a Kubernetes secret with the GCP Cloud DNS admin key:
-
-```bash
-kubectl create secret generic cert-manager-credentials \
---from-file=./gcp-dns-admin.json \
---namespace=istio-system
-```
-
-Create a letsencrypt issuer for CloudDNS \(replace `email@example.com` with a valid email address and `my-gcp-project`with your project ID\):
-
-```yaml
-apiVersion: certmanager.k8s.io/v1alpha1
-kind: Issuer
-metadata:
-  name: letsencrypt-prod
-  namespace: istio-system
-spec:
-  acme:
-    server: https://acme-v02.api.letsencrypt.org/directory
-    email: email@example.com
-    privateKeySecretRef:
-      name: letsencrypt-prod
-    dns01:
-      providers:
-      - name: cloud-dns
-        clouddns:
-          serviceAccountSecretRef:
-            name: cert-manager-credentials
-            key: gcp-dns-admin.json
-          project: my-gcp-project
-```
-
-Save the above resource as letsencrypt-issuer.yaml and then apply it:
-
-```text
-kubectl apply -f ./letsencrypt-issuer.yaml
-```
-
-Create a wildcard certificate \(replace `example.com` with your domain\):
-
-```yaml
-apiVersion: certmanager.k8s.io/v1alpha1
-kind: Certificate
-metadata:
-  name: istio-gateway
-  namespace: istio-system
-spec:
-  secretName: istio-ingressgateway-certs
-  issuerRef:
-    name: letsencrypt-prod
-  commonName: "*.example.com"
-  acme:
-    config:
-    - dns01:
-        provider: cloud-dns
-      domains:
-      - "*.example.com"
-      - "example.com"
-```
-
-Save the above resource as istio-gateway-cert.yaml and then apply it:
-
-```text
-kubectl apply -f ./istio-gateway-cert.yaml
-```
-
-In a couple of seconds cert-manager should fetch a wildcard certificate from letsencrypt.org:
-
-```text
-kubectl -n istio-system describe certificate istio-gateway
-
-Events:
-  Type    Reason         Age    From          Message
-  ----    ------         ----   ----          -------
-  Normal  CertIssued     1m52s  cert-manager  Certificate issued successfully
-```
-
-Recreate Istio ingress gateway pods:
-
-```bash
-kubectl -n istio-system get pods -l istio=ingressgateway
-```
-
-Note that Istio gateway doesn't reload the certificates from the TLS secret on cert-manager renewal. Since the GKE cluster is made out of preemptible VMs the gateway pods will be replaced once every 24h, if your not using preemptible nodes then you need to manually delete the gateway pods every two months before the certificate expires.
-
-## Install Prometheus
-
-The GKE Istio add-on does not include a Prometheus instance that scrapes the Istio telemetry service. Because Flagger uses the Istio HTTP metrics to run the canary analysis you have to deploy the following Prometheus configuration that's similar to the one that comes with the official Istio Helm chart.
-
-Find the GKE Istio version with:
-
-```bash
-kubectl -n istio-system get deploy istio-pilot -oyaml | grep image:
-```
-
-Install Prometheus in istio-system namespace:
-
-```bash
-kubectl -n istio-system apply -f \
-https://storage.googleapis.com/gke-release/istio/release/1.0.6-gke.3/patches/install-prometheus.yaml
-```
-
-## Install Flagger and Grafana
-
-Add Flagger Helm repository:
-
-```bash
-helm repo add flagger https://flagger.app
-```
-
-Install Flagger's Canary CRD:
-
-```yaml
-kubectl apply -f https://raw.githubusercontent.com/fluxcd/flagger/main/artifacts/flagger/crd.yaml
-```
-
-Deploy Flagger in the `istio-system` namespace with Slack notifications enabled:
-
-```bash
-helm upgrade -i flagger flagger/flagger \
---namespace=istio-system \
---set crd.create=false \
---set metricsServer=http://prometheus.istio-system:9090 \
---set slack.url=https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK \
---set slack.channel=general \
---set slack.user=flagger
-```
-
-Deploy Grafana in the `istio-system` namespace:
-
-```bash
-helm upgrade -i flagger-grafana flagger/grafana \
---namespace=istio-system \
---set url=http://prometheus.istio-system:9090 \
---set user=admin \
---set password=replace-me
-```
-
-Expose Grafana through the public gateway by creating a virtual service \(replace `example.com` with your domain\):
-
-```yaml
-apiVersion: networking.istio.io/v1alpha3
-kind: VirtualService
-metadata:
-  name: grafana
-  namespace: istio-system
-spec:
-  hosts:
-  - "grafana.example.com"
-  gateways:
-  - public-gateway.istio-system.svc.cluster.local
-  http:
-  - route:
-    - destination:
-        host: flagger-grafana
-```
-
-Save the above resource as grafana-virtual-service.yaml and then apply it:
-
-```bash
-kubectl apply -f ./grafana-virtual-service.yaml
-```
-
-Navigate to `http://grafana.example.com` in your browser and you should be redirected to the HTTPS version.
-

docs/gitbook/install/flagger-install-on-kubernetes.md

@@ -1,10 +1,8 @@
 # Flagger Install on Kubernetes
 
-This guide walks you through setting up Flagger on a Kubernetes cluster with Helm v3 or Kustomize.
+This guide walks you through setting up Flagger on a Kubernetes cluster with Helm or Kubectl.
 
-## Prerequisites
-
-Flagger requires a Kubernetes cluster **v1.16** or newer.
+See the [Flux install guide](flagger-install-with-flux.md) for installing Flagger and keeping it up to date the GitOps way.
 
 ## Install Flagger with Helm
 
@@ -61,49 +59,25 @@ helm upgrade -i flagger flagger/flagger \
 --set metricsServer=http://linkerd-prometheus:9090
 ```
 
-Deploy Flagger for App Mesh:
-
-```bash
-helm upgrade -i flagger flagger/flagger \
---namespace=appmesh-system \
---set crd.create=false \
---set meshProvider=appmesh \
---set metricsServer=http://appmesh-prometheus:9090
-```
-
-Deploy Flagger for **Open Service Mesh (OSM)** (requires OSM to have been installed with Prometheus):
+If you need to add labels to the flagger deployment or pods, you can pass the labels as parameters as shown below.
 
 ```console
-$ helm upgrade -i flagger flagger/flagger \
---namespace=osm-system \
---set crd.create=false \
---set meshProvider=osm \
---set metricsServer=http://osm-prometheus.osm-system.svc:7070
+helm upgrade -i flagger flagger/flagger \
+<other parameters> \
+--set podLabels.<labelName>=<labelValue> \
+--set deploymentLabels.<labelName>=<labelValue> 
 ```
 
 You can install Flagger in any namespace as long as it can talk to the Prometheus service on port 9090.
 
-For ingress controllers, the install instructions are:
+For ingress controllers, the installation instructions are:
 
 * [Contour](https://docs.flagger.app/tutorials/contour-progressive-delivery)
 * [Gloo](https://docs.flagger.app/tutorials/gloo-progressive-delivery)
 * [NGINX](https://docs.flagger.app/tutorials/nginx-progressive-delivery)
 * [Skipper](https://docs.flagger.app/tutorials/skipper-progressive-delivery)
 * [Traefik](https://docs.flagger.app/tutorials/traefik-progressive-delivery)
-
-You can use the helm template command and apply the generated yaml with kubectl:
-
-```bash
-# generate
-helm fetch --untar --untardir . flagger/flagger &&
-helm template flagger ./flagger \
---namespace=istio-system \
---set metricsServer=http://prometheus.istio-system:9090 \
-> flagger.yaml
-
-# apply
-kubectl apply -f flagger.yaml
-```
+* [APISIX](https://docs.flagger.app/tutorials/apisix-progressive-delivery)
 
 To uninstall the Flagger release with Helm run:
 
@@ -116,7 +90,7 @@ The command removes all the Kubernetes components associated with the chart and
 > **Note** that on uninstall the Canary CRD will not be removed. Deleting the CRD will make Kubernetes
 > remove all the objects owned by Flagger like Istio virtual services, Kubernetes deployments and ClusterIP services.
 
-If you want to remove all the objects created by Flagger you have delete the Canary CRD with kubectl:
+If you want to remove all the objects created by Flagger you have to delete the Canary CRD with kubectl:
 
 ```text
 kubectl delete crd canaries.flagger.app
@@ -136,73 +110,18 @@ helm upgrade -i flagger-grafana flagger/grafana \
 --set password=change-me
 ```
 
-Or use helm template command and apply the generated yaml with kubectl:
-
-```bash
-# generate
-helm fetch --untar --untardir . flagger/grafana &&
-helm template flagger-grafana ./grafana \
---namespace=istio-system \
-> flagger-grafana.yaml
-
-# apply
-kubectl apply -f flagger-grafana.yaml
-```
-
 You can access Grafana using port forwarding:
 
 ```bash
 kubectl -n istio-system port-forward svc/flagger-grafana 3000:80
 ```
 
-## Install Flagger with Kustomize
+## Install Flagger with Kubectl
 
-As an alternative to Helm, Flagger can be installed with Kustomize **3.5.0** or newer.
-
-**Service mesh specific installers**
-
-Install Flagger for Istio:
+Install Flagger and Prometheus using the Kustomize overlay from the GitHub repository:
 
 ```bash
-kustomize build https://github.com/fluxcd/flagger/kustomize/istio?ref=main | kubectl apply -f -
-```
-
-Install Flagger for AWS App Mesh:
-
-```bash
-kustomize build https://github.com/fluxcd/flagger/kustomize/appmesh?ref=main | kubectl apply -f -
-```
-
-This deploys Flagger and sets the metrics server URL to App Mesh's Prometheus instance.
-
-Install Flagger for Linkerd:
-
-```bash
-kustomize build https://github.com/fluxcd/flagger/kustomize/linkerd?ref=main | kubectl apply -f -
-```
-
-This deploys Flagger in the `linkerd` namespace and sets the metrics server URL to Linkerd's Prometheus instance.
-
-Install Flagger for Open Service Mesh:
-
-```bash
-kustomize build https://github.com/fluxcd/flagger/kustomize/osm?ref=main | kubectl apply -f -
-```
-
-This deploys Flagger in the `osm-system` namespace and sets the metrics server URL to OSM's Prometheus instance.
-
-If you want to install a specific Flagger release, add the version number to the URL:
-
-```bash
-kustomize build https://github.com/fluxcd/flagger/kustomize/linkerd?ref=v1.0.0 | kubectl apply -f -
-```
-
-**Generic installer**
-
-Install Flagger and Prometheus for Contour, Gloo, NGINX, Skipper, or Traefik ingress:
-
-```bash
-kustomize build https://github.com/fluxcd/flagger/kustomize/kubernetes?ref=main | kubectl apply -f -
+kubectl apply -k https://github.com/fluxcd/flagger/kustomize/kubernetes?ref=main
 ```
 
 This deploys Flagger and Prometheus in the `flagger-system` namespace,
@@ -211,20 +130,6 @@ sets the metrics server URL to `http://flagger-prometheus.flagger-system:9090` a
 The Prometheus instance has a two hours data retention and is configured to scrape all pods in your cluster
 that have the `prometheus.io/scrape: "true"` annotation.
 
-To target a different provider you can specify it in the canary custom resource:
-
-```yaml
-apiVersion: flagger.app/v1beta1
-kind: Canary
-metadata:
-  name: app
-  namespace: test
-spec:
-  # can be: kubernetes, istio, linkerd, appmesh, nginx, skipper, gloo, traefik, osm
-  # use the kubernetes provider for Blue/Green style deployments
-  provider: nginx
-```
-
 **Customized installer**
 
 Create a kustomization file using Flagger as base and patch the container args:

docs/gitbook/install/flagger-install-with-flux.md

@@ -35,46 +35,43 @@ metadata:
     toolkit.fluxcd.io/tenant: sre-team
 ```
 
-Define a Flux `HelmRepository` that points to where the Flagger Helm charts are stored:
+Define a Flux `OCIRepository` that points to where the Flagger Helm charts are stored:
 
 ```yaml
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: HelmRepository
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: OCIRepository
 metadata:
   name: flagger
-  namespace: flux-system
+  namespace: flagger-system
 spec:
   interval: 1h
-  url: oci://ghcr.io/fluxcd/charts
-  type: oci
+  url: oci://ghcr.io/fluxcd/charts/flagger
+  layerSelector:
+    mediaType: "application/vnd.cncf.helm.chart.content.v1.tar+gzip"
+    operation: copy
+  ref:
+    semver: "1.x" # update to the latest version
 ```
 
 Define a Flux `HelmRelease` that verifies and installs Flagger's latest version on the cluster:
 
 ```yaml
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: flagger
   namespace: flagger-system
 spec:
-  interval: 1h
+  interval: 12h
   releaseName: flagger
   install: # override existing Flagger CRDs
     crds: CreateReplace
   upgrade: # update Flagger CRDs
     crds: CreateReplace
-  chart:
-    spec:
-      chart: flagger
-      version: 1.x # update Flagger to the latest minor version
-      interval: 6h # scan for new versions every six hours
-      sourceRef:
-        kind: HelmRepository
-        name: flagger
-      verify: # verify the chart signature with Cosign keyless
-        provider: cosign 
+  chartRef:
+    kind: OCIRepository
+    name: flagger
   values:
     nodeSelector:
       kubernetes.io/os: linux
@@ -88,7 +85,7 @@ After Flux reconciles the changes on your cluster, you can check if Flagger got
 ```console
 $ helm list -n flagger-system 
 NAME    NAMESPACE       REVISION        STATUS          CHART           APP VERSION
-flagger flagger-system  1               deployed        flagger-1.23.0  1.23.0  
+flagger flagger-system  1               deployed        flagger-1.42.0  1.42.0  
 ```
 
 To uninstall Flagger, delete the `flagger.yaml` from your repository, then Flux will uninstall
@@ -108,7 +105,7 @@ Define a Flux `OCIRepository` that points to where the Flagger Kustomize overlay
 
 ```yaml
 ---
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
 kind: OCIRepository
 metadata:
   name: flagger-loadtester
@@ -117,21 +114,20 @@ spec:
   interval: 6h # scan for new versions every six hours
   url: oci://ghcr.io/fluxcd/flagger-manifests
   ref:
-    semver: 1.x # update to the latest version 
-  verify: # verify the artifact signature with Cosign keyless
-    provider: cosign
+    semver: "*" # update to the latest version
 ```
 
 Define a Flux `Kustomization` that deploys the Flagger load tester to the `apps` namespace:
 
 ```yaml
 ---
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
   name: flagger-loadtester
   namespace: apps
 spec:
+  targetNamespace: apps
   interval: 6h
   wait: true
   timeout: 5m
@@ -139,8 +135,7 @@ spec:
   sourceRef:
     kind: OCIRepository
     name: flagger-loadtester
-  path: ./kustomize/tester
-  targetNamespace: apps
+  path: ./tester
 ```
 
 Copy the above manifests into a file called `flagger-loadtester.yaml`, place the YAML file

docs/gitbook/tutorials/apisix-progressive-delivery.md

@@ -0,0 +1,351 @@
+# Apache APISIX Canary Deployments
+
+This guide shows you how to use the [Apache APISIX](https://apisix.apache.org/) and Flagger to automate canary deployments.
+
+![Flagger Apache APISIX Overview](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-apisix-overview.png)
+
+## Prerequisites
+
+Flagger requires a Kubernetes cluster **v1.19** or newer and Apache APISIX **v2.15** or newer and Apache APISIX Ingress Controller **v1.5.0** or newer.
+
+Install Apache APISIX and Apache APISIX Ingress Controller with Helm v3:
+
+```bash
+helm repo add apisix https://charts.apiseven.com
+kubectl create ns apisix
+
+helm upgrade -i apisix apisix/apisix --version=0.11.3 \
+--namespace apisix \
+--set apisix.podAnnotations."prometheus\.io/scrape"=true \
+--set apisix.podAnnotations."prometheus\.io/port"=9091 \
+--set apisix.podAnnotations."prometheus\.io/path"=/apisix/prometheus/metrics \
+--set pluginAttrs.prometheus.export_addr.ip=0.0.0.0 \
+--set pluginAttrs.prometheus.export_addr.port=9091 \
+--set pluginAttrs.prometheus.export_uri=/apisix/prometheus/metrics \
+--set pluginAttrs.prometheus.metric_prefix=apisix_ \
+--set ingress-controller.enabled=true \
+--set ingress-controller.config.apisix.serviceNamespace=apisix
+```
+
+Install Flagger and the Prometheus add-on in the same namespace as Apache APISIX:
+
+```bash
+helm repo add flagger https://flagger.app
+
+helm upgrade -i flagger flagger/flagger \
+--namespace apisix \
+--set prometheus.install=true \
+--set meshProvider=apisix
+```
+
+## Bootstrap
+
+Flagger takes a Kubernetes deployment and optionally a horizontal pod autoscaler \(HPA\), then creates a series of objects \(Kubernetes deployments, ClusterIP services and an ApisixRoute\). These objects expose the application outside the cluster and drive the canary analysis and promotion.
+
+Create a test namespace:
+
+```bash
+kubectl create ns test
+```
+
+Create a deployment and a horizontal pod autoscaler:
+
+```bash
+kubectl apply -k https://github.com/fluxcd/flagger//kustomize/podinfo?ref=main
+```
+
+Deploy the load testing service to generate traffic during the canary analysis:
+
+```bash
+helm upgrade -i flagger-loadtester flagger/loadtester \
+--namespace=test
+```
+
+Create an Apache APISIX `ApisixRoute`, Flagger will reference and generate the canary Apache APISIX `ApisixRoute` \(replace `app.example.com` with your own domain\):
+
+```yaml
+apiVersion: apisix.apache.org/v2
+kind: ApisixRoute
+metadata:
+  name: podinfo
+  namespace: test
+spec:
+  http:
+    - backends:
+        - serviceName: podinfo
+          servicePort: 80
+      match:
+        hosts:
+          - app.example.com
+        methods:
+          - GET
+        paths:
+          - /*
+      name: method
+      plugins:
+        - name: prometheus
+          enable: true
+          config:
+            disable: false
+            prefer_name: true
+```
+
+Save the above resource as podinfo-apisixroute.yaml and then apply it:
+
+```bash
+kubectl apply -f ./podinfo-apisixroute.yaml
+```
+
+Create a canary custom resource \(replace `app.example.com` with your own domain\):
+
+```yaml
+apiVersion: flagger.app/v1beta1
+kind: Canary
+metadata:
+  name: podinfo
+  namespace: test
+spec:
+  provider: apisix
+  targetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: podinfo
+  # apisix route reference
+  routeRef:
+    apiVersion: apisix.apache.org/v2
+    kind: ApisixRoute
+    name: podinfo
+  # the maximum time in seconds for the canary deployment
+  # to make progress before it is rollback (default 600s)
+  progressDeadlineSeconds: 60
+  service:
+    # ClusterIP port number
+    port: 80
+    # container port number or name
+    targetPort: 9898
+  analysis:
+    # schedule interval (default 60s)
+    interval: 10s
+    # max number of failed metric checks before rollback
+    threshold: 10
+    # max traffic percentage routed to canary
+    # percentage (0-100)
+    maxWeight: 50
+    # canary increment step
+    # percentage (0-100)
+    stepWeight: 10
+    # APISIX Prometheus checks
+    metrics:
+      - name: request-success-rate
+        # minimum req success rate (non 5xx responses)
+        # percentage (0-100)
+        thresholdRange:
+          min: 99
+        interval: 1m
+      - name: request-duration
+        # builtin Prometheus check
+        # maximum req duration P99
+        # milliseconds
+        thresholdRange:
+          max: 500
+        interval: 30s
+    webhooks:
+      - name: load-test
+        url: http://flagger-loadtester.test/
+        timeout: 5s
+        type: rollout
+        metadata:
+          cmd: |-
+            hey -z 1m -q 10 -c 2 -h2 -host app.example.com http://apisix-gateway.apisix/api/info
+```
+
+Save the above resource as podinfo-canary.yaml and then apply it:
+
+```bash
+kubectl apply -f ./podinfo-canary.yaml
+```
+
+After a couple of seconds Flagger will create the canary objects:
+
+```bash
+# applied 
+deployment.apps/podinfo
+horizontalpodautoscaler.autoscaling/podinfo
+apisixroute/podinfo
+canary.flagger.app/podinfo
+
+# generated 
+deployment.apps/podinfo-primary
+horizontalpodautoscaler.autoscaling/podinfo-primary
+service/podinfo
+service/podinfo-canary
+service/podinfo-primary
+apisixroute/podinfo-podinfo-canary
+```
+
+## Automated canary promotion
+
+Flagger implements a control loop that gradually shifts traffic to the canary while measuring key performance indicators like HTTP requests success rate, requests average duration and pod health. Based on analysis of the KPIs a canary is promoted or aborted, and the analysis result is published to Slack or MS Teams.
+
+![Flagger Canary Stages](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-canary-steps.png)
+
+Trigger a canary deployment by updating the container image:
+
+```bash
+kubectl -n test set image deployment/podinfo \
+podinfod=stefanprodan/podinfo:6.0.1
+```
+
+Flagger detects that the deployment revision changed and starts a new rollout:
+
+```text
+kubectl -n test describe canary/podinfo
+
+Status:
+  Canary Weight:  0
+  Conditions:
+    Message:               Canary analysis completed successfully, promotion finished.
+    Reason:                Succeeded
+    Status:                True
+    Type:                  Promoted
+  Failed Checks:           1
+  Iterations:              0
+  Phase:                   Succeeded
+
+Events:
+  Type     Reason  Age                    From     Message
+  ----     ------  ----                   ----     -------
+  Warning  Synced  2m59s                  flagger  podinfo-primary.test not ready: waiting for rollout to finish: observed deployment generation less than desired generation
+  Warning  Synced  2m50s                  flagger  podinfo-primary.test not ready: waiting for rollout to finish: 0 of 1 (readyThreshold 100%) updated replicas are available
+  Normal   Synced  2m40s (x3 over 2m59s)  flagger  all the metrics providers are available!
+  Normal   Synced  2m39s                  flagger  Initialization done! podinfo.test
+  Normal   Synced  2m20s                  flagger  New revision detected! Scaling up podinfo.test
+  Warning  Synced  2m (x2 over 2m10s)     flagger  canary deployment podinfo.test not ready: waiting for rollout to finish: 0 of 1 (readyThreshold 100%) updated replicas are available
+  Normal   Synced  110s                   flagger  Starting canary analysis for podinfo.test
+  Normal   Synced  109s                   flagger  Advance podinfo.test canary weight 10
+  Warning  Synced  100s                   flagger  Halt advancement no values found for apisix metric request-success-rate probably podinfo.test is not receiving traffic: running query failed: no values found
+  Normal   Synced  90s                    flagger  Advance podinfo.test canary weight 20
+  Normal   Synced  80s                    flagger  Advance podinfo.test canary weight 30
+  Normal   Synced  69s                    flagger  Advance podinfo.test canary weight 40
+  Normal   Synced  59s                    flagger  Advance podinfo.test canary weight 50
+  Warning  Synced  30s (x2 over 40s)      flagger  podinfo-primary.test not ready: waiting for rollout to finish: 1 old replicas are pending termination
+  Normal   Synced  9s (x3 over 50s)       flagger  (combined from similar events): Promotion completed! Scaling down podinfo.test
+```
+
+**Note** that if you apply new changes to the deployment during the canary analysis, Flagger will restart the analysis.
+
+You can monitor all canaries with:
+
+```bash
+watch kubectl get canaries --all-namespaces
+
+NAMESPACE   NAME      STATUS      WEIGHT   LASTTRANSITIONTIME
+test        podinfo-2   Progressing   10       2022-11-23T05:00:54Z
+test        podinfo     Succeeded     0        2022-11-23T06:00:54Z
+```
+
+## Automated rollback
+
+During the canary analysis you can generate HTTP 500 errors to test if Flagger pauses and rolls back the faulted version.
+
+Trigger another canary deployment:
+
+```bash
+kubectl -n test set image deployment/podinfo \
+podinfod=stefanprodan/podinfo:6.0.2
+```
+
+Exec into the load tester pod with:
+
+```bash
+kubectl -n test exec -it deploy/flagger-loadtester bash
+```
+
+Generate HTTP 500 errors:
+
+```bash
+hey -z 1m -c 5 -q 5 -host app.example.com http://apisix-gateway.apisix/status/500
+```
+
+Generate latency:
+
+```bash
+watch -n 1 curl -H \"host: app.example.com\" http://apisix-gateway.apisix/delay/1
+```
+
+When the number of failed checks reaches the canary analysis threshold, the traffic is routed back to the primary, the canary is scaled to zero and the rollout is marked as failed.
+
+```text
+kubectl -n apisix logs deploy/flagger -f | jq .msg
+
+"New revision detected! Scaling up podinfo.test"
+"canary deployment podinfo.test not ready: waiting for rollout to finish: 0 of 1 (readyThreshold 100%) updated replicas are available"
+"Starting canary analysis for podinfo.test"
+"Advance podinfo.test canary weight 10"
+"Halt podinfo.test advancement success rate 0.00% < 99%"
+"Halt podinfo.test advancement success rate 26.76% < 99%"
+"Halt podinfo.test advancement success rate 34.19% < 99%"
+"Halt podinfo.test advancement success rate 37.32% < 99%"
+"Halt podinfo.test advancement success rate 39.04% < 99%"
+"Halt podinfo.test advancement success rate 40.13% < 99%"
+"Halt podinfo.test advancement success rate 48.28% < 99%"
+"Halt podinfo.test advancement success rate 50.35% < 99%"
+"Halt podinfo.test advancement success rate 56.92% < 99%"
+"Halt podinfo.test advancement success rate 67.70% < 99%"
+"Rolling back podinfo.test failed checks threshold reached 10"
+"Canary failed! Scaling down podinfo.test"
+```
+
+## Custom metrics
+
+The canary analysis can be extended with Prometheus queries.
+
+Create a metric template and apply it on the cluster:
+
+```yaml
+apiVersion: flagger.app/v1beta1
+kind: MetricTemplate
+metadata:
+  name: not-found-percentage
+  namespace: test
+spec:
+  provider:
+    type: prometheus
+    address: http://flagger-prometheus.apisix:9090
+  query: |
+    sum(
+      rate(
+        apisix_http_status{
+          route=~"{{ namespace }}_{{ route }}-{{ target }}-canary_.+",
+          code!~"4.."
+        }[{{ interval }}]
+      )
+    )
+    /
+    sum(
+      rate(
+        apisix_http_status{
+          route=~"{{ namespace }}_{{ route }}-{{ target }}-canary_.+"
+        }[{{ interval }}]
+      )
+    ) * 100
+```
+
+Edit the canary analysis and add the not found error rate check:
+
+```yaml
+  analysis:
+    metrics:
+      - name: "404s percentage"
+        templateRef:
+          name: not-found-percentage
+        thresholdRange:
+          max: 5
+        interval: 1m
+```
+
+The above configuration validates the canary by checking if the HTTP 404 req/sec percentage is below 5 percent of the total traffic. If the 404s rate reaches the 5% threshold, then the canary fails.
+
+
+The above procedures can be extended with more [custom metrics](../usage/metrics.md) checks, [webhooks](../usage/webhooks.md), [manual promotion](../usage/webhooks.md#manual-gating) approval and [Slack or MS Teams](../usage/alerting.md) notifications.
+

docs/gitbook/tutorials/appmesh-progressive-delivery.md

@@ -1,434 +0,0 @@
-# App Mesh Canary Deployments
-
-This guide shows you how to use App Mesh and Flagger to automate canary deployments.
-You'll need an EKS cluster (Kubernetes >= 1.16) configured with App Mesh,
-you can find the installation guide [here](https://docs.flagger.app/install/flagger-install-on-eks-appmesh).
-
-## Bootstrap
-
-Flagger takes a Kubernetes deployment and optionally a horizontal pod autoscaler (HPA),
-then creates a series of objects (Kubernetes deployments, ClusterIP services,
-App Mesh virtual nodes and services).
-These objects expose the application on the mesh and drive the canary analysis and promotion.
-The only App Mesh object you need to create by yourself is the mesh resource.
-
-Create a mesh called `global`:
-
-```bash
-cat << EOF | kubectl apply -f -
-apiVersion: appmesh.k8s.aws/v1beta2
-kind: Mesh
-metadata:
-  name: global
-spec:
-  namespaceSelector:
-    matchLabels:
-      appmesh.k8s.aws/sidecarInjectorWebhook: enabled
-EOF
-```
-
-Create a test namespace with App Mesh sidecar injection enabled:
-
-```bash
-cat << EOF | kubectl apply -f -
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: test
-  labels:
-    appmesh.k8s.aws/sidecarInjectorWebhook: enabled
-EOF
-```
-
-Create a deployment and a horizontal pod autoscaler:
-
-```bash
-kubectl apply -k https://github.com/fluxcd/flagger//kustomize/podinfo?ref=main
-```
-
-Deploy the load testing service to generate traffic during the canary analysis:
-
-```bash
-helm upgrade -i flagger-loadtester flagger/loadtester \
---namespace=test \
---set appmesh.enabled=true \
---set "appmesh.backends[0]=podinfo" \
---set "appmesh.backends[1]=podinfo-canary"
-```
-
-Create a canary definition:
-
-```yaml
-apiVersion: flagger.app/v1beta1
-kind: Canary
-metadata:
-  annotations:
-    # Enable Envoy access logging to stdout.
-    appmesh.flagger.app/accesslog: enabled
-  name: podinfo
-  namespace: test
-spec:
-  # App Mesh API reference
-  provider: appmesh:v1beta2
-  # deployment reference
-  targetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: podinfo
-  # the maximum time in seconds for the canary deployment
-  # to make progress before it is rollback (default 600s)
-  progressDeadlineSeconds: 60
-  # HPA reference (optional)
-  autoscalerRef:
-    apiVersion: autoscaling/v2beta2
-    kind: HorizontalPodAutoscaler
-    name: podinfo
-  service:
-    # container port
-    port: 9898
-    # App Mesh ingress timeout (optional)
-    timeout: 15s
-    # App Mesh retry policy (optional)
-    retries:
-      attempts: 3
-      perTryTimeout: 5s
-      retryOn: "gateway-error,client-error,stream-error"
-    # App Mesh URI settings
-    match:
-      - uri:
-          prefix: /
-    rewrite:
-      uri: /
-  # define the canary analysis timing and KPIs
-  analysis:
-    # schedule interval (default 60s)
-    interval: 1m
-    # max number of failed metric checks before rollback
-    threshold: 5
-    # max traffic percentage routed to canary
-    # percentage (0-100)
-    maxWeight: 50
-    # canary increment step
-    # percentage (0-100)
-    stepWeight: 5
-    # App Mesh Prometheus checks
-    metrics:
-    - name: request-success-rate
-      # minimum req success rate (non 5xx responses)
-      # percentage (0-100)
-      thresholdRange:
-        min: 99
-      interval: 1m
-    - name: request-duration
-      # maximum req duration P99
-      # milliseconds
-      thresholdRange:
-        max: 500
-      interval: 30s
-    # testing (optional)
-    webhooks:
-    - name: acceptance-test
-      type: pre-rollout
-      url: http://flagger-loadtester.test/
-      timeout: 30s
-      metadata:
-        type: bash
-        cmd: "curl -sd 'test' http://podinfo-canary.test:9898/token | grep token"
-    - name: load-test
-      url: http://flagger-loadtester.test/
-      timeout: 5s
-      metadata:
-        cmd: "hey -z 1m -q 10 -c 2 http://podinfo-canary.test:9898/"
-```
-
-Save the above resource as podinfo-canary.yaml and then apply it:
-
-```bash
-kubectl apply -f ./podinfo-canary.yaml
-```
-
-After a couple of seconds Flagger will create the canary objects:
-
-```bash
-# applied 
-deployment.apps/podinfo
-horizontalpodautoscaler.autoscaling/podinfo
-canary.flagger.app/podinfo
-
-# generated Kubernetes objects
-deployment.apps/podinfo-primary
-horizontalpodautoscaler.autoscaling/podinfo-primary
-service/podinfo
-service/podinfo-canary
-service/podinfo-primary
-
-# generated App Mesh objects
-virtualnode.appmesh.k8s.aws/podinfo-canary
-virtualnode.appmesh.k8s.aws/podinfo-primary
-virtualrouter.appmesh.k8s.aws/podinfo
-virtualrouter.appmesh.k8s.aws/podinfo-canary
-virtualservice.appmesh.k8s.aws/podinfo
-virtualservice.appmesh.k8s.aws/podinfo-canary
-```
-
-After the bootstrap, the podinfo deployment will be scaled to zero and the traffic to `podinfo.test`
-will be routed to the primary pods.
-During the canary analysis, the `podinfo-canary.test` address can be used to target directly the canary pods.
-
-App Mesh blocks all egress traffic by default.
-If your application needs to call another service, you have to create an App Mesh virtual service for it
-and add the virtual service name to the backend list.
-
-```yaml
-  service:
-    port: 9898
-    backends:
-      - backend1
-      - arn:aws:appmesh:eu-west-1:12345678910:mesh/my-mesh/virtualService/backend2
-```
-
-## Setup App Mesh Gateway (optional)
-
-In order to expose the podinfo app outside the mesh you can use the App Mesh Gateway.
-
-Deploy the App Mesh Gateway behind an AWS NLB:
-
-```bash
-helm upgrade -i appmesh-gateway eks/appmesh-gateway \
---namespace test
-```
-
-Find the gateway public address:
-
-```bash
-export URL="http://$(kubectl -n test get svc/appmesh-gateway -ojson | jq -r ".status.loadBalancer.ingress[].hostname")"
-echo $URL
-```
-
-Wait for the NLB to become active:
-
-```bash
- watch curl -sS $URL
-```
-
-Create a gateway route that points to the podinfo virtual service:
-
-```yaml
-cat << EOF | kubectl apply -f -
-apiVersion: appmesh.k8s.aws/v1beta2
-kind: GatewayRoute
-metadata:
-  name: podinfo
-  namespace: test
-spec:
-  httpRoute:
-    match:
-      prefix: "/"
-    action:
-      target:
-        virtualService:
-          virtualServiceRef:
-            name: podinfo
-EOF
-```
-
-Open your browser and navigate to the ingress address to access podinfo UI.
-
-## Automated canary promotion
-
-A canary deployment is triggered by changes in any of the following objects:
-
-* Deployment PodSpec (container image, command, ports, env, resources, etc)
-* ConfigMaps and Secrets mounted as volumes or mapped to environment variables
-
-Trigger a canary deployment by updating the container image:
-
-```bash
-kubectl -n test set image deployment/podinfo \
-podinfod=ghcr.io/stefanprodan/podinfo:6.0.1
-```
-
-Flagger detects that the deployment revision changed and starts a new rollout:
-
-```text
-kubectl -n test describe canary/podinfo
-
-Status:
-  Canary Weight:         0
-  Failed Checks:         0
-  Phase:                 Succeeded
-Events:
- New revision detected! Scaling up podinfo.test
- Waiting for podinfo.test rollout to finish: 0 of 1 updated replicas are available
- Pre-rollout check acceptance-test passed
- Advance podinfo.test canary weight 5
- Advance podinfo.test canary weight 10
- Advance podinfo.test canary weight 15
- Advance podinfo.test canary weight 20
- Advance podinfo.test canary weight 25
- Advance podinfo.test canary weight 30
- Advance podinfo.test canary weight 35
- Advance podinfo.test canary weight 40
- Advance podinfo.test canary weight 45
- Advance podinfo.test canary weight 50
- Copying podinfo.test template spec to podinfo-primary.test
- Waiting for podinfo-primary.test rollout to finish: 1 of 2 updated replicas are available
- Routing all traffic to primary
- Promotion completed! Scaling down podinfo.test
-```
-
-When the canary analysis starts, Flagger will call the pre-rollout webhooks before routing traffic to the canary.
-
-**Note** that if you apply new changes to the deployment during the canary analysis, Flagger will restart the analysis.
-
-During the analysis the canary’s progress can be monitored with Grafana.
-The App Mesh dashboard URL is
-[http://localhost:3000/d/flagger-appmesh/appmesh-canary?refresh=10s&orgId=1&var-namespace=test&var-primary=podinfo-primary&var-canary=podinfo](http://localhost:3000/d/flagger-appmesh/appmesh-canary?refresh=10s&orgId=1&var-namespace=test&var-primary=podinfo-primary&var-canary=podinfo).
-
-![App Mesh Canary Dashboard](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/screens/flagger-grafana-appmesh.png)
-
-You can monitor all canaries with:
-
-```bash
-watch kubectl get canaries --all-namespaces
-
-NAMESPACE   NAME      STATUS        WEIGHT
-test        podinfo   Progressing   15
-prod        frontend  Succeeded     0
-prod        backend   Failed        0
-```
-
-If you’ve enabled the Slack notifications, you should receive the following messages:
-
-![Flagger Slack Notifications](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/screens/slack-canary-notifications.png)
-
-## Automated rollback
-
-During the canary analysis you can generate HTTP 500 errors or high latency to test if Flagger pauses the rollout.
-
-Trigger a canary deployment:
-
-```bash
-kubectl -n test set image deployment/podinfo \
-podinfod=ghcr.io/stefanprodan/podinfo:6.0.2
-```
-
-Exec into the load tester pod with:
-
-```bash
-kubectl -n test exec -it deploy/flagger-loadtester bash
-```
-
-Generate HTTP 500 errors:
-
-```bash
-hey -z 1m -c 5 -q 5 http://podinfo-canary.test:9898/status/500
-```
-
-Generate latency:
-
-```bash
-watch -n 1 curl http://podinfo-canary.test:9898/delay/1
-```
-
-When the number of failed checks reaches the canary analysis threshold, the traffic is routed back to the primary,
-the canary is scaled to zero and the rollout is marked as failed.
-
-```text
-kubectl -n appmesh-system logs deploy/flagger -f | jq .msg
-
-New revision detected! progressing canary analysis for podinfo.test
-Pre-rollout check acceptance-test passed
-Advance podinfo.test canary weight 5
-Advance podinfo.test canary weight 10
-Advance podinfo.test canary weight 15
-Halt podinfo.test advancement success rate 69.17% < 99%
-Halt podinfo.test advancement success rate 61.39% < 99%
-Halt podinfo.test advancement success rate 55.06% < 99%
-Halt podinfo.test advancement request duration 1.20s > 0.5s
-Halt podinfo.test advancement request duration 1.45s > 0.5s
-Rolling back podinfo.test failed checks threshold reached 5
-Canary failed! Scaling down podinfo.test
-```
-
-If you’ve enabled the Slack notifications, you’ll receive a message if the progress deadline is exceeded,
-or if the analysis reached the maximum number of failed checks:
-
-![Flagger Slack Notifications](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/screens/slack-canary-failed.png)
-
-## A/B Testing
-
-Besides weighted routing, Flagger can be configured to route traffic to the canary based on HTTP match conditions.
-In an A/B testing scenario, you'll be using HTTP headers or cookies to target a certain segment of your users.
-This is particularly useful for frontend applications that require session affinity.
-
-![Flagger A/B Testing Stages](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-abtest-steps.png)
-
-Edit the canary analysis, remove the max/step weight and add the match conditions and iterations:
-
-```yaml
-  analysis:
-    interval: 1m
-    threshold: 5
-    iterations: 10
-    match:
-    - headers:
-        x-canary:
-          exact: "insider"
-    webhooks:
-    - name: load-test
-      url: http://flagger-loadtester.test/
-      metadata:
-        cmd: "hey -z 1m -q 10 -c 2 -H 'X-Canary: insider' http://podinfo.test:9898/"
-```
-
-The above configuration will run an analysis for ten minutes targeting users that have a `X-Canary: insider` header.
-
-You can also use a HTTP cookie, to target all users with a `canary` cookie set to `insider` the match condition should be:
-
-```yaml
-match:
-- headers:
-    cookie:
-      regex: "^(.*?;)?(canary=insider)(;.*)?$"
-webhooks:
-- name: load-test
-  url: http://flagger-loadtester.test/
-  metadata:
-    cmd: "hey -z 1m -q 10 -c 2 -H 'Cookie: canary=insider' http://podinfo.test:9898/"
-```
-
-Trigger a canary deployment by updating the container image:
-
-```bash
-kubectl -n test set image deployment/podinfo \
-podinfod=ghcr.io/stefanprodan/podinfo:6.0.3
-```
-
-Flagger detects that the deployment revision changed and starts the A/B test:
-
-```text
-kubectl -n appmesh-system logs deploy/flagger -f | jq .msg
-
-New revision detected! progressing canary analysis for podinfo.test
-Advance podinfo.test canary iteration 1/10
-Advance podinfo.test canary iteration 2/10
-Advance podinfo.test canary iteration 3/10
-Advance podinfo.test canary iteration 4/10
-Advance podinfo.test canary iteration 5/10
-Advance podinfo.test canary iteration 6/10
-Advance podinfo.test canary iteration 7/10
-Advance podinfo.test canary iteration 8/10
-Advance podinfo.test canary iteration 9/10
-Advance podinfo.test canary iteration 10/10
-Copying podinfo.test template spec to podinfo-primary.test
-Waiting for podinfo-primary.test rollout to finish: 1 of 2 updated replicas are available
-Routing all traffic to primary
-Promotion completed! Scaling down podinfo.test
-```
-
-The above procedure can be extended with
-[custom metrics](../usage/metrics.md) checks,
-[webhooks](../usage/webhooks.md),
-[manual promotion](../usage/webhooks.md#manual-gating) approval and
-[Slack or MS Teams](../usage/alerting.md) notifications.

docs/gitbook/tutorials/canary-helm-gitops.md

@@ -1,347 +0,0 @@
-# Canaries with Helm charts and GitOps
-
-This guide shows you how to package a web app into a Helm chart, trigger canary deployments on Helm upgrade and automate the chart release process with Weave Flux.
-
-## Packaging
-
-You'll be using the [podinfo](https://github.com/stefanprodan/k8s-podinfo) chart. This chart packages a web app made with Go, it's configuration, a horizontal pod autoscaler \(HPA\) and the canary configuration file.
-
-```text
-├── Chart.yaml
-├── README.md
-├── templates
-│   ├── NOTES.txt
-│   ├── _helpers.tpl
-│   ├── canary.yaml
-│   ├── configmap.yaml
-│   ├── deployment.yaml
-│   ├── hpa.yaml
-│   ├── service.yaml
-│   └── tests
-│       ├── test-config.yaml
-│       └── test-pod.yaml
-└── values.yaml
-```
-
-You can find the chart source [here](https://github.com/stefanprodan/flagger/tree/master/charts/podinfo).
-
-## Install
-
-Create a test namespace with Istio sidecar injection enabled:
-
-```bash
-export REPO=https://raw.githubusercontent.com/fluxcd/flagger/main
-
-kubectl apply -f ${REPO}/artifacts/namespaces/test.yaml
-```
-
-Add Flagger Helm repository:
-
-```bash
-helm repo add flagger https://flagger.app
-```
-
-Install podinfo with the release name `frontend` \(replace `example.com` with your own domain\):
-
-```bash
-helm upgrade -i frontend flagger/podinfo \
---namespace test \
---set nameOverride=frontend \
---set backend=http://backend.test:9898/echo \
---set canary.enabled=true \
---set canary.istioIngress.enabled=true \
---set canary.istioIngress.gateway=public-gateway.istio-system.svc.cluster.local \
---set canary.istioIngress.host=frontend.istio.example.com
-```
-
-Flagger takes a Kubernetes deployment and a horizontal pod autoscaler \(HPA\), then creates a series of objects \(Kubernetes deployments, ClusterIP services and Istio virtual services\). These objects expose the application on the mesh and drive the canary analysis and promotion.
-
-```bash
-# generated by Helm 
-configmap/frontend
-deployment.apps/frontend
-horizontalpodautoscaler.autoscaling/frontend
-canary.flagger.app/frontend
-
-# generated by Flagger
-configmap/frontend-primary
-deployment.apps/frontend-primary
-horizontalpodautoscaler.autoscaling/frontend-primary
-service/frontend
-service/frontend-canary
-service/frontend-primary
-virtualservice.networking.istio.io/frontend
-```
-
-When the `frontend-primary` deployment comes online, Flagger will route all traffic to the primary pods and scale to zero the `frontend` deployment.
-
-Open your browser and navigate to the frontend URL:
-
-![Podinfo Frontend](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/screens/demo-frontend.png)
-
-Now let's install the `backend` release without exposing it outside the mesh:
-
-```bash
-helm upgrade -i backend flagger/podinfo \
---namespace test \
---set nameOverride=backend \
---set canary.enabled=true \
---set canary.istioIngress.enabled=false
-```
-
-Check if Flagger has successfully deployed the canaries:
-
-```text
-kubectl -n test get canaries
-
-NAME       STATUS        WEIGHT   LASTTRANSITIONTIME
-backend    Initialized   0        2019-02-12T18:53:18Z
-frontend   Initialized   0        2019-02-12T17:50:50Z
-```
-
-Click on the ping button in the `frontend` UI to trigger a HTTP POST request that will reach the `backend` app:
-
-![Jaeger Tracing](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/screens/demo-frontend-jaeger.png)
-
-We'll use the `/echo` endpoint \(same as the one the ping button calls\) to generate load on both apps during a canary deployment.
-
-## Upgrade
-
-First let's install a load testing service that will generate traffic during analysis:
-
-```bash
-helm upgrade -i flagger-loadtester flagger/loadtester \
---namespace=test
-```
-
-Install Flagger's helm test runner in the `kube-system` using `tiller` service account:
-
-```bash
-helm upgrade -i flagger-helmtester flagger/loadtester \
---namespace=kube-system \
---set serviceAccountName=tiller
-```
-
-Enable the load and helm tester and deploy a new `frontend` version:
-
-```bash
-helm upgrade -i frontend flagger/podinfo/ \
---namespace test \
---reuse-values \
---set canary.loadtest.enabled=true \
---set canary.helmtest.enabled=true \
---set image.tag=3.1.1
-```
-
-Flagger detects that the deployment revision changed and starts the canary analysis:
-
-```text
-kubectl -n istio-system logs deployment/flagger -f | jq .msg
-
-New revision detected! Scaling up frontend.test
-Halt advancement frontend.test waiting for rollout to finish: 0 of 2 updated replicas are available
-Starting canary analysis for frontend.test
-Pre-rollout check helm test passed
-Advance frontend.test canary weight 5
-Advance frontend.test canary weight 10
-Advance frontend.test canary weight 15
-Advance frontend.test canary weight 20
-Advance frontend.test canary weight 25
-Advance frontend.test canary weight 30
-Advance frontend.test canary weight 35
-Advance frontend.test canary weight 40
-Advance frontend.test canary weight 45
-Advance frontend.test canary weight 50
-Copying frontend.test template spec to frontend-primary.test
-Halt advancement frontend-primary.test waiting for rollout to finish: 1 old replicas are pending termination
-Promotion completed! Scaling down frontend.test
-```
-
-You can monitor the canary deployment with Grafana. Open the Flagger dashboard, select `test` from the namespace dropdown, `frontend-primary` from the primary dropdown and `frontend` from the canary dropdown.
-
-![Flagger Grafana Dashboard](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/screens/demo-frontend-dashboard.png)
-
-Now trigger a canary deployment for the `backend` app, but this time you'll change a value in the configmap:
-
-```bash
-helm upgrade -i backend flagger/podinfo/ \
---namespace test \
---reuse-values \
---set canary.loadtest.enabled=true \
---set canary.helmtest.enabled=true \
---set httpServer.timeout=25s
-```
-
-Generate HTTP 500 errors:
-
-```bash
-kubectl -n test exec -it flagger-loadtester-xxx-yyy sh
-
-watch curl http://backend-canary:9898/status/500
-```
-
-Generate latency:
-
-```bash
-kubectl -n test exec -it flagger-loadtester-xxx-yyy sh
-
-watch curl http://backend-canary:9898/delay/1
-```
-
-Flagger detects the config map change and starts a canary analysis. Flagger will pause the advancement when the HTTP success rate drops under 99% or when the average request duration in the last minute is over 500ms:
-
-```text
-kubectl -n test describe canary backend
-
-Events:
-
-ConfigMap backend has changed
-New revision detected! Scaling up backend.test
-Starting canary analysis for backend.test
-Advance backend.test canary weight 5
-Advance backend.test canary weight 10
-Advance backend.test canary weight 15
-Advance backend.test canary weight 20
-Advance backend.test canary weight 25
-Advance backend.test canary weight 30
-Advance backend.test canary weight 35
-Halt backend.test advancement success rate 62.50% < 99%
-Halt backend.test advancement success rate 88.24% < 99%
-Advance backend.test canary weight 40
-Advance backend.test canary weight 45
-Halt backend.test advancement request duration 2.415s > 500ms
-Halt backend.test advancement request duration 2.42s > 500ms
-Advance backend.test canary weight 50
-ConfigMap backend-primary synced
-Copying backend.test template spec to backend-primary.test
-Promotion completed! Scaling down backend.test
-```
-
-![Flagger Grafana Dashboard](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/screens/demo-backend-dashboard.png)
-
-If the number of failed checks reaches the canary analysis threshold, the traffic is routed back to the primary, the canary is scaled to zero and the rollout is marked as failed.
-
-```bash
-kubectl -n test get canary
-
-NAME       STATUS        WEIGHT   LASTTRANSITIONTIME
-backend    Succeeded     0        2019-02-12T19:33:11Z
-frontend   Failed        0        2019-02-12T19:47:20Z
-```
-
-If you've enabled the Slack notifications, you'll receive an alert with the reason why the `backend` promotion failed.
-
-## GitOps automation
-
-Instead of using Helm CLI from a CI tool to perform the install and upgrade, you could use a Git based approach. GitOps is a way to do Continuous Delivery, it works by using Git as a source of truth for declarative infrastructure and workloads. In the [GitOps model](https://www.weave.works/technologies/gitops/), any change to production must be committed in source control prior to being applied on the cluster. This way rollback and audit logs are provided by Git.
-
-![Helm GitOps Canary Deployment](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-flux-gitops.png)
-
-In order to apply the GitOps pipeline model to Flagger canary deployments you'll need a Git repository with your workloads definitions in YAML format, a container registry where your CI system pushes immutable images and an operator that synchronizes the Git repo with the cluster state.
-
-Create a git repository with the following content:
-
-```text
-├── namespaces
-│   └── test.yaml
-└── releases
-    └── test
-        ├── backend.yaml
-        ├── frontend.yaml
-        ├── loadtester.yaml
-        └── helmtester.yaml
-```
-
-Define the `frontend` release using Flux `HelmRelease` custom resource:
-
-```yaml
-apiVersion: flux.weave.works/v1beta1
-kind: HelmRelease
-metadata:
-  name: frontend
-  namespace: test
-  annotations:
-    fluxcd.io/automated: "true"
-    filter.fluxcd.io/chart-image: semver:~3.1
-spec:
-  releaseName: frontend
-  chart:
-    git: https://github.com/weaveowrks/flagger
-    ref: master
-    path: charts/podinfo
-  values:
-    image:
-      repository: stefanprodan/podinfo
-      tag: 3.1.0
-      backend: http://backend-podinfo:9898/echo
-      canary:
-        enabled: true
-        istioIngress:
-          enabled: true
-          gateway: public-gateway.istio-system.svc.cluster.local
-          host: frontend.istio.example.com
-        loadtest:
-          enabled: true
-        helmtest:
-          enabled: true
-```
-
-In the `chart` section I've defined the release source by specifying the Helm repository \(hosted on GitHub Pages\), chart name and version. In the `values` section I've overwritten the defaults set in values.yaml.
-
-With the `fluxcd.io` annotations I instruct Flux to automate this release. When an image tag in the sem ver range of `3.1.0 - 3.1.99` is pushed to Docker Hub, Flux will upgrade the Helm release and from there Flagger will pick up the change and start a canary deployment.
-
-Install [Flux](https://github.com/fluxcd/flux) and its [Helm Operator](https://github.com/fluxcd/helm-operator) by specifying your Git repo URL:
-
-```bash
-helm repo add fluxcd https://charts.fluxcd.io
-
-helm install --name flux \
---set git.url=git@github.com:<USERNAME>/<REPOSITORY> \
---namespace fluxcd \
-fluxcd/flux
-
-helm upgrade -i helm-operator fluxcd/helm-operator \
---namespace fluxcd \
---set git.ssh.secretName=flux-git-deploy
-```
-
-At startup Flux generates a SSH key and logs the public key. Find the SSH public key with:
-
-```bash
-kubectl -n fluxcd logs deployment/flux | grep identity.pub | cut -d '"' -f2
-```
-
-In order to sync your cluster state with Git you need to copy the public key and create a deploy key with write access on your GitHub repository.
-
-Open GitHub, navigate to your fork, go to _Setting &gt; Deploy keys_ click on _Add deploy key_, check _Allow write access_, paste the Flux public key and click _Add key_.
-
-After a couple of seconds Flux will apply the Kubernetes resources from Git and Flagger will launch the `frontend` and `backend` apps.
-
-A CI/CD pipeline for the `frontend` release could look like this:
-
-* cut a release from the master branch of the podinfo code repo with the git tag `3.1.1`
-* CI builds the image and pushes the `podinfo:6.0.1` image to the container registry
-* Flux scans the registry and updates the Helm release `image.tag` to `3.1.1`
-* Flux commits and push the change to the cluster repo
-* Flux applies the updated Helm release on the cluster
-* Flux Helm Operator picks up the change and calls Tiller to upgrade the release
-* Flagger detects a revision change and scales up the `frontend` deployment
-* Flagger runs the helm test before routing traffic to the canary service
-* Flagger starts the load test and runs the canary analysis 
-* Based on the analysis result the canary deployment is promoted to production or rolled back
-* Flagger sends a Slack or MS Teams notification with the canary result
-
-If the canary fails, fix the bug, do another patch release eg `3.1.2` and the whole process will run again.
-
-A canary deployment can fail due to any of the following reasons:
-
-* the container image can't be downloaded 
-* the deployment replica set is stuck for more then ten minutes \(eg. due to a container crash loop\)
-* the webhooks \(acceptance tests, helm tests, load tests, etc\) are returning a non 2xx response
-* the HTTP success rate \(non 5xx responses\) metric drops under the threshold
-* the HTTP average duration metric goes over the threshold
-* the Istio telemetry service is unable to collect traffic metrics
-* the metrics server \(Prometheus\) can't be reached
-
-If you want to find out more about managing Helm releases with Flux here are two in-depth guides: [gitops-helm](https://github.com/stefanprodan/gitops-helm) and [gitops-istio](https://github.com/stefanprodan/gitops-istio).
-

docs/gitbook/tutorials/contour-progressive-delivery.md

@@ -76,7 +76,7 @@ spec:
     name: podinfo
   # HPA reference
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:

docs/gitbook/tutorials/gatewayapi-progressive-delivery.md

@@ -1,65 +1,74 @@
-# Gateway API Canary Deployments
 
 This guide shows you how to use [Gateway API](https://gateway-api.sigs.k8s.io/) and Flagger to automate canary deployments and A/B testing.
 
-![Flagger Canary Stages](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-gatewayapi-canary.png)
+![Flagger Gateway API Integration](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-gatewayapi-canary.png)
 
 ## Prerequisites
 
-Flagger requires a Kubernetes cluster **v1.19** or newer and any mesh/ingress that implements the `v1beta1` version of Gateway API. We'll be using Contour for the sake of this tutorial, but you can use any other implementation.
+Flagger requires an ingress controller or service mesh that implements the Gateway API **HTTPRoute** (`v1` or `v1beta1`).
 
-> Note: Flagger supports `v1alpha2` version of Gateway API, but the alpha version has been deprecated and support will be dropped in a future release.
+We'll be using Istio for the sake of this tutorial, but you can use any other implementation.
 
-Install Contour, its Gateway provisioner and Gateway API CRDs in the `projectcontour` namespace:
+Install the Gateway API CRDs:
 
 ```bash
-https://raw.githubusercontent.com/projectcontour/contour/release-1.23/examples/render/contour-gateway-provisioner.yaml
+# Suggestion: Change v1.4.0 in to the latest Gateway API version
+kubectl apply --server-side -k "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v1.4.0"
 ```
 
-> Alternatively, you can also install the Gateway API CRDs from the upstream project:
+Install Istio:
+
 ```bash
-kubectl apply -k github.com/kubernetes-sigs/gateway-api/config/crd?ref=v0.6.0
+istioctl install --set profile=minimal -y
+
+# Suggestion: Change release-1.27 in to the latest Istio version
+kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.27/samples/addons/prometheus.yaml
 ```
 
 Install Flagger in the `flagger-system` namespace:
 
 ```bash
-kubectl apply -k github.com/fluxcd/flagger//kustomize/gatewayapi
+kubectl create ns flagger-system
+
+helm repo add flagger https://flagger.app
+helm upgrade -i flagger flagger/flagger \
+  --namespace flagger-system \
+  --set prometheus.install=false \
+  --set meshProvider=gatewayapi:v1 \
+  --set metricsServer=http://prometheus.istio-system:9090
 ```
 
-Create a `GatewayClass` that specifies information about the Gateway controller:
+Create a namespace for the `Gateway`:
 
-```yaml
-kind: GatewayClass
-apiVersion: gateway.networking.k8s.io/v1beta1
-metadata:
-  name: contour
-spec:
-  controllerName: projectcontour.io/gateway-controller
+```bash
+kubectl create ns istio-ingress
 ```
 
 Create a `Gateway` that configures load balancing, traffic ACL, etc:
 
 ```yaml
+apiVersion: gateway.networking.k8s.io/v1
 kind: Gateway
-apiVersion: gateway.networking.k8s.io/v1beta1
 metadata:
-  name: contour
-  namespace: projectcontour
+  name: gateway
+  namespace: istio-ingress
 spec:
-  gatewayClassName: contour
+  gatewayClassName: istio
   listeners:
-    - name: http
-      protocol: HTTP
-      port: 80
-      allowedRoutes:
-        namespaces:
-          from: All
+  - name: default
+    hostname: "*.example.com"
+    port: 80
+    protocol: HTTP
+    allowedRoutes:
+      namespaces:
+        from: All
 ```
 
 ## Bootstrap
 
-Flagger takes a Kubernetes deployment and optionally a horizontal pod autoscaler \(HPA\), then creates a series of objects \(Kubernetes deployments, ClusterIP services, HTTPRoutes for the Gateway\). These objects expose the application inside the mesh and drive the canary analysis and promotion.
+Flagger takes a Kubernetes deployment and optionally a horizontal pod autoscaler \(HPA\),
+then creates a series of objects \(Kubernetes deployments, ClusterIP services, HTTPRoutes for the Gateway\).
+These objects expose the application inside the mesh and drive the canary analysis and promotion.
 
 Create a test namespace:
 
@@ -79,7 +88,9 @@ Deploy the load testing service to generate traffic during the canary analysis:
 kubectl apply -k https://github.com/fluxcd/flagger//kustomize/tester?ref=main
 ```
 
-Create metric templates targeting the Prometheus server in the `flagger-system` namespace. The PromQL queries below are meant for `Envoy`, but you can [change it to your ingress/mesh provider](https://docs.flagger.app/faq#metrics) accordingly.
+Create metric templates targeting the Prometheus server in the `flagger-system` namespace.
+The PromQL queries below are meant for `Envoy`,
+but you can [change it to your ingress/mesh provider](https://docs.flagger.app/faq#metrics) accordingly.
 
 ```yaml
 apiVersion: flagger.app/v1beta1
@@ -90,13 +101,15 @@ metadata:
 spec:
   provider:
     type: prometheus
-    address: http://flagger-prometheus:9090
+    address: http://prometheus.istio-system:9090
   query: |
     histogram_quantile(0.99,
       sum(
         rate(
-          envoy_cluster_upstream_rq_time_bucket{
-            envoy_cluster_name=~"{{ namespace }}_{{ target }}-canary_[0-9a-zA-Z-]+",
+          istio_request_duration_milliseconds_bucket{
+            reporter="source",
+            destination_workload_namespace=~"{{ namespace }}",
+            destination_workload=~"{{ target }}",
           }[{{ interval }}]
         )
       ) by (le)
@@ -110,21 +123,25 @@ metadata:
 spec:
   provider:
     type: prometheus
-    address: http://flagger-prometheus:9090
+    address: http://prometheus.istio-system:9090
   query: |
     100 - sum(
       rate(
-        envoy_cluster_upstream_rq{
-          envoy_cluster_name=~"{{ namespace }}_{{ target }}-canary_[0-9a-zA-Z-]+",
-          envoy_response_code!~"5.*"
+        istio_requests_total{
+          reporter="source",
+          destination_workload_namespace=~"{{ namespace }}",
+          destination_workload=~"{{ target }}",
+          response_code!~"5.*"
         }[{{ interval }}]
       )
     )
     /
     sum(
       rate(
-        envoy_cluster_upstream_rq{
-          envoy_cluster_name=~"{{ namespace }}_{{ target }}-canary_[0-9a-zA-Z-]+",
+        istio_requests_total{
+          reporter="source",
+          destination_workload_namespace=~"{{ namespace }}",
+          destination_workload=~"{{ target }}",
         }[{{ interval }}]
       )
     )
@@ -137,7 +154,7 @@ Save the above resource as metric-templates.yaml and then apply it:
 kubectl apply -f metric-templates.yaml
 ```
 
-Create a canary custom resource \(replace "loaclproject.contour.io" with your own domain\):
+Create a Canary custom resource \(replace "www.example.com" with your own domain\):
 
 ```yaml
 apiVersion: flagger.app/v1beta1
@@ -156,7 +173,7 @@ spec:
   progressDeadlineSeconds: 60
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:
@@ -166,11 +183,11 @@ spec:
     targetPort: 9898
     # Gateway API HTTPRoute host names
     hosts:
-     - localproject.contour.io
+     - www.example.com
     # Reference to the Gateway that the generated HTTPRoute would attach to.
     gatewayRefs:
-      - name: contour
-        namespace: projectcontour
+      - name: gateway
+        namespace: istio-ingress
   analysis:
     # schedule interval (default 60s)
     interval: 1m
@@ -213,7 +230,7 @@ spec:
         url: http://flagger-loadtester.test/
         timeout: 5s
         metadata:
-          cmd: "hey -z 2m -q 10 -c 2 -host localproject.contour.io http://envoy.projectcontour/"
+          cmd: "hey -z 2m -q 10 -c 2 -host www.example.com http://gateway-istio.istio-ingress/"
 ```
 
 Save the above resource as podinfo-canary.yaml and then apply it:
@@ -222,7 +239,8 @@ Save the above resource as podinfo-canary.yaml and then apply it:
 kubectl apply -f ./podinfo-canary.yaml
 ```
 
-When the canary analysis starts, Flagger will call the pre-rollout webhooks before routing traffic to the canary. The canary analysis will run for five minutes while validating the HTTP metrics and rollout hooks every minute.
+When the canary analysis starts, Flagger will call the pre-rollout webhooks before routing traffic to the canary.
+The canary analysis will run for five minutes while validating the HTTP metrics and rollout hooks every minute.
 
 After a couple of seconds Flagger will create the canary objects:
 
@@ -243,29 +261,35 @@ httproutes.gateway.networking.k8s.io/podinfo
 
 ## Expose the app outside the cluster
 
-Find the external address of Contour's Envoy load balancer:
+Find the external address of Istio's load balancer:
 
 ```bash
-export ADDRESS="$(kubectl -n projectcontour get svc/envoy -ojson \
+export ADDRESS="$(kubectl -n istio-ingress get svc/gateway-istio -ojson \
 | jq -r ".status.loadBalancer.ingress[].hostname")"
 echo $ADDRESS
 ```
 
-Configure your DNS server with a CNAME record \(AWS\) or A record \(GKE/AKS/DOKS\) and point a domain e.g. `localproject.contour.io` to the LB address.
+Configure your DNS server with a CNAME record \(AWS\) or A record \(GKE/AKS/DOKS\) and
+point a domain e.g. `www.example.com` to the LB address.
 
 Now you can access the podinfo UI using your domain address.
 
-Note that you should be using HTTPS when exposing production workloads on internet. You can obtain free TLS certs from Let's Encrypt, read this [guide](https://github.com/stefanprodan/eks-contour-ingress) on how to configure cert-manager to secure Contour with TLS certificates.
+Note that you should be using HTTPS when exposing production workloads on internet.
+If you're using a local cluster you can port forward to the Envoy LoadBalancer service:
 
-If you're using a local cluster via kind/k3s you can port forward the Envoy LoadBalancer service:
 ```bash
-kubectl port-forward -n projectcontour svc/envoy 8080:80
+kubectl port-forward -n istio-ingress svc/gateway-istio 8080:80
 ```
 
-Now you can access podinfo via `curl -H "Host: localproject.contour.io" localhost:8080`
+Now you can access podinfo via `curl -H "Host: www.example.com" localhost:8080`.
 
 ## Automated canary promotion
 
+With the application bootstrapped, Flagger will continuously monitor the deployment for changes.
+When a new revision is detected, Flagger will start a canary analysis and gradually shift traffic to the new version.
+
+![Flagger Canary Stages](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-canary-steps.png)
+
 Trigger a canary deployment by updating the container image:
 
 ```bash
@@ -303,7 +327,8 @@ Events:
   Normal   Synced  5s    flagger  Promotion completed! Scaling down podinfo.test
 ```
 
-**Note** that if you apply new changes to the deployment during the canary analysis, Flagger will restart the analysis.
+**Note** that if you apply new changes to the deployment during the canary analysis,
+Flagger will restart the analysis.
 
 A canary deployment is triggered by changes in any of the following objects:
 
@@ -311,7 +336,8 @@ A canary deployment is triggered by changes in any of the following objects:
 * ConfigMaps mounted as volumes or mapped to environment variables
 * Secrets mounted as volumes or mapped to environment variables
 
-You can monitor how Flagger progressively changes the weights of the HTTPRoute object that is attahed to the Gateway with:
+You can monitor how Flagger progressively changes the weights of
+the HTTPRoute object that is attached to the Gateway with:
 
 ```bash
 watch kubectl get httproute -n test podinfo -o=jsonpath='{.spec.rules}'
@@ -323,9 +349,9 @@ You can monitor all canaries with:
 watch kubectl get canaries --all-namespaces
 
 NAMESPACE   NAME      STATUS        WEIGHT   LASTTRANSITIONTIME
-test        podinfo   Progressing   15       2022-01-16T14:05:07Z
-prod        frontend  Succeeded     0        2022-01-15T16:15:07Z
-prod        backend   Failed        0        2022-01-14T17:05:07Z
+test        podinfo   Progressing   15       2025-10-16T14:05:07Z
+prod        frontend  Succeeded     0        2025-10-15T16:15:07Z
+prod        backend   Failed        0        2025-10-14T17:05:07Z
 ```
 
 ## Automated rollback
@@ -357,7 +383,8 @@ Generate latency:
 watch curl http://podinfo-canary:9898/delay/1
 ```
 
-When the number of failed checks reaches the canary analysis threshold, the traffic is routed back to the primary, the canary is scaled to zero and the rollout is marked as failed.
+When the number of failed checks reaches the canary analysis threshold,
+the traffic is routed back to the primary, the canary is scaled to zero and the rollout is marked as failed.
 
 ```text
 kubectl -n test describe canary/podinfo
@@ -382,13 +409,14 @@ Events:
   Warning  Synced  1m    flagger  Canary failed! Scaling down podinfo.test
 ```
 
-# A/B Testing
+## A/B Testing
 
-Besides weighted routing, Flagger can be configured to route traffic to the canary based on HTTP match conditions. In an A/B testing scenario, you'll be using HTTP headers or cookies to target a certain segment of your users. This is particularly useful for frontend applications that require session affinity.
+Besides weighted routing, Flagger can be configured to route traffic to the canary based on HTTP match conditions.
+In an A/B testing scenario, you'll be using HTTP headers and cookies to target a certain segment of your users.
 
 ![Flagger A/B Testing Stages](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-abtest-steps.png)
 
-Create a canary custom resource \(replace "loaclproject.contour.io" with your own domain\):
+Create a canary custom resource \(replace "www.example.com" with your own domain\):
 
 ```yaml
 apiVersion: flagger.app/v1beta1
@@ -407,7 +435,7 @@ spec:
   progressDeadlineSeconds: 60
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:
@@ -417,22 +445,26 @@ spec:
     targetPort: 9898
     # Gateway API HTTPRoute host names
     hosts:
-     - localproject.contour.io
+     - www.example.com
     # Reference to the Gateway that the generated HTTPRoute would attach to.
     gatewayRefs:
-      - name: contour
-        namespace: projectcontour
+      - name: gateway
+        namespace: istio-ingress
   analysis:
     # schedule interval (default 60s)
     interval: 1m
-    # max number of failed metric checks before rollback
-    threshold: 5
-    # max traffic percentage routed to canary
-    # percentage (0-100)
-    maxWeight: 50
-    # canary increment step
-    # percentage (0-100)
-    stepWeight: 10
+    # total number of iterations
+    iterations: 10
+    # max number of failed iterations before rollback
+    threshold: 2
+    # canary match condition
+    match:
+      - headers:
+          user-agent:
+            regex: ".*Firefox.*"
+      - headers:
+          cookie:
+            regex: "^(.*?;)?(type=insider)(;.*)?$"
     metrics:
     - name: error-rate
       # max error rate (5xx responses)
@@ -453,21 +485,15 @@ spec:
       interval: 30s
     # testing (optional)
     webhooks:
-      - name: smoke-test
-        type: pre-rollout
-        url: http://flagger-loadtester.test/
-        timeout: 15s
-        metadata:
-          type: bash
-          cmd: "curl -sd 'anon' http://podinfo-canary.test:9898/token | grep token"
       - name: load-test
         url: http://flagger-loadtester.test/
         timeout: 5s
         metadata:
-          cmd: "hey -z 2m -q 10 -c 2 -host localproject.contour.io -H 'X-Canary: insider' http://envoy.projectcontour/"
+          cmd: "hey -z 2m -q 10 -c 2 -host www.example.com -H 'Cookie: type=insider' http://gateway-istio.istio-ingress/"
 ```
 
-The above configuration will run an analysis for ten minutes targeting those users that have an insider cookie.
+The above configuration will run an analysis for ten minutes targeting those users that
+have an insider cookie or are using Firefox as a browser.
 
 Save the above resource as podinfo-ab-canary.yaml and then apply it:
 
@@ -485,7 +511,7 @@ podinfod=stefanprodan/podinfo:6.0.3
 Flagger detects that the deployment revision changed and starts a new rollout:
 
 ```text
-kubectl -n test describe canary/abtest
+kubectl -n test describe canary/podinfo
 
 Status:
   Failed Checks:         0
@@ -511,5 +537,309 @@ Events:
   Normal   Synced  5s    flagger  Promotion completed! Scaling down podinfo.test
 ```
 
+## Session Affinity
+
+While Flagger can perform weighted routing and A/B testing individually,
+with Gateway API it can combine the two leading to a Canary release with session affinity.
+For more information you can read the [deployment strategies docs](../usage/deployment-strategies.md#canary-release-with-session-affinity).
+
+> **Note:** Session Affinity requires a Gateway API implementation that supports
+> the [`ResponseHeaderModifier`](https://gateway-api.sigs.k8s.io/guides/http-header-modifier/) API.
+
+Create a canary custom resource \(replace www.example.com with your own domain\):
+
+```yaml
+apiVersion: flagger.app/v1beta1
+kind: Canary
+metadata:
+  name: podinfo
+  namespace: test
+spec:
+  # deployment reference
+  targetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: podinfo
+  # the maximum time in seconds for the canary deployment
+  # to make progress before it is rollback (default 600s)
+  progressDeadlineSeconds: 60
+  # HPA reference (optional)
+  autoscalerRef:
+    apiVersion: autoscaling/v2
+    kind: HorizontalPodAutoscaler
+    name: podinfo
+  service:
+    # service port number
+    port: 9898
+    # container port number or name (optional)
+    targetPort: 9898
+    # Gateway API HTTPRoute host names
+    hosts:
+     - www.example.com
+    # Reference to the Gateway that the generated HTTPRoute would attach to.
+    gatewayRefs:
+      - name: gateway
+        namespace: istio-ingress
+  analysis:
+    # schedule interval (default 60s)
+    interval: 1m
+    # max number of failed metric checks before rollback
+    threshold: 5
+    # max traffic percentage routed to canary
+    # percentage (0-100)
+    maxWeight: 50
+    # canary increment step
+    # percentage (0-100)
+    stepWeight: 10
+    # session affinity config
+    sessionAffinity:
+      # name of the cookie used
+      cookieName: flagger-cookie
+      # max age of the cookie (in seconds)
+      # optional; defaults to 86400
+      maxAge: 21600
+    metrics:
+    - name: error-rate
+      # max error rate (5xx responses)
+      # percentage (0-100)
+      templateRef:
+        name: error-rate
+        namespace: flagger-system
+      thresholdRange:
+        max: 1
+      interval: 1m
+    - name: latency
+      templateRef:
+        name: latency
+        namespace: flagger-system
+      # seconds
+      thresholdRange:
+         max: 0.5
+      interval: 30s
+    # testing (optional)
+    webhooks:
+      - name: load-test
+        url: http://flagger-loadtester.test/
+        timeout: 5s
+        metadata:
+          cmd: "hey -z 2m -q 10 -c 2 -host www.example.com http://gateway-istio.istio-ingress/"
+```
+
+Save the above resource as podinfo-canary-session-affinity.yaml and then apply it:
+
+```bash
+kubectl apply -f ./podinfo-canary-session-affinity.yaml
+```
+
+Trigger a canary deployment by updating the container image:
+
+```bash
+kubectl -n test set image deployment/podinfo \
+podinfod=ghcr.io/stefanprodan/podinfo:6.0.1
+```
+
+You can load `www.example.com` in your browser and refresh it until you see the requests being served by `podinfo:6.0.1`.
+All subsequent requests after that will be served by `podinfo:6.0.1` and not `podinfo:6.0.0` because of the session affinity
+configured by Flagger in the HTTPRoute object.
+
+To configure stickiness for the Primary deployment to ensure fair weighted traffic routing, please
+checkout the [deployment strategies docs](../usage/deployment-strategies.md#canary-release-with-session-affinity).
+
+## Traffic mirroring
+
+![Flagger Canary Traffic Shadowing](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-canary-traffic-mirroring.png)
+
+For applications that perform read operations, Flagger can be configured to do B/G tests with traffic mirroring.
+
+> **Note:** Traffic mirroring requires a Gateway API implementation that supports
+> the [`RequestMirror`](https://gateway-api.sigs.k8s.io/guides/http-request-mirroring/) filter.
+
+You can enable mirroring by replacing `stepWeight` with `iterations` and by setting `analysis.mirror` to `true`:
+
+```yaml
+apiVersion: flagger.app/v1beta1
+kind: Canary
+metadata:
+  name: podinfo
+  namespace: test
+spec:
+  # deployment reference
+  targetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: podinfo
+  service:
+    # service port number
+    port: 9898
+    # container port number or name (optional)
+    targetPort: 9898
+    # Gateway API HTTPRoute host names
+    hosts:
+     - www.example.com
+    # Reference to the Gateway that the generated HTTPRoute would attach to.
+    gatewayRefs:
+      - name: gateway
+        namespace: istio-ingress
+  analysis:
+    # schedule interval
+    interval: 1m
+    # max number of failed metric checks before rollback
+    threshold: 5
+    # total number of iterations
+    iterations: 10
+    # enable traffic shadowing
+    mirror: true
+    # Gateway API HTTPRoute host names
+    metrics:
+      - name: request-success-rate
+        thresholdRange:
+          min: 99
+        interval: 1m
+      - name: request-duration
+        thresholdRange:
+          max: 500
+        interval: 1m
+    webhooks:
+      - name: load-test
+        url: http://flagger-loadtester.test/
+        timeout: 5s
+        metadata:
+          cmd: "hey -z 2m -q 10 -c 2 -host www.example.com http://gateway-istio.istio-ingress/"
+```
+
+Gateway API traffic mirroring will copy each incoming request, sending one request to the primary and one to the canary service.
+The response from the primary is sent back to the user and the response from the canary is discarded.
+
+Metrics are collected on both requests so that the deployment will only proceed if the canary metrics are within the threshold values.
 
 The above procedures can be extended with [custom metrics](../usage/metrics.md) checks, [webhooks](../usage/webhooks.md), [manual promotion](../usage/webhooks.md#manual-gating) approval and [Slack or MS Teams](../usage/alerting.md) notifications.
+
+## Customising the HTTPRoute
+
+Besides the `hosts` and `gatewayRefs` fields, you can customize the generated HTTPRoute with various options
+exposed under the `spec.service` field of the Canary.
+
+### Header Manipulation
+
+You can configure request and response header manipulation using the `spec.service.headers` field of the Canary.
+
+> **Note:** Header manipulation requires a Gateway API implementation that supports
+> the [`RequestHeaderModifier`](https://gateway-api.sigs.k8s.io/guides/http-header-modifier/) and [`ResponseHeaderModifier`](https://gateway-api.sigs.k8s.io/guides/http-header-modifier/) filters.
+
+Example configuration:
+
+```yaml
+apiVersion: flagger.app/v1beta1
+kind: Canary
+metadata:
+  name: podinfo
+  namespace: test
+spec:
+  service:
+    headers:
+      request:
+        add:
+          x-custom-header: "custom-value"
+        set:
+          x-api-version: "v1"
+        remove:
+          - x-debug-header
+      response:
+        add:
+          x-frame-options: "DENY"
+          x-content-type-options: "nosniff"
+        set:
+          cache-control: "no-cache"
+        remove:
+          - x-powered-by
+```
+
+### URL Rewriting
+
+You can configure URL rewriting using the `spec.service.rewrite` field of the Canary to modify the path or hostname of requests.
+
+> **Note:** URL rewriting requires a Gateway API implementation that supports
+> the [`URLRewrite`](https://gateway-api.sigs.k8s.io/guides/http-redirect-rewrite/?h=urlrewrite#rewrites) filter.
+
+Example configuration:
+
+```yaml
+apiVersion: flagger.app/v1beta1
+kind: Canary
+metadata:
+  name: podinfo
+  namespace: test
+spec:
+  service:
+    rewrite:
+      # Rewrite the URI path
+      uri: "/v2/api"
+      # Optionally specify the rewrite type: "ReplaceFullPath" or "ReplacePrefixMatch"
+      # Defaults to "ReplaceFullPath" if not specified
+      type: "ReplaceFullPath"
+      # Rewrite the hostname/authority header
+      authority: "api.example.com"
+```
+
+The `type` field determines how the URI rewriting is performed:
+
+- **ReplaceFullPath**: Replaces the entire request path with the specified `uri` value
+- **ReplacePrefixMatch**: Replaces only the prefix portion of the path that was matched
+
+Example with prefix replacement:
+
+```yaml
+apiVersion: flagger.app/v1beta1
+kind: Canary
+metadata:
+  name: podinfo
+  namespace: test
+spec:
+  service:
+    rewrite:
+      uri: "/api/v2"
+      type: "ReplacePrefixMatch"
+```
+
+When using `ReplacePrefixMatch`, if a request comes to `/old/path`, and the HTTPRoute matches the prefix `/old`,
+the request will be rewritten to `/api/v2/path`.
+
+### CORS Policy
+
+The cross-origin resource sharing policy can be configured the `spec.service.corsPolicy` field of the Canary.
+
+> **Note:** Cross-origin resource sharing requires a Gateway API implementation that supports
+> the [`CORS`](https://gateway-api.sigs.k8s.io/geps/gep-1767/) filter.
+
+Example configuration:
+
+```yaml
+apiVersion: flagger.app/v1beta1
+kind: Canary
+metadata:
+  name: podinfo
+  namespace: test
+spec:
+  service:
+    corsPolicy:
+      allowOrigin:
+        - https://foo.example
+        - http://foo.example
+      allowMethods:
+        - GET
+        - PUT
+        - POST
+        - DELETE
+        - PATCH
+        - OPTIONS
+      allowCredentials: true
+      allowHeaders:
+        - Keep-Alive
+        - User-Agent
+        - X-Requested-With
+        - If-Modified-Since
+        - Cache-Control
+        - Content-Type
+        - Authorization
+      maxAge: 24h
+```

docs/gitbook/tutorials/gloo-progressive-delivery.md

@@ -110,7 +110,7 @@ spec:
     name: podinfo
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:

docs/gitbook/tutorials/istio-ab-testing.md

@@ -15,7 +15,7 @@ Install Istio with telemetry support and Prometheus:
 ```bash
 istioctl manifest install --set profile=default
 
-kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.8/samples/addons/prometheus.yaml
+kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.18/samples/addons/prometheus.yaml
 ```
 
 Install Flagger in the `istio-system` namespace:
@@ -84,7 +84,7 @@ spec:
   progressDeadlineSeconds: 60
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:
@@ -92,7 +92,7 @@ spec:
     port: 9898
     # Istio gateways (optional)
     gateways:
-    - public-gateway.istio-system.svc.cluster.local
+    - istio-system/public-gateway
     # Istio virtual service host names (optional)
     hosts:
     - app.example.com
@@ -179,7 +179,7 @@ podinfod=ghcr.io/stefanprodan/podinfo:6.0.1
 Flagger detects that the deployment revision changed and starts a new rollout:
 
 ```text
-kubectl -n test describe canary/abtest
+kubectl -n test describe canary/podinfo
 
 Status:
   Failed Checks:         0

docs/gitbook/tutorials/istio-progressive-delivery.md

@@ -14,7 +14,7 @@ Install Istio with telemetry support and Prometheus:
 istioctl manifest install --set profile=default
 
 # Suggestion: Please change release-1.8 in below command, to your real istio version.
-kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.8/samples/addons/prometheus.yaml
+kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.18/samples/addons/prometheus.yaml
 ```
 
 Install Flagger in the `istio-system` namespace:
@@ -85,7 +85,7 @@ spec:
   progressDeadlineSeconds: 60
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:
@@ -95,7 +95,7 @@ spec:
     targetPort: 9898
     # Istio gateways (optional)
     gateways:
-    - public-gateway.istio-system.svc.cluster.local
+    - istio-system/public-gateway
     # Istio virtual service host names (optional)
     hosts:
     - app.example.com
@@ -316,7 +316,7 @@ spec:
   progressDeadlineSeconds: 60
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:
@@ -326,7 +326,7 @@ spec:
     targetPort: 9898
     # Istio gateways (optional)
     gateways:
-    - public-gateway.istio-system.svc.cluster.local
+    - istio-system/public-gateway
     # Istio virtual service host names (optional)
     hosts:
     - app.example.com
@@ -480,3 +480,61 @@ With the above configuration, Flagger will run a canary release with the followi
 
 The above procedure can be extended with [custom metrics](../usage/metrics.md) checks, [webhooks](../usage/webhooks.md), [manual promotion](../usage/webhooks.md#manual-gating) approval and [Slack or MS Teams](../usage/alerting.md) notifications.
 
+
+## Canary Deployments for TCP Services
+
+Performing a Canary deployment on a TCP (non HTTP) service is nearly identical to an HTTP Canary. Besides updating your `Gateway` document to support the `TCP` routing, the only difference is you have to set the `appProtocol` field to `TCP` inside of the `service` section of your `Canary` document.
+
+#### Example:
+
+```yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: public-gateway
+  namespace: istio-system
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+    - port:
+        number: 7070
+        name: tcp-service
+        protocol: TCP # <== set the protocol to tcp here
+      hosts:
+        - "*"
+```
+
+```yaml
+apiVersion: flagger.app/v1beta1
+kind: Canary
+# omitted for brevity
+spec:
+  service:
+    port: 7070
+    appProtocol: TCP # <== set the appProtocol here
+    targetPort: 7070
+    portName: "tcp-service-port"
+```
+
+If the `appProtocol` equals `TCP` then Flagger will treat this as a Canary deployment for a `TCP` service. When it creates the `VirtualService` document it will add a `TCP` section to route requests between the `primary` and `canary` services. See Istio documentation for more information on this [spec](https://istio.io/latest/docs/reference/config/networking/virtual-service/#TCPRoute).
+
+The resulting `VirtualService` will include a `tcp` section similar to what is shown below:
+```yaml
+tcp:
+  - route:
+    - destination:
+        host: tcp-service-primary
+        port:
+          number: 7070
+      weight: 100
+    - destination:
+        host: tcp-service-canary
+        port:
+          number: 7070
+      weight: 0
+```
+
+Once the Canary analysis begins, Flagger will be able to adjust the weights inside of this `tcp` section to advance the Canary deployment until it either runs into an error (and is halted) or it successfully reaches the end of the analysis and is Promoted.
+
+It is also important to note that if you set `appProtocol` to anything other than `TCP`, for example if you set it to `HTTP`, it will perform the Canary and treat it as an `HTTP` service. The same remains true if you do not set `appProtocol` at all. It will __ONLY__ treat a Canary as a `TCP` service if `appProtocal` equals `TCP`.

docs/gitbook/tutorials/keda-scaledobject.md

@@ -20,6 +20,7 @@ Install Flagger:
 ```bash
 helm repo add flagger https://flagger.app
 
+kubectl create namespace flagger
 helm upgrade -i flagger flagger/flagger \
 --namespace flagger \
 --set prometheus.install=true \
@@ -68,7 +69,7 @@ spec:
   - type: prometheus
     metadata:
       name: prom-trigger
-      serverAddress: http://flagger-prometheus.flagger-system:9090
+      serverAddress: http://flagger-prometheus.flagger:9090
       metricName: http_requests_total
       query: sum(rate(http_requests_total{ app="podinfo" }[30s]))
       threshold: '5'
@@ -99,6 +100,11 @@ spec:
     # ScaledObject targeting the primary deployment. (Optional)
     primaryScalerQueries:
       prom-trigger: sum(rate(http_requests_total{ app="podinfo-primary" }[30s]))
+    # Overriding replica scaling configuration for the generated ScaledObject
+    # targeting the primary deployment. (Optional)
+    primaryScalerReplicas:
+      minReplicas: 2
+      maxReplicas: 5
   # the maximum time in seconds for the canary deployment
   # to make progress before rollback (default 600s)
   progressDeadlineSeconds: 60
@@ -167,6 +173,9 @@ If, the generated query does not meet your requirements, you can specify the que
 `.spec.autoscalerRef.primaryScalerQueries`, which lets you define a query for each trigger. Please note that, your ScaledObject's `.spec.triggers[@].name` must
 not be blank, as Flagger needs that to identify each trigger uniquely.
 
+In the situation when it is desired to have different scaling replica configuration between the canary and primary deployment ScaledObject you can use
+the `.spec.autoscalerRef.primaryScalerReplicas` to override these values for the generated primary ScaledObject.
+
 After the boostrap, the podinfo deployment will be scaled to zero and the traffic to `podinfo.test` will be routed to the primary pods. To keep the podinfo deployment
 at 0 replicas and pause auto scaling, Flagger will add an annotation to your ScaledObject: `autoscaling.keda.sh/paused-replicas: 0`.
 During the canary analysis, the annotation is removed, to enable auto scaling for the podinfo deployment.

docs/gitbook/tutorials/knative-progressive-delivery.md

@@ -0,0 +1,249 @@
+# Knative Canary Deployments
+
+This guide shows you how to use [Knative](https://knative.dev/) and Flagger to automate canary deployments.
+
+![Flagger Canary Stages](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-gatewayapi-canary.png)
+
+## Prerequisites
+
+Flagger requires a Kubernetes cluster **v1.19** or newer and a Knative Serving installation that supports
+the resources with `serving.knative.dev/v1` as their API version.
+
+Install Knative v1.17.0:
+
+```bash
+kubectl apply -f https://github.com/knative/serving/releases/download/knative-v1.17.0/serving-crds.yaml
+kubectl apply -f https://github.com/knative/serving/releases/download/knative-v1.17.0/serving-core.yaml
+kubectl apply -f https://github.com/knative/net-kourier/releases/download/knative-v1.17.0/kourier.yaml
+kubectl patch configmap/config-network \
+  --namespace knative-serving \
+  --type merge \
+  --patch '{"data":{"ingress-class":"kourier.ingress.networking.knative.dev"}}'
+```
+
+
+Install Flagger in the `flagger-system` namespace:
+
+```bash
+kubectl apply -k github.com/fluxcd/flagger//kustomize/knative
+```
+
+Create a namespace for your Kntive Service:
+
+```bash
+kubectl create namespace test
+```
+
+Create a Knative Service that deploys podinfo:
+
+```yaml
+apiVersion: serving.knative.dev/v1
+kind: Service
+metadata:
+  name: podinfo
+  namespace: test
+spec:
+  template:
+    spec:
+      containers:
+        - image: ghcr.io/stefanprodan/podinfo:6.0.0
+          ports:
+            - containerPort: 9898
+              protocol: TCP
+          command:
+            - ./podinfo
+            - --port=9898
+            - --port-metrics=9797
+            - --grpc-port=9999
+            - --grpc-service-name=podinfo
+            - --level=info
+            - --random-delay=false
+            - --random-error=false
+```
+
+Deploy the load testing service to generate traffic during the canary analysis:
+
+```bash
+kubectl apply -k https://github.com/fluxcd/flagger//kustomize/tester?ref=main
+```
+
+Create a Canary custom resource:
+
+```yaml
+apiVersion: flagger.app/v1beta1
+kind: Canary
+metadata:
+  name: podinfo
+  namespace: test
+spec:
+  provider: knative
+  # knative service ref
+  targetRef:
+    apiVersion: serving.knative.dev/v1
+    kind: Service
+    name: podinfo
+  # the maximum time in seconds for the canary deployment
+  # to make progress before it is rollback (default 600s)
+  progressDeadlineSeconds: 60
+  analysis:
+    # schedule interval (default 60s)
+    interval: 15s
+    # max number of failed metric checks before rollback
+    threshold: 15
+    # max traffic percentage routed to canary
+    maxWeight: 50
+    # canary increment step
+    # percentage (0-100)
+    stepWeight: 10
+    metrics:
+    - name: request-success-rate
+      # min success rate (non-5xx responses)
+      # percentage (0-100)
+      thresholdRange:
+        min: 99
+      interval: 1m
+    - name: request-duration
+      # milliseconds
+      thresholdRange:
+         max: 500
+      interval: 1m
+    webhooks:
+      - name: load-test
+        url: http://flagger-loadtester.test/
+        timeout: 5s
+        metadata:
+          type: cmd
+          cmd: "hey -z 1m -q 5 -c 2 http://podinfo.test"
+          logCmdOutput: "true"
+```
+
+> Note: Please note that for a Canary resource with `.spec.provider` set to `knative`, the resource is only valid if the
+`.spec.targetRef.kind` is `Service` and `.spec.targetRef.apiVersion` is `serving.knative.dev/v1`.
+
+Save the above resource as podinfo-canary.yaml and then apply it:
+
+```bash
+kubectl apply -f ./podinfo-canary.yaml
+```
+
+When the canary analysis starts, Flagger will call the pre-rollout webhooks before routing traffic to the canary.
+The canary analysis will run for five minutes while validating the HTTP metrics and rollout hooks every minute.
+
+After a couple of seconds Flagger will make the following changes the Knative Service `podinfo`:
+
+* Add an annotation to the object with the name `flagger.app/primary-revision`.
+* Modify the `.spec.traffic` section of the object such that it can manipulate the traffic spread between
+  the primary and canary Knative Revision.
+
+## Automated canary promotion
+
+Trigger a canary deployment by updating the container image:
+
+```bash
+kubectl -n test patch services.serving podinfo --type=json \
+-p '[{"op": "replace", "path": "/spec/template/spec/containers/0/image", "value": "ghcr.io/stefanprodan/podinfo:6.0.1"}]'
+```
+
+Flagger detects that the deployment revision changed and starts a new rollout:
+
+```text
+kubectl -n test describe canary/podinfo
+
+Status:
+  Canary Weight:         0
+  Failed Checks:         0
+  Phase:                 Succeeded
+Events:
+  Type     Reason  Age   From     Message
+  ----     ------  ----  ----     -------
+  Normal   Synced  3m    flagger  New revision detected podinfo.test
+  Normal   Synced  3m    flagger  Scaling up podinfo.test
+  Normal   Synced  3m    flagger  Advance podinfo.test canary weight 5
+  Normal   Synced  3m    flagger  Advance podinfo.test canary weight 10
+  Normal   Synced  3m    flagger  Advance podinfo.test canary weight 15
+  Normal   Synced  2m    flagger  Advance podinfo.test canary weight 20
+  Normal   Synced  2m    flagger  Advance podinfo.test canary weight 25
+  Normal   Synced  1m    flagger  Advance podinfo.test canary weight 30
+  Normal   Synced  1m    flagger  Advance podinfo.test canary weight 35
+  Normal   Synced  55s   flagger  Advance podinfo.test canary weight 40
+  Normal   Synced  45s   flagger  Advance podinfo.test canary weight 45
+  Normal   Synced  35s   flagger  Advance podinfo.test canary weight 50
+  Normal   Synced  25s   flagger  Copying podinfo.test template spec to podinfo-primary.test
+  Normal   Synced  5s    flagger  Promotion completed! Scaling down podinfo.test
+```
+
+A canary deployment is triggered everytime a new Knative Revision is created.
+
+**Note** that if you apply new changes to the Knative Service during the canary analysis, Flagger will restart the analysis.
+
+You can monitor how Flagger progressively changes the Knative Service object to spread traffic between Knative Revisions:
+
+```bash
+watch kubectl get httproute -n test podinfo -o=jsonpath='{.spec.traffic}'
+```
+
+You can monitor all canaries with:
+
+```bash
+watch kubectl get canaries --all-namespaces
+
+NAMESPACE   NAME      STATUS        WEIGHT   LASTTRANSITIONTIME
+test        podinfo   Progressing   15       2025-03-16T14:05:07Z
+prod        frontend  Succeeded     0        2025-03-16T16:15:07Z
+prod        backend   Failed        0        2025-03-16T17:05:07Z
+```
+
+## Automated rollback
+
+During the canary analysis you can generate HTTP 500 errors and high latency to test if Flagger pauses the rollout.
+
+Trigger another canary deployment:
+
+```bash
+kubectl -n test patch services.serving podinfo --type=json \
+-p '[{"op": "replace", "path": "/spec/template/spec/containers/0/image", "value": "ghcr.io/stefanprodan/podinfo:6.0.2"}]'
+```
+
+Exec into the load tester pod with:
+
+```bash
+kubectl -n test exec -it flagger-loadtester-xx-xx sh
+```
+
+Generate HTTP 500 errors:
+
+```bash
+watch curl http://podinfo-canary:9898/status/500
+```
+
+Generate latency:
+
+```bash
+watch curl http://podinfo-canary:9898/delay/1
+```
+
+When the number of failed checks reaches the canary analysis threshold, the traffic is routed back to the primary
+Knative Revision and the rollout is marked as failed.
+
+```text
+kubectl -n test describe canary/podinfo
+
+Status:
+  Canary Weight:         0
+  Failed Checks:         10
+  Phase:                 Failed
+Events:
+  Type     Reason  Age   From     Message
+  ----     ------  ----  ----     -------
+  Normal   Synced  3m    flagger  Starting canary deployment for podinfo.test
+  Normal   Synced  3m    flagger  Advance podinfo.test canary weight 5
+  Normal   Synced  3m    flagger  Advance podinfo.test canary weight 10
+  Normal   Synced  3m    flagger  Advance podinfo.test canary weight 15
+  Normal   Synced  3m    flagger  Halt podinfo.test advancement error rate 69.17% > 1%
+  Normal   Synced  2m    flagger  Halt podinfo.test advancement error rate 61.39% > 1%
+  Normal   Synced  2m    flagger  Halt podinfo.test advancement error rate 55.06% > 1%
+  Normal   Synced  2m    flagger  Halt podinfo.test advancement error rate 47.00% > 1%
+  Normal   Synced  2m    flagger  (combined from similar events): Halt podinfo.test advancement error rate 38.08% > 1%
+  Warning  Synced  1m    flagger  Rolling back podinfo.test failed checks threshold reached 10
+  Warning  Synced  1m    flagger  Canary failed! Scaling down podinfo.test
+```

docs/gitbook/tutorials/kubernetes-blue-green.md

@@ -72,7 +72,6 @@ metadata:
   name: podinfo
   namespace: test
 spec:
-  # service mesh provider can be: kubernetes, istio, appmesh, nginx, gloo
   provider: kubernetes
   # deployment reference
   targetRef:
@@ -84,7 +83,7 @@ spec:
   progressDeadlineSeconds: 60
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:

docs/gitbook/tutorials/kuma-progressive-delivery.md

@@ -6,16 +6,16 @@ This guide shows you how to use Kuma and Flagger to automate canary deployments.
 
 ## Prerequisites
 
-Flagger requires a Kubernetes cluster **v1.16** or newer and Kuma **1.3** or newer.
+Flagger requires a Kubernetes cluster **v1.19** or newer and Kuma **1.7** or newer.
 
 Install Kuma and Prometheus (part of Kuma Metrics):
 
 ```bash
 kumactl install control-plane | kubectl apply -f -
-kumactl install metrics | kubectl apply -f -
+kumactl install observability --components "grafana,prometheus" | kubectl apply -f -
 ```
 
-Install Flagger in the `kuma-system` namespace:
+Install Flagger in the `kong-mesh-system` namespace:
 
 ```bash
 kubectl apply -k github.com/fluxcd/flagger//kustomize/kuma

docs/gitbook/tutorials/linkerd-progressive-delivery.md

@@ -2,26 +2,54 @@
 
 This guide shows you how to use Linkerd and Flagger to automate canary deployments.
 
-![Flagger Linkerd Traffic Split](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-linkerd-traffic-split.png)
-
 ## Prerequisites
 
-Flagger requires a Kubernetes cluster **v1.16** or newer and Linkerd **2.10** or newer.
+Flagger requires a Kubernetes cluster **v1.21** or newer and Linkerd **2.14** or newer.
 
-Install Linkerd the Promethues (part of Linkerd Viz):
+Install Linkerd and Prometheus (part of Linkerd Viz):
 
 ```bash
+# The CRDs need to be installed beforehand
 linkerd install --crds | kubectl apply -f -
+
 linkerd install | kubectl apply -f -
 linkerd viz install | kubectl apply -f -
+
+# For linkerd versions 2.12 and later, the SMI extension needs to be install in
+# order to enable TrafficSplits
+curl -sL https://linkerd.github.io/linkerd-smi/install | sh
+linkerd smi install | kubectl apply -f -
 ```
 
-Install Flagger in the linkerd namespace:
+Install Flagger in the flagger-system namespace:
 
 ```bash
 kubectl apply -k github.com/fluxcd/flagger//kustomize/linkerd
 ```
 
+If you prefer Helm, these are the commands to install Linkerd, Linkerd Viz,
+Linkerd-SMI and Flagger:
+
+```bash
+helm repo add linkerd https://helm.linkerd.io/stable
+helm install linkerd-crds linkerd/linkerd-crds -n linkerd --create-namespace
+# See https://linkerd.io/2/tasks/generate-certificates/ for how to generate the
+# certs referred below
+helm install linkerd-control-plane linkerd/linkerd-control-plane \
+  -n linkerd \
+  --set-file identityTrustAnchorsPEM=ca.crt \
+  --set-file identity.issuer.tls.crtPEM=issuer.crt \
+  --set-file identity.issuer.tls.keyPEM=issuer.key \
+
+helm install linkerd-viz linkerd/linkerd-viz -n linkerd-viz --create-namespace
+
+helm install flagger flagger/flagger \
+  --n flagger-system \
+  --set meshProvider=gatewayapi:v1beta1 \
+  --set metricsServer=http://prometheus.linkerd-viz:9090 \
+  --set linkerdAuthPolicy.create=true
+```
+
 ## Bootstrap
 
 Flagger takes a Kubernetes deployment and optionally a horizontal pod autoscaler (HPA),
@@ -47,9 +75,65 @@ Create a deployment and a horizontal pod autoscaler:
 kubectl apply -k https://github.com/fluxcd/flagger//kustomize/podinfo?ref=main
 ```
 
-Create a canary custom resource for the podinfo deployment:
+Create a metrics template and canary custom resources for the podinfo deployment:
 
 ```yaml
+---
+apiVersion: flagger.app/v1beta1
+kind: MetricTemplate
+metadata:
+  name: success-rate
+  namespace: test
+spec:
+  provider:
+    type: prometheus
+    address: http://prometheus.linkerd-viz:9090
+  query: |
+    sum(
+      rate(
+        response_total{
+          namespace="{{ namespace }}",
+          deployment=~"{{ target }}",
+          classification!="failure",
+          direction="{{ variables.direction }}"
+        }[{{ interval }}]
+      )
+    ) 
+    / 
+    sum(
+      rate(
+        response_total{
+          namespace="{{ namespace }}",
+          deployment=~"{{ target }}",
+          direction="{{ variables.direction }}"
+        }[{{ interval }}]
+      )
+    ) 
+    * 100
+---
+apiVersion: flagger.app/v1beta1
+kind: MetricTemplate
+metadata:
+  name: latency
+  namespace: test
+spec:
+  provider:
+    type: prometheus
+    address: http://prometheus.linkerd-viz:9090
+  query: |
+    histogram_quantile(
+        0.99,
+        sum(
+            rate(
+                response_latency_ms_bucket{
+                    namespace="{{ namespace }}",
+                    deployment=~"{{ target }}",
+                    direction="{{ variables.direction }}"
+                    }[{{ interval }}]
+                )
+            ) by (le)
+        )
+---
 apiVersion: flagger.app/v1beta1
 kind: Canary
 metadata:
@@ -63,7 +147,7 @@ spec:
     name: podinfo
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   # the maximum time in seconds for the canary deployment
@@ -74,6 +158,13 @@ spec:
     port: 9898
     # container port number or name (optional)
     targetPort: 9898
+    # Reference to the Service that the generated HTTPRoute would attach to.
+    gatewayRefs:
+      - name: podinfo
+        namespace: test
+        group: core
+        kind: Service
+        port: 9898
   analysis:
     # schedule interval (default 60s)
     interval: 30s
@@ -87,18 +178,28 @@ spec:
     stepWeight: 5
     # Linkerd Prometheus checks
     metrics:
-    - name: request-success-rate
+    - name: success-rate
+      templateRef:
+        name: success-rate
+        namespace: test
       # minimum req success rate (non 5xx responses)
       # percentage (0-100)
       thresholdRange:
         min: 99
       interval: 1m
-    - name: request-duration
+      templateVariables:
+        direction: inbound
+    - name: latency
+      templateRef:
+        name: latency
+        namespace: test
       # maximum req duration P99
       # milliseconds
       thresholdRange:
         max: 500
       interval: 30s
+      templateVariables:
+        direction: inbound
     # testing (optional)
     webhooks:
       - name: acceptance-test
@@ -310,7 +411,7 @@ watch -n 1 curl http://podinfo-canary:9898/status/404
 Watch Flagger logs:
 
 ```text
-kubectl -n linkerd logs deployment/flagger -f | jq .msg
+kubectl -n flagger-system logs deployment/flagger -f | jq .msg
 
 Starting canary deployment for podinfo.test
 Pre-rollout check acceptance-test passed
@@ -391,7 +492,7 @@ spec:
     kind: Deployment
     name: podinfo
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:

docs/gitbook/tutorials/nginx-progressive-delivery.md

@@ -110,7 +110,7 @@ spec:
     name: podinfo
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   # the maximum time in seconds for the canary deployment

docs/gitbook/tutorials/osm-progressive-delivery.md

@@ -1,363 +0,0 @@
-# Open Service Mesh Canary Deployments
-
-This guide shows you how to use Open Service Mesh (OSM) and Flagger to automate canary deployments.
-
-![Flagger OSM Traffic Split](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-osm-traffic-split.png)
-
-## Prerequisites
-
-Flagger requires a Kubernetes cluster **v1.16** or newer and Open Service Mesh **0.9.1** or newer.
-
-OSM must have permissive traffic policy enabled and have an instance of Prometheus for metrics.
-
-- If the OSM CLI is being used for installation, install OSM using the following command:
-    ```bash
-    osm install \
-    --set=OpenServiceMesh.deployPrometheus=true \
-    --set=OpenServiceMesh.enablePermissiveTrafficPolicy=true
-    ```
-- If a managed instance of OSM is being used:
-  - [Bring your own instance](docs.openservicemesh.io/docs/guides/observability/metrics/#byo-prometheus) of Prometheus, 
-    setting the namespace to match the managed OSM controller namespace
-  - Enable permissive traffic policy after installation by updating the OSM MeshConfig resource:
-    ```bash
-    # Replace <osm-namespace> with OSM controller's namespace
-    kubectl patch meshconfig osm-mesh-config -n <osm-namespace> -p '{"spec":{"traffic":{"enablePermissiveTrafficPolicyMode":true}}}' --type=merge
-    ```   
-
-To install Flagger in the default `osm-system` namespace, use:
-```bash
-kubectl apply -k https://github.com/fluxcd/flagger//kustomize/osm?ref=main
-```
-    
-Alternatively, if a non-default namespace or managed instance of OSM is in use, install Flagger with Helm, replacing the <osm-namespace>
-values as appropriate. If a custom instance of Prometheus is being used, replace `osm-prometheus` with the relevant Prometheus service name.
-```bash
-helm upgrade -i flagger flagger/flagger \
---namespace=<osm-namespace> \
---set meshProvider=osm \
---set metricsServer=http://osm-prometheus.<osm-namespace>.svc:7070
-```
-
-## Bootstrap
-
-Flagger takes a Kubernetes deployment and optionally a horizontal pod autoscaler (HPA),
-then creates a series of objects (Kubernetes deployments, ClusterIP services and SMI traffic split).
-These objects expose the application inside the mesh and drive the canary analysis and promotion.
-
-Create a `test` namespace and enable OSM namespace monitoring and metrics scraping for the namespace.
-
-```bash
-kubectl create namespace test
-osm namespace add test
-osm metrics enable --namespace test
-```
-
-Create a `podinfo` deployment and a horizontal pod autoscaler:
-
-```bash
-kubectl apply -k https://github.com/fluxcd/flagger//kustomize/podinfo?ref=main
-```
-
-Install the load testing service to generate traffic during the canary analysis:
-
-```bash
-kubectl apply -k https://github.com/fluxcd/flagger//kustomize/tester?ref=main
-```
-
-Create a canary custom resource for the `podinfo` deployment.
-The following `podinfo` canary custom resource instructs Flagger to:
-1. monitor any changes to the `podinfo` deployment created earlier,
-2. detect `podinfo` deployment revision changes, and
-3. start a Flagger canary analysis, rollout, and promotion if there were deployment revision changes.
-
-```yaml
-apiVersion: flagger.app/v1beta1
-kind: Canary
-metadata:
-  name: podinfo
-  namespace: test
-spec:
-  provider: osm
-  # deployment reference
-  targetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: podinfo
-  # HPA reference (optional)
-  autoscalerRef:
-    apiVersion: autoscaling/v2beta2
-    kind: HorizontalPodAutoscaler
-    name: podinfo
-  # the maximum time in seconds for the canary deployment
-  # to make progress before it is rolled back (default 600s)
-  progressDeadlineSeconds: 60
-  service:
-    # ClusterIP port number
-    port: 9898
-    # container port number or name (optional)
-    targetPort: 9898
-  analysis:
-    # schedule interval (default 60s)
-    interval: 30s
-    # max number of failed metric checks before rollback
-    threshold: 5
-    # max traffic percentage routed to canary
-    # percentage (0-100)
-    maxWeight: 50
-    # canary increment step
-    # percentage (0-100)
-    stepWeight: 5
-    # OSM Prometheus checks
-    metrics:
-    - name: request-success-rate
-      # minimum req success rate (non 5xx responses)
-      # percentage (0-100)
-      thresholdRange:
-        min: 99
-      interval: 1m
-    - name: request-duration
-      # maximum req duration P99
-      # milliseconds
-      thresholdRange:
-        max: 500
-      interval: 30s
-    # testing (optional)
-    webhooks:
-      - name: acceptance-test
-        type: pre-rollout
-        url: http://flagger-loadtester.test/
-        timeout: 30s
-        metadata:
-          type: bash
-          cmd: "curl -sd 'test' http://podinfo-canary.test:9898/token | grep token"
-      - name: load-test
-        type: rollout
-        url: http://flagger-loadtester.test/
-        timeout: 5s
-        metadata:
-          cmd: "hey -z 2m -q 10 -c 2 http://podinfo-canary.test:9898/"
-```
-
-Save the above resource as podinfo-canary.yaml and then apply it:
-
-```bash
-kubectl apply -f ./podinfo-canary.yaml
-```
-
-When the canary analysis starts, Flagger will call the pre-rollout webhooks before routing traffic to the canary.
-The canary analysis will run for five minutes while validating the HTTP metrics and rollout hooks every half a minute.
-
-After a couple of seconds Flagger will create the canary objects.
-
-```bash
-# applied
-deployment.apps/podinfo
-horizontalpodautoscaler.autoscaling/podinfo
-ingresses.extensions/podinfo
-canary.flagger.app/podinfo
-
-# generated
-deployment.apps/podinfo-primary
-horizontalpodautoscaler.autoscaling/podinfo-primary
-service/podinfo
-service/podinfo-canary
-service/podinfo-primary
-trafficsplits.split.smi-spec.io/podinfo
-```
-
-After the bootstrap, the `podinfo` deployment will be scaled to zero and the traffic to `podinfo.test` will be routed to the primary pods.
-During the canary analysis, the `podinfo-canary.test` address can be used to target directly the canary pods.
-
-## Automated Canary Promotion
-
-Flagger implements a control loop that gradually shifts traffic to the canary while measuring key performance indicators like HTTP requests success rate, requests average duration and pod health.
-Based on analysis of the KPIs a canary is promoted or aborted.
-
-![Flagger Canary Stages](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-canary-steps.png)
-
-Trigger a canary deployment by updating the container image:
-
-```bash
-kubectl -n test set image deployment/podinfo \
-podinfod=ghcr.io/stefanprodan/podinfo:6.0.1
-```
-
-Flagger detects that the deployment revision changed and starts a new rollout.
-
-
-```text
-kubectl -n test describe canary/podinfo
-
-Status:
-  Canary Weight:         0
-  Failed Checks:         0
-  Phase:                 Succeeded
-Events:
- New revision detected! Scaling up podinfo.test
- Waiting for podinfo.test rollout to finish: 0 of 1 updated replicas are available
- Pre-rollout check acceptance-test passed
- Advance podinfo.test canary weight 5
- Advance podinfo.test canary weight 10
- Advance podinfo.test canary weight 15
- Advance podinfo.test canary weight 20
- Advance podinfo.test canary weight 25
- Waiting for podinfo.test rollout to finish: 1 of 2 updated replicas are available
- Advance podinfo.test canary weight 30
- Advance podinfo.test canary weight 35
- Advance podinfo.test canary weight 40
- Advance podinfo.test canary weight 45
- Advance podinfo.test canary weight 50
- Copying podinfo.test template spec to podinfo-primary.test
- Waiting for podinfo-primary.test rollout to finish: 1 of 2 updated replicas are available
- Promotion completed! Scaling down podinfo.test
-```
-
-**Note** that if you apply any new changes to the `podinfo` deployment during the canary analysis, Flagger will restart the analysis.
-
-A canary deployment is triggered by changes in any of the following objects:
-
-* Deployment PodSpec \(container image, command, ports, env, resources, etc\)
-* ConfigMaps mounted as volumes or mapped to environment variables
-* Secrets mounted as volumes or mapped to environment variables
-
-You can monitor all canaries with:
-
-```bash
-watch kubectl get canaries --all-namespaces
-
-NAMESPACE   NAME      STATUS        WEIGHT   LASTTRANSITIONTIME
-test        podinfo   Progressing   15       2019-06-30T14:05:07Z
-prod        frontend  Succeeded     0        2019-06-30T16:15:07Z
-prod        backend   Failed        0        2019-06-30T17:05:07Z
-```
-
-## Automated Rollback
-
-During the canary analysis you can generate HTTP 500 errors and high latency to test if Flagger pauses and rolls back the faulted version.
-
-Trigger another canary deployment:
-
-```bash
-kubectl -n test set image deployment/podinfo \
-podinfod=ghcr.io/stefanprodan/podinfo:6.0.2
-```
-
-Exec into the load tester pod with:
-
-```bash
-kubectl -n test exec -it flagger-loadtester-xx-xx sh
-```
-
-Repeatedly generate HTTP 500 errors until the `kubectl describe` output below shows canary rollout failure:
-
-```bash
-watch -n 0.1 curl http://podinfo-canary.test:9898/status/500
-```
-
-Repeatedly generate latency until canary rollout fails:
-
-```bash
-watch -n 0.1 curl http://podinfo-canary.test:9898/delay/1
-```
-
-When the number of failed checks reaches the canary analysis thresholds defined in the `podinfo` canary custom resource earlier, the traffic is routed back to the primary, the canary is scaled to zero and the rollout is marked as failed.
-
-```text
-kubectl -n test describe canary/podinfo
-
-Status:
-  Canary Weight:         0
-  Failed Checks:         10
-  Phase:                 Failed
-Events:
- Starting canary analysis for podinfo.test
- Pre-rollout check acceptance-test passed
- Advance podinfo.test canary weight 5
- Advance podinfo.test canary weight 10
- Advance podinfo.test canary weight 15
- Halt podinfo.test advancement success rate 69.17% < 99%
- Halt podinfo.test advancement success rate 61.39% < 99%
- Halt podinfo.test advancement success rate 55.06% < 99%
- Halt podinfo.test advancement request duration 1.20s > 0.5s
- Halt podinfo.test advancement request duration 1.45s > 0.5s
- Rolling back podinfo.test failed checks threshold reached 5
- Canary failed! Scaling down podinfo.test
-```
-
-## Custom Metrics
-
-The canary analysis can be extended with Prometheus queries.
-
-Let's define a check for 404 not found errors.
-Edit the canary analysis (`podinfo-canary.yaml` file) and add the following metric.
-For more information on creating additional custom metrics using OSM metrics, please check the [metrics available in OSM](https://docs.openservicemesh.io/docs/guides/observability/metrics/#available-metrics).
-
-```yaml
-  analysis:
-    metrics:
-    - name: "404s percentage"
-      threshold: 3
-      query: |
-        100 - (
-          sum(
-              rate(
-                  osm_request_total{
-                    destination_namespace="test",
-                    destination_kind="Deployment",
-                    destination_name="podinfo",
-                    response_code!="404"
-                  }[1m]
-              )
-          )
-          /
-          sum(
-              rate(
-                  osm_request_total{
-                    destination_namespace="test",
-                    destination_kind="Deployment",
-                    destination_name="podinfo"
-                  }[1m]
-              )
-          ) * 100
-        )
-```
-
-The above configuration validates the canary version by checking if the HTTP 404 req/sec percentage is below three percent of the total traffic.
-If the 404s rate reaches the 3% threshold, then the analysis is aborted and the canary is marked as failed.
-
-Trigger a canary deployment by updating the container image:
-
-```bash
-kubectl -n test set image deployment/podinfo \
-podinfod=ghcr.io/stefanprodan/podinfo:6.0.3
-```
-
-Exec into the load tester pod with:
-
-```bash
-kubectl -n test exec -it flagger-loadtester-xx-xx sh
-```
-
-Repeatedly generate 404s until canary rollout fails:
-
-```bash
-watch -n 0.1 curl http://podinfo-canary.test:9898/status/404
-```
-
-Watch Flagger logs to confirm successful canary rollback.
-
-```text
-kubectl -n osm-system logs deployment/flagger -f | jq .msg
-
-Starting canary deployment for podinfo.test
-Pre-rollout check acceptance-test passed
-Advance podinfo.test canary weight 5
-Halt podinfo.test advancement 404s percentage 6.20 > 3
-Halt podinfo.test advancement 404s percentage 6.45 > 3
-Halt podinfo.test advancement 404s percentage 7.22 > 3
-Halt podinfo.test advancement 404s percentage 6.50 > 3
-Halt podinfo.test advancement 404s percentage 6.34 > 3
-Rolling back podinfo.test failed checks threshold reached 5
-Canary failed! Scaling down podinfo.test
-```

docs/gitbook/tutorials/skipper-progressive-delivery.md

@@ -113,7 +113,7 @@ spec:
     name: podinfo
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   # the maximum time in seconds for the canary deployment

docs/gitbook/tutorials/traefik-progressive-delivery.md

@@ -63,7 +63,7 @@ helm upgrade -i flagger-loadtester flagger/loadtester \
 Create Traefik IngressRoute that references TraefikService generated by Flagger \(replace `app.example.com` with your own domain\):
 
 ```yaml
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: podinfo
@@ -103,7 +103,7 @@ spec:
     name: podinfo
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   # the maximum time in seconds for the canary deployment
@@ -177,7 +177,7 @@ horizontalpodautoscaler.autoscaling/podinfo-primary
 service/podinfo
 service/podinfo-canary
 service/podinfo-primary
-traefikservice.traefik.containo.us/podinfo
+traefikservice.traefik.io/podinfo
 ```
 
 ## Automated canary promotion

docs/gitbook/tutorials/zero-downtime-deployments.md

@@ -139,7 +139,7 @@ Note that without resource requests the horizontal pod autoscaler can't determin
 A production environment should be able to handle traffic bursts without impacting the quality of service. This can be achieved with Kubernetes autoscaling capabilities. Autoscaling in Kubernetes has two dimensions: the Cluster Autoscaler that deals with node scaling operations and the Horizontal Pod Autoscaler that automatically scales the number of pods in a deployment.
 
 ```yaml
-apiVersion: autoscaling/v2beta2
+apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 spec:
   scaleTargetRef:
@@ -172,7 +172,7 @@ spec:
   service:
     port: 9898
     gateways:
-    - public-gateway.istio-system.svc.cluster.local
+    - istio-system/public-gateway
     hosts:
     - app.example.com
     retries:

docs/gitbook/usage/deployment-strategies.md

@@ -3,15 +3,15 @@
 Flagger can run automated application analysis, promotion and rollback for the following deployment strategies:
 
 * **Canary Release** \(progressive traffic shifting\)
-  * Istio, Linkerd, App Mesh, NGINX, Skipper, Contour, Gloo Edge, Traefik, Open Service Mesh, Kuma, Gateway API
+  * Istio, Linkerd, App Mesh, NGINX, Skipper, Contour, Gloo Edge, Traefik, Kuma, Gateway API, Apache APISIX, Knative
 * **A/B Testing** \(HTTP headers and cookies traffic routing\)
   * Istio, App Mesh, NGINX, Contour, Gloo Edge, Gateway API
 * **Blue/Green** \(traffic switching\)
-  * Kubernetes CNI, Istio, Linkerd, App Mesh, NGINX, Contour, Gloo Edge, Open Service Mesh, Gateway API
+  * Kubernetes CNI, Istio, Linkerd, App Mesh, NGINX, Contour, Gloo Edge, Gateway API
 * **Blue/Green Mirroring** \(traffic shadowing\)
-  * Istio
+  * Istio, Gateway API
 * **Canary Release with Session Affinity** \(progressive traffic shifting combined with cookie based routing\)
-  * Istio
+  * Istio, Gateway API
 
 For Canary releases and A/B testing you'll need a Layer 7 traffic management solution like
 a service mesh or an ingress controller. For Blue/Green deployments no service mesh or ingress controller is required.
@@ -126,11 +126,11 @@ the step and the maximum weight value in 0 to 100 range.
 Example:
 
 ```yaml
-canary:
+# canary.yaml
+spec:
   analysis:
-    promotion:
-      maxWeight: 50
-      stepWeight: 20
+    maxWeight: 50
+    stepWeight: 20
 ```
 
 This configuration performs analysis starting from 20, increasing by 20 until weight goes above 50.  
@@ -148,10 +148,10 @@ In order to enable non-linear promotion a new parameter was introduced:
 Example:
 
 ```yaml
-canary:
+# canary.yaml
+spec:
   analysis:
-    promotion:
-      stepWeights: [1, 2, 10, 80]
+    stepWeights: [1, 2, 10, 80]
 ```
 
 This configuration performs analysis starting from 1, going through `stepWeights` values till 80.  
@@ -353,8 +353,6 @@ you should consider what will happen if a write is duplicated and handled by the
 
 To use mirroring, set `spec.analysis.mirror` to `true`.
 
-Istio example:
-
 ```yaml
   analysis:
     # schedule interval (default 60s)
@@ -363,9 +361,10 @@ Istio example:
     iterations: 10
     # max number of failed iterations before rollback
     threshold: 2
-    # Traffic shadowing (compatible with Istio only)
+    # Traffic shadowing
     mirror: true
     # Weight of the traffic mirrored to your canary (defaults to 100%)
+    # Only applicable for Istio.
     mirrorWeight: 100
 ```
 
@@ -408,7 +407,7 @@ cookie based routing with regular weight based routing. This means once a user i
 version of our application (based on the traffic weights), they're always routed to that version, i.e.
 they're never routed back to the old version of our application.
 
-You can enable this, by specifying `.spec.analsyis.sessionAffinity` in the Canary (only Istio is supported):
+You can enable this, by specifying `.spec.analysis.sessionAffinity` in the Canary:
 
 ```yaml
   analysis:
@@ -451,3 +450,82 @@ the Canary deployment:
 ```
 Set-Cookie: flagger-cookie=McxKdLQoIN; Max-Age=21600
 ```
+
+### Configuring stickiness for Primary deployment
+
+The above strategy is helpful because it makes sure that any user that's routed to the Canary deployment
+once is always routed to that deployment. But, this can results in an imbalance in the traffic shifting,
+as over time, most of the traffic flows to the Canary deployment. To ensure fair traffic distribution, we
+can also configure stickiness for the Primary deployment. You can configure this by specifying a
+`primaryCookieName` field:
+
+```yaml
+  analysis:
+    # schedule interval (default 60s)
+    interval: 1m
+    sessionAffinity:
+      # name of the cookie used
+      cookieName: flagger-cookie
+      # max age of the cookie (in seconds)
+      # optional; defaults to 86400
+      maxAge: 21600
+      # name of the cookie to use for the primary backend
+      # optional; unset means no primary stickiness
+      primaryCookieName: primary-flagger-cookie
+```
+
+> Note: This is only supported for the Gateway API provider for now.
+
+Let's understand what the above configuration does. All the session affinity stuff in the above section
+still occurs, but now the response header for requests routed to the primary deployment also include a
+`Set-Cookie` header:
+```
+Set-Cookie: primary-flagger-cookie=ApvLdqCoMF; Max-Age=60
+```
+
+Note that the age of the cookie is the same as the Canary analysis's interval. This means that the cookie
+expires when a new steps of the analysis begins and a new cookie is generated like so:
+```
+Set-Cookie: primary-flagger-cookie=BRtlVaQoPC; Max-Age=60
+```
+
+This ensures that, if the first request of a user during a particular step is routed to the primary deployment,
+then all subsequent requests will be routed to the same until the next step starts. During a new step, a new cookie 
+value is generated which is then included in the headers of responses from the primary workload. This allows for
+weighted traffic routing to happen while ensuring that users don't ever switch back to the primary deployment from
+the canary deployment during a Canary analysis.
+
+### Configuring additional cookie attributes
+
+Depending on your use case, you may neet to set additional [cookie attributes](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#attributes) in order for your application to route requests correctly.
+You may set the following attributes:
+
+```yaml
+  analysis:
+    # schedule interval (default 60s)
+    interval: 1m
+    sessionAffinity:
+      # name of the cookie used
+      cookieName: flagger-cookie
+      # max age of the cookie (in seconds)
+      # optional; defaults to 86400
+      maxAge: 21600
+      # defines the host to which the cookie will be sent.
+      # optional
+      domain: fluxcd.io
+      # forbids JavaScript from accessing the cookie, for example, through the Document.cookie property.
+      # optional
+      httpOnly: true
+      # indicates that the cookie should be stored using partitioned storage.
+      # optional
+      partitioned: true
+      # indicates the path that must exist in the requested URL for the browser to send the Cookie header.
+      # optional
+      path: /flagger
+      # controls whether or not a cookie is sent with cross-site requests.
+      # optional; valid values are Strict, Lax or None
+      sameSite: Strict
+      # indicates that the cookie is sent to the server only when a request is made with the https: scheme (except on localhost)
+      # optional
+      secure: true
+```

docs/gitbook/usage/how-it-works.md

@@ -65,9 +65,12 @@ spec:
     kind: Deployment
     name: podinfo
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
+    primaryScalerReplicas:
+      minReplicas: 2
+      maxReplicas: 5
 ```
 
 Based on the above configuration, Flagger generates the following Kubernetes objects:
@@ -80,6 +83,11 @@ by default all traffic is routed to this version and the target deployment is sc
 Flagger will detect changes to the target deployment (including secrets and configmaps)
 and will perform a canary analysis before promoting the new version as primary.
 
+Use `.spec.autoscalerRef.primaryScalerReplicas` to override the replica scaling
+configuration for the generated primary HorizontalPodAutoscaler. This is useful
+for situations when you want to have a different scaling configuration for the
+primary workload as opposed to using the same values from the original workload HorizontalPodAutoscaler. 
+
 **Note** that the target deployment must have a single label selector in the format `app: <DEPLOYMENT-NAME>`:
 
 ```yaml
@@ -139,6 +147,8 @@ spec:
     appProtocol: http
     targetPort: 9898
     portDiscovery: true
+    headless: false
+    trafficDistribution: PreferClose
 ```
 
 The container port from the target workload should match the `service.port` or `service.targetPort`.
@@ -146,6 +156,7 @@ The `service.name` is optional, defaults to `spec.targetRef.name`.
 The `service.targetPort` can be a container port number or name.
 The `service.portName` is optional (defaults to `http`), if your workload uses gRPC then set the port name to `grpc`.
 The `service.appProtocol` is optional, more details can be found [here](https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol).
+The `service.trafficDistribution` is optional, more details can be found [here](https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution).
 
 If port discovery is enabled, Flagger scans the target workload and extracts the containers ports
 excluding the port specified in the canary service and service mesh sidecar ports.
@@ -196,6 +207,13 @@ Note that the `apex` annotations are added to both the generated Kubernetes Serv
 generated service mesh/ingress object. This allows using external-dns with Istio `VirtualServices`
 and `TraefikServices`. Beware of configuration conflicts [here](../faq.md#ExternalDNS).
 
+Note that if any annotations or labels are added that are not specified here,
+Flagger will remove them during reconciliation. To specify metadata
+that should be ignored by Flagger, configure `unmanagedMetadata`.
+
+If you want for the generated Kubernetes ClusterIP services to be [headless](https://kubernetes.io/docs/concepts/services-networking/service/#headless-services),
+then set `service.headless` to true.
+
 Besides port mapping and metadata, the service specification can
 contain URI match and rewrite rules, timeout and retry polices:
 
@@ -371,3 +389,10 @@ On each run, Flagger calls the webhooks, checks the metrics and if the failed ch
 stops the analysis and rolls back the canary.
 If alerting is configured, Flagger will post the analysis result using the alert providers.
 
+## Canary suspend
+
+The `suspend` field can be set to true to suspend the Canary. If a Canary is suspended,
+its reconciliation is completely paused. This means that changes to target workloads,
+tracked ConfigMaps and Secrets don't trigger a Canary run and changes to resources generated
+by Flagger are not corrected. If the Canary was suspended during an active Canary run,
+then the run is paused without disturbing the workloads or the traffic weights.

docs/gitbook/usage/metrics.md

@@ -62,6 +62,7 @@ The following variables are available in query templates:
 * `service` (canary.spec.service.name)
 * `ingress` (canary.spec.ingresRef.name)
 * `interval` (canary.spec.analysis.metrics[].interval)
+* `variables` (canary.spec.analysis.metrics[].templateVariables)
 
 A canary analysis metric can reference a template with `templateRef`:
 
@@ -82,6 +83,50 @@ A canary analysis metric can reference a template with `templateRef`:
         interval: 1m
 ```
 
+A canary analysis metric can reference a set of custom variables with `templateVariables`. These variables will be then injected into the query defined in the referred `MetricTemplate` object during canary analysis:
+
+```yaml
+  analysis:
+    metrics:
+      - name: "my metric"
+        templateRef:
+          name: my-metric
+          namespace: flagger
+        # accepted values
+        thresholdRange:
+          min: 10
+          max: 1000
+        # metric query time window
+        interval: 1m
+        # custom variables used within the referenced metric template
+        templateVariables:
+          direction: inbound
+```
+
+```yaml
+apiVersion: flagger.app/v1beta1
+kind: MetricTemplate
+metadata:
+  name: my-metric
+spec:
+  provider:
+    type: prometheus
+    address: http://prometheus.linkerd-viz:9090
+  query: |
+    histogram_quantile(
+      0.99,
+      sum(
+        rate(
+          response_latency_ms_bucket{
+            namespace="{{ namespace }}",
+            deployment=~"{{ target }}",
+            direction="{{ variables.direction }}"
+          }[{{ interval }}]
+        )
+      ) by (le)
+    )
+```
+
 ## Prometheus
 
 You can create custom metric checks targeting a Prometheus server by
@@ -184,13 +229,25 @@ as the `MetricTemplate` with the basic-auth credentials:
 apiVersion: v1
 kind: Secret
 metadata:
-  name: prom-basic-auth
+  name: prom-auth
   namespace: flagger
 data:
   username: your-user
   password: your-password
 ```
 
+or if you require bearer token authentication (via a SA token):
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: prom-auth
+  namespace: flagger
+data:
+  token: ey1234...
+```
+
 Then reference the secret in the `MetricTemplate`:
 
 ```yaml
@@ -204,7 +261,7 @@ spec:
     type: prometheus
     address: http://prometheus.monitoring:9090
     secretRef:
-      name: prom-basic-auth
+      name: prom-auth
 ```
 
 ## Datadog
@@ -611,3 +668,116 @@ Reference the template in the canary analysis:
           max: 1000
         interval: 1m
 ```
+
+## Keptn
+
+You can create custom metric checks using the Keptn provider.
+This Provider allows to verify either the value of a single [KeptnMetric](https://keptn.sh/stable/docs/reference/crd-reference/metric/),
+representing the value of a single metric,
+or of a [Keptn Analysis](https://keptn.sh/stable/docs/reference/crd-reference/analysis/),
+which provides a flexible grading logic for analysing and prioritising a number of different
+metric values coming from different data sources.
+
+This provider requires [Keptn](https://keptn.sh/stable/docs/installation/) to be installed in the cluster.
+
+Example for a Keptn metric template:
+
+```yaml
+apiVersion: flagger.app/v1beta1
+kind: MetricTemplate
+metadata:
+  name: response-time
+  namespace: istio-system
+spec:
+  provider:
+    type: keptn
+  query: keptnmetric/my-namespace/response-time/2m/reporter=destination
+```
+
+This will reference the `KeptnMetric` with the name `response-time` in
+the namespace `my-namespace`, which could look like the following:
+
+```yaml
+apiVersion: metrics.keptn.sh/v1beta1
+kind: KeptnMetric
+metadata:
+  name: response-time
+  namespace: my-namespace
+spec:
+  fetchIntervalSeconds: 10
+  provider:
+    name: my-prometheus-keptn-provider
+  query: histogram_quantile(0.8, sum by(le) (rate(http_server_request_latency_seconds_bucket{status_code='200',
+    job='simple-go-backend'}[5m[])))
+```
+
+The `query` contains the following components, which are divided by `/` characters:
+
+```
+<type>/<namespace>/<resource-name>/<timeframe>/<arguments>
+```
+
+* **type (required)**: Must be either `keptnmetric` or `analysis`.
+* **namespace (required)**: The namespace of the referenced `KeptnMetric`/`AnalysisDefinition`.
+* **resource-name (required):** The name of the referenced `KeptnMetric`/`AnalysisDefinition`.
+* **timeframe (optional)**: The timeframe used for the Analysis.
+This will usually be set to the same value as the analysis interval of a `Canary`.
+Only relevant if the `type` is set to `analysis`.
+* **arguments (optional)**: Arguments to be passed to an `Analysis`.
+Arguments are passed as a list of key value pairs, separated by `;` characters,
+e.g. `foo=bar;bar=foo`. 
+Only relevant if the `type` is set to `analysis`.
+
+For the type `analysis`, the value returned by the provider is either `0`
+(if the analysis failed), or `1` (analysis passed).
+
+## Splunk
+
+You can create custom metric checks using the Splunk provider.
+
+Create a secret that contains your authentication token that can be found in the Splunk o11y UI.
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: splunk
+  namespace: istio-system
+data:
+  sf_token_key: your-access-token
+```
+
+Splunk template example:
+
+```yaml
+apiVersion: flagger.app/v1beta1
+kind: MetricTemplate
+metadata:
+  name: success-rate
+  namespace: istio-system
+spec:
+  provider:
+    type: splunk
+    address: https://api.<REALM>.signalfx.com
+    secretRef:
+      name: splunk
+  query: |
+    total = data('traces.count', filter=filter('sf_service', '{{target}}')).sum().publish(enable=False)
+    success = data('traces.count', filter=filter('sf_service', '{{target}}') and filter('sf_error', 'false')).sum().publish(enable=False)
+    ((success/total) * 100).publish()
+```
+The query format documentation can be found [here](https://dev.splunk.com/observability/docs/signalflow).
+
+Reference the template in the canary analysis:
+
+```yaml
+  analysis:
+    metrics:
+      - name: "success rate"
+        templateRef:
+          name: success-rate
+          namespace: istio-system
+        thresholdRange:
+          max: 99
+        interval: 1m
+```

docs/gitbook/usage/monitoring.md

@@ -121,4 +121,10 @@ flagger_canary_duration_seconds_count{name="podinfo",namespace="test"} 6
 # Last canary metric analysis result per different metrics
 flagger_canary_metric_analysis{metric="podinfo-http-successful-rate",name="podinfo",namespace="test"} 1
 flagger_canary_metric_analysis{metric="podinfo-custom-metric",name="podinfo",namespace="test"} 0.918223108974359
+
+# Canary successes total counter
+flagger_canary_successes_total{name="podinfo",namespace="test",deployment_strategy="canary",analysis_status="completed"} 5
+
+# Canary failures total counter
+flagger_canary_failures_total{name="podinfo",namespace="test",deployment_strategy="canary",analysis_status="completed"} 1
 ```

docs/gitbook/usage/webhooks.md

@@ -41,6 +41,7 @@ Spec:
       - name: "start gate"
         type: confirm-rollout
         url: http://flagger-loadtester.test/gate/approve
+        retries: 5
       - name: "helm test"
         type: pre-rollout
         url: http://flagger-helmtester.flagger/
@@ -72,6 +73,7 @@ Spec:
       - name: "send to Slack"
         type: event
         url: http://event-recevier.notifications/slack
+        retries: 3
         metadata:
           environment: "test"
           cluster: "flagger-test"
@@ -83,16 +85,19 @@ Webhook payload (HTTP POST):
 
 ```javascript
 {
-    "name": "podinfo",
-    "namespace": "test",
-    "phase": "Progressing", 
-    "metadata": {
-        "test":  "all",
-        "token":  "16688eb5e9f289f1991c"
-    }
+  "name": "podinfo",
+  "namespace": "test",
+  "phase": "Progressing",
+  "checksum": "85d557f47b",
+  "metadata": {
+    "test":  "all",
+    "token":  "16688eb5e9f289f1991c"
+  }
 }
 ```
 
+The checksum field is hashed from the TrackedConfigs and LastAppliedSpec of the Canary, it can be used to identify a Canary for a specific configuration of the deployed resources.
+
 Response status codes:
 
 * 200-202 - advance canary by increasing the traffic weight
@@ -107,6 +112,7 @@ Event payload (HTTP POST):
   "name": "string (canary name)",
   "namespace": "string (canary namespace)",
   "phase": "string (canary phase)",
+  "checksum": "string (canary checksum"),
   "metadata": {
     "eventMessage": "string (canary event message)",
     "eventType": "string (canary event type)",
@@ -118,6 +124,11 @@ Event payload (HTTP POST):
 The event receiver can create alerts based on the received phase 
 (possible values: `Initialized`, `Waiting`, `Progressing`, `Promoting`, `Finalising`, `Succeeded` or `Failed`).
 
+Options:
+* retries: The webhook request can be retried by specifying a positive integer in the `retries` field. This helps ensure reliability if the webhook fails due to transient network issues.
+
+* disable TLS: Set `disableTLS` to `true` in the webhook spec to bypass TLS verification. This is useful in cases where the target service uses self-signed certificates, or you need to connect to an insecure service for testing purposes.
+
 ## Load Testing
 
 For workloads that are not receiving constant traffic Flagger can be configured with a webhook,
@@ -387,6 +398,22 @@ This can be done via mounting a Kubernetes secret in the tester's Deployment.
 to see if the process has finished (Default is 5s). `pollTimeout` represents the time in seconds
 the web-hook will try to call Concord before timing out (Default is 30s).
 
+If you need to start a Pod/Job to run tests, you can do so using `kubectl`.
+
+```yaml
+  analysis:
+    webhooks:
+      - name: "smoke test"
+        type: pre-rollout
+        url: http://flagger-kubectltester.kube-system/
+        timeout: 3m
+        metadata:
+          type: "kubectl"
+          cmd: "run test --image=alpine --overrides='{ "spec": { "serviceAccount": "default:default" }  }'"
+```
+
+Note that you need to setup RBAC for the load tester service account in order to run `kubectl` and `helm` commands.
+
 ## Manual Gating
 
 For manual approval of a canary deployment you can use the `confirm-rollout` and `confirm-promotion` webhooks.

go.mod

@@ -1,91 +1,109 @@
 module github.com/fluxcd/flagger
 
-go 1.19
+go 1.25.0
 
 require (
-	cloud.google.com/go/monitoring v1.9.0
-	github.com/Masterminds/semver/v3 v3.1.1
-	github.com/aws/aws-sdk-go v1.44.144
-	github.com/davecgh/go-spew v1.1.1
-	github.com/go-logr/zapr v1.2.3
-	github.com/google/go-cmp v0.5.9
-	github.com/googleapis/gax-go/v2 v2.7.0
-	github.com/influxdata/influxdb-client-go/v2 v2.12.0
-	github.com/prometheus/client_golang v1.14.0
-	github.com/stretchr/testify v1.8.1
-	go.uber.org/zap v1.23.0
-	google.golang.org/api v0.103.0
-	google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6
-	google.golang.org/grpc v1.51.0
-	google.golang.org/protobuf v1.28.1
+	cloud.google.com/go/monitoring v1.24.2
+	github.com/Masterminds/semver/v3 v3.4.0
+	github.com/aws/aws-sdk-go v1.55.8
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
+	github.com/go-logr/zapr v1.3.0
+	github.com/google/go-cmp v0.7.0
+	github.com/google/uuid v1.6.0
+	github.com/googleapis/gax-go/v2 v2.15.0
+	github.com/hashicorp/go-retryablehttp v0.7.8
+	github.com/influxdata/influxdb-client-go/v2 v2.14.0
+	github.com/prometheus/client_golang v1.23.2
+	github.com/signalfx/signalflow-client-go v0.1.0
+	github.com/signalfx/signalfx-go v1.53.0
+	github.com/stretchr/testify v1.11.1
+	go.uber.org/zap v1.27.0
+	golang.org/x/sync v0.17.0
+	google.golang.org/api v0.252.0
+	google.golang.org/genproto v0.0.0-20250603155806-513f23925822
+	google.golang.org/grpc v1.76.0
+	google.golang.org/protobuf v1.36.10
 	gopkg.in/h2non/gock.v1 v1.1.2
-	k8s.io/api v0.25.4
-	k8s.io/apimachinery v0.25.4
-	k8s.io/client-go v0.25.4
-	k8s.io/code-generator v0.25.4
-	k8s.io/klog/v2 v2.80.1
+	k8s.io/api v0.34.1
+	k8s.io/apimachinery v0.34.1
+	k8s.io/client-go v0.34.1
+	k8s.io/code-generator v0.34.1
+	k8s.io/klog/v2 v2.130.1
+	k8s.io/utils v0.0.0-20250604170112-4c0f3b243397
+	knative.dev/serving v0.46.6
 )
 
-// Fix CVE-2022-32149
-replace golang.org/x/text => golang.org/x/text v0.4.0
-
 require (
-	cloud.google.com/go/compute v1.12.1 // indirect
-	cloud.google.com/go/compute/metadata v0.2.1 // indirect
-	github.com/PuerkitoBio/purell v1.1.1 // indirect
-	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
+	cloud.google.com/go/auth v0.17.0 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
+	cloud.google.com/go/compute/metadata v0.9.0 // indirect
+	github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cespare/xxhash/v2 v2.1.2 // indirect
-	github.com/deepmap/oapi-codegen v1.8.2 // indirect
-	github.com/emicklei/go-restful/v3 v3.8.0 // indirect
-	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
-	github.com/go-logr/logr v1.2.3 // indirect
-	github.com/go-openapi/jsonpointer v0.19.5 // indirect
-	github.com/go-openapi/jsonreference v0.19.5 // indirect
-	github.com/go-openapi/swag v0.19.14 // indirect
+	github.com/blendle/zapdriver v1.3.1 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.12.2 // indirect
+	github.com/evanphx/json-patch/v5 v5.9.11 // indirect
+	github.com/fxamacker/cbor/v2 v2.9.0 // indirect
+	github.com/go-logr/logr v1.4.3 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/google/gnostic v0.5.7-v3refs // indirect
-	github.com/google/gofuzz v1.1.0 // indirect
-	github.com/google/uuid v1.3.0 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.2.0 // indirect
+	github.com/google/gnostic-models v0.7.0 // indirect
+	github.com/google/go-containerregistry v0.20.3 // indirect
+	github.com/google/s2a-go v0.1.9 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
+	github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
 	github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 // indirect
-	github.com/imdario/mergo v0.3.6 // indirect
-	github.com/influxdata/line-protocol v0.0.0-20200327222509-2487e7298839 // indirect
-	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/influxdata/line-protocol v0.0.0-20210922203350-b1ad95c89adf // indirect
+	github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/mailru/easyjson v0.7.6 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
+	github.com/kylelemons/godebug v1.1.0 // indirect
+	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/oapi-codegen/runtime v1.0.0 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_model v0.3.0 // indirect
-	github.com/prometheus/common v0.37.0 // indirect
-	github.com/prometheus/procfs v0.8.0 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
-	go.opencensus.io v0.24.0 // indirect
-	go.uber.org/atomic v1.7.0 // indirect
-	go.uber.org/multierr v1.6.0 // indirect
-	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
-	golang.org/x/net v0.1.0 // indirect
-	golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783 // indirect
-	golang.org/x/sys v0.1.0 // indirect
-	golang.org/x/term v0.1.0 // indirect
-	golang.org/x/text v0.4.0 // indirect
-	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
-	golang.org/x/tools v0.1.12 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/prometheus/client_model v0.6.2 // indirect
+	github.com/prometheus/common v0.66.1 // indirect
+	github.com/prometheus/procfs v0.17.0 // indirect
+	github.com/spf13/pflag v1.0.6 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 // indirect
+	go.opentelemetry.io/otel v1.37.0 // indirect
+	go.opentelemetry.io/otel/metric v1.37.0 // indirect
+	go.opentelemetry.io/otel/trace v1.37.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.yaml.in/yaml/v2 v2.4.2 // indirect
+	go.yaml.in/yaml/v3 v3.0.4 // indirect
+	golang.org/x/crypto v0.42.0 // indirect
+	golang.org/x/mod v0.28.0 // indirect
+	golang.org/x/net v0.44.0 // indirect
+	golang.org/x/oauth2 v0.31.0 // indirect
+	golang.org/x/sys v0.36.0 // indirect
+	golang.org/x/term v0.35.0 // indirect
+	golang.org/x/text v0.29.0 // indirect
+	golang.org/x/time v0.13.0 // indirect
+	golang.org/x/tools v0.37.0 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251002232023-7c0ddcbb5797 // indirect
+	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/gengo v0.0.0-20211129171323-c02415ce4185 // indirect
-	k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect
-	k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect
-	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
-	sigs.k8s.io/yaml v1.2.0 // indirect
+	k8s.io/gengo/v2 v2.0.0-20250604051438-85fd79dbfd9f // indirect
+	k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect
+	knative.dev/networking v0.0.0-20250902160145-7dad473f6351 // indirect
+	knative.dev/pkg v0.0.0-20250909011231-077dcf0d00e8 // indirect
+	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
+	sigs.k8s.io/randfill v1.0.0 // indirect
+	sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect
+	sigs.k8s.io/yaml v1.6.0 // indirect
 )

go.sum

@@ -1,696 +1,307 @@
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
-cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
-cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
-cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
-cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
-cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
-cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
-cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
-cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
-cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
-cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
-cloud.google.com/go v0.105.0 h1:DNtEKRBAAzeS4KyIory52wWHuClNaXJ5x1F7xa4q+5Y=
-cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
-cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
-cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
-cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
-cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
-cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/compute v1.12.1 h1:gKVJMEyqV5c/UnpzjjQbo3Rjvvqpr9B1DFSbJC4OXr0=
-cloud.google.com/go/compute v1.12.1/go.mod h1:e8yNOBcBONZU1vJKCvCoDw/4JQsA0dpM4x/6PIIOocU=
-cloud.google.com/go/compute/metadata v0.2.1 h1:efOwf5ymceDhK6PKMnnrTHP4pppY5L22mle96M1yP48=
-cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM=
-cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
-cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/longrunning v0.3.0 h1:NjljC+FYPV3uh5/OwWT6pVU+doBqMg2x/rZlE+CamDs=
-cloud.google.com/go/monitoring v1.9.0 h1:O2A5HsrhvRMzD3OMUimPXF46vOzwc9vh6oGCGf9i/ws=
-cloud.google.com/go/monitoring v1.9.0/go.mod h1:/FsTS0gkEFUc4cgB16s6jYDnyjzRBkRJNRzBn5Zx+wA=
-cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
-cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
-cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
-cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
-cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
-cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
-cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
-cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
-cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
-dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
-github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
-github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI=
-github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=
-github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
-github.com/aws/aws-sdk-go v1.44.144 h1:mMWdnYL8HZsobrQe1mwvQ18Xt8UbOVhWgipjuma5Mkg=
-github.com/aws/aws-sdk-go v1.44.144/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
-github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
-github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+cloud.google.com/go/auth v0.17.0 h1:74yCm7hCj2rUyyAocqnFzsAYXgJhrG26XCFimrc/Kz4=
+cloud.google.com/go/auth v0.17.0/go.mod h1:6wv/t5/6rOPAX4fJiRjKkJCvswLwdet7G8+UGXt7nCQ=
+cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc=
+cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c=
+cloud.google.com/go/compute/metadata v0.9.0 h1:pDUj4QMoPejqq20dK0Pg2N4yG9zIkYGdBtwLoEkH9Zs=
+cloud.google.com/go/compute/metadata v0.9.0/go.mod h1:E0bWwX5wTnLPedCKqk3pJmVgCBSM6qQI1yTBdEb3C10=
+cloud.google.com/go/monitoring v1.24.2 h1:5OTsoJ1dXYIiMiuL+sYscLc9BumrL3CarVLL7dd7lHM=
+cloud.google.com/go/monitoring v1.24.2/go.mod h1:x7yzPWcgDRnPEv3sI+jJGBkwl5qINf+6qY4eq0I9B4U=
+github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0=
+github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
+github.com/RaveNoX/go-jsoncommentstrip v1.0.0/go.mod h1:78ihd09MekBnJnxpICcwzCMzGrKSKYe4AqU6PDYYpjk=
+github.com/apapsch/go-jsonmerge/v2 v2.0.0 h1:axGnT1gRIfimI7gJifB699GoE/oq+F2MU7Dml6nw9rQ=
+github.com/apapsch/go-jsonmerge/v2 v2.0.0/go.mod h1:lvDnEdqiQrp0O42VQGgmlKpxL1AP2+08jFMw88y4klk=
+github.com/aws/aws-sdk-go v1.55.8 h1:JRmEUbU52aJQZ2AjX4q4Wu7t4uZjOu71uyNmaWlUkJQ=
+github.com/aws/aws-sdk-go v1.55.8/go.mod h1:ZkViS9AqA6otK+JBBNH2++sx1sgxrPKcSzPPvQkUtXk=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
-github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
+github.com/blendle/zapdriver v1.3.1 h1:C3dydBOWYRiOk+B8X9IVZ5IOe+7cl+tGOexN4QqHfpE=
+github.com/blendle/zapdriver v1.3.1/go.mod h1:mdXfREi6u5MArG4j9fewC+FGnXaBR+T4Ox4J2u4eHCc=
+github.com/bmatcuk/doublestar v1.1.1/go.mod h1:UD6OnuiIn0yFxxA2le/rnRU1G4RaI4UvFv1sNto9p6w=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443 h1:aQ3y1lwWyqYPiWZThqv1aFbZMiM9vblcSArJRf2Irls=
+github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/deepmap/oapi-codegen v1.8.2 h1:SegyeYGcdi0jLLrpbCMoJxnUUn8GBXHsvr4rbzjuhfU=
-github.com/deepmap/oapi-codegen v1.8.2/go.mod h1:YLgSKSDv/bZQB7N4ws6luhozi3cEdRktEqrX88CvjIw=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
-github.com/emicklei/go-restful/v3 v3.8.0 h1:eCZ8ulSerjdAiaNpF7GxXIE7ZCMo1moN1qX+S609eVw=
-github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84=
-github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/getkin/kin-openapi v0.61.0/go.mod h1:7Yn5whZr5kJi6t+kShccXS8ae1APpYTW6yheSwk8Yi4=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-chi/chi/v5 v5.0.0/go.mod h1:BBug9lr0cqtdAhsu6R4AAdvufI0/XBzAQSsUqJpoZOs=
-github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
-github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
-github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
-github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
-github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
-github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
-github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
-github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU=
+github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/envoyproxy/go-control-plane v0.13.4 h1:zEqyPVyku6IvWCFwux4x9RxkLOMUL+1vC9xUFv5l2/M=
+github.com/envoyproxy/go-control-plane/envoy v1.32.4 h1:jb83lalDRZSpPWW2Z7Mck/8kXZ5CQAFYVjQcdVIr83A=
+github.com/envoyproxy/go-control-plane/envoy v1.32.4/go.mod h1:Gzjc5k8JcJswLjAx1Zm+wSYE20UrLtt7JZMWiWQXQEw=
+github.com/envoyproxy/protoc-gen-validate v1.2.1 h1:DEo3O99U8j4hBFwbJfrz9VtgcDfUKS7KJ7spH3d86P8=
+github.com/envoyproxy/protoc-gen-validate v1.2.1/go.mod h1:d/C80l/jxXLdfEIhX1W2TmLfsJ31lvEjwamM4DxlWXU=
+github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls=
+github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU=
+github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM=
+github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
+github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
+github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
+github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM=
+github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
-github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/zapr v1.2.3 h1:a9vnzlIBPQBBkeaR9IuMUfmVOrQlkoC4YfPoFkX3T7A=
-github.com/go-logr/zapr v1.2.3/go.mod h1:eIauM6P8qSvTw5o2ez6UEAfGjQKrxQTl5EoK+Qa2oG4=
-github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
-github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonreference v0.19.5 h1:1WJP/wi4OjB4iV8KVbH73rQaoialJrqv8gitZLxGLtM=
-github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg=
-github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng=
-github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
+github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
+github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
+github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
+github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
+github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
+github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
+github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
+github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
-github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golangci/lint-1 v0.0.0-20181222135242-d2cdd8c08219/go.mod h1:/X8TswGSh1pIozq4ZwCfxS0WA5JGXguxk94ar/4c87Y=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54=
-github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo=
+github.com/google/gnostic-models v0.7.0/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
+github.com/google/go-containerregistry v0.20.3 h1:oNx7IdTI936V8CQRveCjaxOiegWwvM7kqkbXTpyiovI=
+github.com/google/go-containerregistry v0.20.3/go.mod h1:w00pIgBRDVUDFM6bq+Qx8lwNWK+cxgCuX1vd3PIBDNI=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
-github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.2.0 h1:y8Yozv7SZtlU//QXbezB6QkpuE6jMD2/gfzk4AftXjs=
-github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
-github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gax-go/v2 v2.7.0 h1:IcsPKeInNvYi7eqSaDjiZqDDKu5rsmunY0Y1YupQSSQ=
-github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8=
-github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
+github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0=
+github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/enterprise-certificate-proxy v0.3.6 h1:GW/XbdyBFQ8Qe+YAmFU9uHLo7OnF5tL52HFAgMmyrf4=
+github.com/googleapis/enterprise-certificate-proxy v0.3.6/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA=
+github.com/googleapis/gax-go/v2 v2.15.0 h1:SyjDc1mGgZU5LncH8gimWo9lW1DtIfPibOG81vgd/bo=
+github.com/googleapis/gax-go/v2 v2.15.0/go.mod h1:zVVkkxAQHa1RQpg9z2AUCMnKhi0Qld9rcmyfL1OZhoc=
+github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo=
+github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA=
 github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 h1:2VTzZjLZBgl62/EtslCrtky5vbi9dd7HrQPQIx6wqiw=
 github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542/go.mod h1:Ow0tF8D4Kplbc8s8sSb3V2oUCygFHVp8gC3Dn6U4MNI=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28=
-github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/influxdata/influxdb-client-go/v2 v2.12.0 h1:LGct9uIp36IT+8RAJdmJGQbNonGi26YfYYSpDIyq8fI=
-github.com/influxdata/influxdb-client-go/v2 v2.12.0/go.mod h1:YteV91FiQxRdccyJ2cHvj2f/5sq4y4Njqu1fQzsQCOU=
-github.com/influxdata/line-protocol v0.0.0-20200327222509-2487e7298839 h1:W9WBk7wlPfJLvMCdtV4zPulc4uCPrlywQOmbFOhgQNU=
-github.com/influxdata/line-protocol v0.0.0-20200327222509-2487e7298839/go.mod h1:xaLFMmpvUxqXtVkUJfg9QmT88cDaCJ3ZKgdZ78oO8Qo=
-github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
-github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
+github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
+github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
+github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
+github.com/hashicorp/go-retryablehttp v0.7.8 h1:ylXZWnqa7Lhqpk0L1P1LzDtGcCR0rPVUrx/c8Unxc48=
+github.com/hashicorp/go-retryablehttp v0.7.8/go.mod h1:rjiScheydd+CxvumBsIrFKlx3iS0jrZ7LvzFGFmuKbw=
+github.com/influxdata/influxdb-client-go/v2 v2.14.0 h1:AjbBfJuq+QoaXNcrova8smSjwJdUHnwvfjMF71M1iI4=
+github.com/influxdata/influxdb-client-go/v2 v2.14.0/go.mod h1:Ahpm3QXKMJslpXl3IftVLVezreAUtBOTZssDrjZEFHI=
+github.com/influxdata/line-protocol v0.0.0-20210922203350-b1ad95c89adf h1:7JTmneyiNEwVBOHSjoMxiWAqB992atOeepeFYegn5RU=
+github.com/influxdata/line-protocol v0.0.0-20210922203350-b1ad95c89adf/go.mod h1:xaLFMmpvUxqXtVkUJfg9QmT88cDaCJ3ZKgdZ78oO8Qo=
+github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 h1:liMMTbpW34dhU4az1GN0pTPADwNmvoRSeoZ6PItiqnY=
+github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
-github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
+github.com/juju/gnuflag v0.0.0-20171113085948-2ce1bb71843d/go.mod h1:2PavIy+JPciBPrBUjwbNvtwB6RQlve+hkpll6QSNmOE=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
+github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/labstack/echo/v4 v4.2.1/go.mod h1:AA49e0DZ8kk5jTOOCKNuPR6oTnBS0dYiM4FW1e6jwpg=
-github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k=
-github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA=
-github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ=
-github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
-github.com/mattn/go-colorable v0.1.7/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ=
-github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
-github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
+github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
+github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
+github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFdJifH4BDsTlE89Zl93FEloxaWZfGcifgq8=
+github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32 h1:W6apQkHrMkS0Muv8G/TipAy/FJl/rCYT0+EuS8+Z0z4=
 github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/onsi/ginkgo/v2 v2.1.6 h1:Fx2POJZfKRQcM1pH49qSZiYeu319wji004qX+GDovrU=
-github.com/onsi/gomega v1.20.1 h1:PA/3qinGoukvymdIDV8pii6tiZgC8kbmJO6Z5+b002Q=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/oapi-codegen/runtime v1.0.0 h1:P4rqFX5fMFWqRzY9M/3YF9+aPSPPB06IzP2P7oOxrWo=
+github.com/oapi-codegen/runtime v1.0.0/go.mod h1:LmCUMQuPB4M/nLXilQXhHw+BLZdDb18B34OO356yJ/A=
+github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM=
+github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
+github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
+github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
+github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
+github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgmp0tecUJ0sJuv4pzYCqS9+RGSn52M3FUwPs+uo=
+github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
-github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
-github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
-github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
-github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
-github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
-github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
-github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
-github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
-github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
-github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE=
-github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
-github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
-github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o=
+github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg=
+github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=
+github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
+github.com/prometheus/common v0.66.1 h1:h5E0h5/Y8niHc5DlaLlWLArTQI7tMrsfQjHV+d9ZoGs=
+github.com/prometheus/common v0.66.1/go.mod h1:gcaUsgf3KfRSwHY4dIMXLPV0K/Wg1oZ8+SbZk/HH/dA=
+github.com/prometheus/procfs v0.17.0 h1:FuLQ+05u4ZI+SS/w9+BWEM2TXiHKsUQ9TADiRH7DuK0=
+github.com/prometheus/procfs v0.17.0/go.mod h1:oPQLaDAMRbA+u8H5Pbfq+dl3VDAvHxMUOVhe0wYB2zw=
+github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
+github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
+github.com/signalfx/signalflow-client-go v0.1.0 h1:aqyt+st3/y8x8JtuwYRL9pOkOTJb+KeCoRWi0SuY5vw=
+github.com/signalfx/signalflow-client-go v0.1.0/go.mod h1:mY4DTAZuLHyMNGBjSrNdCg5kUU0hSkYjukAnjsVbsQs=
+github.com/signalfx/signalfx-go v1.53.0 h1:TMQDuj/Kyom8Xtb7NFuvV7URfCuTRjTrLyD0BroUDmM=
+github.com/signalfx/signalfx-go v1.53.0/go.mod h1:CHt+/W1qd62tXxNqG7ZUB9pEsEAOD6tuvdlyDNIOO1s=
+github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
+github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spkg/bom v0.0.0-20160624110644-59b7046e48ad/go.mod h1:qLr4V1qq6nMqFKkMo8ZTx3f+BZEkzsRUY10Xsm2mwU0=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
-github.com/valyala/fasttemplate v1.0.1/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8=
-github.com/valyala/fasttemplate v1.2.1/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
-github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
+github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
-go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
-go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw=
-go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
-go.uber.org/goleak v1.1.11 h1:wy28qYRKZgnJTxGxvye5/wgWr1EKjmUDGYox5mGlRlI=
-go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4=
-go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
-go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI=
-go.uber.org/zap v1.23.0 h1:OjGQ5KQDEUawVHxNwQgPpiypGHOxo2mNZsOqTak4fFY=
-go.uber.org/zap v1.23.0/go.mod h1:D+nX8jyLsMHMYrln8A0rJjFt/T/9/bGgIhAqxv5URuY=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
+go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 h1:q4XOmH/0opmeuJtPsbFNivyl7bCt7yRBbeEm2sC/XtQ=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0/go.mod h1:snMWehoOh2wsEwnvvwtDyFCxVeDAODenXHtn5vzrKjo=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0 h1:Hf9xI/XLML9ElpiHVDNwvqI0hIFlzV8dgIr35kV1kRU=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0/go.mod h1:NfchwuyNoMcZ5MLHwPrODwUF1HWCXWrL31s8gSAdIKY=
+go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ=
+go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I=
+go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE=
+go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E=
+go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI=
+go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg=
+go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc=
+go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps=
+go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4=
+go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0=
+go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
+go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
+go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
+go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
+go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI=
+go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU=
+go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
+go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
-golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
-golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
-golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
+golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/mod v0.28.0 h1:gQBtGhjxykdjY9YhZpSlZIsbnaE2+PgjfLWUQTnoZ1U=
+golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0=
-golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783 h1:nt+Q6cXKz4MosCSpnbMtqiQ8Oz0pxTef2B4Vca2lvfk=
-golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I=
+golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
+golang.org/x/oauth2 v0.31.0 h1:8Fq0yVZLh4j4YA47vHKFTa9Ew5XIrCP8LC6UeNZnLxo=
+golang.org/x/oauth2 v0.31.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
+golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200826173525-f9321e4c35a6/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U=
-golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw=
-golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg=
-golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44=
-golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
+golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/term v0.35.0 h1:bZBVKBudEyhRcajGcNc3jIfWPqV4y/Kt2XcoigOWtDQ=
+golang.org/x/term v0.35.0/go.mod h1:TPGtkTLesOwf2DE8CgVYiZinHAOuy5AYUYT1lENIZnA=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
+golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
+golang.org/x/time v0.13.0 h1:eUlYslOIt32DgYD6utsuUeHs4d7AsEYLuIAdg7FlYgI=
+golang.org/x/time v0.13.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
-golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU=
-golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.37.0 h1:DVSRzp7FwePZW356yEAChSdNcQo6Nsp+fex1SUW09lE=
+golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
-google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
-google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
-google.golang.org/api v0.103.0 h1:9yuVqlu2JCvcLg9p8S3fcFLZij8EPSyvODIY1rkMizQ=
-google.golang.org/api v0.103.0/go.mod h1:hGtW6nK1AC+d9si/UBhw8Xli+QMOf6xyNAyJw4qU9w0=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
-google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
-google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
-google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
-google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6 h1:a2S6M0+660BgMNl++4JPlcAO/CjkqYItDEZwkoDQK7c=
-google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
-google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
-google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.51.0 h1:E1eGv1FTqoLIdnBCZufiSHgKjlqG6fKFf6pPWtMTh8U=
-google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
-google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+gomodules.xyz/jsonpatch/v2 v2.5.0 h1:JELs8RLM12qJGXU4u/TO3V25KW8GreMKl9pdkk14RM0=
+gomodules.xyz/jsonpatch/v2 v2.5.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
+gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
+gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
+google.golang.org/api v0.252.0 h1:xfKJeAJaMwb8OC9fesr369rjciQ704AjU/psjkKURSI=
+google.golang.org/api v0.252.0/go.mod h1:dnHOv81x5RAmumZ7BWLShB/u7JZNeyalImxHmtTHxqw=
+google.golang.org/genproto v0.0.0-20250603155806-513f23925822 h1:rHWScKit0gvAPuOnu87KpaYtjK5zBMLcULh7gxkCXu4=
+google.golang.org/genproto v0.0.0-20250603155806-513f23925822/go.mod h1:HubltRL7rMh0LfnQPkMH4NPDFEWp0jw3vixw7jEM53s=
+google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b h1:ULiyYQ0FdsJhwwZUwbaXpZF5yUE3h+RA+gxvBu37ucc=
+google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b/go.mod h1:oDOGiMSXHL4sDTJvFvIB9nRQCGdLP1o/iVaqQK8zB+M=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251002232023-7c0ddcbb5797 h1:CirRxTOwnRWVLKzDNrs0CXAaVozJoR4G9xvdRecrdpk=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251002232023-7c0ddcbb5797/go.mod h1:HSkG/KdJWusxU1F6CNrwNDjBMgisKxGnc5dAZfT0mjQ=
+google.golang.org/grpc v1.76.0 h1:UnVkv1+uMLYXoIz6o7chp59WfQUYA2ex/BXQ9rHZu7A=
+google.golang.org/grpc v1.76.0/go.mod h1:Ju12QI8M6iQJtbcsV+awF5a4hfJMLi4X0JLo94ULZ6c=
+google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
+google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
+gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
 gopkg.in/h2non/gock.v1 v1.1.2 h1:jBbHXgGBK/AoPVfJh5x4r/WxIrElvbLel8TCZkkZJoY=
 gopkg.in/h2non/gock.v1 v1.1.2/go.mod h1:n7UGz/ckNChHiK05rDoiC4MYSunEC/lyaUm2WWaDva0=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.25.4 h1:3YO8J4RtmG7elEgaWMb4HgmpS2CfY1QlaOz9nwB+ZSs=
-k8s.io/api v0.25.4/go.mod h1:IG2+RzyPQLllQxnhzD8KQNEu4c4YvyDTpSMztf4A0OQ=
-k8s.io/apimachinery v0.25.4 h1:CtXsuaitMESSu339tfhVXhQrPET+EiWnIY1rcurKnAc=
-k8s.io/apimachinery v0.25.4/go.mod h1:jaF9C/iPNM1FuLl7Zuy5b9v+n35HGSh6AQ4HYRkCqwo=
-k8s.io/client-go v0.25.4 h1:3RNRDffAkNU56M/a7gUfXaEzdhZlYhoW8dgViGy5fn8=
-k8s.io/client-go v0.25.4/go.mod h1:8trHCAC83XKY0wsBIpbirZU4NTUpbuhc2JnI7OruGZw=
-k8s.io/code-generator v0.25.4 h1:tjQ7/+9eN7UOiU2DP+0v4ntTI4JZLi2c1N0WllpFhTc=
-k8s.io/code-generator v0.25.4/go.mod h1:9F5fuVZOMWRme7MYj2YT3L9ropPWPokd9VRhVyD3+0w=
-k8s.io/gengo v0.0.0-20211129171323-c02415ce4185 h1:TT1WdmqqXareKxZ/oNXEUSwKlLiHzPMyB0t8BaFeBYI=
-k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
-k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
-k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4=
-k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkIFQtZShWqoha7snGixVgEA=
-k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU=
-k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed h1:jAne/RjBTyawwAy0utX5eqigAwz/lQhTmy+Hr/Cpue4=
-k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
-rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k=
-sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
-sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
-sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q=
-sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
+k8s.io/api v0.34.1 h1:jC+153630BMdlFukegoEL8E/yT7aLyQkIVuwhmwDgJM=
+k8s.io/api v0.34.1/go.mod h1:SB80FxFtXn5/gwzCoN6QCtPD7Vbu5w2n1S0J5gFfTYk=
+k8s.io/apimachinery v0.34.1 h1:dTlxFls/eikpJxmAC7MVE8oOeP1zryV7iRyIjB0gky4=
+k8s.io/apimachinery v0.34.1/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw=
+k8s.io/client-go v0.34.1 h1:ZUPJKgXsnKwVwmKKdPfw4tB58+7/Ik3CrjOEhsiZ7mY=
+k8s.io/client-go v0.34.1/go.mod h1:kA8v0FP+tk6sZA0yKLRG67LWjqufAoSHA2xVGKw9Of8=
+k8s.io/code-generator v0.34.1 h1:WpphT26E+j7tEgIUfFr5WfbJrktCGzB3JoJH9149xYc=
+k8s.io/code-generator v0.34.1/go.mod h1:DeWjekbDnJWRwpw3s0Jat87c+e0TgkxoR4ar608yqvg=
+k8s.io/gengo/v2 v2.0.0-20250604051438-85fd79dbfd9f h1:SLb+kxmzfA87x4E4brQzB33VBbT2+x7Zq9ROIHmGn9Q=
+k8s.io/gengo/v2 v2.0.0-20250604051438-85fd79dbfd9f/go.mod h1:EJykeLsmFC60UQbYJezXkEsG2FLrt0GPNkU5iK5GWxU=
+k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
+k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
+k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b h1:MloQ9/bdJyIu9lb1PzujOPolHyvO06MXG5TUIj2mNAA=
+k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts=
+k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y=
+k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+knative.dev/networking v0.0.0-20250902160145-7dad473f6351 h1:Gv/UqbN0AK+ORoT5e2Kg+3+uMW/y9CCdhpXKxYaVV6k=
+knative.dev/networking v0.0.0-20250902160145-7dad473f6351/go.mod h1:P/fAhhVDgmLt1ugFX8vBvdSDiUOw2P4SGcjbzoZ02Xw=
+knative.dev/pkg v0.0.0-20250909011231-077dcf0d00e8 h1:n0BMHXIem9MyDkK4vfA4Vzdxaf1e+EeLJ6k+8exCjjI=
+knative.dev/pkg v0.0.0-20250909011231-077dcf0d00e8/go.mod h1:a1amDzo4YIUNuGeDgEz/uDHs5MQVYI1DXnRnEpWCAts=
+knative.dev/serving v0.46.6 h1:jmVF560qnepNBG69VEbNRtknGFwZtGEyR1QSlNuoKmk=
+knative.dev/serving v0.46.6/go.mod h1:mY7uXQo49PnxxM6UJWfnSAi6OqFEPM03dpWc8xsH3+I=
+sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE=
+sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
+sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU=
+sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
+sigs.k8s.io/structured-merge-diff/v6 v6.3.0 h1:jTijUJbW353oVOd9oTlifJqOGEkUw2jB/fXCbTiQEco=
+sigs.k8s.io/structured-merge-diff/v6 v6.3.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE=
+sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs=
+sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4=

hack/update-codegen.sh

@@ -25,14 +25,29 @@ trap "cleanup" EXIT SIGINT
 
 echo ">> Temporary output directory ${TEMP_DIR}"
 
-# Ensure we can execute.
-chmod +x ${CODEGEN_PKG}/generate-groups.sh
+PACKAGE_PATH_BASE="github.com/fluxcd/flagger"
 
-${CODEGEN_PKG}/generate-groups.sh all \
-    github.com/fluxcd/flagger/pkg/client github.com/fluxcd/flagger/pkg/apis \
-    "flagger:v1beta1 appmesh:v1beta2 appmesh:v1beta1 istio:v1alpha3 smi:v1alpha1 smi:v1alpha2 smi:v1alpha3 gloo/gloo:v1 gloo/gateway:v1 projectcontour:v1 traefik:v1alpha1 kuma:v1alpha1 gatewayapi:v1alpha2 gatewayapi:v1beta1 keda:v1alpha1" \
-    --output-base "${TEMP_DIR}" \
-    --go-header-file ${SCRIPT_ROOT}/hack/boilerplate.go.txt
+mkdir -p "${TEMP_DIR}/${PACKAGE_PATH_BASE}/pkg/client/informers" \
+         "${TEMP_DIR}/${PACKAGE_PATH_BASE}/pkg/client/listers" \
+         "${TEMP_DIR}/${PACKAGE_PATH_BASE}/pkg/client/clientset"
+
+# Ensure we can execute.
+chmod +x ${CODEGEN_PKG}/kube_codegen.sh
+
+source ${CODEGEN_PKG}/kube_codegen.sh
+
+kube::codegen::gen_helpers \
+    --boilerplate "${SCRIPT_ROOT}/hack/boilerplate.go.txt" \
+    ./pkg/apis
+
+kube::codegen::gen_client \
+    --output-dir "${TEMP_DIR}/${PACKAGE_PATH_BASE}/pkg/client" \
+    --output-pkg "${PACKAGE_PATH_BASE}/pkg/client" \
+    --with-watch \
+    --boilerplate "${SCRIPT_ROOT}/hack/boilerplate.go.txt" \
+    ./pkg/apis
+
+tree $TEMP_DIR/${PACKAGE_PATH_BASE/pkg/client}/
 
 # Copy everything back.
-cp -r "${TEMP_DIR}/github.com/fluxcd/flagger/." "${SCRIPT_ROOT}/"
+cp -r "${TEMP_DIR}/${PACKAGE_PATH_BASE}/." "${SCRIPT_ROOT}/"

kustomize/README.md

@@ -34,14 +34,6 @@ kustomize build https://github.com/fluxcd/flagger/kustomize/linkerd?ref=main | k
 This deploys Flagger in the `linkerd` namespace and sets the metrics server URL to linkerd-viz extension's Prometheus instance
 which lives under `linkerd-viz` namespace by default.
 
-Install Flagger for Open Service Mesh:
-
-```bash
-kustomize build https://github.com/fluxcd/flagger/kustomize/osm?ref=main | kubectl apply -f -
-```
-
-This deploys Flagger in the `osm-system` namespace and sets the metrics server URL to OSM's Prometheus instance.
-
 If you want to install a specific Flagger release, add the version number to the URL:
 
 ```bash
@@ -76,7 +68,7 @@ metadata:
   name: app
   namespace: test
 spec:
-  # can be: kubernetes, istio, linkerd, appmesh, nginx, skipper, gloo, osm
+  # can be: kubernetes, istio, linkerd, appmesh, nginx, skipper, gloo
   # use the kubernetes provider for Blue/Green style deployments
   provider: nginx
 ```

kustomize/apisix/kustomization.yaml

@@ -1,5 +1,7 @@
-namespace: osm-system
 bases:
   - ../base/flagger/
+  - ../base/prometheus/
+resources:
+  - namespace.yaml
 patchesStrategicMerge:
   - patch.yaml

kustomize/apisix/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: flagger-system

kustomize/apisix/patch.yaml

@@ -10,5 +10,5 @@ spec:
           args:
             - -log-level=info
             - -include-label-prefix=app.kubernetes.io
-            - -mesh-provider=kuma
+            - -mesh-provider=apisix
             - -metrics-server=http://flagger-prometheus:9090

kustomize/base/flagger/crd.yaml

@@ -27,6 +27,10 @@ spec:
         - name: Weight
           type: string
           jsonPath: .status.canaryWeight
+        - name: Suspended
+          type: boolean
+          jsonPath: .spec.suspend
+          priority: 1
         - name: FailedChecks
           type: string
           jsonPath: .status.failedChecks
@@ -76,7 +80,6 @@ spec:
               type: object
               required:
                 - targetRef
-                - service
                 - analysis
               properties:
                 provider:
@@ -121,6 +124,15 @@ spec:
                       type: object
                       additionalProperties:
                         type: string
+                    primaryScalerReplicas:
+                      type: object
+                      properties:
+                        minReplicas:
+                          type: integer
+                          minimum: 1
+                        maxReplicas:
+                          type: integer
+                          minimum: 1
                 ingressRef:
                   description: Ingress selector
                   type: object
@@ -134,6 +146,19 @@ spec:
                         - Ingress
                     name:
                       type: string
+                routeRef:
+                  description: APISIX route selector
+                  type: object
+                  required: [ "apiVersion", "kind", "name" ]
+                  properties:
+                    apiVersion:
+                      type: string
+                    kind:
+                      type: string
+                      enum:
+                        - ApisixRoute
+                    name:
+                      type: string
                 upstreamRef:
                   description: Gloo Upstream selector
                   type: object
@@ -166,11 +191,21 @@ spec:
                     appProtocol:
                       description: Application protocol of the port
                       type: string
+                    trafficDistribution:
+                      description: Traffic distribution of the service
+                      type: string
+                      enum:
+                        - PreferClose
+                        - PreferSameZone
+                        - PreferSameNode
                     targetPort:
                       description: Container target port name
                       x-kubernetes-int-or-string: true
                     portDiscovery:
-                      description: Enable port dicovery
+                      description: Enable port discovery
+                      type: boolean
+                    headless:
+                      description: Headless if set to true, generates headless Kubernetes services.
                       type: boolean
                     timeout:
                       description: HTTP or gRPC request timeout
@@ -458,6 +493,54 @@ spec:
                         uri:
                           format: string
                           type: string
+                        authority:
+                          format: string
+                          type: string
+                        type:
+                          format: string
+                          type: string
+                    mirror:
+                      description: Mirror defines a schema for a filter that mirrors requests.
+                      type: array
+                      items:
+                        type: object
+                        properties:
+                          backendRef:
+                            properties:
+                              group:
+                                default: ""
+                                maxLength: 253
+                                pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                                type: string
+                              kind:
+                                default: Service
+                                maxLength: 63
+                                minLength: 1
+                                pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+                                type: string
+                              name:
+                                maxLength: 253
+                                minLength: 1
+                                type: string
+                              namespace:
+                                maxLength: 63
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+                                type: string
+                              port:
+                                format: int32
+                                maximum: 65535
+                                minimum: 1
+                                type: integer
+                            required:
+                            - name
+                            type: object
+                            x-kubernetes-validations:
+                            - message: Must have port for Service reference
+                              rule: '(size(self.group) == 0 && self.kind == ''Service'')
+                                ? has(self.port) : true'
+                      required:
+                      - backendRef
                     headers:
                       description: Headers operations
                       type: object
@@ -537,6 +620,11 @@ spec:
                             minLength: 1
                             pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                             type: string
+                          port:
+                            format: int32
+                            maximum: 65535
+                            minimum: 1
+                            type: integer
                     corsPolicy:
                       description: Istio Cross-Origin Resource Sharing policy (CORS)
                       type: object
@@ -727,6 +815,10 @@ spec:
                                 - LEAST_CONN
                                 - RANDOM
                                 - PASSTHROUGH
+                                - LEAST_REQUEST
+                              type: string
+                            warmupDurationSecs:
+                              description: Represents the warmup duration of Service.
                               type: string
                         outlierDetection:
                           description: Settings controlling eviction of unhealthy hosts from the load balancing pool.
@@ -824,12 +916,27 @@ spec:
                           type: object
                           additionalProperties:
                             type: string
+                    unmanagedMetadata:
+                      description: UnmanagedMetadata is a list of metadata keys that should be ignored by Flagger.
+                      type: object
+                      properties:
+                        annotations:
+                          type: array
+                          items:
+                            type: string
+                        labels:
+                          type: array
+                          items:
+                            type: string
                 skipAnalysis:
                   description: Skip analysis and promote canary
                   type: boolean
                 revertOnDeletion:
                   description: Revert mutated resources to original spec on deletion
                   type: boolean
+                suspend:
+                  description: Suspend Canary disabling/pausing all canary runs
+                  type: boolean
                 analysis:
                   description: Canary analysis for this canary
                   type: object
@@ -903,6 +1010,34 @@ spec:
                                   description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)
                                   format: string
                                   type: string
+                          queryParams:
+                            description: Query parameters for matching.
+                            type: object
+                            additionalProperties:
+                              oneOf:
+                              - not:
+                                  anyOf:
+                                  - required:
+                                    - exact
+                                  - required:
+                                    - prefix
+                                  - required:
+                                    - regex
+                              - required:
+                                - exact
+                              - required:
+                                - prefix
+                              - required:
+                                - regex
+                              properties:
+                                exact:
+                                  type: string
+                                prefix:
+                                  type: string
+                                regex:
+                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
+                                  type: string
+                              type: object
                           sourceLabels:
                             description: Applicable only when the 'mesh' gateway is included in the service.gateways list
                             type: object
@@ -950,6 +1085,11 @@ spec:
                               namespace:
                                 description: Namespace of this metric template
                                 type: string
+                          templateVariables:
+                            description: Additional variables to be used in the metrics query (key-value pairs)
+                            type: object
+                            additionalProperties:
+                              type: string
                     alerts:
                       description: Alert list for this canary analysis
                       type: array
@@ -1015,6 +1155,12 @@ spec:
                             description: Request timeout for this webhook
                             type: string
                             pattern: "^[0-9]+(m|s)"
+                          retries:
+                            description: Number of retries for this webhook
+                            type: number
+                          disableTLS:
+                            description: Disable TLS verification for this webhook
+                            type: boolean
                           metadata:
                             description: Metadata (key-value pairs) for this webhook
                             type: object
@@ -1028,10 +1174,35 @@ spec:
                         cookieName:
                           description: CookieName is the key that will be used for the session affinity cookie.
                           type: string
+                        primaryCookieName:
+                          description: CookieName is the key that will be used for the session affinity cookie.
+                          type: string
+                        domain:
+                          description: Domain defines the host to which the cookie will be sent.
+                          type: string
+                        httpOnly:
+                          description: HttpOnly forbids JavaScript from accessing the cookie, for example, through the Document.cookie property.
+                          type: boolean
                         maxAge:
                           description: MaxAge indicates the number of seconds until the session affinity cookie will expire.
                           default: 86400
                           type: number
+                        partitioned:
+                          description: Partitioned indicates that the cookie should be stored using partitioned storage.
+                          type: boolean
+                        path:
+                          description: Path indicates the path that must exist in the requested URL for the browser to send the Cookie header.
+                          type: string
+                        sameSite:
+                          description: SameSite controls whether or not a cookie is sent with cross-site requests.
+                          type: string
+                          enum:
+                            - Strict
+                            - Lax
+                            - None
+                        secure:
+                          description: "Secure indicates that the cookie is sent to the server only when a request is made with the https: scheme (except on localhost)"
+                          type: boolean
             status:
               description: CanaryStatus defines the observed state of a canary.
               type: object
@@ -1178,9 +1349,18 @@ spec:
                         - newrelic
                         - graphite
                         - dynatrace
+                        - keptn
+                        - splunk
                     address:
                       description: API address of this provider
                       type: string
+                    headers:
+                      description: Headers to add to HTTP(S) requests
+                      type: object
+                      additionalProperties:
+                        type: array
+                        items:
+                          type: string
                     secretRef:
                       description: Kubernetes secret reference containing the provider credentials
                       type: object

kustomize/base/flagger/kustomization.yaml

@@ -9,4 +9,4 @@ resources:
 images:
   - name: ghcr.io/fluxcd/flagger
     newName: ghcr.io/fluxcd/flagger
-    newTag: 1.26.0
+    newTag: 1.42.0

kustomize/base/flagger/rbac.yaml

@@ -229,10 +229,49 @@ rules:
       - update
       - patch
       - delete
+  - apiGroups:
+      - apisix.apache.org
+    resources:
+      - apisixroutes
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - metrics.keptn.sh
+    resources:
+      - keptnmetrics
+      - analyses
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - serving.knative.dev
+    resources:
+      - services
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - serving.knative.dev
+    resources:
+      - revisions
+    verbs:
+      - get
   - nonResourceURLs:
       - /version
     verbs:
       - get
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding