Merge pull request #1596 from fluxcd/release-1.36.0

Release 1.36.0

.github/dependabot.yml

@@ -3,5 +3,15 @@ version: 2
 updates:
   - package-ecosystem: "github-actions"
     directory: "/"
+    labels: ["area/ci", "dependencies"]
+    groups:
+      # Group all updates together, so that they are all applied in a single PR.
+      # Grouped updates are currently in beta and is subject to change.
+      # xref: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups
+      ci:
+        patterns:
+          - "*"
     schedule:
+      # By default, this will be on a monday.
       interval: "weekly"
+

.github/workflows/build.yaml

@@ -14,21 +14,18 @@ permissions:
 
 jobs:
   build-flagger:
-    runs-on: ubuntu-latest
+    runs-on:
+      group: "Default Larger Runners"
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
-      - name: Restore Go cache
-        uses: actions/cache@v3.0.11
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
+        uses: actions/checkout@v4
       - name: Setup Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
-          go-version: 1.19.x
+          go-version: 1.21.x
+          cache-dependency-path: |
+            **/go.sum
+            **/go.mod
       - name: Download modules
         run: |
           go mod download
@@ -47,7 +44,7 @@ jobs:
             exit 1
           fi
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v4
         with:
           file: ./coverage.txt
       - name: Build container image

.github/workflows/e2e.yaml

@@ -14,7 +14,8 @@ permissions:
 
 jobs:
   e2e-test:
-    runs-on: ubuntu-latest
+    runs-on:
+      group: "Default Larger Runners"
     strategy:
       fail-fast: false
       matrix:
@@ -22,7 +23,6 @@ jobs:
           # service mesh
           - istio
           - linkerd
-          - osm
           - kuma
           # ingress controllers
           - contour
@@ -36,12 +36,21 @@ jobs:
           - apisix
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Setup Kubernetes
-        uses: engineerd/setup-kind@v0.5.0
+        uses: helm/kind-action@v1.8.0
+        if: matrix.provider != 'skipper'
         with:
-          version: "v0.14.0"
-          image: kindest/node:v1.23.6@sha256:b1fa224cc6c7ff32455e0b1fd9cbfd3d3bc87ecaa8fcb06961ed1afb3db0f9ae
+          version: v0.20.0
+          cluster_name: kind
+          node_image: kindest/node:v1.27.3@sha256:9dd3392d79af1b084671b05bcf65b21de476256ad1dcc853d9f3b10b4ac52dde
+      - name: Setup Kubernetes for skipper
+        uses: helm/kind-action@v1.8.0
+        if: matrix.provider == 'skipper'
+        with:
+          version: v0.20.0
+          cluster_name: kind
+          node_image: kindest/node:v1.24.12@sha256:0bdca26bd7fe65c823640b14253ea7bac4baad9336b332c94850f84d8102f873
       - name: Build container image
         run: |
           docker build -t test/flagger:latest .

.github/workflows/helm.yaml

@@ -12,7 +12,7 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Publish Helm charts
         uses: stefanprodan/helm-gh-pages@v1.7.0
         with:

.github/workflows/push-ld.yml

@@ -10,40 +10,42 @@ permissions:
 
 jobs:
   release-load-tester:
-    runs-on: ubuntu-latest
+    runs-on:
+      group: "Default Larger Runners"
     permissions:
       id-token: write
       packages: write
     steps:
-      - uses: actions/checkout@v3
-      - uses: sigstore/cosign-installer@v2.8.1
+      - uses: actions/checkout@v4
+      - uses: sigstore/cosign-installer@v3.4.0
       - name: Prepare
         id: prep
         run: |
           VERSION=$(grep 'VERSION' cmd/loadtester/main.go | head -1 | awk '{ print $4 }' | tr -d '"')
-          echo ::set-output name=BUILD_DATE::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
-          echo ::set-output name=VERSION::${VERSION}
+          echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
+          echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
       - name: Setup QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
       - name: Setup Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: fluxcdbot
           password: ${{ secrets.GHCR_TOKEN }}
       - name: Generate image meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: |
             ${{ env.IMAGE }}
           tags: |
             type=raw,value=${{ steps.prep.outputs.VERSION }}
       - name: Publish image
-        uses: docker/build-push-action@v3
+        id: build-push
+        uses: docker/build-push-action@v5
         with:
           push: true
           builder: ${{ steps.buildx.outputs.name }}
@@ -58,4 +60,4 @@ jobs:
         env:
           COSIGN_EXPERIMENTAL: 1
         run: |
-          cosign sign ${{ env.IMAGE }}:${{ steps.prep.outputs.VERSION }}
+          cosign sign --yes ${{ env.IMAGE }}@${{ steps.build-push.outputs.digest }}

.github/workflows/release.yml

@@ -3,6 +3,12 @@ on:
   push:
     tags:
       - 'v*'
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'image tag prefix'
+        default: 'rc'
+        required: true
 
 permissions:
   contents: read
@@ -12,45 +18,55 @@ env:
 
 jobs:
   release-flagger:
-    runs-on: ubuntu-latest
+    outputs:
+      hashes: ${{ steps.slsa.outputs.hashes }}
+    runs-on:
+      group: "Default Larger Runners"
     permissions:
       contents: write # needed to write releases
       id-token: write # needed for keyless signing
       packages: write # needed for ghcr access
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: fluxcd/flux2/action@main
-      - uses: sigstore/cosign-installer@v2.8.1
+      - uses: sigstore/cosign-installer@v3.4.0
       - name: Prepare
         id: prep
         run: |
-          VERSION=$(grep 'VERSION' pkg/version/version.go | awk '{ print $4 }' | tr -d '"')
+          if [[ ${GITHUB_EVENT_NAME} = "workflow_dispatch" ]]; then
+            VERSION="${{ github.event.inputs.tag }}-${GITHUB_SHA::8}"
+          else
+            VERSION=$(grep 'VERSION' pkg/version/version.go | awk '{ print $4 }' | tr -d '"')
+          fi
           CHANGELOG="https://github.com/fluxcd/flagger/blob/main/CHANGELOG.md#$(echo $VERSION | tr -d '.')"
           echo "[CHANGELOG](${CHANGELOG})" > notes.md
-          echo ::set-output name=BUILD_DATE::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
-          echo ::set-output name=VERSION::${VERSION}
+          echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
+          echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
       - name: Setup QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
       - name: Setup Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: fluxcdbot
           password: ${{ secrets.GHCR_TOKEN }}
       - name: Generate image meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: |
             ${{ env.IMAGE }}
           tags: |
             type=raw,value=${{ steps.prep.outputs.VERSION }}
       - name: Publish image
-        uses: docker/build-push-action@v3
+        id: build-push
+        uses: docker/build-push-action@v5
         with:
+          sbom: true
+          provenance: true
           push: true
           builder: ${{ steps.buildx.outputs.name }}
           context: .
@@ -64,8 +80,22 @@ jobs:
         env:
           COSIGN_EXPERIMENTAL: 1
         run: |
-          cosign sign ${{ env.IMAGE }}:${{ steps.prep.outputs.VERSION }}
+          cosign sign --yes ${{ env.IMAGE }}@${{ steps.build-push.outputs.digest }}
+      - name: Publish signed manifests to GHCR
+        if: startsWith(github.ref, 'refs/tags/v')
+        env:
+          COSIGN_EXPERIMENTAL: 1
+        run: |
+          OCI_URL=$(flux push artifact \
+            oci://ghcr.io/fluxcd/flagger-manifests:${{ steps.prep.outputs.VERSION }} \
+            --path="./kustomize" \
+            --source="$(git config --get remote.origin.url)" \
+            --revision="${{ steps.prep.outputs.VERSION }}/$(git rev-parse HEAD)" \
+            --output json | \
+            jq -r '. | .repository + "@" + .digest')
+          cosign sign --yes ${OCI_URL}
       - name: Publish Helm charts
+        if: startsWith(github.ref, 'refs/tags/v')
         uses: stefanprodan/helm-gh-pages@v1.7.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
@@ -73,29 +103,47 @@ jobs:
           linting: off
       - uses: fluxcd/pkg/actions/helm@main
         with:
-          version: 3.10.1
+          version: 3.12.3
       - name: Publish signed Helm chart to GHCR
+        if: startsWith(github.ref, 'refs/tags/v')
         env:
           COSIGN_EXPERIMENTAL: 1
         run: |
           helm package charts/flagger
-          helm push flagger-${{ steps.prep.outputs.VERSION }}.tgz oci://ghcr.io/fluxcd/charts
-          cosign sign ghcr.io/fluxcd/charts/flagger:${{ steps.prep.outputs.VERSION }}
+          helm push flagger-${{ steps.prep.outputs.VERSION }}.tgz oci://ghcr.io/fluxcd/charts |& tee .digest
+          cosign sign --yes ghcr.io/fluxcd/charts/flagger@$(cat .digest | awk -F "[, ]+" '/Digest/{print $NF}')
           rm flagger-${{ steps.prep.outputs.VERSION }}.tgz
-      - name: Publish signed manifests to GHCR
-        env:
-          COSIGN_EXPERIMENTAL: 1
-        run: |
-          flux push artifact oci://ghcr.io/fluxcd/flagger-manifests:${{ steps.prep.outputs.VERSION }} \
-          --path="./kustomize" \
-          --source="$(git config --get remote.origin.url)" \
-          --revision="${{ steps.prep.outputs.VERSION }}/$(git rev-parse HEAD)"
-          cosign sign ghcr.io/fluxcd/flagger-manifests:${{ steps.prep.outputs.VERSION }}
+          rm .digest
       - uses: anchore/sbom-action/download-syft@v0
       - name: Create release and SBOM
-        uses: goreleaser/goreleaser-action@v3
+        id: run-goreleaser
+        uses: goreleaser/goreleaser-action@v5
+        if: startsWith(github.ref, 'refs/tags/v')
         with:
           version: latest
           args: release --release-notes=notes.md --rm-dist --skip-validate
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Generate SLSA metadata
+        id: slsa
+        if: startsWith(github.ref, 'refs/tags/v')
+        env:
+          ARTIFACTS: "${{ steps.run-goreleaser.outputs.artifacts }}"
+        run: |
+          set -euo pipefail
+          
+          hashes=$(echo -E $ARTIFACTS | jq --raw-output '.[] | {name, "digest": (.extra.Digest // .extra.Checksum)} | select(.digest) | {digest} + {name} | join("  ") | sub("^sha256:";"")' | base64 -w0)
+          echo "hashes=$hashes" >> $GITHUB_OUTPUT
+
+  release-provenance:
+    needs: [release-flagger]
+    if: startsWith(github.ref, 'refs/tags/v')
+    permissions:
+      actions: read # for detecting the Github Actions environment.
+      id-token: write # for creating OIDC tokens for signing.
+      contents: write # for uploading attestations to GitHub releases.
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0
+    with:
+      provenance-name: "provenance.intoto.jsonl"
+      base64-subjects: "${{ needs.release-flagger.outputs.hashes }}"
+      upload-assets: true

.github/workflows/scan.yml

@@ -17,25 +17,26 @@ jobs:
     permissions:
       security-events: write
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Run FOSSA scan and upload build data
-        uses: fossa-contrib/fossa-action@v1
+        uses: fossa-contrib/fossa-action@v3
         with:
           # FOSSA Push-Only API Token
           fossa-api-key: 5ee8bf422db1471e0bcf2bcb289185de
           github-token: ${{ github.token }}
   scan-codeql:
-    runs-on: ubuntu-latest
+    runs-on:
+      group: "Default Larger Runners"
     permissions:
       security-events: write
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: go
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

.goreleaser.yml

@@ -23,6 +23,7 @@ signs:
     certificate: '${artifact}.pem'
     args:
       - sign-blob
+      - "--yes"
       - '--output-certificate=${certificate}'
       - '--output-signature=${signature}'
       - '${artifact}'

CHANGELOG.md

@@ -2,6 +2,362 @@
 
 All notable changes to this project are documented in this file.
 
+## 1.36.0
+
+**Release date:** 2024-02-07
+
+This release comes with support for canary releases with traffic shifting using
+Istio TCP routing. For more information on how to enable TCP routing please
+see the [Istio tutorial](hhttps://docs.flagger.app//tutorials/istio-progressive-delivery#canary-deployments-for-tcp-services).
+
+Both Flagger and the load tester Go dependencies have been updated to fix various CVEs.
+Flagger is now built with Go 1.21 and the container base image has been updated to Alpine 3.19.
+
+#### Improvements
+- Istio Canary TCP service support
+  [#1564](https://github.com/fluxcd/flagger/pull/1564)
+- Update Go dependencies
+  [#1595](https://github.com/fluxcd/flagger/pull/1595)
+- Build with Go 1.21 and Alpine 3.19
+  [#1594](https://github.com/fluxcd/flagger/pull/1594)
+
+#### Fixes
+- return an error for missing metric templates
+  [#1582](https://github.com/fluxcd/flagger/pull/1582)
+- istio: make retry attempts a mandatory field
+  [#1571](https://github.com/fluxcd/flagger/pull/1571)
+- fix(pdb): use the full capabilities comparison for PDBs
+  [#1511](https://github.com/fluxcd/flagger/pull/1511)
+
+## 1.35.0
+
+**Release date:** 2023-11-30
+
+This release comes with support for Gateway API `v1`. Furthermore, following the
+deprecation period, support for the `v1alpha2` API has been dropped.
+A new field `.spec.webhooks[].retries` has been added to allow specifying the
+number of retry attempts to make if the webhook server returns an unsuccessful
+response.
+Another new field `.spec.service.trafficPolicy.loadBalancer.warmupDurationSeconds`
+has been added for the corresponding field in Istio's `DestinationRule` API.
+
+Lastly, two bugs related to deleting a Canary object with
+`.spec.revertOnDeletion: true` have been fixed.
+
+#### Improvements
+- Support Istio DestinationRule WarmupDurationSecs
+  [#1540](https://github.com/fluxcd/flagger/pull/1540)
+- feat: Webhook retries
+  [#1541](https://github.com/fluxcd/flagger/pull/1541)
+- gatewayapi: add support for `v1`
+  [#1557](https://github.com/fluxcd/flagger/pull/1557)
+- Update Go dependencies
+  [#1558](https://github.com/fluxcd/flagger/pull/1558)
+
+#### Fixes
+- set original node selector value when finalizing service
+  [#1537](https://github.com/fluxcd/flagger/pull/1537)
+- controller: wait for canary deployment to be ready before removing finalizers
+  [#1552](https://github.com/fluxcd/flagger/pull/1552)
+
+## 1.34.0
+
+**Release date:** 2023-10-04
+
+This release comes with several new features. The Gateway API integration
+has been significantly improved with support for
+* [Canary releases with session affinty](https://docs.flagger.app/tutorials/gatewayapi-progressive-delivery#session-affinty)
+* [B/G deployments with traffic mirroring](https://docs.flagger.app/tutorials/gatewayapi-progressive-delivery#traffic-mirroring)
+* Filters in the generated `HTTPRoute` (`.spec.rules[].filters`)
+
+Most of the Filters are derived from existing fields in the Canary spec like
+`.spec.service.headers`. To support arbitary request mirroring through the
+`RequestMirror` filter, a new field `.spec.service.mirror` has been introduced.
+
+A new field `checksum` has been added to the Canary webhook payload. This field
+is computed by hashing the `.status.lastAppliedSpec` and
+`.status.trackedConfigs`. It can be used to distinguish between Canary runs.
+
+Furthermore, the Gloo integration now uses strings for specifying time durations
+in order to be better compatible with protobuf duration parsing.
+
+Lastly, Kubernetes packages were updated to be on 1.27.
+
+#### Improvements
+- Update Kubernetes to v1.27
+  [#1506](https://github.com/fluxcd/flagger/pull/1506)
+- gatewayapi: add support for session affinity
+  [#1507](https://github.com/fluxcd/flagger/pull/1507)
+- gatewayapi: add support for route rule filters
+  [#1512](https://github.com/fluxcd/flagger/pull/1512)
+- Update Linkerd tutorial to use Kubernetes Gateway API
+  [#1516](https://github.com/fluxcd/flagger/pull/1516)
+- Add Checksum field to the Webhook payload to distinguish canary runs
+  [#1521](https://github.com/fluxcd/flagger/pull/1521)
+- gatewayapi: add support for b/g mirroring
+  [#1525](https://github.com/fluxcd/flagger/pull/1525)
+- Update Go dependencies
+  [#1528](https://github.com/fluxcd/flagger/pull/1528)
+
+#### Fixes
+- chore: fix incorrect canary name on document
+  [#1502](https://github.com/fluxcd/flagger/pull/1502)
+- fix: Support for queryParams in canary match condition #880
+  [#1505](https://github.com/fluxcd/flagger/pull/1505)
+- docs: fix error example in deployment strategies
+  [#1518](https://github.com/fluxcd/flagger/pull/1518)
+- Change Gloo Duration type to string
+  [#1524](https://github.com/fluxcd/flagger/pull/1524)
+
+## 1.33.0
+
+**Release date:** 2023-08-29
+
+This release fixes bugs related to the Canary lifecycle. The
+`confirm-traffic-increase` webhook is no longer called if the Canary is in the
+`WaitingPromotion` phase. Furthermore, a bug which caused downtime when
+initializing the Canary deployment has been fixed.
+Also, a bug in the `request-duration` metric for Traefik which assumed the
+result to be in milliseconds instead of seconds has been addressed.
+
+The loadtester now also supports running `kubectl` commands.
+
+#### Improvements
+- Helm: Add option to configure honorLabels for serviceMonitor
+  [#1442](https://github.com/fluxcd/flagger/pull/1442)
+- Helm: Use PodDisruptionBudget API policy/v1 if available
+  [#1476](https://github.com/fluxcd/flagger/pull/1476)
+- podinfo: Update hpa version from autoscaling/v2beta2 to autoscaling/v2
+  [#1477](https://github.com/fluxcd/flagger/pull/1477)
+- Helm: Allow custom labels for servicemonitor
+  [#1483](https://github.com/fluxcd/flagger/pull/1483)
+- feat: loadtester support kubectl type
+  [#1485](https://github.com/fluxcd/flagger/pull/1485)
+- Update Istio Gateway reference format
+  [#1489](https://github.com/fluxcd/flagger/pull/1489)
+- e2e: Update Istio to v1.18
+  [#1492](https://github.com/fluxcd/flagger/pull/1492)
+- add docs for kubectl in loadtester
+  [#1494](https://github.com/fluxcd/flagger/pull/1494)
+
+#### Fixes
+- fix: typo on "Parase", should be "Parse".
+  [#1443](https://github.com/fluxcd/flagger/pull/1443)
+- Fix Traefik request-duration metric
+  [#1446](https://github.com/fluxcd/flagger/pull/1446)
+- Fix initial deployment downtime
+  [#1451](https://github.com/fluxcd/flagger/pull/1451)
+- Fix FAQ templating format and change reference of $workload to $target.
+  [#1456](https://github.com/fluxcd/flagger/pull/1456)
+- Update doc.go
+  [#1466](https://github.com/fluxcd/flagger/pull/1466)
+- Avoid running traffic increase hooks when waiting for promotion or promoting
+  [#1470](https://github.com/fluxcd/flagger/pull/1470)
+
+## 1.32.0
+
+**Release date:** 2023-07-14
+
+This release adds support for suspending a Canary using `.spec.suspend`.
+It also fixes a bug where the target deployment gets stuck at 0 replicas
+after the Canary has been deleted.
+Furthermore, the Canary API has been modified to allow specifying the
+HTTPRoute port using `.service.gatewayRefs[].port`.
+
+#### Improvements
+- Helm: Add option to create service and serviceMonitor
+  [#1425](https://github.com/fluxcd/flagger/pull/1425)
+- Update Alpine to 3.18
+  [#1426](https://github.com/fluxcd/flagger/pull/1426)
+- Add `spec.suspend` to allow suspending canary
+  [#1431](https://github.com/fluxcd/flagger/pull/1431)
+- Add support for istio LEAST_REQUEST destination rule load balancing
+  [#1439](https://github.com/fluxcd/flagger/pull/1439)
+- Add gatewayRef port to Canary CRD
+  [#1453](https://github.com/fluxcd/flagger/pull/1453)
+- feat: Copy slowStartConfig for Gloo upstreams
+  [#1455](https://github.com/fluxcd/flagger/pull/1455)
+- Update Go dependencies
+  [#1459](https://github.com/fluxcd/flagger/pull/1459)
+
+#### Fixes
+- Resume target scaler during finalization
+  [#1429](https://github.com/fluxcd/flagger/pull/1429)
+- Fix panic when annotation of ingress is empty
+  [#1437](https://github.com/fluxcd/flagger/pull/1437)
+- Fixing namespace of HelmRepository in installation docs
+  [#1458](https://github.com/fluxcd/flagger/pull/1458)
+
+## 1.31.0
+
+**Release date:** 2023-05-10
+
+⚠️  __Breaking Changes__
+
+This release adds support for Linkerd 2.12 and later. Due to changes in Linkerd
+the default namespace for Flagger's installation had to be changed from
+`linkerd` to `flagger-system` and the `flagger` Deployment is now injected with
+the Linkerd proxy. Furthermore, installing Flagger for Linkerd will result in
+the creation of an `AuthorizationPolicy` that allows access to the Prometheus
+instance in the `linkerd-viz` namespace. To upgrade your Flagger installation,
+please see the below migration guide.
+
+If you use Kustomize, then follow these steps:
+* `kubectl delete -n linkerd deploy/flagger`
+* `kubectl delete -n linkerd serviceaccount flagger`
+* If you're on Linkerd >= 2.12, you'll need to install the SMI extension to enable
+  support for `TrafficSplit`s:
+  ```bash
+  curl -sL https://linkerd.github.io/linkerd-smi/install | sh
+  linkerd smi install | kubectl apply -f -
+  ```
+* `kubectl apply -k github.com/fluxcd/flagger//kustomize/linkerd`
+
+  Note: If you're on Linkerd < 2.12, this will report an error about missing CRDs.
+  It is safe to ignore this error.
+
+If you use Helm and are on Linkerd < 2.12, then you can use `helm upgrade` to do
+a regular upgrade.
+
+If you use Helm and are on Linkerd >= 2.12, then follow these steps:
+* `helm uninstall flagger -n linkerd`
+* Install the Linkerd SMI extension:
+  ```bash
+  helm repo add l5d-smi https://linkerd.github.io/linkerd-smi
+  helm install linkerd-smi l5d-smi/linkerd-smi -n linkerd-smi --create-namespace
+  ```
+* Install Flagger in the `flagger-system` namespace
+  and create an `AuthorizationPolicy`:
+  ```bash
+  helm repo update flagger
+  helm install flagger flagger/flagger \
+  --namespace flagger-system \
+  --set meshProvider=linkerd \
+  --set metricsServer=http://prometheus.linkerd-viz:9090 \
+  --set linkerdAuthPolicy.create=true
+  ```
+
+Furthermore, a bug which led the `confirm-rollout` webhook to be executed at
+every step of the Canary instead of only being executed before the canary
+Deployment is scaled up, has been fixed.
+
+#### Improvements
+
+- Add support for Linkerd 2.13
+  [#1417](https://github.com/fluxcd/flagger/pull/1417)
+
+#### Fixes
+
+- Fix the loadtester install with flux documentation
+  [#1384](https://github.com/fluxcd/flagger/pull/1384)
+- Run `confirm-rollout` checks only before scaling up deployment
+  [#1414](https://github.com/fluxcd/flagger/pull/1414)
+- e2e: Remove OSM tests
+  [#1423](https://github.com/fluxcd/flagger/pull/1423)
+
+## 1.30.0
+
+**Release date:** 2023-04-12
+
+This release fixes a bug related to the lack of updates to the generated
+object's metadata according to the metadata specified in `spec.service.apex`.
+Furthermore, a bug where labels were wrongfully copied over from the canary
+deployment to primary deployment when no value was provided for
+`--include-label-prefix` has been fixed.
+This release also makes Flagger compatible with Flux's helm-controller drift
+detection.
+
+#### Improvements
+
+- build(deps): bump actions/cache from 3.2.5 to 3.3.1
+  [#1385](https://github.com/fluxcd/flagger/pull/1385)
+- helm: Added the option to supply additional volumes
+  [#1393](https://github.com/fluxcd/flagger/pull/1393)
+- build(deps): bump actions/setup-go from 3 to 4
+  [#1394](https://github.com/fluxcd/flagger/pull/1394)
+- update Kuma version and docs
+  [#1402](https://github.com/fluxcd/flagger/pull/1402)
+- ci: bump k8s to 1.24 and kind to 1.18 
+  [#1406](https://github.com/fluxcd/flagger/pull/1406)
+- Helm: Allow configuring deployment `annotations`
+  [#1411](https://github.com/fluxcd/flagger/pull/1411)
+- update dependencies
+  [#1412](https://github.com/fluxcd/flagger/pull/1412)
+
+#### Fixes
+
+- Enable updates for labels and annotations
+  [#1392](https://github.com/fluxcd/flagger/pull/1392)
+- Update flagger-install-with-flux.md
+  [#1398](https://github.com/fluxcd/flagger/pull/1398)
+- avoid copying canary labels to primary on promotion
+  [#1405](https://github.com/fluxcd/flagger/pull/1405)
+- Disable Flux helm drift detection for managed resources
+  [#1408](https://github.com/fluxcd/flagger/pull/1408)
+
+## 1.29.0
+
+**Release date:** 2023-02-21
+
+This release comes with support for template variables for analysis metrics.
+A canary analysis metric can reference a set of custom variables with
+`.spec.analysis.metrics[].templateVariables`. For more info see the [docs](https://fluxcd.io/flagger/usage/metrics/#custom-metrics).
+Furthemore, a bug related to Canary releases with session affinity has been
+fixed.
+
+#### Improvements
+
+- update dependencies
+  [#1374](https://github.com/fluxcd/flagger/pull/1374)
+- build(deps): bump golang.org/x/net from 0.4.0 to 0.7.0
+  [#1373](https://github.com/fluxcd/flagger/pull/1373)
+- build(deps): bump fossa-contrib/fossa-action from 1 to 2
+  [#1372](https://github.com/fluxcd/flagger/pull/1372)
+- Allow custom affinities for flagger deployment in helm chart
+  [#1371](https://github.com/fluxcd/flagger/pull/1371)
+- Add namespace to namespaced resources in helm chart
+  [#1370](https://github.com/fluxcd/flagger/pull/1370)
+- build(deps): bump actions/cache from 3.2.4 to 3.2.5
+  [#1366](https://github.com/fluxcd/flagger/pull/1366)
+- build(deps): bump actions/cache from 3.2.3 to 3.2.4
+  [#1362](https://github.com/fluxcd/flagger/pull/1362)
+- build(deps): bump docker/build-push-action from 3 to 4
+  [#1361](https://github.com/fluxcd/flagger/pull/1361)
+- modify release workflow to publish rc images
+  [#1359](https://github.com/fluxcd/flagger/pull/1359)
+- build: Enable SBOM and SLSA Provenance
+  [#1356](https://github.com/fluxcd/flagger/pull/1356)
+- Add support for custom variables in metric templates
+  [#1355](https://github.com/fluxcd/flagger/pull/1355)
+- docs(readme.md): add additional tutorial
+  [#1346](https://github.com/fluxcd/flagger/pull/1346)
+
+#### Fixes
+
+- use regex to match against headers in istio
+  [#1364](https://github.com/fluxcd/flagger/pull/1364)
+
+## 1.28.0
+
+**Release date:** 2023-01-26
+
+This release comes with support for setting a different autoscaling
+configuration for the primary workload.
+The `.spec.autoscalerRef.primaryScalerReplicas` is useful in the
+situation where the user does not want to scale the canary workload
+to the exact same size as the primary, especially when opting for a
+canary deployment pattern where only a small portion of traffic is
+routed to the canary workload pods.
+
+#### Improvements
+
+- Support for overriding primary scaler replicas
+  [#1343](https://github.com/fluxcd/flagger/pull/1343)
+- Allow access to Prometheus in OpenShift via SA token
+  [#1338](https://github.com/fluxcd/flagger/pull/1338)
+- Update Kubernetes packages to v1.26.1
+  [#1352](https://github.com/fluxcd/flagger/pull/1352)
+
 ## 1.27.0
 
 **Release date:** 2022-12-15

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.19-alpine as builder
+FROM golang:1.21-alpine as builder
 
 ARG TARGETPLATFORM
 ARG REVISON
@@ -21,7 +21,7 @@ RUN CGO_ENABLED=0 go build \
     -ldflags "-s -w -X github.com/fluxcd/flagger/pkg/version.REVISION=${REVISON}" \
     -a -o flagger ./cmd/flagger
 
-FROM alpine:3.16
+FROM alpine:3.19
 
 RUN apk --no-cache add ca-certificates
 

Dockerfile.loadtester

@@ -1,4 +1,4 @@
-FROM golang:1.19-alpine as builder
+FROM golang:1.21-alpine as builder
 
 ARG TARGETPLATFORM
 ARG TARGETARCH
@@ -6,15 +6,19 @@ ARG REVISION
 
 RUN apk --no-cache add alpine-sdk perl curl bash tar
 
-RUN HELM3_VERSION=3.10.2 && \
+RUN HELM3_VERSION=3.12.0 && \
 curl -sSL "https://get.helm.sh/helm-v${HELM3_VERSION}-linux-${TARGETARCH}.tar.gz" | tar xvz && \
 chmod +x linux-${TARGETARCH}/helm && mv linux-${TARGETARCH}/helm /usr/local/bin/helm
 
-RUN GRPC_HEALTH_PROBE_VERSION=v0.4.12 && \
+RUN KUBECTL_VERSION=v1.28.0 &&  \
+curl -LO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl" && \
+chmod +x kubectl && mv kubectl /usr/local/bin/kubectl
+
+RUN GRPC_HEALTH_PROBE_VERSION=v0.4.19 && \
 wget -qO /usr/local/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-${TARGETARCH} && \
 chmod +x /usr/local/bin/grpc_health_probe
 
-RUN GHZ_VERSION=0.109.0 && \
+RUN GHZ_VERSION=0.117.0 && \
 curl -sSL "https://github.com/bojand/ghz/archive/refs/tags/v${GHZ_VERSION}.tar.gz" | tar xz -C /tmp && \
 cd /tmp/ghz-${GHZ_VERSION}/cmd/ghz && GOARCH=$TARGETARCH go build . && mv ghz /usr/local/bin && \
 chmod +x /usr/local/bin/ghz
@@ -41,7 +45,7 @@ ARG TARGETPLATFORM
 
 RUN addgroup -S app && \
 adduser -S -g app app && \
-apk --no-cache add ca-certificates curl jq libgcc wrk hey
+apk --no-cache add ca-certificates curl jq libgcc wrk hey git
 
 WORKDIR /home/app
 
@@ -51,6 +55,7 @@ RUN ln -s /opt/bats/bin/bats /usr/local/bin/
 COPY --from=builder /usr/local/bin/helm /usr/local/bin/
 COPY --from=builder /usr/local/bin/ghz /usr/local/bin/
 COPY --from=builder /usr/local/bin/grpc_health_probe /usr/local/bin/
+COPY --from=builder /usr/local/bin/kubectl /usr/local/bin/
 
 ADD https://raw.githubusercontent.com/grpc/grpc-proto/master/grpc/health/v1/health.proto /tmp/ghz/health.proto
 

MAINTAINERS

@@ -4,6 +4,6 @@ at https://slack.cncf.io/).
 
 In alphabetical order:
 
-Stefan Prodan, Weaveworks <stefan@weave.works> (github: @stefanprodan, slack: stefanprodan)
+Sanskar Jaiswal, Independent <jaiswalsanskar078@gmail.com> (github: @aryan9600, slack: aryan9600)
+Stefan Prodan, ControlPlane <stefan.prodan@gmail.com> (github: @stefanprodan, slack: stefanprodan)
 Takeshi Yoneda, Tetrate <takeshi@tetrate.io> (github: @mathetake, slack: mathetake)
-Sanskar Jaiswal, Weaveworks <sanskar.jaiswal@weave.works> (github: @aryan9600, slack: aryan9600)

Makefile

@@ -6,7 +6,7 @@ build:
 	CGO_ENABLED=0 go build -a -o ./bin/flagger ./cmd/flagger
 
 tidy:
-	rm -f go.sum; go mod tidy -compat=1.19
+	rm -f go.sum; go mod tidy -compat=1.21
 
 vet:
 	go vet ./...
@@ -29,6 +29,11 @@ test-codegen:
 test: test-fmt test-codegen
 	go test ./...
 
+test-coverage: test-fmt test-codegen
+	go test -coverprofile cover.out ./...
+	go tool cover -html=cover.out
+	rm cover.out
+
 crd:
 	cat artifacts/flagger/crd.yaml > charts/flagger/crds/crd.yaml
 	cat artifacts/flagger/crd.yaml > kustomize/base/flagger/crd.yaml

README.md

@@ -85,7 +85,7 @@ spec:
   progressDeadlineSeconds: 60
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:

artifacts/examples/appmesh-abtest.yaml

@@ -11,7 +11,7 @@ spec:
     kind: Deployment
     name: podinfo
   autoscalerRef:
-    apiVersion: autoscaling/v2beta1
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:

artifacts/examples/appmesh-canary.yaml

@@ -11,7 +11,7 @@ spec:
     kind: Deployment
     name: podinfo
   autoscalerRef:
-    apiVersion: autoscaling/v2beta1
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:

artifacts/examples/istio-abtest.yaml

@@ -10,7 +10,7 @@ spec:
     kind: Deployment
     name: podinfo
   autoscalerRef:
-    apiVersion: autoscaling/v2beta1
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:
@@ -20,7 +20,7 @@ spec:
     portName: http
     portDiscovery: true
     gateways:
-      - public-gateway.istio-system.svc.cluster.local
+      - istio-system/public-gateway
       - mesh
     hosts:
       - app.example.com

artifacts/examples/istio-canary.yaml

@@ -11,7 +11,7 @@ spec:
     kind: Deployment
     name: podinfo
   autoscalerRef:
-    apiVersion: autoscaling/v2beta1
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:
@@ -21,7 +21,7 @@ spec:
     portName: http
     portDiscovery: true
     gateways:
-    - public-gateway.istio-system.svc.cluster.local
+    - istio-system/public-gateway
     - mesh
     hosts:
     - app.example.com

artifacts/examples/linkerd-canary-steps.yaml

@@ -11,7 +11,7 @@ spec:
     kind: Deployment
     name: podinfo
   autoscalerRef:
-    apiVersion: autoscaling/v2beta1
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:

artifacts/examples/linkerd-canary.yaml

@@ -11,7 +11,7 @@ spec:
     kind: Deployment
     name: podinfo
   autoscalerRef:
-    apiVersion: autoscaling/v2beta1
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:

artifacts/flagger/crd.yaml

@@ -27,6 +27,10 @@ spec:
         - name: Weight
           type: string
           jsonPath: .status.canaryWeight
+        - name: Suspended
+          type: boolean
+          jsonPath: .spec.suspend
+          priority: 1
         - name: FailedChecks
           type: string
           jsonPath: .status.failedChecks
@@ -121,6 +125,13 @@ spec:
                       type: object
                       additionalProperties:
                         type: string
+                    primaryScalerReplicas:
+                      type: object
+                      properties:
+                        minReplicas:
+                          type: number
+                        maxReplicas:
+                          type: number
                 ingressRef:
                   description: Ingress selector
                   type: object
@@ -471,6 +482,54 @@ spec:
                         uri:
                           format: string
                           type: string
+                        authority:
+                          format: string
+                          type: string
+                        type:
+                          format: string
+                          type: string
+                    mirror:
+                      description: Mirror defines a schema for a filter that mirrors requests.
+                      type: array
+                      items:
+                        type: object
+                        properties:
+                          backendRef:
+                            properties:
+                              group:
+                                default: ""
+                                maxLength: 253
+                                pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                                type: string
+                              kind:
+                                default: Service
+                                maxLength: 63
+                                minLength: 1
+                                pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+                                type: string
+                              name:
+                                maxLength: 253
+                                minLength: 1
+                                type: string
+                              namespace:
+                                maxLength: 63
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+                                type: string
+                              port:
+                                format: int32
+                                maximum: 65535
+                                minimum: 1
+                                type: integer
+                            required:
+                            - name
+                            type: object
+                            x-kubernetes-validations:
+                            - message: Must have port for Service reference
+                              rule: '(size(self.group) == 0 && self.kind == ''Service'')
+                                ? has(self.port) : true'
+                      required:
+                      - backendRef
                     headers:
                       description: Headers operations
                       type: object
@@ -550,6 +609,11 @@ spec:
                             minLength: 1
                             pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                             type: string
+                          port:
+                            format: int32
+                            maximum: 65535
+                            minimum: 1
+                            type: integer
                     corsPolicy:
                       description: Istio Cross-Origin Resource Sharing policy (CORS)
                       type: object
@@ -740,6 +804,10 @@ spec:
                                 - LEAST_CONN
                                 - RANDOM
                                 - PASSTHROUGH
+                                - LEAST_REQUEST
+                              type: string
+                            warmupDurationSecs:
+                              description: Represents the warmup duration of Service.
                               type: string
                         outlierDetection:
                           description: Settings controlling eviction of unhealthy hosts from the load balancing pool.
@@ -843,6 +911,9 @@ spec:
                 revertOnDeletion:
                   description: Revert mutated resources to original spec on deletion
                   type: boolean
+                suspend:
+                  description: Suspend Canary disabling/pausing all canary runs
+                  type: boolean
                 analysis:
                   description: Canary analysis for this canary
                   type: object
@@ -916,6 +987,34 @@ spec:
                                   description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)
                                   format: string
                                   type: string
+                          queryParams:
+                            description: Query parameters for matching.
+                            type: object
+                            additionalProperties:
+                              oneOf:
+                              - not:
+                                  anyOf:
+                                  - required:
+                                    - exact
+                                  - required:
+                                    - prefix
+                                  - required:
+                                    - regex
+                              - required:
+                                - exact
+                              - required:
+                                - prefix
+                              - required:
+                                - regex
+                              properties:
+                                exact:
+                                  type: string
+                                prefix:
+                                  type: string
+                                regex:
+                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
+                                  type: string
+                              type: object
                           sourceLabels:
                             description: Applicable only when the 'mesh' gateway is included in the service.gateways list
                             type: object
@@ -963,6 +1062,11 @@ spec:
                               namespace:
                                 description: Namespace of this metric template
                                 type: string
+                          templateVariables:
+                            description: Additional variables to be used in the metrics query (key-value pairs)
+                            type: object
+                            additionalProperties:
+                              type: string
                     alerts:
                       description: Alert list for this canary analysis
                       type: array
@@ -1028,6 +1132,9 @@ spec:
                             description: Request timeout for this webhook
                             type: string
                             pattern: "^[0-9]+(m|s)"
+                          retries:
+                            description: Number of retries for this webhook
+                            type: number
                           metadata:
                             description: Metadata (key-value pairs) for this webhook
                             type: object

artifacts/flagger/deployment.yaml

@@ -22,7 +22,7 @@ spec:
       serviceAccountName: flagger
       containers:
       - name: flagger
-        image: ghcr.io/fluxcd/flagger:1.27.0
+        image: ghcr.io/fluxcd/flagger:1.36.0
         imagePullPolicy: IfNotPresent
         ports:
         - name: http

charts/flagger/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 name: flagger
-version: 1.27.0
-appVersion: 1.27.0
+version: 1.36.0
+appVersion: 1.36.0
 kubeVersion: ">=1.19.0-0"
 engine: gotpl
 description: Flagger is a progressive delivery operator for Kubernetes

charts/flagger/README.md

@@ -40,10 +40,13 @@ $ helm upgrade -i flagger flagger/flagger \
 To install Flagger for **Linkerd** (requires Linkerd Viz extension):
 
 ```console
+# Note that linkerdAuthPolicy.create=true is only required for Linkerd 2.12 and
+# later
 $ helm upgrade -i flagger flagger/flagger \
-    --namespace=linkerd \
+    --namespace=flagger-system \
     --set meshProvider=linkerd \
-    --set metricsServer=http://prometheus.linkerd-viz:9090
+    --set metricsServer=http://prometheus.linkerd-viz:9090 \
+    --set linkerdAuthPolicy.create=true
 ```
 
 To install Flagger for **AWS App Mesh**:
@@ -137,6 +140,10 @@ The following tables lists the configurable parameters of the Flagger chart and
 | `prometheus.install`                 | If `true`, installs Prometheus configured to scrape all pods in the custer                                                                         | `false`                               |
 | `prometheus.retention`               | Prometheus data retention                                                                                                                          | `2h`                                  |
 | `selectorLabels`                     | List of labels that Flagger uses to create pod selectors                                                                                           | `app,name,app.kubernetes.io/name`     |
+| `serviceMonitor.enabled`             | If `true`, creates service and serviceMonitor for monitoring Flagger metrics                                                                       | `false`                               |
+| `serviceMonitor.honorLabels`         | If `true`, label conflicts are resolved by keeping label values from the scraped data and ignoring the conflicting server-side labels              | `false`                               |
+| `serviceMonitor.namespace`           | Namespace Servicemonitor is installed in                                                                                                           | the same namespace                    |
+| `serviceMonitor.labels`              | labels for the ServiceMonitor passed to Prometheus Operator                                                                                        | `{}`                                  |
 | `configTracking.enabled`             | If `true`, flagger will track changes in Secrets and ConfigMaps referenced in the target deployment                                                | `true`                                |
 | `eventWebhook`                       | If set, Flagger will publish events to the given webhook                                                                                           | None                                  |
 | `slack.url`                          | Slack incoming webhook                                                                                                                             | None                                  |
@@ -164,7 +171,7 @@ The following tables lists the configurable parameters of the Flagger chart and
 | `resources.requests/memory`          | Pod memory request                                                                                                                                 | `32Mi`                                |
 | `resources.limits/cpu`               | Pod CPU limit                                                                                                                                      | `1000m`                               |
 | `resources.limits/memory`            | Pod memory limit                                                                                                                                   | `512Mi`                               |
-| `affinity`                           | Node/pod affinities                                                                                                                                | None                                  |
+| `affinity`                           | Node/pod affinities                                                                                                                                | prefer spread across hosts            |
 | `nodeSelector`                       | Node labels for pod assignment                                                                                                                     | `{}`                                  |
 | `threadiness`                        | Number of controller workers                                                                                                                       | `2`                                   |
 | `tolerations`                        | List of node taints to tolerate                                                                                                                    | `[]`                                  |
@@ -177,7 +184,7 @@ The following tables lists the configurable parameters of the Flagger chart and
 | `podDisruptionBudget.minAvailable`   | The minimal number of available replicas that will be set in the PodDisruptionBudget                                                               | `1`                                   |
 | `podDisruptionBudget.minAvailable`   | The minimal number of available replicas that will be set in the PodDisruptionBudget                                                               | `1`                                   |
 | `noCrossNamespaceRefs`               | If `true`, cross namespace references to custom resources will be disabled                                                                         | `false`                               |
-| `namespace`                          | When specified, Flagger will restrict itself to watching Canary objects from that namespace                                                                   | `""`                                  |
+| `namespace`                          | When specified, Flagger will restrict itself to watching Canary objects from that namespace                                                        | `""`                                  |
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade`. For example,
 

charts/flagger/crds/crd.yaml

@@ -27,6 +27,10 @@ spec:
         - name: Weight
           type: string
           jsonPath: .status.canaryWeight
+        - name: Suspended
+          type: boolean
+          jsonPath: .spec.suspend
+          priority: 1
         - name: FailedChecks
           type: string
           jsonPath: .status.failedChecks
@@ -121,6 +125,13 @@ spec:
                       type: object
                       additionalProperties:
                         type: string
+                    primaryScalerReplicas:
+                      type: object
+                      properties:
+                        minReplicas:
+                          type: number
+                        maxReplicas:
+                          type: number
                 ingressRef:
                   description: Ingress selector
                   type: object
@@ -471,6 +482,54 @@ spec:
                         uri:
                           format: string
                           type: string
+                        authority:
+                          format: string
+                          type: string
+                        type:
+                          format: string
+                          type: string
+                    mirror:
+                      description: Mirror defines a schema for a filter that mirrors requests.
+                      type: array
+                      items:
+                        type: object
+                        properties:
+                          backendRef:
+                            properties:
+                              group:
+                                default: ""
+                                maxLength: 253
+                                pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                                type: string
+                              kind:
+                                default: Service
+                                maxLength: 63
+                                minLength: 1
+                                pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+                                type: string
+                              name:
+                                maxLength: 253
+                                minLength: 1
+                                type: string
+                              namespace:
+                                maxLength: 63
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+                                type: string
+                              port:
+                                format: int32
+                                maximum: 65535
+                                minimum: 1
+                                type: integer
+                            required:
+                            - name
+                            type: object
+                            x-kubernetes-validations:
+                            - message: Must have port for Service reference
+                              rule: '(size(self.group) == 0 && self.kind == ''Service'')
+                                ? has(self.port) : true'
+                      required:
+                      - backendRef
                     headers:
                       description: Headers operations
                       type: object
@@ -550,6 +609,11 @@ spec:
                             minLength: 1
                             pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                             type: string
+                          port:
+                            format: int32
+                            maximum: 65535
+                            minimum: 1
+                            type: integer
                     corsPolicy:
                       description: Istio Cross-Origin Resource Sharing policy (CORS)
                       type: object
@@ -740,6 +804,10 @@ spec:
                                 - LEAST_CONN
                                 - RANDOM
                                 - PASSTHROUGH
+                                - LEAST_REQUEST
+                              type: string
+                            warmupDurationSecs:
+                              description: Represents the warmup duration of Service.
                               type: string
                         outlierDetection:
                           description: Settings controlling eviction of unhealthy hosts from the load balancing pool.
@@ -843,6 +911,9 @@ spec:
                 revertOnDeletion:
                   description: Revert mutated resources to original spec on deletion
                   type: boolean
+                suspend:
+                  description: Suspend Canary disabling/pausing all canary runs
+                  type: boolean
                 analysis:
                   description: Canary analysis for this canary
                   type: object
@@ -916,6 +987,34 @@ spec:
                                   description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)
                                   format: string
                                   type: string
+                          queryParams:
+                            description: Query parameters for matching.
+                            type: object
+                            additionalProperties:
+                              oneOf:
+                              - not:
+                                  anyOf:
+                                  - required:
+                                    - exact
+                                  - required:
+                                    - prefix
+                                  - required:
+                                    - regex
+                              - required:
+                                - exact
+                              - required:
+                                - prefix
+                              - required:
+                                - regex
+                              properties:
+                                exact:
+                                  type: string
+                                prefix:
+                                  type: string
+                                regex:
+                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
+                                  type: string
+                              type: object
                           sourceLabels:
                             description: Applicable only when the 'mesh' gateway is included in the service.gateways list
                             type: object
@@ -963,6 +1062,11 @@ spec:
                               namespace:
                                 description: Namespace of this metric template
                                 type: string
+                          templateVariables:
+                            description: Additional variables to be used in the metrics query (key-value pairs)
+                            type: object
+                            additionalProperties:
+                              type: string
                     alerts:
                       description: Alert list for this canary analysis
                       type: array
@@ -1028,6 +1132,9 @@ spec:
                             description: Request timeout for this webhook
                             type: string
                             pattern: "^[0-9]+(m|s)"
+                          retries:
+                            description: Number of retries for this webhook
+                            type: number
                           metadata:
                             description: Metadata (key-value pairs) for this webhook
                             type: object

charts/flagger/templates/account.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ template "flagger.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
   annotations:
   {{- if .Values.serviceAccount.annotations }}
 {{ toYaml .Values.serviceAccount.annotations | indent 4 }}

charts/flagger/templates/authorizationpolicy.yaml

@@ -0,0 +1,16 @@
+{{- if .Values.linkerdAuthPolicy.create }}
+apiVersion: policy.linkerd.io/v1alpha1
+kind: AuthorizationPolicy
+metadata:
+  namespace: {{ .Values.linkerdAuthPolicy.namespace }}
+  name: prometheus-admin-flagger
+spec:
+  targetRef:
+    group: policy.linkerd.io
+    kind: Server
+    name: prometheus-admin
+  requiredAuthenticationRefs:
+    - kind: ServiceAccount
+      name: {{ template "flagger.serviceAccountName" . }}
+      namespace: {{ .Release.Namespace }}
+{{- end }}

charts/flagger/templates/deployment.yaml

@@ -2,12 +2,17 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "flagger.fullname" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
     helm.sh/chart: {{ template "flagger.chart" . }}
     app.kubernetes.io/name: {{ template "flagger.name" . }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
+  {{- with .Values.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   replicas: {{ .Values.leaderElection.replicaCount }}
   {{- if eq .Values.leaderElection.enabled false }}
@@ -35,16 +40,10 @@ spec:
         {{- end }}
     spec:
       serviceAccountName: {{ template "flagger.serviceAccountName" . }}
+      {{- if .Values.affinity }}
       affinity:
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-            - weight: 100
-              podAffinityTerm:
-                labelSelector:
-                  matchLabels:
-                    app.kubernetes.io/name: {{ template "flagger.name" . }}
-                    app.kubernetes.io/instance: {{ .Release.Name }}
-                topologyKey: kubernetes.io/hostname
+        {{- tpl (toYaml .Values.affinity) . | nindent 8 }}
+      {{- end }}
       {{- if .Values.image.pullSecret }}
       imagePullSecrets:
         - name: {{ .Values.image.pullSecret }}
@@ -55,6 +54,9 @@ spec:
           secret:
             secretName: "{{ .Values.controlplane.kubeconfig.secretName }}"
         {{- end }}
+        {{- if .Values.additionalVolumes }}
+          {{- toYaml .Values.additionalVolumes | nindent 8 -}}
+        {{- end }}
       {{- if .Values.podPriorityClassName }}
       priorityClassName: {{ .Values.podPriorityClassName }}
       {{- end }}                  

charts/flagger/templates/pdb.yaml

@@ -1,8 +1,13 @@
 {{- if .Values.podDisruptionBudget.enabled }}
+{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" -}}
+apiVersion: policy/v1
+{{- else }}
 apiVersion: policy/v1beta1
+{{- end }}
 kind: PodDisruptionBudget
 metadata:
   name: {{ template "flagger.name" . }}
+  namespace: {{ .Release.Namespace }}
 spec:
   minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
   selector:

charts/flagger/templates/psp.yaml

@@ -50,6 +50,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: {{ template "flagger.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
   labels:
     helm.sh/chart: {{ template "flagger.chart" . }}
     app.kubernetes.io/name: {{ template "flagger.name" . }}

charts/flagger/templates/service.yaml

@@ -0,0 +1,19 @@
+{{- if .Values.serviceMonitor.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "flagger.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ template "flagger.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  ports:
+    - name: http
+      port: 8080
+      targetPort: http
+      protocol: TCP
+  selector:
+    app.kubernetes.io/name: {{ template "flagger.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/flagger/templates/servicemonitor.yaml

@@ -0,0 +1,29 @@
+{{- if .Values.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "flagger.name" . }}
+{{- if .Values.serviceMonitor.namespace }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
+  labels:
+    app.kubernetes.io/name: {{ template "flagger.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- with .Values.serviceMonitor.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  endpoints:
+    - path: /metrics
+      port: http
+      interval: 30s
+      scrapeTimeout: 30s
+      honorLabels: {{ .Values.serviceMonitor.honorLabels }}
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "flagger.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/flagger/values.yaml

@@ -1,8 +1,11 @@
 # Default values for flagger.
 
+## Deployment annotations
+# annotations: {}
+
 image:
   repository: ghcr.io/fluxcd/flagger
-  tag: 1.27.0
+  tag: 1.36.0
   pullPolicy: IfNotPresent
   pullSecret:
 
@@ -13,12 +16,22 @@ podAnnotations:
   prometheus.io/scrape: "true"
   prometheus.io/port: "8080"
   appmesh.k8s.aws/sidecarInjectorWebhook: disabled
+  linkerd.io/inject: enabled
 
 # priority class name for pod priority configuration
 podPriorityClassName: ""
 
 metricsServer: "http://prometheus:9090"
 
+# creates serviceMonitor for monitoring Flagger metrics
+serviceMonitor:
+  enabled: false
+  honorLabels: false
+  # Set the namespace the ServiceMonitor should be deployed
+  # namespace: monitoring
+  # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
+  # labels:
+
 # accepted values are kubernetes, istio, linkerd, appmesh, contour, nginx, gloo, skipper, traefik, apisix, osm
 meshProvider: ""
 
@@ -120,6 +133,13 @@ crd:
   # crd.create: `true` if custom resource definitions should be created
   create: false
 
+linkerdAuthPolicy:
+  # linkerdAuthPolicy.create: Whether to create an AuthorizationPolicy in
+  # linkerd viz' namespace to allow flagger to reach viz' prometheus service
+  create: false
+  # linkerdAuthPolicy.namespace: linkerd-viz' namespace
+  namespace: linkerd-viz
+
 nameOverride: ""
 fullnameOverride: ""
 
@@ -135,10 +155,21 @@ nodeSelector: {}
 
 tolerations: []
 
+affinity:
+  podAntiAffinity:
+    preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 100
+        podAffinityTerm:
+          labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: '{{ template "flagger.name" . }}'
+              app.kubernetes.io/instance: '{{ .Release.Name }}'
+          topologyKey: kubernetes.io/hostname
+
 prometheus:
   # to be used with ingress controllers
   install: false
-  image: docker.io/prom/prometheus:v2.39.1
+  image: docker.io/prom/prometheus:v2.41.0
   pullSecret:
   retention: 2h
   # when enabled, it will add a security context for the prometheus pod
@@ -166,3 +197,8 @@ podDisruptionBudget:
 podLabels: {}
 
 noCrossNamespaceRefs: false
+
+#Placeholder to supply additional volumes to the flagger pod
+additionalVolumes: {}
+  # - name: tmpfs
+  #   emptyDir: {}

charts/loadtester/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 name: loadtester
-version: 0.28.0
-appVersion: 0.28.0
+version: 0.31.0
+appVersion: 0.31.0
 kubeVersion: ">=1.19.0-0"
 engine: gotpl
 description: Flagger's load testing services based on rakyll/hey and bojand/ghz that generates traffic during canary analysis when configured as a webhook.

charts/loadtester/templates/pdb.yaml

@@ -1,5 +1,9 @@
 {{- if .Values.podDisruptionBudget.enabled }}
+{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" -}}
+apiVersion: policy/v1
+{{- else }}
 apiVersion: policy/v1beta1
+{{- end }}
 kind: PodDisruptionBudget
 metadata:
   name: {{ include "loadtester.fullname" . }}

charts/loadtester/values.yaml

@@ -2,7 +2,7 @@ replicaCount: 1
 
 image:
   repository: ghcr.io/fluxcd/flagger-loadtester
-  tag: 0.28.0
+  tag: 0.31.0
   pullPolicy: IfNotPresent
   pullSecret:
 

charts/podinfo/README.md

@@ -20,7 +20,7 @@ helm upgrade -i frontend flagger/podinfo \
 --set backend=http://backend.test:9898/echo \
 --set canary.enabled=true \
 --set canary.istioIngress.enabled=true \
---set canary.istioIngress.gateway=public-gateway.istio-system.svc.cluster.local \
+--set canary.istioIngress.gateway=istio-system/public-gateway \
 --set canary.istioIngress.host=frontend.istio.example.com
 ```
 

charts/podinfo/templates/canary.yaml

@@ -14,7 +14,7 @@ spec:
     kind: Deployment
     name:  {{ template "podinfo.fullname" . }}
   autoscalerRef:
-    apiVersion: autoscaling/v2beta1
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name:  {{ template "podinfo.fullname" . }}
   service:
@@ -57,4 +57,4 @@ spec:
         metadata:
           cmd: "hey -z 1m -q 5 -c 2 http://{{ template "podinfo.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }}"
       {{- end }}
-{{- end }}
+{{- end }}

charts/podinfo/templates/hpa.yaml

@@ -1,5 +1,5 @@
 {{- if .Values.hpa.enabled -}}
-apiVersion: autoscaling/v2beta1
+apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
   name: {{ template "podinfo.fullname" . }}

charts/podinfo/values.yaml

@@ -25,7 +25,7 @@ canary:
   istioIngress:
     enabled: false
     # Istio ingress gateway name
-    gateway: public-gateway.istio-system.svc.cluster.local
+    gateway: istio-system/public-gateway
     # external host name eg. podinfo.example.com
     host:
   analysis:

cmd/loadtester/main.go

@@ -22,13 +22,14 @@ import (
 	"regexp"
 	"time"
 
+	"go.uber.org/zap"
+
 	"github.com/fluxcd/flagger/pkg/loadtester"
 	"github.com/fluxcd/flagger/pkg/logger"
 	"github.com/fluxcd/flagger/pkg/signals"
-	"go.uber.org/zap"
 )
 
-var VERSION = "0.28.0"
+var VERSION = "0.31.0"
 var (
 	logLevel          string
 	port              string

docs/gitbook/README.md

@@ -37,6 +37,7 @@ After installing Flagger, you can follow one of these tutorials to get started:
 * [Istio](tutorials/istio-progressive-delivery.md)
 * [Linkerd](tutorials/linkerd-progressive-delivery.md)
 * [AWS App Mesh](tutorials/appmesh-progressive-delivery.md)
+* [AWS App Mesh: Canary Deployment Using Flagger](https://www.eksworkshop.com/advanced/340_appmesh_flagger/)
 * [Open Service Mesh](tutorials/osm-progressive-delivery.md)
 * [Kuma](tutorials/kuma-progressive-delivery.md)
 
@@ -54,3 +55,6 @@ After installing Flagger, you can follow one of these tutorials to get started:
 * [Istio](https://github.com/stefanprodan/gitops-istio)
 * [Linkerd](https://helm.workshop.flagger.dev)
 * [AWS App Mesh](https://eks.handson.flagger.dev)
+
+The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, 
+please see our [Trademark Usage page](https://www.linuxfoundation.org/legal/trademark-usage).

docs/gitbook/faq.md

@@ -391,10 +391,10 @@ sum(
     rate(
         istio_requests_total{
           reporter="destination",
-          destination_workload_namespace=~"$namespace",
-          destination_workload=~"$workload",
+          destination_workload_namespace=~"{{ namespace }}",
+          destination_workload=~"{{ target }}",
           response_code!~"5.*"
-        }[$interval]
+        }[{{ interval }}]
     )
 )
 /
@@ -402,9 +402,9 @@ sum(
     rate(
         istio_requests_total{
           reporter="destination",
-          destination_workload_namespace=~"$namespace",
-          destination_workload=~"$workload"
-        }[$interval]
+          destination_workload_namespace=~"{{ namespace }}",
+          destination_workload=~"{{ target }}"
+        }[{{ interval }}]
     )
 )
 ```
@@ -415,19 +415,19 @@ Envoy query (App Mesh):
 sum(
     rate(
         envoy_cluster_upstream_rq{
-          kubernetes_namespace="$namespace",
-          kubernetes_pod_name=~"$workload",
+          kubernetes_namespace="{{ namespace }}",
+          kubernetes_pod_name=~"{{ target }}",
           envoy_response_code!~"5.*"
-        }[$interval]
+        }[{{ interval }}]
     )
 )
 /
 sum(
     rate(
         envoy_cluster_upstream_rq{
-          kubernetes_namespace="$namespace",
-          kubernetes_pod_name=~"$workload"
-        }[$interval]
+          kubernetes_namespace="{{ namespace }}",
+          kubernetes_pod_name=~"{{ target }}"
+        }[{{ interval }}]
     )
 )
 ```
@@ -438,17 +438,17 @@ Envoy query (Contour and Gloo):
 sum(
     rate(
         envoy_cluster_upstream_rq{
-            envoy_cluster_name=~"$namespace-$workload",
+            envoy_cluster_name=~"{{ namespace }}-{{ target }}",
             envoy_response_code!~"5.*"
-        }[$interval]
+        }[{{ interval }}]
     )
 )
 /
 sum(
     rate(
         envoy_cluster_upstream_rq{
-            envoy_cluster_name=~"$namespace-$workload",
-        }[$interval]
+            envoy_cluster_name=~"{{ namespace }}-{{ target }}",
+        }[{{ interval }}]
     )
 )
 ```
@@ -476,9 +476,9 @@ histogram_quantile(0.99,
     irate(
       istio_request_duration_milliseconds_bucket{
         reporter="destination",
-        destination_workload=~"$workload",
-        destination_workload_namespace=~"$namespace"
-      }[$interval]
+        destination_workload=~"{{ target }}",
+        destination_workload_namespace=~"{{ namespace }}"
+      }[{{ interval }}]
     )
   ) by (le)
 )
@@ -491,9 +491,9 @@ histogram_quantile(0.99,
   sum(
     irate(
       envoy_cluster_upstream_rq_time_bucket{
-        kubernetes_pod_name=~"$workload",
-        kubernetes_namespace=~"$namespace"
-      }[$interval]
+        kubernetes_pod_name=~"{{ target }}",
+        kubernetes_namespace=~"{{ namespace }}"
+      }[{{ interval }}]
     )
   ) by (le)
 )
@@ -515,10 +515,10 @@ If you're using Istio with Gateway API, the Prometheus query needs to include `r
     rate(
         istio_requests_total{
           reporter="source",
-          destination_workload_namespace=~"$namespace",
-          destination_workload=~"$workload",
+          destination_workload_namespace=~"{{ namespace }}",
+          destination_workload=~"{{ target }}",
           response_code!~"5.*"
-        }[$interval]
+        }[{{ interval }}]
     )
 )
 /
@@ -526,9 +526,9 @@ sum(
     rate(
         istio_requests_total{
           reporter="source",
-          destination_workload_namespace=~"$namespace",
-          destination_workload=~"$workload"
-        }[$interval]
+          destination_workload_namespace=~"{{ namespace }}",
+          destination_workload=~"{{ target }}"
+        }[{{ interval }}]
     )
 ) * 100
 ```
@@ -558,7 +558,7 @@ spec:
     portName: http-frontend
     # Istio gateways (optional)
     gateways:
-    - public-gateway.istio-system.svc.cluster.local
+    - istio-system/public-gateway
     - mesh
     # Istio virtual service host names (optional)
     hosts:
@@ -614,7 +614,7 @@ metadata:
       uid: 3a4a40dd-3875-11e9-8e1d-42010a9c0fd1
 spec:
   gateways:
-    - public-gateway.istio-system.svc.cluster.local
+    - istio-system/public-gateway
     - mesh
   hosts:
     - frontend.example.com
@@ -784,7 +784,7 @@ metadata:
   namespace: test
 spec:
   gateways:
-    - public-gateway.istio-system.svc.cluster.local
+    - istio-system/public-gateway
     - mesh
   hosts:
     - frontend.example.com
@@ -821,7 +821,7 @@ spec:
   service:
     port: 8080
     gateways:
-    - public-gateway.istio-system.svc.cluster.local
+    - istio-system/public-gateway
     hosts:
     - my-site.com
     match:
@@ -838,7 +838,7 @@ spec:
   service:
     port: 8080
     gateways:
-    - public-gateway.istio-system.svc.cluster.local
+    - istio-system/public-gateway
     hosts:
     - my-site.com
     match:

docs/gitbook/install/flagger-install-on-google-cloud.md

@@ -383,7 +383,7 @@ spec:
   hosts:
   - "grafana.example.com"
   gateways:
-  - public-gateway.istio-system.svc.cluster.local
+  - istio-system/public-gateway
   http:
   - route:
     - destination:

docs/gitbook/install/flagger-install-with-flux.md

@@ -42,7 +42,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2
 kind: HelmRepository
 metadata:
   name: flagger
-  namespace: flux-system
+  namespace: flagger-system
 spec:
   interval: 1h
   url: oci://ghcr.io/fluxcd/charts
@@ -139,7 +139,7 @@ spec:
   sourceRef:
     kind: OCIRepository
     name: flagger-loadtester
-  path: ./kustomize/tester
+  path: ./tester
   targetNamespace: apps
 ```
 

docs/gitbook/tutorials/appmesh-progressive-delivery.md

@@ -80,7 +80,7 @@ spec:
   progressDeadlineSeconds: 60
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:

docs/gitbook/tutorials/canary-helm-gitops.md

@@ -50,7 +50,7 @@ helm upgrade -i frontend flagger/podinfo \
 --set backend=http://backend.test:9898/echo \
 --set canary.enabled=true \
 --set canary.istioIngress.enabled=true \
---set canary.istioIngress.gateway=public-gateway.istio-system.svc.cluster.local \
+--set canary.istioIngress.gateway=istio-system/public-gateway \
 --set canary.istioIngress.host=frontend.istio.example.com
 ```
 
@@ -278,7 +278,7 @@ spec:
         enabled: true
         istioIngress:
           enabled: true
-          gateway: public-gateway.istio-system.svc.cluster.local
+          gateway: istio-system/public-gateway
           host: frontend.istio.example.com
         loadtest:
           enabled: true

docs/gitbook/tutorials/contour-progressive-delivery.md

@@ -76,7 +76,7 @@ spec:
     name: podinfo
   # HPA reference
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:

docs/gitbook/tutorials/gatewayapi-progressive-delivery.md

@@ -6,55 +6,64 @@ This guide shows you how to use [Gateway API](https://gateway-api.sigs.k8s.io/)
 
 ## Prerequisites
 
-Flagger requires a Kubernetes cluster **v1.19** or newer and any mesh/ingress that implements the `v1beta1` version of Gateway API. We'll be using Contour for the sake of this tutorial, but you can use any other implementation.
+Flagger requires a Kubernetes cluster **v1.19** or newer and any mesh/ingress that implements the `v1beta1` or the `v1` version of Gateway API.
+We'll be using Istio for the sake of this tutorial, but you can use any other implementation.
 
-> Note: Flagger supports `v1alpha2` version of Gateway API, but the alpha version has been deprecated and support will be dropped in a future release.
-
-Install Contour, its Gateway provisioner and Gateway API CRDs in the `projectcontour` namespace:
+Install the Gateway API CRDs
 
 ```bash
-https://raw.githubusercontent.com/projectcontour/contour/release-1.23/examples/render/contour-gateway-provisioner.yaml
+kubectl apply -k "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v1.0.0"
 ```
 
-> Alternatively, you can also install the Gateway API CRDs from the upstream project:
+Install Istio:
+
 ```bash
-kubectl apply -k github.com/kubernetes-sigs/gateway-api/config/crd?ref=v0.6.0
+istioctl install --set profile=minimal -y
+
+# Suggestion: Please change release-1.20 in below command, to your real istio version.
+kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.20/samples/addons/prometheus.yaml
 ```
 
 Install Flagger in the `flagger-system` namespace:
 
 ```bash
-kubectl apply -k github.com/fluxcd/flagger//kustomize/gatewayapi
+kubectl create ns flagger-system
+
+helm repo add flagger https://flagger.app
+helm upgrade -i flagger flagger/flagger \
+  --namespace flagger-system \
+  --set prometheus.install=false \
+  --set meshProvider=gatewayapi:v1 \
+  --set metricsServer=http://prometheus.istio-system:9090
 ```
 
-Create a `GatewayClass` that specifies information about the Gateway controller:
+> Note: The above installation sets the mesh provider to be `gatewayapi:v1`. If your Gateway API implementation uses the `v1beta1` CRDs, then
+set the `--meshProvider` value to `gatewayapi:v1beta1`.
 
-```yaml
-kind: GatewayClass
-apiVersion: gateway.networking.k8s.io/v1beta1
-metadata:
-  name: contour
-spec:
-  controllerName: projectcontour.io/gateway-controller
+Create a namespace for the `Gateway`:
+
+```bash
+kubectl create ns istio-ingress
 ```
 
 Create a `Gateway` that configures load balancing, traffic ACL, etc:
 
 ```yaml
-kind: Gateway
 apiVersion: gateway.networking.k8s.io/v1beta1
+kind: Gateway
 metadata:
-  name: contour
-  namespace: projectcontour
+  name: gateway
+  namespace: istio-ingress
 spec:
-  gatewayClassName: contour
+  gatewayClassName: istio
   listeners:
-    - name: http
-      protocol: HTTP
-      port: 80
-      allowedRoutes:
-        namespaces:
-          from: All
+  - name: default
+    hostname: "*.example.com"
+    port: 80
+    protocol: HTTP
+    allowedRoutes:
+      namespaces:
+        from: All
 ```
 
 ## Bootstrap
@@ -90,13 +99,15 @@ metadata:
 spec:
   provider:
     type: prometheus
-    address: http://flagger-prometheus:9090
+    address: http://prometheus.istio-system:9090
   query: |
     histogram_quantile(0.99,
       sum(
         rate(
-          envoy_cluster_upstream_rq_time_bucket{
-            envoy_cluster_name=~"{{ namespace }}_{{ target }}-canary_[0-9a-zA-Z-]+",
+          istio_request_duration_milliseconds_bucket{
+            reporter="source",
+            destination_workload_namespace=~"{{ namespace }}",
+            destination_workload=~"{{ target }}",
           }[{{ interval }}]
         )
       ) by (le)
@@ -110,21 +121,25 @@ metadata:
 spec:
   provider:
     type: prometheus
-    address: http://flagger-prometheus:9090
+    address: http://prometheus.istio-system:9090
   query: |
     100 - sum(
       rate(
-        envoy_cluster_upstream_rq{
-          envoy_cluster_name=~"{{ namespace }}_{{ target }}-canary_[0-9a-zA-Z-]+",
-          envoy_response_code!~"5.*"
+        istio_requests_total{
+          reporter="source",
+          destination_workload_namespace=~"{{ namespace }}",
+          destination_workload=~"{{ target }}",
+          response_code!~"5.*"
         }[{{ interval }}]
       )
     )
     /
     sum(
       rate(
-        envoy_cluster_upstream_rq{
-          envoy_cluster_name=~"{{ namespace }}_{{ target }}-canary_[0-9a-zA-Z-]+",
+        istio_requests_total{
+          reporter="source",
+          destination_workload_namespace=~"{{ namespace }}",
+          destination_workload=~"{{ target }}",
         }[{{ interval }}]
       )
     )
@@ -137,7 +152,7 @@ Save the above resource as metric-templates.yaml and then apply it:
 kubectl apply -f metric-templates.yaml
 ```
 
-Create a canary custom resource \(replace "loaclproject.contour.io" with your own domain\):
+Create a canary custom resource \(replace "www.example.com" with your own domain\):
 
 ```yaml
 apiVersion: flagger.app/v1beta1
@@ -156,7 +171,7 @@ spec:
   progressDeadlineSeconds: 60
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:
@@ -166,11 +181,11 @@ spec:
     targetPort: 9898
     # Gateway API HTTPRoute host names
     hosts:
-     - localproject.contour.io
+     - www.example.com
     # Reference to the Gateway that the generated HTTPRoute would attach to.
     gatewayRefs:
-      - name: contour
-        namespace: projectcontour
+      - name: gateway
+        namespace: istio-ingress
   analysis:
     # schedule interval (default 60s)
     interval: 1m
@@ -213,7 +228,7 @@ spec:
         url: http://flagger-loadtester.test/
         timeout: 5s
         metadata:
-          cmd: "hey -z 2m -q 10 -c 2 -host localproject.contour.io http://envoy.projectcontour/"
+          cmd: "hey -z 2m -q 10 -c 2 -host www.example.com http://gateway-istio.istio-ingress/"
 ```
 
 Save the above resource as podinfo-canary.yaml and then apply it:
@@ -243,26 +258,27 @@ httproutes.gateway.networking.k8s.io/podinfo
 
 ## Expose the app outside the cluster
 
-Find the external address of Contour's Envoy load balancer:
+Find the external address of Istio's load balancer:
 
 ```bash
-export ADDRESS="$(kubectl -n projectcontour get svc/envoy -ojson \
+export ADDRESS="$(kubectl -n istio-ingress get svc/gateway-istio -ojson \
 | jq -r ".status.loadBalancer.ingress[].hostname")"
 echo $ADDRESS
 ```
 
-Configure your DNS server with a CNAME record \(AWS\) or A record \(GKE/AKS/DOKS\) and point a domain e.g. `localproject.contour.io` to the LB address.
+Configure your DNS server with a CNAME record \(AWS\) or A record \(GKE/AKS/DOKS\) and point a domain e.g. `www.example.com` to the LB address.
 
 Now you can access the podinfo UI using your domain address.
 
-Note that you should be using HTTPS when exposing production workloads on internet. You can obtain free TLS certs from Let's Encrypt, read this [guide](https://github.com/stefanprodan/eks-contour-ingress) on how to configure cert-manager to secure Contour with TLS certificates.
+Note that you should be using HTTPS when exposing production workloads on internet. You can obtain free TLS certs from Let's Encrypt, read this
+[guide](https://github.com/stefanprodan/istio-gke) on how to configure cert-manager to secure Istio with TLS certificates.
 
 If you're using a local cluster via kind/k3s you can port forward the Envoy LoadBalancer service:
 ```bash
-kubectl port-forward -n projectcontour svc/envoy 8080:80
+kubectl port-forward -n istio-ingress svc/gateway-istio 8080:80
 ```
 
-Now you can access podinfo via `curl -H "Host: localproject.contour.io" localhost:8080`
+Now you can access podinfo via `curl -H "Host: www.example.com" localhost:8080`
 
 ## Automated canary promotion
 
@@ -382,13 +398,15 @@ Events:
   Warning  Synced  1m    flagger  Canary failed! Scaling down podinfo.test
 ```
 
-# A/B Testing
+## Session Affinity
 
-Besides weighted routing, Flagger can be configured to route traffic to the canary based on HTTP match conditions. In an A/B testing scenario, you'll be using HTTP headers or cookies to target a certain segment of your users. This is particularly useful for frontend applications that require session affinity.
+While Flagger can perform weighted routing and A/B testing individually, with Gateway API it can combine the two leading to a Canary
+release with session affinity.
+For more information you can read the [deployment strategies docs](../usage/deployment-strategies.md#canary-release-with-session-affinity).
 
-![Flagger A/B Testing Stages](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-abtest-steps.png)
+> **Note:** The implementation must have support for the [`ResponseHeaderModifier`](https://github.com/kubernetes-sigs/gateway-api/blob/3d22aa5a08413222cb79e6b2e245870360434614/apis/v1beta1/httproute_types.go#L651) API. 
 
-Create a canary custom resource \(replace "loaclproject.contour.io" with your own domain\):
+Create a canary custom resource \(replace www.example.com with your own domain\):
 
 ```yaml
 apiVersion: flagger.app/v1beta1
@@ -407,7 +425,7 @@ spec:
   progressDeadlineSeconds: 60
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:
@@ -417,11 +435,120 @@ spec:
     targetPort: 9898
     # Gateway API HTTPRoute host names
     hosts:
-     - localproject.contour.io
+     - www.example.com
     # Reference to the Gateway that the generated HTTPRoute would attach to.
     gatewayRefs:
-      - name: contour
-        namespace: projectcontour
+      - name: gateway
+        namespace: istio-ingress
+  analysis:
+    # schedule interval (default 60s)
+    interval: 1m
+    # max number of failed metric checks before rollback
+    threshold: 5
+    # max traffic percentage routed to canary
+    # percentage (0-100)
+    maxWeight: 50
+    # canary increment step
+    # percentage (0-100)
+    stepWeight: 10
+    # session affinity config
+    sessionAffinity:
+      # name of the cookie used
+      cookieName: flagger-cookie
+      # max age of the cookie (in seconds)
+      # optional; defaults to 86400
+      maxAge: 21600
+    metrics:
+    - name: error-rate
+      # max error rate (5xx responses)
+      # percentage (0-100)
+      templateRef:
+        name: error-rate
+        namespace: flagger-system
+      thresholdRange:
+        max: 1
+      interval: 1m
+    - name: latency
+      templateRef:
+        name: latency
+        namespace: flagger-system
+      # seconds
+      thresholdRange:
+         max: 0.5
+      interval: 30s
+    # testing (optional)
+    webhooks:
+      - name: smoke-test
+        type: pre-rollout
+        url: http://flagger-loadtester.test/
+        timeout: 15s
+        metadata:
+          type: bash
+          cmd: "curl -sd 'anon' http://podinfo-canary.test:9898/token | grep token"
+      - name: load-test
+        url: http://flagger-loadtester.test/
+        timeout: 5s
+        metadata:
+          cmd: "hey -z 2m -q 10 -c 2 -host www.example.com http://gateway-istio.istio-ingress/"
+```
+
+Save the above resource as podinfo-canary-session-affinity.yaml and then apply it:
+
+```bash
+kubectl apply -f ./podinfo-canary-session-affinity.yaml
+```
+
+Trigger a canary deployment by updating the container image:
+
+```bash
+kubectl -n test set image deployment/podinfo \
+podinfod=ghcr.io/stefanprodan/podinfo:6.0.1
+```
+
+You can load `www.example.com` in your browser and refresh it until you see the requests being served by `podinfo:6.0.1`.
+All subsequent requests after that will be served by `podinfo:6.0.1` and not `podinfo:6.0.0` because of the session affinity
+configured by Flagger in the HTTPRoute object.
+
+# A/B Testing
+
+Besides weighted routing, Flagger can be configured to route traffic to the canary based on HTTP match conditions. In an A/B testing scenario, you'll be using HTTP headers or cookies to target a certain segment of your users. This is particularly useful for frontend applications that require session affinity.
+
+![Flagger A/B Testing Stages](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-abtest-steps.png)
+
+Create a canary custom resource \(replace "www.example.com" with your own domain\):
+
+```yaml
+apiVersion: flagger.app/v1beta1
+kind: Canary
+metadata:
+  name: podinfo
+  namespace: test
+spec:
+  # deployment reference
+  targetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: podinfo
+  # the maximum time in seconds for the canary deployment
+  # to make progress before it is rollback (default 600s)
+  progressDeadlineSeconds: 60
+  # HPA reference (optional)
+  autoscalerRef:
+    apiVersion: autoscaling/v2
+    kind: HorizontalPodAutoscaler
+    name: podinfo
+  service:
+    # service port number
+    port: 9898
+    # container port number or name (optional)
+    targetPort: 9898
+    # Gateway API HTTPRoute host names
+    hosts:
+     - www.example.com
+    # Reference to the Gateway that the generated HTTPRoute would attach to.
+    gatewayRefs:
+      - name: gateway
+        namespace: istio-ingress
   analysis:
     # schedule interval (default 60s)
     interval: 1m
@@ -464,7 +591,7 @@ spec:
         url: http://flagger-loadtester.test/
         timeout: 5s
         metadata:
-          cmd: "hey -z 2m -q 10 -c 2 -host localproject.contour.io -H 'X-Canary: insider' http://envoy.projectcontour/"
+          cmd: "hey -z 2m -q 10 -c 2 -host www.example.com -H 'X-Canary: insider' http://gateway-istio.istio-ingress/"
 ```
 
 The above configuration will run an analysis for ten minutes targeting those users that have an insider cookie.
@@ -485,7 +612,7 @@ podinfod=stefanprodan/podinfo:6.0.3
 Flagger detects that the deployment revision changed and starts a new rollout:
 
 ```text
-kubectl -n test describe canary/abtest
+kubectl -n test describe canary/podinfo
 
 Status:
   Failed Checks:         0
@@ -511,5 +638,90 @@ Events:
   Normal   Synced  5s    flagger  Promotion completed! Scaling down podinfo.test
 ```
 
+## Traffic mirroring
+
+![Flagger Canary Traffic Shadowing](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-canary-traffic-mirroring.png)
+
+For applications that perform read operations, Flagger can be configured to do B/G tests with traffic mirroring.
+Gateway API traffic mirroring will copy each incoming request, sending one request to the primary and one to the canary service.
+The response from the primary is sent back to the user and the response from the canary is discarded.
+Metrics are collected on both requests so that the deployment will only proceed if the canary metrics are within the threshold values.
+
+Note that mirroring should be used for requests that are **idempotent** or capable of being processed twice \(once by the primary and once by the canary\).
+
+You can enable mirroring by replacing `stepWeight` with `iterations` and by setting `analysis.mirror` to `true`:
+
+```yaml
+apiVersion: flagger.app/v1beta1
+kind: Canary
+metadata:
+  name: podinfo
+  namespace: test
+spec:
+  # deployment reference
+  targetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: podinfo
+  service:
+    # service port number
+    port: 9898
+    # container port number or name (optional)
+    targetPort: 9898
+    # Gateway API HTTPRoute host names
+    hosts:
+     - www.example.com
+    # Reference to the Gateway that the generated HTTPRoute would attach to.
+    gatewayRefs:
+      - name: gateway
+        namespace: istio-ingress
+  analysis:
+    # schedule interval
+    interval: 1m
+    # max number of failed metric checks before rollback
+    threshold: 5
+    # total number of iterations
+    iterations: 10
+    # enable traffic shadowing
+    mirror: true
+    # Gateway API HTTPRoute host names
+    metrics:
+      - name: request-success-rate
+        thresholdRange:
+          min: 99
+        interval: 1m
+      - name: request-duration
+        thresholdRange:
+          max: 500
+        interval: 1m
+    webhooks:
+      - name: load-test
+        url: http://flagger-loadtester.test/
+        timeout: 5s
+        metadata:
+          cmd: "hey -z 2m -q 10 -c 2 -host www.example.com http://gateway-istio.istio-ingress/"
+```
+
+With the above configuration, Flagger will run a canary release with the following steps:
+
+* detect new revision \(deployment spec, secrets or configmaps changes\)
+* scale from zero the canary deployment
+* wait for the HPA to set the canary minimum replicas
+* check canary pods health
+* run the acceptance tests
+* abort the canary release if tests fail
+* start the load tests
+* mirror 100% of the traffic from primary to canary
+* check request success rate and request duration every minute
+* abort the canary release if the metrics check failure threshold is reached
+* stop traffic mirroring after the number of iterations is reached
+* route live traffic to the canary pods
+* promote the canary \(update the primary secrets, configmaps and deployment spec\)
+* wait for the primary deployment rollout to finish
+* wait for the HPA to set the primary minimum replicas
+* check primary pods health
+* switch live traffic back to primary
+* scale to zero the canary
+* send notification with the canary analysis result
 
 The above procedures can be extended with [custom metrics](../usage/metrics.md) checks, [webhooks](../usage/webhooks.md), [manual promotion](../usage/webhooks.md#manual-gating) approval and [Slack or MS Teams](../usage/alerting.md) notifications.

docs/gitbook/tutorials/gloo-progressive-delivery.md

@@ -110,7 +110,7 @@ spec:
     name: podinfo
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:

docs/gitbook/tutorials/istio-ab-testing.md

@@ -15,7 +15,7 @@ Install Istio with telemetry support and Prometheus:
 ```bash
 istioctl manifest install --set profile=default
 
-kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.8/samples/addons/prometheus.yaml
+kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.18/samples/addons/prometheus.yaml
 ```
 
 Install Flagger in the `istio-system` namespace:
@@ -84,7 +84,7 @@ spec:
   progressDeadlineSeconds: 60
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:
@@ -92,7 +92,7 @@ spec:
     port: 9898
     # Istio gateways (optional)
     gateways:
-    - public-gateway.istio-system.svc.cluster.local
+    - istio-system/public-gateway
     # Istio virtual service host names (optional)
     hosts:
     - app.example.com
@@ -179,7 +179,7 @@ podinfod=ghcr.io/stefanprodan/podinfo:6.0.1
 Flagger detects that the deployment revision changed and starts a new rollout:
 
 ```text
-kubectl -n test describe canary/abtest
+kubectl -n test describe canary/podinfo
 
 Status:
   Failed Checks:         0

docs/gitbook/tutorials/istio-progressive-delivery.md

@@ -14,7 +14,7 @@ Install Istio with telemetry support and Prometheus:
 istioctl manifest install --set profile=default
 
 # Suggestion: Please change release-1.8 in below command, to your real istio version.
-kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.8/samples/addons/prometheus.yaml
+kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.18/samples/addons/prometheus.yaml
 ```
 
 Install Flagger in the `istio-system` namespace:
@@ -85,7 +85,7 @@ spec:
   progressDeadlineSeconds: 60
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:
@@ -95,7 +95,7 @@ spec:
     targetPort: 9898
     # Istio gateways (optional)
     gateways:
-    - public-gateway.istio-system.svc.cluster.local
+    - istio-system/public-gateway
     # Istio virtual service host names (optional)
     hosts:
     - app.example.com
@@ -316,7 +316,7 @@ spec:
   progressDeadlineSeconds: 60
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:
@@ -326,7 +326,7 @@ spec:
     targetPort: 9898
     # Istio gateways (optional)
     gateways:
-    - public-gateway.istio-system.svc.cluster.local
+    - istio-system/public-gateway
     # Istio virtual service host names (optional)
     hosts:
     - app.example.com
@@ -480,3 +480,61 @@ With the above configuration, Flagger will run a canary release with the followi
 
 The above procedure can be extended with [custom metrics](../usage/metrics.md) checks, [webhooks](../usage/webhooks.md), [manual promotion](../usage/webhooks.md#manual-gating) approval and [Slack or MS Teams](../usage/alerting.md) notifications.
 
+
+## Canary Deployments for TCP Services
+
+Performing a Canary deployment on a TCP (non HTTP) service is nearly identical to an HTTP Canary. Besides updating your `Gateway` document to support the `TCP` routing, the only difference is you have to set the `appProtocol` field to `TCP` inside of the `service` section of your `Canary` document.
+
+#### Example:
+
+```yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: public-gateway
+  namespace: istio-system
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+    - port:
+        number: 7070
+        name: tcp-service
+        protocol: TCP # <== set the protocol to tcp here
+      hosts:
+        - "*"
+```
+
+```yaml
+apiVersion: flagger.app/v1beta1
+kind: Canary
+# omitted for brevity
+spec:
+  service:
+    port: 7070
+    appProtocol: TCP # <== set the appProtocol here
+    targetPort: 7070
+    portName: "tcp-service-port"
+```
+
+If the `appProtocol` equals `TCP` then Flagger will treat this as a Canary deployment for a `TCP` service. When it creates the `VirtualService` document it will add a `TCP` section to route requests between the `primary` and `canary` services. See Istio documentation for more information on this [spec](https://istio.io/latest/docs/reference/config/networking/virtual-service/#TCPRoute).
+
+The resulting `VirtualService` will include a `tcp` section similar to what is shown below:
+```yaml
+tcp:
+  - route:
+    - destination:
+        host: tcp-service-primary
+        port:
+          number: 7070
+      weight: 100
+    - destination:
+        host: tcp-service-canary
+        port:
+          number: 7070
+      weight: 0
+```
+
+Once the Canary analysis begins, Flagger will be able to adjust the weights inside of this `tcp` section to advance the Canary deployment until it either runs into an error (and is halted) or it successfully reaches the end of the analysis and is Promoted.
+
+It is also important to note that if you set `appProtocol` to anything other than `TCP`, for example if you set it to `HTTP`, it will perform the Canary and treat it as an `HTTP` service. The same remains true if you do not set `appProtocol` at all. It will __ONLY__ treat a Canary as a `TCP` service if `appProtocal` equals `TCP`.

docs/gitbook/tutorials/keda-scaledobject.md

@@ -99,6 +99,11 @@ spec:
     # ScaledObject targeting the primary deployment. (Optional)
     primaryScalerQueries:
       prom-trigger: sum(rate(http_requests_total{ app="podinfo-primary" }[30s]))
+    # Overriding replica scaling configuration for the generated ScaledObject
+    # targeting the primary deployment. (Optional)
+    primaryScalerReplicas:
+      minReplicas: 2
+      maxReplicas: 5
   # the maximum time in seconds for the canary deployment
   # to make progress before rollback (default 600s)
   progressDeadlineSeconds: 60
@@ -167,6 +172,9 @@ If, the generated query does not meet your requirements, you can specify the que
 `.spec.autoscalerRef.primaryScalerQueries`, which lets you define a query for each trigger. Please note that, your ScaledObject's `.spec.triggers[@].name` must
 not be blank, as Flagger needs that to identify each trigger uniquely.
 
+In the situation when it is desired to have different scaling replica configuration between the canary and primary deployment ScaledObject you can use
+the `.spec.autoscalerRef.primaryScalerReplicas` to override these values for the generated primary ScaledObject.
+
 After the boostrap, the podinfo deployment will be scaled to zero and the traffic to `podinfo.test` will be routed to the primary pods. To keep the podinfo deployment
 at 0 replicas and pause auto scaling, Flagger will add an annotation to your ScaledObject: `autoscaling.keda.sh/paused-replicas: 0`.
 During the canary analysis, the annotation is removed, to enable auto scaling for the podinfo deployment.

docs/gitbook/tutorials/kubernetes-blue-green.md

@@ -84,7 +84,7 @@ spec:
   progressDeadlineSeconds: 60
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:

docs/gitbook/tutorials/kuma-progressive-delivery.md

@@ -6,13 +6,13 @@ This guide shows you how to use Kuma and Flagger to automate canary deployments.
 
 ## Prerequisites
 
-Flagger requires a Kubernetes cluster **v1.16** or newer and Kuma **1.3** or newer.
+Flagger requires a Kubernetes cluster **v1.19** or newer and Kuma **1.7** or newer.
 
 Install Kuma and Prometheus (part of Kuma Metrics):
 
 ```bash
 kumactl install control-plane | kubectl apply -f -
-kumactl install metrics | kubectl apply -f -
+kumactl install observability --components "grafana,prometheus" | kubectl apply -f -
 ```
 
 Install Flagger in the `kuma-system` namespace:

docs/gitbook/tutorials/linkerd-progressive-delivery.md

@@ -2,26 +2,54 @@
 
 This guide shows you how to use Linkerd and Flagger to automate canary deployments.
 
-![Flagger Linkerd Traffic Split](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-linkerd-traffic-split.png)
-
 ## Prerequisites
 
-Flagger requires a Kubernetes cluster **v1.16** or newer and Linkerd **2.10** or newer.
+Flagger requires a Kubernetes cluster **v1.21** or newer and Linkerd **2.14** or newer.
 
-Install Linkerd the Promethues (part of Linkerd Viz):
+Install Linkerd and Prometheus (part of Linkerd Viz):
 
 ```bash
+# The CRDs need to be installed beforehand
 linkerd install --crds | kubectl apply -f -
+
 linkerd install | kubectl apply -f -
 linkerd viz install | kubectl apply -f -
+
+# For linkerd versions 2.12 and later, the SMI extension needs to be install in
+# order to enable TrafficSplits
+curl -sL https://linkerd.github.io/linkerd-smi/install | sh
+linkerd smi install | kubectl apply -f -
 ```
 
-Install Flagger in the linkerd namespace:
+Install Flagger in the flagger-system namespace:
 
 ```bash
 kubectl apply -k github.com/fluxcd/flagger//kustomize/linkerd
 ```
 
+If you prefer Helm, these are the commands to install Linkerd, Linkerd Viz,
+Linkerd-SMI and Flagger:
+
+```bash
+helm repo add linkerd https://helm.linkerd.io/stable
+helm install linkerd-crds linkerd/linkerd-crds -n linkerd --create-namespace
+# See https://linkerd.io/2/tasks/generate-certificates/ for how to generate the
+# certs referred below
+helm install linkerd-control-plane linkerd/linkerd-control-plane \
+  -n linkerd \
+  --set-file identityTrustAnchorsPEM=ca.crt \
+  --set-file identity.issuer.tls.crtPEM=issuer.crt \
+  --set-file identity.issuer.tls.keyPEM=issuer.key \
+
+helm install linkerd-viz linkerd/linkerd-viz -n linkerd-viz --create-namespace
+
+helm install flagger flagger/flagger \
+  --n flagger-system \
+  --set meshProvider=gatewayapi:v1beta1 \
+  --set metricsServer=http://prometheus.linkerd-viz:9090 \
+  --set linkerdAuthPolicy.create=true
+```
+
 ## Bootstrap
 
 Flagger takes a Kubernetes deployment and optionally a horizontal pod autoscaler (HPA),
@@ -47,9 +75,65 @@ Create a deployment and a horizontal pod autoscaler:
 kubectl apply -k https://github.com/fluxcd/flagger//kustomize/podinfo?ref=main
 ```
 
-Create a canary custom resource for the podinfo deployment:
+Create a metrics template and canary custom resources for the podinfo deployment:
 
 ```yaml
+---
+apiVersion: flagger.app/v1beta1
+kind: MetricTemplate
+metadata:
+  name: success-rate
+  namespace: test
+spec:
+  provider:
+    type: prometheus
+    address: http://prometheus.linkerd-viz:9090
+  query: |
+    sum(
+      rate(
+        response_total{
+          namespace="{{ namespace }}",
+          deployment=~"{{ target }}",
+          classification!="failure",
+          direction="{{ variables.direction }}"
+        }[{{ interval }}]
+      )
+    ) 
+    / 
+    sum(
+      rate(
+        response_total{
+          namespace="{{ namespace }}",
+          deployment=~"{{ target }}",
+          direction="{{ variables.direction }}"
+        }[{{ interval }}]
+      )
+    ) 
+    * 100
+---
+apiVersion: flagger.app/v1beta1
+kind: MetricTemplate
+metadata:
+  name: latency
+  namespace: test
+spec:
+  provider:
+    type: prometheus
+    address: http://prometheus.linkerd-viz:9090
+  query: |
+    histogram_quantile(
+        0.99,
+        sum(
+            rate(
+                response_latency_ms_bucket{
+                    namespace="{{ namespace }}",
+                    deployment=~"{{ target }}",
+                    direction="{{ variables.direction }}"
+                    }[{{ interval }}]
+                )
+            ) by (le)
+        )
+---
 apiVersion: flagger.app/v1beta1
 kind: Canary
 metadata:
@@ -63,7 +147,7 @@ spec:
     name: podinfo
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   # the maximum time in seconds for the canary deployment
@@ -74,6 +158,13 @@ spec:
     port: 9898
     # container port number or name (optional)
     targetPort: 9898
+    # Reference to the Service that the generated HTTPRoute would attach to.
+    gatewayRefs:
+      - name: podinfo
+        namespace: test
+        group: core
+        kind: Service
+        port: 9898
   analysis:
     # schedule interval (default 60s)
     interval: 30s
@@ -87,18 +178,28 @@ spec:
     stepWeight: 5
     # Linkerd Prometheus checks
     metrics:
-    - name: request-success-rate
+    - name: success-rate
+      templateRef:
+        name: success-rate
+        namespace: test
       # minimum req success rate (non 5xx responses)
       # percentage (0-100)
       thresholdRange:
         min: 99
       interval: 1m
-    - name: request-duration
+      templateVariables:
+        direction: inbound
+    - name: latency
+      templateRef:
+        name: latency
+        namespace: test
       # maximum req duration P99
       # milliseconds
       thresholdRange:
         max: 500
       interval: 30s
+      templateVariables:
+        direction: inbound
     # testing (optional)
     webhooks:
       - name: acceptance-test
@@ -310,7 +411,7 @@ watch -n 1 curl http://podinfo-canary:9898/status/404
 Watch Flagger logs:
 
 ```text
-kubectl -n linkerd logs deployment/flagger -f | jq .msg
+kubectl -n flagger-system logs deployment/flagger -f | jq .msg
 
 Starting canary deployment for podinfo.test
 Pre-rollout check acceptance-test passed
@@ -391,7 +492,7 @@ spec:
     kind: Deployment
     name: podinfo
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   service:

docs/gitbook/tutorials/nginx-progressive-delivery.md

@@ -110,7 +110,7 @@ spec:
     name: podinfo
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   # the maximum time in seconds for the canary deployment

docs/gitbook/tutorials/osm-progressive-delivery.md

@@ -86,7 +86,7 @@ spec:
     name: podinfo
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   # the maximum time in seconds for the canary deployment

docs/gitbook/tutorials/skipper-progressive-delivery.md

@@ -113,7 +113,7 @@ spec:
     name: podinfo
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   # the maximum time in seconds for the canary deployment

docs/gitbook/tutorials/traefik-progressive-delivery.md

@@ -103,7 +103,7 @@ spec:
     name: podinfo
   # HPA reference (optional)
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
   # the maximum time in seconds for the canary deployment

docs/gitbook/tutorials/zero-downtime-deployments.md

@@ -139,7 +139,7 @@ Note that without resource requests the horizontal pod autoscaler can't determin
 A production environment should be able to handle traffic bursts without impacting the quality of service. This can be achieved with Kubernetes autoscaling capabilities. Autoscaling in Kubernetes has two dimensions: the Cluster Autoscaler that deals with node scaling operations and the Horizontal Pod Autoscaler that automatically scales the number of pods in a deployment.
 
 ```yaml
-apiVersion: autoscaling/v2beta2
+apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 spec:
   scaleTargetRef:
@@ -172,7 +172,7 @@ spec:
   service:
     port: 9898
     gateways:
-    - public-gateway.istio-system.svc.cluster.local
+    - istio-system/public-gateway
     hosts:
     - app.example.com
     retries:

docs/gitbook/usage/deployment-strategies.md

@@ -9,9 +9,9 @@ Flagger can run automated application analysis, promotion and rollback for the f
 * **Blue/Green** \(traffic switching\)
   * Kubernetes CNI, Istio, Linkerd, App Mesh, NGINX, Contour, Gloo Edge, Open Service Mesh, Gateway API
 * **Blue/Green Mirroring** \(traffic shadowing\)
-  * Istio
+  * Istio, Gateway API
 * **Canary Release with Session Affinity** \(progressive traffic shifting combined with cookie based routing\)
-  * Istio
+  * Istio, Gateway API
 
 For Canary releases and A/B testing you'll need a Layer 7 traffic management solution like
 a service mesh or an ingress controller. For Blue/Green deployments no service mesh or ingress controller is required.
@@ -126,11 +126,11 @@ the step and the maximum weight value in 0 to 100 range.
 Example:
 
 ```yaml
-canary:
+# canary.yaml
+spec:
   analysis:
-    promotion:
-      maxWeight: 50
-      stepWeight: 20
+    maxWeight: 50
+    stepWeight: 20
 ```
 
 This configuration performs analysis starting from 20, increasing by 20 until weight goes above 50.  
@@ -148,10 +148,10 @@ In order to enable non-linear promotion a new parameter was introduced:
 Example:
 
 ```yaml
-canary:
+# canary.yaml
+spec:
   analysis:
-    promotion:
-      stepWeights: [1, 2, 10, 80]
+    stepWeights: [1, 2, 10, 80]
 ```
 
 This configuration performs analysis starting from 1, going through `stepWeights` values till 80.  
@@ -353,8 +353,6 @@ you should consider what will happen if a write is duplicated and handled by the
 
 To use mirroring, set `spec.analysis.mirror` to `true`.
 
-Istio example:
-
 ```yaml
   analysis:
     # schedule interval (default 60s)
@@ -363,9 +361,10 @@ Istio example:
     iterations: 10
     # max number of failed iterations before rollback
     threshold: 2
-    # Traffic shadowing (compatible with Istio only)
+    # Traffic shadowing
     mirror: true
     # Weight of the traffic mirrored to your canary (defaults to 100%)
+    # Only applicable for Istio.
     mirrorWeight: 100
 ```
 
@@ -408,7 +407,7 @@ cookie based routing with regular weight based routing. This means once a user i
 version of our application (based on the traffic weights), they're always routed to that version, i.e.
 they're never routed back to the old version of our application.
 
-You can enable this, by specifying `.spec.analsyis.sessionAffinity` in the Canary (only Istio is supported):
+You can enable this, by specifying `.spec.analsyis.sessionAffinity` in the Canary:
 
 ```yaml
   analysis:

docs/gitbook/usage/how-it-works.md

@@ -65,9 +65,12 @@ spec:
     kind: Deployment
     name: podinfo
   autoscalerRef:
-    apiVersion: autoscaling/v2beta2
+    apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     name: podinfo
+    primaryScalerReplicas:
+      minReplicas: 2
+      maxReplicas: 5
 ```
 
 Based on the above configuration, Flagger generates the following Kubernetes objects:
@@ -80,6 +83,11 @@ by default all traffic is routed to this version and the target deployment is sc
 Flagger will detect changes to the target deployment (including secrets and configmaps)
 and will perform a canary analysis before promoting the new version as primary.
 
+Use `.spec.autoscalerRef.primaryScalerReplicas` to override the replica scaling
+configuration for the generated primary HorizontalPodAutoscaler. This is useful
+for situations when you want to have a different scaling configuration for the
+primary workload as opposed to using the same values from the original workload HorizontalPodAutoscaler. 
+
 **Note** that the target deployment must have a single label selector in the format `app: <DEPLOYMENT-NAME>`:
 
 ```yaml
@@ -371,3 +379,10 @@ On each run, Flagger calls the webhooks, checks the metrics and if the failed ch
 stops the analysis and rolls back the canary.
 If alerting is configured, Flagger will post the analysis result using the alert providers.
 
+## Canary suspend
+
+The `suspend` field can be set to true to suspend the Canary. If a Canary is suspended,
+its reconciliation is completely paused. This means that changes to target workloads,
+tracked ConfigMaps and Secrets don't trigger a Canary run and changes to resources generated
+by Flagger are not corrected. If the Canary was suspended during an active Canary run,
+then the run is paused without disturbing the workloads or the traffic weights.

docs/gitbook/usage/metrics.md

@@ -62,6 +62,7 @@ The following variables are available in query templates:
 * `service` (canary.spec.service.name)
 * `ingress` (canary.spec.ingresRef.name)
 * `interval` (canary.spec.analysis.metrics[].interval)
+* `variables` (canary.spec.analysis.metrics[].templateVariables)
 
 A canary analysis metric can reference a template with `templateRef`:
 
@@ -82,6 +83,50 @@ A canary analysis metric can reference a template with `templateRef`:
         interval: 1m
 ```
 
+A canary analysis metric can reference a set of custom variables with `templateVariables`. These variables will be then injected into the query defined in the referred `MetricTemplate` object during canary analysis:
+
+```yaml
+  analysis:
+    metrics:
+      - name: "my metric"
+        templateRef:
+          name: my-metric
+          namespace: flagger
+        # accepted values
+        thresholdRange:
+          min: 10
+          max: 1000
+        # metric query time window
+        interval: 1m
+        # custom variables used within the referenced metric template
+        templateVariables:
+          direction: inbound
+```
+
+```yaml
+apiVersion: flagger.app/v1beta1
+kind: MetricTemplate
+metadata:
+  name: my-metric
+spec:
+  provider:
+    type: prometheus
+    address: http://prometheus.linkerd-viz:9090
+  query: |
+    histogram_quantile(
+      0.99,
+      sum(
+        rate(
+          response_latency_ms_bucket{
+            namespace="{{ namespace }}",
+            deployment=~"{{ target }}",
+            direction="{{ variables.direction }}"
+          }[{{ interval }}]
+        )
+      ) by (le)
+    )
+```
+
 ## Prometheus
 
 You can create custom metric checks targeting a Prometheus server by
@@ -184,13 +229,25 @@ as the `MetricTemplate` with the basic-auth credentials:
 apiVersion: v1
 kind: Secret
 metadata:
-  name: prom-basic-auth
+  name: prom-auth
   namespace: flagger
 data:
   username: your-user
   password: your-password
 ```
 
+or if you require bearer token authentication (via a SA token):
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: prom-auth
+  namespace: flagger
+data:
+  token: ey1234...
+```
+
 Then reference the secret in the `MetricTemplate`:
 
 ```yaml
@@ -204,7 +261,7 @@ spec:
     type: prometheus
     address: http://prometheus.monitoring:9090
     secretRef:
-      name: prom-basic-auth
+      name: prom-auth
 ```
 
 ## Datadog

docs/gitbook/usage/webhooks.md

@@ -41,6 +41,7 @@ Spec:
       - name: "start gate"
         type: confirm-rollout
         url: http://flagger-loadtester.test/gate/approve
+        retries: 5
       - name: "helm test"
         type: pre-rollout
         url: http://flagger-helmtester.flagger/
@@ -72,6 +73,7 @@ Spec:
       - name: "send to Slack"
         type: event
         url: http://event-recevier.notifications/slack
+        retries: 3
         metadata:
           environment: "test"
           cluster: "flagger-test"
@@ -83,16 +85,19 @@ Webhook payload (HTTP POST):
 
 ```javascript
 {
-    "name": "podinfo",
-    "namespace": "test",
-    "phase": "Progressing", 
-    "metadata": {
-        "test":  "all",
-        "token":  "16688eb5e9f289f1991c"
-    }
+  "name": "podinfo",
+  "namespace": "test",
+  "phase": "Progressing",
+  "checksum": "85d557f47b",
+  "metadata": {
+    "test":  "all",
+    "token":  "16688eb5e9f289f1991c"
+  }
 }
 ```
 
+The checksum field is hashed from the TrackedConfigs and LastAppliedSpec of the Canary, it can be used to identify a Canary for a specific configuration of the deployed resources.
+
 Response status codes:
 
 * 200-202 - advance canary by increasing the traffic weight
@@ -107,6 +112,7 @@ Event payload (HTTP POST):
   "name": "string (canary name)",
   "namespace": "string (canary namespace)",
   "phase": "string (canary phase)",
+  "checksum": "string (canary checksum"),
   "metadata": {
     "eventMessage": "string (canary event message)",
     "eventType": "string (canary event type)",
@@ -118,6 +124,8 @@ Event payload (HTTP POST):
 The event receiver can create alerts based on the received phase 
 (possible values: `Initialized`, `Waiting`, `Progressing`, `Promoting`, `Finalising`, `Succeeded` or `Failed`).
 
+The webhook request can be retried by specifying a positive integer in the `retries` field.
+
 ## Load Testing
 
 For workloads that are not receiving constant traffic Flagger can be configured with a webhook,
@@ -387,6 +395,22 @@ This can be done via mounting a Kubernetes secret in the tester's Deployment.
 to see if the process has finished (Default is 5s). `pollTimeout` represents the time in seconds
 the web-hook will try to call Concord before timing out (Default is 30s).
 
+If you need to start a Pod/Job to run tests, you can do so using `kubectl`.
+
+```yaml
+  analysis:
+    webhooks:
+      - name: "smoke test"
+        type: pre-rollout
+        url: http://flagger-kubectltester.kube-system/
+        timeout: 3m
+        metadata:
+          type: "kubectl"
+          cmd: "run test --image=alpine --overrides='{ "spec": { "serviceAccount": "default:default" }  }'"
+```
+
+Note that you need to setup RBAC for the load tester service account in order to run `kubectl` and `helm` commands.
+
 ## Manual Gating
 
 For manual approval of a canary deployment you can use the `confirm-rollout` and `confirm-promotion` webhooks.

go.mod

@@ -1,91 +1,98 @@
 module github.com/fluxcd/flagger
 
-go 1.19
+go 1.21
 
 require (
-	cloud.google.com/go/monitoring v1.9.0
-	github.com/Masterminds/semver/v3 v3.2.0
-	github.com/aws/aws-sdk-go v1.44.155
+	cloud.google.com/go/monitoring v1.17.1
+	github.com/Masterminds/semver/v3 v3.2.1
+	github.com/aws/aws-sdk-go v1.50.12
 	github.com/davecgh/go-spew v1.1.1
-	github.com/go-logr/zapr v1.2.3
-	github.com/google/go-cmp v0.5.9
-	github.com/googleapis/gax-go/v2 v2.7.0
-	github.com/influxdata/influxdb-client-go/v2 v2.12.1
-	github.com/prometheus/client_golang v1.14.0
-	github.com/stretchr/testify v1.8.1
-	go.uber.org/zap v1.24.0
-	google.golang.org/api v0.104.0
-	google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37
-	google.golang.org/grpc v1.51.0
-	google.golang.org/protobuf v1.28.1
+	github.com/go-logr/zapr v1.3.0
+	github.com/google/go-cmp v0.6.0
+	github.com/googleapis/gax-go/v2 v2.12.0
+	github.com/hashicorp/go-retryablehttp v0.7.5
+	github.com/influxdata/influxdb-client-go/v2 v2.13.0
+	github.com/prometheus/client_golang v1.18.0
+	github.com/stretchr/testify v1.8.4
+	go.uber.org/zap v1.26.0
+	google.golang.org/api v0.162.0
+	google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac
+	google.golang.org/grpc v1.61.0
+	google.golang.org/protobuf v1.32.0
 	gopkg.in/h2non/gock.v1 v1.1.2
-	k8s.io/api v0.25.4
-	k8s.io/apimachinery v0.25.4
-	k8s.io/client-go v0.25.4
-	k8s.io/code-generator v0.25.4
-	k8s.io/klog/v2 v2.80.1
+	k8s.io/api v0.27.10
+	k8s.io/apimachinery v0.27.10
+	k8s.io/client-go v0.27.10
+	k8s.io/code-generator v0.27.10
+	k8s.io/klog/v2 v2.110.1
 )
 
-// Fix CVE-2022-32149
-replace golang.org/x/text => golang.org/x/text v0.4.0
-
 require (
-	cloud.google.com/go/compute v1.13.0 // indirect
-	cloud.google.com/go/compute/metadata v0.2.2 // indirect
-	github.com/PuerkitoBio/purell v1.1.1 // indirect
-	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
+	cloud.google.com/go/compute v1.23.3 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cespare/xxhash/v2 v2.1.2 // indirect
-	github.com/deepmap/oapi-codegen v1.8.2 // indirect
-	github.com/emicklei/go-restful/v3 v3.8.0 // indirect
-	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
-	github.com/go-logr/logr v1.2.3 // indirect
-	github.com/go-openapi/jsonpointer v0.19.5 // indirect
-	github.com/go-openapi/jsonreference v0.19.5 // indirect
-	github.com/go-openapi/swag v0.19.14 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.10.2 // indirect
+	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
+	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/swag v0.22.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/google/gnostic v0.5.7-v3refs // indirect
-	github.com/google/gofuzz v1.1.0 // indirect
-	github.com/google/uuid v1.3.0 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.2.0 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/gnostic v0.6.9 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/s2a-go v0.1.7 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 // indirect
-	github.com/imdario/mergo v0.3.6 // indirect
-	github.com/influxdata/line-protocol v0.0.0-20200327222509-2487e7298839 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/imdario/mergo v0.3.15 // indirect
+	github.com/influxdata/line-protocol v0.0.0-20210922203350-b1ad95c89adf // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/mailru/easyjson v0.7.6 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/oapi-codegen/runtime v1.0.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_model v0.3.0 // indirect
-	github.com/prometheus/common v0.37.0 // indirect
-	github.com/prometheus/procfs v0.8.0 // indirect
+	github.com/prometheus/client_model v0.5.0 // indirect
+	github.com/prometheus/common v0.45.0 // indirect
+	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.uber.org/atomic v1.7.0 // indirect
-	go.uber.org/multierr v1.6.0 // indirect
-	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
-	golang.org/x/net v0.1.0 // indirect
-	golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783 // indirect
-	golang.org/x/sys v0.1.0 // indirect
-	golang.org/x/term v0.1.0 // indirect
-	golang.org/x/text v0.5.0 // indirect
-	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
-	golang.org/x/tools v0.1.12 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 // indirect
+	go.opentelemetry.io/otel v1.22.0 // indirect
+	go.opentelemetry.io/otel/metric v1.22.0 // indirect
+	go.opentelemetry.io/otel/trace v1.22.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	golang.org/x/crypto v0.18.0 // indirect
+	golang.org/x/mod v0.14.0 // indirect
+	golang.org/x/net v0.20.0 // indirect
+	golang.org/x/oauth2 v0.16.0 // indirect
+	golang.org/x/sync v0.6.0 // indirect
+	golang.org/x/sys v0.16.0 // indirect
+	golang.org/x/term v0.16.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/time v0.5.0 // indirect
+	golang.org/x/tools v0.16.1 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/gengo v0.0.0-20211129171323-c02415ce4185 // indirect
-	k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect
-	k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect
-	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
+	k8s.io/gengo v0.0.0-20230306165830-ab3349d207d4 // indirect
+	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
+	k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
-	sigs.k8s.io/yaml v1.2.0 // indirect
+	sigs.k8s.io/yaml v1.3.0 // indirect
 )

go.sum

@@ -1,152 +1,81 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
-cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
-cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
-cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
-cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
-cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
-cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
-cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
-cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
-cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
-cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
-cloud.google.com/go v0.105.0 h1:DNtEKRBAAzeS4KyIory52wWHuClNaXJ5x1F7xa4q+5Y=
-cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
-cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
-cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
-cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
-cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
-cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/compute v1.12.1 h1:gKVJMEyqV5c/UnpzjjQbo3Rjvvqpr9B1DFSbJC4OXr0=
-cloud.google.com/go/compute v1.12.1/go.mod h1:e8yNOBcBONZU1vJKCvCoDw/4JQsA0dpM4x/6PIIOocU=
-cloud.google.com/go/compute v1.13.0 h1:AYrLkB8NPdDRslNp4Jxmzrhdr03fUAIDbiGFjLWowoU=
-cloud.google.com/go/compute v1.13.0/go.mod h1:5aPTS0cUNMIc1CE546K+Th6weJUNQErARyZtRXDJ8GE=
-cloud.google.com/go/compute/metadata v0.2.1 h1:efOwf5ymceDhK6PKMnnrTHP4pppY5L22mle96M1yP48=
-cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM=
-cloud.google.com/go/compute/metadata v0.2.2 h1:aWKAjYaBaOSrpKl57+jnS/3fJRQnxL7TvR/u1VVbt6k=
-cloud.google.com/go/compute/metadata v0.2.2/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM=
-cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
-cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/longrunning v0.3.0 h1:NjljC+FYPV3uh5/OwWT6pVU+doBqMg2x/rZlE+CamDs=
-cloud.google.com/go/monitoring v1.9.0 h1:O2A5HsrhvRMzD3OMUimPXF46vOzwc9vh6oGCGf9i/ws=
-cloud.google.com/go/monitoring v1.9.0/go.mod h1:/FsTS0gkEFUc4cgB16s6jYDnyjzRBkRJNRzBn5Zx+wA=
-cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
-cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
-cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
-cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
-cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
-cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
-cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
-cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
-cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
-dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk=
+cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI=
+cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
+cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
+cloud.google.com/go/monitoring v1.17.1 h1:xqcNr+JXmFMCPXnent/i1r0De6zrcqzgcMy5X1xa5vg=
+cloud.google.com/go/monitoring v1.17.1/go.mod h1:SJzPMakCF0GHOuKEH/r4hxVKF04zl+cRPQyc3d/fqII=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
-github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
-github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g=
-github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
-github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI=
-github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=
-github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
-github.com/aws/aws-sdk-go v1.44.144 h1:mMWdnYL8HZsobrQe1mwvQ18Xt8UbOVhWgipjuma5Mkg=
-github.com/aws/aws-sdk-go v1.44.144/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
-github.com/aws/aws-sdk-go v1.44.155 h1:PMHMuUS0atPD4LhiXuYrLasrlIm4u3lpNQBl9h+Lr2s=
-github.com/aws/aws-sdk-go v1.44.155/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
-github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
-github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
+github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
+github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
+github.com/RaveNoX/go-jsoncommentstrip v1.0.0/go.mod h1:78ihd09MekBnJnxpICcwzCMzGrKSKYe4AqU6PDYYpjk=
+github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
+github.com/apapsch/go-jsonmerge/v2 v2.0.0 h1:axGnT1gRIfimI7gJifB699GoE/oq+F2MU7Dml6nw9rQ=
+github.com/apapsch/go-jsonmerge/v2 v2.0.0/go.mod h1:lvDnEdqiQrp0O42VQGgmlKpxL1AP2+08jFMw88y4klk=
+github.com/aws/aws-sdk-go v1.50.12 h1:Gc6QS4Ys++cWSl63U+HyPbKeLVcoOvi6veayhcipPac=
+github.com/aws/aws-sdk-go v1.50.12/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/bmatcuk/doublestar v1.1.1/go.mod h1:UD6OnuiIn0yFxxA2le/rnRU1G4RaI4UvFv1sNto9p6w=
+github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
-github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
+github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
+github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101 h1:7To3pQ+pZo0i3dsWEbinPNFs5gPSBOsJtx3wTT94VBY=
+github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/deepmap/oapi-codegen v1.8.2 h1:SegyeYGcdi0jLLrpbCMoJxnUUn8GBXHsvr4rbzjuhfU=
-github.com/deepmap/oapi-codegen v1.8.2/go.mod h1:YLgSKSDv/bZQB7N4ws6luhozi3cEdRktEqrX88CvjIw=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
-github.com/emicklei/go-restful/v3 v3.8.0 h1:eCZ8ulSerjdAiaNpF7GxXIE7ZCMo1moN1qX+S609eVw=
-github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/emicklei/go-restful/v3 v3.10.2 h1:hIovbnmBTLjHXkqEBUz3HGpXZdM7ZrE9fJIZIqlJLqE=
+github.com/emicklei/go-restful/v3 v3.10.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84=
-github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/getkin/kin-openapi v0.61.0/go.mod h1:7Yn5whZr5kJi6t+kShccXS8ae1APpYTW6yheSwk8Yi4=
+github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA=
+github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE=
+github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
+github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-chi/chi/v5 v5.0.0/go.mod h1:BBug9lr0cqtdAhsu6R4AAdvufI0/XBzAQSsUqJpoZOs=
-github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
-github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
-github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
-github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
-github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
-github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
 github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
-github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
-github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/zapr v1.2.3 h1:a9vnzlIBPQBBkeaR9IuMUfmVOrQlkoC4YfPoFkX3T7A=
-github.com/go-logr/zapr v1.2.3/go.mod h1:eIauM6P8qSvTw5o2ez6UEAfGjQKrxQTl5EoK+Qa2oG4=
-github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
-github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonreference v0.19.5 h1:1WJP/wi4OjB4iV8KVbH73rQaoialJrqv8gitZLxGLtM=
-github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg=
-github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng=
-github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
+github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
+github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
+github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
+github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
+github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
+github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
+github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
+github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
+github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
-github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
 github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
 github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
@@ -156,490 +85,259 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golangci/lint-1 v0.0.0-20181222135242-d2cdd8c08219/go.mod h1:/X8TswGSh1pIozq4ZwCfxS0WA5JGXguxk94ar/4c87Y=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54=
-github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ=
+github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0=
+github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
 github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
+github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
+github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.2.0 h1:y8Yozv7SZtlU//QXbezB6QkpuE6jMD2/gfzk4AftXjs=
-github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
-github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gax-go/v2 v2.7.0 h1:IcsPKeInNvYi7eqSaDjiZqDDKu5rsmunY0Y1YupQSSQ=
-github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8=
-github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
+github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
+github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
+github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
+github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 h1:2VTzZjLZBgl62/EtslCrtky5vbi9dd7HrQPQIx6wqiw=
 github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542/go.mod h1:Ow0tF8D4Kplbc8s8sSb3V2oUCygFHVp8gC3Dn6U4MNI=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28=
-github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/influxdata/influxdb-client-go/v2 v2.12.0 h1:LGct9uIp36IT+8RAJdmJGQbNonGi26YfYYSpDIyq8fI=
-github.com/influxdata/influxdb-client-go/v2 v2.12.0/go.mod h1:YteV91FiQxRdccyJ2cHvj2f/5sq4y4Njqu1fQzsQCOU=
-github.com/influxdata/influxdb-client-go/v2 v2.12.1 h1:RrjoDNyBGFYvjKfjmtIyYAn6GY/SrtocSo4RPlt+Lng=
-github.com/influxdata/influxdb-client-go/v2 v2.12.1/go.mod h1:YteV91FiQxRdccyJ2cHvj2f/5sq4y4Njqu1fQzsQCOU=
-github.com/influxdata/line-protocol v0.0.0-20200327222509-2487e7298839 h1:W9WBk7wlPfJLvMCdtV4zPulc4uCPrlywQOmbFOhgQNU=
-github.com/influxdata/line-protocol v0.0.0-20200327222509-2487e7298839/go.mod h1:xaLFMmpvUxqXtVkUJfg9QmT88cDaCJ3ZKgdZ78oO8Qo=
+github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
+github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
+github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxCsHI=
+github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
+github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M=
+github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
+github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
+github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
+github.com/influxdata/influxdb-client-go/v2 v2.13.0 h1:ioBbLmR5NMbAjP4UVA5r9b5xGjpABD7j65pI8kFphDM=
+github.com/influxdata/influxdb-client-go/v2 v2.13.0/go.mod h1:k+spCbt9hcvqvUiz0sr5D8LolXHqAAOfPw9v/RIRHl4=
+github.com/influxdata/line-protocol v0.0.0-20210922203350-b1ad95c89adf h1:7JTmneyiNEwVBOHSjoMxiWAqB992atOeepeFYegn5RU=
+github.com/influxdata/line-protocol v0.0.0-20210922203350-b1ad95c89adf/go.mod h1:xaLFMmpvUxqXtVkUJfg9QmT88cDaCJ3ZKgdZ78oO8Qo=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
-github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
+github.com/juju/gnuflag v0.0.0-20171113085948-2ce1bb71843d/go.mod h1:2PavIy+JPciBPrBUjwbNvtwB6RQlve+hkpll6QSNmOE=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/labstack/echo/v4 v4.2.1/go.mod h1:AA49e0DZ8kk5jTOOCKNuPR6oTnBS0dYiM4FW1e6jwpg=
-github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k=
-github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA=
-github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ=
-github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
-github.com/mattn/go-colorable v0.1.7/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ=
-github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
-github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
+github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg=
+github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32 h1:W6apQkHrMkS0Muv8G/TipAy/FJl/rCYT0+EuS8+Z0z4=
 github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/onsi/ginkgo/v2 v2.1.6 h1:Fx2POJZfKRQcM1pH49qSZiYeu319wji004qX+GDovrU=
-github.com/onsi/gomega v1.20.1 h1:PA/3qinGoukvymdIDV8pii6tiZgC8kbmJO6Z5+b002Q=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/oapi-codegen/runtime v1.0.0 h1:P4rqFX5fMFWqRzY9M/3YF9+aPSPPB06IzP2P7oOxrWo=
+github.com/oapi-codegen/runtime v1.0.0/go.mod h1:LmCUMQuPB4M/nLXilQXhHw+BLZdDb18B34OO356yJ/A=
+github.com/onsi/ginkgo/v2 v2.9.1 h1:zie5Ly042PD3bsCvsSOPvRnFwyo3rKe64TJlD6nu0mk=
+github.com/onsi/ginkgo/v2 v2.9.1/go.mod h1:FEcmzVcCHl+4o9bQZVab+4dC9+j+91t2FHSzmGAPfuo=
+github.com/onsi/gomega v1.27.4 h1:Z2AnStgsdSayCMDiCU42qIz+HLqEPcgiOCXjAU/w+8E=
+github.com/onsi/gomega v1.27.4/go.mod h1:riYq/GJKh8hhoM01HN6Vmuy93AarCXCBGpvFDK3q3fQ=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
-github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
-github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
-github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
-github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
-github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk=
+github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
-github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
-github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
-github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
-github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
-github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE=
-github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
-github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
-github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
+github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
+github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
+github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM=
+github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY=
+github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
+github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
+github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
+github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spkg/bom v0.0.0-20160624110644-59b7046e48ad/go.mod h1:qLr4V1qq6nMqFKkMo8ZTx3f+BZEkzsRUY10Xsm2mwU0=
 github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
-github.com/valyala/fasttemplate v1.0.1/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8=
-github.com/valyala/fasttemplate v1.2.1/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
-github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
+github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
-go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw=
-go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
-go.uber.org/goleak v1.1.11 h1:wy28qYRKZgnJTxGxvye5/wgWr1EKjmUDGYox5mGlRlI=
-go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4=
-go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
-go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI=
-go.uber.org/zap v1.23.0 h1:OjGQ5KQDEUawVHxNwQgPpiypGHOxo2mNZsOqTak4fFY=
-go.uber.org/zap v1.23.0/go.mod h1:D+nX8jyLsMHMYrln8A0rJjFt/T/9/bGgIhAqxv5URuY=
-go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
-go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 h1:UNQQKPfTDe1J81ViolILjTKPr9WetKW6uei2hFgJmFs=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0/go.mod h1:r9vWsPS/3AQItv3OSlEJ/E4mbrhUbbw18meOjArPtKQ=
+go.opentelemetry.io/otel v1.22.0 h1:xS7Ku+7yTFvDfDraDIJVpw7XPyuHlB9MCiqqX5mcJ6Y=
+go.opentelemetry.io/otel v1.22.0/go.mod h1:eoV4iAi3Ea8LkAEI9+GFT44O6T/D0GWAVFyZVCC6pMI=
+go.opentelemetry.io/otel/metric v1.22.0 h1:lypMQnGyJYeuYPhOM/bgjbFM6WE44W1/T45er4d8Hhg=
+go.opentelemetry.io/otel/metric v1.22.0/go.mod h1:evJGjVpZv0mQ5QBRJoBF64yMuOf4xCWdXjK8pzFvliY=
+go.opentelemetry.io/otel/trace v1.22.0 h1:Hg6pPujv0XG9QaVbGOBVHunyuLcCC3jN7WEhPx83XD0=
+go.opentelemetry.io/otel/trace v1.22.0/go.mod h1:RbbHXVqKES9QhzZq/fE5UnOSILqRt40a21sPw2He1xo=
+go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
+go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk=
+go.uber.org/goleak v1.2.0/go.mod h1:XJYK+MuIchqpmGmUSAzotztawfKvYLUIgg7guXrwVUo=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
+go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
+golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
-golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
-golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
-golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
+golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0=
-golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
+golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
+golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783 h1:nt+Q6cXKz4MosCSpnbMtqiQ8Oz0pxTef2B4Vca2lvfk=
-golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
+golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ=
+golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
+golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200826173525-f9321e4c35a6/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U=
-golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
+golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw=
-golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg=
-golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44=
-golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE=
+golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
-golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA=
+golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
-google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
-google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
-google.golang.org/api v0.103.0 h1:9yuVqlu2JCvcLg9p8S3fcFLZij8EPSyvODIY1rkMizQ=
-google.golang.org/api v0.103.0/go.mod h1:hGtW6nK1AC+d9si/UBhw8Xli+QMOf6xyNAyJw4qU9w0=
-google.golang.org/api v0.104.0 h1:KBfmLRqdZEbwQleFlSLnzpQJwhjpmNOk4cKQIBDZ9mg=
-google.golang.org/api v0.104.0/go.mod h1:JCspTXJbBxa5ySXw4UgUqVer7DfVxbvc/CTUFqAED5U=
+google.golang.org/api v0.162.0 h1:Vhs54HkaEpkMBdgGdOT2P6F0csGG/vxDS0hWHJzmmps=
+google.golang.org/api v0.162.0/go.mod h1:6SulDkfoBIg4NFmCuZ39XeeAgSHCPecfSUuDyYlAHs0=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
-google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
+google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
-google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
-google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
+google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
-google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6 h1:a2S6M0+660BgMNl++4JPlcAO/CjkqYItDEZwkoDQK7c=
-google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg=
-google.golang.org/genproto v0.0.0-20221206210731-b1a01be3a5f6 h1:AGXp12e/9rItf6/4QymU7WsAUwCf+ICW75cuR91nJIc=
-google.golang.org/genproto v0.0.0-20221206210731-b1a01be3a5f6/go.mod h1:1dOng4TWOomJrDGhpXjfCD35wQC6jnC7HpRmOFRqEV0=
-google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37 h1:jmIfw8+gSvXcZSgaFAGyInDXeWzUhvYH57G/5GKMn70=
-google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
+google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac h1:ZL/Teoy/ZGnzyrqK/Optxxp2pmVh+fmJ97slxSRyzUg=
+google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac/go.mod h1:+Rvu7ElI+aLzyDQhpHMFMMltsD6m7nqpuWDd2CwJw3k=
+google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe h1:0poefMBYvYbs7g5UkjS6HcxBPaTRAmznle9jnxYoAI8=
+google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe h1:bQnxqljG/wqi4NTXu2+DJ3n7APcEA882QZ1JvhQAq9o=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
-google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
-google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.51.0 h1:E1eGv1FTqoLIdnBCZufiSHgKjlqG6fKFf6pPWtMTh8U=
-google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww=
+google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
+google.golang.org/grpc v1.61.0 h1:TOvOcuXn30kRao+gfcvsebNEa5iZIiLkisYEkf7R7o0=
+google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -648,67 +346,52 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi
 google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
-google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I=
+google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/h2non/gock.v1 v1.1.2 h1:jBbHXgGBK/AoPVfJh5x4r/WxIrElvbLel8TCZkkZJoY=
 gopkg.in/h2non/gock.v1 v1.1.2/go.mod h1:n7UGz/ckNChHiK05rDoiC4MYSunEC/lyaUm2WWaDva0=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.25.4 h1:3YO8J4RtmG7elEgaWMb4HgmpS2CfY1QlaOz9nwB+ZSs=
-k8s.io/api v0.25.4/go.mod h1:IG2+RzyPQLllQxnhzD8KQNEu4c4YvyDTpSMztf4A0OQ=
-k8s.io/apimachinery v0.25.4 h1:CtXsuaitMESSu339tfhVXhQrPET+EiWnIY1rcurKnAc=
-k8s.io/apimachinery v0.25.4/go.mod h1:jaF9C/iPNM1FuLl7Zuy5b9v+n35HGSh6AQ4HYRkCqwo=
-k8s.io/client-go v0.25.4 h1:3RNRDffAkNU56M/a7gUfXaEzdhZlYhoW8dgViGy5fn8=
-k8s.io/client-go v0.25.4/go.mod h1:8trHCAC83XKY0wsBIpbirZU4NTUpbuhc2JnI7OruGZw=
-k8s.io/code-generator v0.25.4 h1:tjQ7/+9eN7UOiU2DP+0v4ntTI4JZLi2c1N0WllpFhTc=
-k8s.io/code-generator v0.25.4/go.mod h1:9F5fuVZOMWRme7MYj2YT3L9ropPWPokd9VRhVyD3+0w=
-k8s.io/gengo v0.0.0-20211129171323-c02415ce4185 h1:TT1WdmqqXareKxZ/oNXEUSwKlLiHzPMyB0t8BaFeBYI=
-k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
-k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
+k8s.io/api v0.27.10 h1:VFvsFZxiG3qeKyMvSOlO6hzrB7CGk6CC0XI1hniBI28=
+k8s.io/api v0.27.10/go.mod h1:cDmAF4GtSVRO0+5hOY/Vo3lLCQMOp6FfrXZ94/gQwC0=
+k8s.io/apimachinery v0.27.10 h1:AlOhsgdtNPMYDMJyUDsj2HZDLKOf1qPfvbbo5O9m4jg=
+k8s.io/apimachinery v0.27.10/go.mod h1:IHu2ovJ60RqxyPSLmTel7KDLdOCRbpOxwtUBmwBnT/E=
+k8s.io/client-go v0.27.10 h1:ZOrDrfTSsw+66NIkFMmnamKZ9TTs8WUaV8WRc9NhtJA=
+k8s.io/client-go v0.27.10/go.mod h1:PhrjLdIJNy7L8liOPEzm6wNlMjhIRJeVbfvksTxKNqI=
+k8s.io/code-generator v0.27.10 h1:QtyCMveDsjaS2vOme02iDC4RXuiKzfNQ22/T6b4XaOA=
+k8s.io/code-generator v0.27.10/go.mod h1:iyFD2q65bX/xrlrGzXi2kZXiBTbTDiAzEty3jq6a0NA=
+k8s.io/gengo v0.0.0-20230306165830-ab3349d207d4 h1:aClvVG6GbX10ISHcc24J+tqbr0S7fEe1MWkFJ7cWWCI=
+k8s.io/gengo v0.0.0-20230306165830-ab3349d207d4/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4=
-k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkIFQtZShWqoha7snGixVgEA=
-k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU=
-k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed h1:jAne/RjBTyawwAy0utX5eqigAwz/lQhTmy+Hr/Cpue4=
-k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
-rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k=
-sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
+k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0=
+k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo=
+k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg=
+k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg=
+k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk=
+k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
+sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
-sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q=
 sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
+sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
+sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=

hack/update-codegen.sh

@@ -27,10 +27,11 @@ echo ">> Temporary output directory ${TEMP_DIR}"
 
 # Ensure we can execute.
 chmod +x ${CODEGEN_PKG}/generate-groups.sh
+chmod +x ${CODEGEN_PKG}/generate-internal-groups.sh
 
-${CODEGEN_PKG}/generate-groups.sh all \
+${CODEGEN_PKG}/generate-groups.sh client,deepcopy,informer,lister \
     github.com/fluxcd/flagger/pkg/client github.com/fluxcd/flagger/pkg/apis \
-    "flagger:v1beta1 appmesh:v1beta2 appmesh:v1beta1 istio:v1alpha3 smi:v1alpha1 smi:v1alpha2 smi:v1alpha3 gloo/gloo:v1 gloo/gateway:v1 projectcontour:v1 traefik:v1alpha1 kuma:v1alpha1 gatewayapi:v1alpha2 gatewayapi:v1beta1 keda:v1alpha1 apisix:v2" \
+    "flagger:v1beta1 appmesh:v1beta2 appmesh:v1beta1 istio:v1alpha3 smi:v1alpha1 smi:v1alpha2 smi:v1alpha3 gloo/gloo:v1 gloo/gateway:v1 projectcontour:v1 traefik:v1alpha1 kuma:v1alpha1 gatewayapi:v1beta1 gatewayapi:v1 keda:v1alpha1 apisix:v2" \
     --output-base "${TEMP_DIR}" \
     --go-header-file ${SCRIPT_ROOT}/hack/boilerplate.go.txt
 

kustomize/base/flagger/crd.yaml

@@ -27,6 +27,10 @@ spec:
         - name: Weight
           type: string
           jsonPath: .status.canaryWeight
+        - name: Suspended
+          type: boolean
+          jsonPath: .spec.suspend
+          priority: 1
         - name: FailedChecks
           type: string
           jsonPath: .status.failedChecks
@@ -121,6 +125,13 @@ spec:
                       type: object
                       additionalProperties:
                         type: string
+                    primaryScalerReplicas:
+                      type: object
+                      properties:
+                        minReplicas:
+                          type: number
+                        maxReplicas:
+                          type: number
                 ingressRef:
                   description: Ingress selector
                   type: object
@@ -471,6 +482,54 @@ spec:
                         uri:
                           format: string
                           type: string
+                        authority:
+                          format: string
+                          type: string
+                        type:
+                          format: string
+                          type: string
+                    mirror:
+                      description: Mirror defines a schema for a filter that mirrors requests.
+                      type: array
+                      items:
+                        type: object
+                        properties:
+                          backendRef:
+                            properties:
+                              group:
+                                default: ""
+                                maxLength: 253
+                                pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                                type: string
+                              kind:
+                                default: Service
+                                maxLength: 63
+                                minLength: 1
+                                pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+                                type: string
+                              name:
+                                maxLength: 253
+                                minLength: 1
+                                type: string
+                              namespace:
+                                maxLength: 63
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+                                type: string
+                              port:
+                                format: int32
+                                maximum: 65535
+                                minimum: 1
+                                type: integer
+                            required:
+                            - name
+                            type: object
+                            x-kubernetes-validations:
+                            - message: Must have port for Service reference
+                              rule: '(size(self.group) == 0 && self.kind == ''Service'')
+                                ? has(self.port) : true'
+                      required:
+                      - backendRef
                     headers:
                       description: Headers operations
                       type: object
@@ -550,6 +609,11 @@ spec:
                             minLength: 1
                             pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                             type: string
+                          port:
+                            format: int32
+                            maximum: 65535
+                            minimum: 1
+                            type: integer
                     corsPolicy:
                       description: Istio Cross-Origin Resource Sharing policy (CORS)
                       type: object
@@ -740,6 +804,10 @@ spec:
                                 - LEAST_CONN
                                 - RANDOM
                                 - PASSTHROUGH
+                                - LEAST_REQUEST
+                              type: string
+                            warmupDurationSecs:
+                              description: Represents the warmup duration of Service.
                               type: string
                         outlierDetection:
                           description: Settings controlling eviction of unhealthy hosts from the load balancing pool.
@@ -843,6 +911,9 @@ spec:
                 revertOnDeletion:
                   description: Revert mutated resources to original spec on deletion
                   type: boolean
+                suspend:
+                  description: Suspend Canary disabling/pausing all canary runs
+                  type: boolean
                 analysis:
                   description: Canary analysis for this canary
                   type: object
@@ -916,6 +987,34 @@ spec:
                                   description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)
                                   format: string
                                   type: string
+                          queryParams:
+                            description: Query parameters for matching.
+                            type: object
+                            additionalProperties:
+                              oneOf:
+                              - not:
+                                  anyOf:
+                                  - required:
+                                    - exact
+                                  - required:
+                                    - prefix
+                                  - required:
+                                    - regex
+                              - required:
+                                - exact
+                              - required:
+                                - prefix
+                              - required:
+                                - regex
+                              properties:
+                                exact:
+                                  type: string
+                                prefix:
+                                  type: string
+                                regex:
+                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
+                                  type: string
+                              type: object
                           sourceLabels:
                             description: Applicable only when the 'mesh' gateway is included in the service.gateways list
                             type: object
@@ -963,6 +1062,11 @@ spec:
                               namespace:
                                 description: Namespace of this metric template
                                 type: string
+                          templateVariables:
+                            description: Additional variables to be used in the metrics query (key-value pairs)
+                            type: object
+                            additionalProperties:
+                              type: string
                     alerts:
                       description: Alert list for this canary analysis
                       type: array
@@ -1028,6 +1132,9 @@ spec:
                             description: Request timeout for this webhook
                             type: string
                             pattern: "^[0-9]+(m|s)"
+                          retries:
+                            description: Number of retries for this webhook
+                            type: number
                           metadata:
                             description: Metadata (key-value pairs) for this webhook
                             type: object

kustomize/base/flagger/kustomization.yaml

@@ -9,4 +9,4 @@ resources:
 images:
   - name: ghcr.io/fluxcd/flagger
     newName: ghcr.io/fluxcd/flagger
-    newTag: 1.27.0
+    newTag: 1.36.0

kustomize/base/prometheus/deployment.yaml

@@ -19,7 +19,7 @@ spec:
       serviceAccountName: flagger-prometheus
       containers:
           - name: prometheus
-            image: prom/prometheus:v2.39.1
+            image: prom/prometheus:v2.41.0
             imagePullPolicy: IfNotPresent
             args:
               - '--storage.tsdb.retention=2h'

kustomize/gatewayapi/patch.yaml

@@ -10,5 +10,5 @@ spec:
           args:
             - -log-level=info
             - -include-label-prefix=app.kubernetes.io
-            - -mesh-provider=gatewayapi:v1beta1
+            - -mesh-provider=gatewayapi:v1
             - -metrics-server=http://flagger-prometheus:9090

kustomize/kuma/kustomization.yaml

@@ -3,3 +3,5 @@ bases:
   - ../base/flagger/
 patchesStrategicMerge:
   - patch.yaml
+resources:
+  - mesh.yaml

kustomize/kuma/mesh.yaml

@@ -0,0 +1,10 @@
+apiVersion: kuma.io/v1alpha1
+kind: Mesh
+metadata:
+  name: default
+spec:
+  metrics:
+    enabledBackend: prometheus-1
+    backends:
+    - name: prometheus-1
+      type: prometheus

kustomize/kuma/patch.yaml

@@ -11,4 +11,4 @@ spec:
             - -log-level=info
             - -include-label-prefix=app.kubernetes.io
             - -mesh-provider=kuma
-            - -metrics-server=http://prometheus-server.kuma-metrics:80
+            - -metrics-server=http://prometheus-server.mesh-observability:80

kustomize/linkerd/authorizationpolicy.yaml

@@ -0,0 +1,14 @@
+apiVersion: policy.linkerd.io/v1alpha1
+kind: AuthorizationPolicy
+metadata:
+  namespace: linkerd-viz
+  name: prometheus-admin-flagger
+spec:
+  targetRef:
+    group: policy.linkerd.io
+    kind: Server
+    name: prometheus-admin
+  requiredAuthenticationRefs:
+    - kind: ServiceAccount
+      name: flagger
+      namespace: flagger-system

kustomize/linkerd/kustomization.yaml

@@ -1,5 +1,18 @@
-namespace: linkerd
+namespace: flagger-system
 bases:
   - ../base/flagger/
+  - namespace.yaml
+  - authorizationpolicy.yaml
 patchesStrategicMerge:
   - patch.yaml
+# restore overridden namespace field
+patchesJson6902:
+  - target:
+      group: policy.linkerd.io
+      version: v1alpha1
+      kind: AuthorizationPolicy
+      name: prometheus-admin-flagger
+    patch: |-
+      - op: replace
+        path: /metadata/namespace
+        value: linkerd-viz

kustomize/linkerd/namespace.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    linkerd.io/inject: enabled
+  name: flagger-system

kustomize/linkerd/patch.yaml

@@ -10,7 +10,7 @@ spec:
           args:
             - -log-level=info
             - -include-label-prefix=app.kubernetes.io
-            - -mesh-provider=linkerd
+            - -mesh-provider=gatewayapi:v1beta1
             - -metrics-server=http://prometheus.linkerd-viz:9090
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -24,4 +24,4 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: flagger
-    namespace: linkerd
+    namespace: flagger-system

kustomize/podinfo/hpa.yaml

@@ -1,4 +1,4 @@
-apiVersion: autoscaling/v2beta2
+apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
   name: podinfo

kustomize/tester/deployment.yaml

@@ -19,7 +19,7 @@ spec:
     spec:
       containers:
         - name: loadtester
-          image: ghcr.io/fluxcd/flagger-loadtester:0.28.0
+          image: ghcr.io/fluxcd/flagger-loadtester:0.31.0
           imagePullPolicy: IfNotPresent
           ports:
             - name: http

pkg/apis/flagger/v1beta1/canary.go

@@ -110,6 +110,12 @@ type CanarySpec struct {
 	// revert canary mutation on deletion of canary resource
 	// +optional
 	RevertOnDeletion bool `json:"revertOnDeletion,omitempty"`
+
+	// Suspend, if set to true will suspend the Canary, disabling any canary runs
+	// regardless of any changes to its target, services, etc. Note that if the
+	// Canary is suspended during an analysis, its paused until the Canary is unsuspended.
+	// +optional
+	Suspend bool `json:"suspend,omitempty"`
 }
 
 // CanaryService defines how ClusterIP services, service mesh or ingress routing objects are generated
@@ -175,7 +181,7 @@ type CanaryService struct {
 
 	// Rewrite HTTP URIs for the generated service
 	// +optional
-	Rewrite *istiov1alpha3.HTTPRewrite `json:"rewrite,omitempty"`
+	Rewrite *HTTPRewrite `json:"rewrite,omitempty"`
 
 	// Retries policy for the generated virtual service
 	// +optional
@@ -185,6 +191,10 @@ type CanaryService struct {
 	// +optional
 	Headers *istiov1alpha3.Headers `json:"headers,omitempty"`
 
+	// Mirror specifies the destination for request mirroring.
+	// Responses from this destination are dropped.
+	Mirror []v1beta1.HTTPRequestMirrorFilter `json:"mirror,omitempty"`
+
 	// Cross-Origin Resource Sharing policy for the generated Istio virtual service
 	// +optional
 	CorsPolicy *istiov1alpha3.CorsPolicy `json:"corsPolicy,omitempty"`
@@ -304,6 +314,10 @@ type CanaryMetric struct {
 	// TemplateRef references a metric template object
 	// +optional
 	TemplateRef *CrossNamespaceObjectReference `json:"templateRef,omitempty"`
+
+	// TemplateVariables provides a map of key/value pairs that can be used to inject variables into a metric query.
+	// +optional
+	TemplateVariables map[string]string `json:"templateVariables,omitempty"`
 }
 
 // CanaryThresholdRange defines the range used for metrics validation
@@ -380,6 +394,10 @@ type CanaryWebhook struct {
 	// Metadata (key-value pairs) for this webhook
 	// +optional
 	Metadata *map[string]string `json:"metadata,omitempty"`
+
+	// Number of retries for this webhook
+	// +optional
+	Retries int `json:"retries,omitempty"`
 }
 
 // CanaryWebhookPayload holds the deployment info and metadata sent to webhooks
@@ -393,6 +411,11 @@ type CanaryWebhookPayload struct {
 	// Phase of the canary analysis
 	Phase CanaryPhase `json:"phase"`
 
+	// Hash from the TrackedConfigs and LastAppliedSpec of the Canary.
+	// Can be used to identify a Canary for a specific configuration of the
+	// deployed resources.
+	Checksum string `json:"checksum"`
+
 	// Metadata (key-value pairs) for this webhook
 	Metadata map[string]string `json:"metadata,omitempty"`
 }
@@ -433,20 +456,34 @@ type LocalObjectReference struct {
 
 type AutoscalerRefernce struct {
 	// API version of the scaler
-	// +optional
+	// +required
 	APIVersion string `json:"apiVersion,omitempty"`
 
 	// Kind of the scaler
-	// +optional
+	// +required
 	Kind string `json:"kind,omitempty"`
 
 	// Name of the scaler
+	// +required
 	Name string `json:"name"`
 
 	// PrimaryScalerQueries maps a unique id to a query for the primary
 	// scaler, if a scaler supports scaling using queries.
 	// +optional
 	PrimaryScalerQueries map[string]string `json:"primaryScalerQueries"`
+
+	// PrimaryScalerReplicas defines overrides for the primary
+	// autoscaler replicas.
+	// +optional
+	PrimaryScalerReplicas *ScalerReplicas `json:"primaryScalerReplicas,omitempty"`
+}
+
+// ScalerReplicas holds overrides for autoscaler replicas
+type ScalerReplicas struct {
+	// +optional
+	MinReplicas *int32 `json:"minReplicas,omitempty"`
+	// +optional
+	MaxReplicas *int32 `json:"maxReplicas,omitempty"`
 }
 
 // CustomMetadata holds labels and annotations to set on generated objects.
@@ -455,6 +492,41 @@ type CustomMetadata struct {
 	Annotations map[string]string `json:"annotations,omitempty"`
 }
 
+// HTTPRewrite holds information about how to modify a request URI during
+// forwarding.
+type HTTPRewrite struct {
+	// rewrite the path (or the prefix) portion of the URI with this
+	// value. If the original URI was matched based on prefix, the value
+	// provided in this field will replace the corresponding matched prefix.
+	Uri string `json:"uri,omitempty"`
+
+	// rewrite the Authority/Host header with this value.
+	Authority string `json:"authority,omitempty"`
+
+	// Type is the type of path modification to make.
+	// +optional
+	Type string `json:"type,omitempty"`
+}
+
+// GetType returns the type of HTTP path rewrite to be performed.
+func (r *HTTPRewrite) GetType() string {
+	if r.Type == string(v1beta1.PrefixMatchHTTPPathModifier) {
+		return r.Type
+	}
+	return string(v1beta1.FullPathHTTPPathModifier)
+}
+
+// GetIstioRewrite returns a istiov1alpha3.HTTPRewrite object.
+func (s *CanaryService) GetIstioRewrite() *istiov1alpha3.HTTPRewrite {
+	if s.Rewrite != nil {
+		return &istiov1alpha3.HTTPRewrite{
+			Authority: s.Rewrite.Authority,
+			Uri:       s.Rewrite.Uri,
+		}
+	}
+	return nil
+}
+
 // GetMaxAge returns the max age of a cookie in seconds.
 func (s *SessionAffinity) GetMaxAge() int {
 	if s.MaxAge == 0 {

pkg/apis/flagger/v1beta1/metric.go

@@ -82,13 +82,14 @@ type MetricTemplateProvider struct {
 
 // MetricTemplateModel is the query template model
 type MetricTemplateModel struct {
-	Name      string `json:"name"`
-	Namespace string `json:"namespace"`
-	Target    string `json:"target"`
-	Service   string `json:"service"`
-	Ingress   string `json:"ingress"`
-	Route     string `json:"route"`
-	Interval  string `json:"interval"`
+	Name      string            `json:"name"`
+	Namespace string            `json:"namespace"`
+	Target    string            `json:"target"`
+	Service   string            `json:"service"`
+	Ingress   string            `json:"ingress"`
+	Route     string            `json:"route"`
+	Interval  string            `json:"interval"`
+	Variables map[string]string `json:"variables"`
 }
 
 // TemplateFunctions returns a map of functions, one for each model field
@@ -101,6 +102,7 @@ func (mtm *MetricTemplateModel) TemplateFunctions() template.FuncMap {
 		"ingress":   func() string { return mtm.Ingress },
 		"route":     func() string { return mtm.Route },
 		"interval":  func() string { return mtm.Interval },
+		"variables": func() map[string]string { return mtm.Variables },
 	}
 }
 

pkg/apis/flagger/v1beta1/zz_generated.deepcopy.go

@@ -161,6 +161,11 @@ func (in *AutoscalerRefernce) DeepCopyInto(out *AutoscalerRefernce) {
 			(*out)[key] = val
 		}
 	}
+	if in.PrimaryScalerReplicas != nil {
+		in, out := &in.PrimaryScalerReplicas, &out.PrimaryScalerReplicas
+		*out = new(ScalerReplicas)
+		(*in).DeepCopyInto(*out)
+	}
 	return
 }
 
@@ -345,6 +350,13 @@ func (in *CanaryMetric) DeepCopyInto(out *CanaryMetric) {
 		*out = new(CrossNamespaceObjectReference)
 		**out = **in
 	}
+	if in.TemplateVariables != nil {
+		in, out := &in.TemplateVariables, &out.TemplateVariables
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
 	return
 }
 
@@ -393,7 +405,7 @@ func (in *CanaryService) DeepCopyInto(out *CanaryService) {
 	}
 	if in.Rewrite != nil {
 		in, out := &in.Rewrite, &out.Rewrite
-		*out = new(v1alpha3.HTTPRewrite)
+		*out = new(HTTPRewrite)
 		**out = **in
 	}
 	if in.Retries != nil {
@@ -406,6 +418,13 @@ func (in *CanaryService) DeepCopyInto(out *CanaryService) {
 		*out = new(v1alpha3.Headers)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.Mirror != nil {
+		in, out := &in.Mirror, &out.Mirror
+		*out = make([]gatewayapiv1beta1.HTTPRequestMirrorFilter, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
 	if in.CorsPolicy != nil {
 		in, out := &in.CorsPolicy, &out.CorsPolicy
 		*out = new(v1alpha3.CorsPolicy)
@@ -654,6 +673,22 @@ func (in *CustomMetadata) DeepCopy() *CustomMetadata {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *HTTPRewrite) DeepCopyInto(out *HTTPRewrite) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRewrite.
+func (in *HTTPRewrite) DeepCopy() *HTTPRewrite {
+	if in == nil {
+		return nil
+	}
+	out := new(HTTPRewrite)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *LocalObjectReference) DeepCopyInto(out *LocalObjectReference) {
 	*out = *in
@@ -752,6 +787,13 @@ func (in *MetricTemplateList) DeepCopyObject() runtime.Object {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *MetricTemplateModel) DeepCopyInto(out *MetricTemplateModel) {
 	*out = *in
+	if in.Variables != nil {
+		in, out := &in.Variables, &out.Variables
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
 	return
 }
 
@@ -826,6 +868,32 @@ func (in *MetricTemplateStatus) DeepCopy() *MetricTemplateStatus {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ScalerReplicas) DeepCopyInto(out *ScalerReplicas) {
+	*out = *in
+	if in.MinReplicas != nil {
+		in, out := &in.MinReplicas, &out.MinReplicas
+		*out = new(int32)
+		**out = **in
+	}
+	if in.MaxReplicas != nil {
+		in, out := &in.MaxReplicas, &out.MaxReplicas
+		*out = new(int32)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScalerReplicas.
+func (in *ScalerReplicas) DeepCopy() *ScalerReplicas {
+	if in == nil {
+		return nil
+	}
+	out := new(ScalerReplicas)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *SessionAffinity) DeepCopyInto(out *SessionAffinity) {
 	*out = *in

pkg/apis/gatewayapi/v1/doc.go

@@ -0,0 +1,6 @@
+// Package v1 contains API Schema definitions for the
+// gateway.networking.k8s.io API group.
+
+// +k8s:deepcopy-gen=package
+
+package v1

pkg/apis/gatewayapi/v1/object_reference_types.go

@@ -1,12 +1,9 @@
 /*
 Copyright 2020 The Kubernetes Authors.
-
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
-
     http://www.apache.org/licenses/LICENSE-2.0
-
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -14,7 +11,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package v1alpha2
+package v1
 
 // LocalObjectReference identifies an API object within the namespace of the
 // referrer.
@@ -25,8 +22,8 @@ package v1alpha2
 // be rejected by the implementation, with appropriate Conditions set
 // on the containing object.
 type LocalObjectReference struct {
-	// Group is the group of the referent. For example, "networking.k8s.io".
-	// When unspecified (empty string), core API group is inferred.
+	// Group is the group of the referent. For example, "gateway.networking.k8s.io".
+	// When unspecified or empty string, core API group is inferred.
 	Group Group `json:"group"`
 
 	// Kind is kind of the referent. For example "HTTPRoute" or "Service".
@@ -46,8 +43,8 @@ type LocalObjectReference struct {
 // be rejected by the implementation, with appropriate Conditions set
 // on the containing object.
 type SecretObjectReference struct {
-	// Group is the group of the referent. For example, "networking.k8s.io".
-	// When unspecified (empty string), core API group is inferred.
+	// Group is the group of the referent. For example, "gateway.networking.k8s.io".
+	// When unspecified or empty string, core API group is inferred.
 	//
 	// +optional
 	// +kubebuilder:default=""
@@ -65,9 +62,9 @@ type SecretObjectReference struct {
 	// Namespace is the namespace of the backend. When unspecified, the local
 	// namespace is inferred.
 	//
-	// Note that when a namespace is specified, a ReferencePolicy object
+	// Note that when a namespace is specified, a ReferenceGrant object
 	// is required in the referent namespace to allow that namespace's
-	// owner to accept the reference. See the ReferencePolicy documentation
+	// owner to accept the reference. See the ReferenceGrant documentation
 	// for details.
 	//
 	// Support: Core
@@ -80,9 +77,9 @@ type SecretObjectReference struct {
 // specific to BackendRef. It includes a few additional fields and features
 // than a regular ObjectReference.
 //
-// Note that when a namespace is specified, a ReferencePolicy object
+// Note that when a namespace is specified, a ReferenceGrant object
 // is required in the referent namespace to allow that namespace's
-// owner to accept the reference. See the ReferencePolicy documentation
+// owner to accept the reference. See the ReferenceGrant documentation
 // for details.
 //
 // The API object must be valid in the cluster; the Group and Kind must
@@ -92,14 +89,15 @@ type SecretObjectReference struct {
 // be rejected by the implementation, with appropriate Conditions set
 // on the containing object.
 type BackendObjectReference struct {
-	// Group is the group of the referent. For example, "networking.k8s.io".
-	// When unspecified (empty string), core API group is inferred.
+	// Group is the group of the referent. For example, "gateway.networking.k8s.io".
+	// When unspecified or empty string, core API group is inferred.
 	//
 	// +optional
 	// +kubebuilder:default=""
 	Group *Group `json:"group,omitempty"`
 
 	// Kind is kind of the referent. For example "HTTPRoute" or "Service".
+	// Defaults to "Service" when not specified.
 	//
 	// +optional
 	// +kubebuilder:default=Service
@@ -111,9 +109,9 @@ type BackendObjectReference struct {
 	// Namespace is the namespace of the backend. When unspecified, the local
 	// namespace is inferred.
 	//
-	// Note that when a namespace is specified, a ReferencePolicy object
+	// Note that when a namespace is specified, a ReferenceGrant object
 	// is required in the referent namespace to allow that namespace's
-	// owner to accept the reference. See the ReferencePolicy documentation
+	// owner to accept the reference. See the ReferenceGrant documentation
 	// for details.
 	//
 	// Support: Core
@@ -122,7 +120,8 @@ type BackendObjectReference struct {
 	Namespace *Namespace `json:"namespace,omitempty"`
 
 	// Port specifies the destination port number to use for this resource.
-	// Port is required when the referent is a Kubernetes Service.
+	// Port is required when the referent is a Kubernetes Service. In this
+	// case, the port number is the service port number, not the target port.
 	// For other resources, destination port might be derived from the referent
 	// resource or this field.
 	//

pkg/apis/gatewayapi/v1/register.go

@@ -1,4 +1,4 @@
-package v1alpha2
+package v1
 
 import (
 	"github.com/fluxcd/flagger/pkg/apis/gatewayapi"
@@ -9,7 +9,7 @@ import (
 
 // SchemeGroupVersion is the identifier for the API which includes
 // the name of the group and the version of the API
-var SchemeGroupVersion = schema.GroupVersion{Group: gatewayapi.GroupName, Version: "v1alpha2"}
+var SchemeGroupVersion = schema.GroupVersion{Group: gatewayapi.GroupName, Version: "v1"}
 
 // Resource takes an unqualified resource and returns a Group qualified GroupResource
 func Resource(resource string) schema.GroupResource {

pkg/apis/gatewayapi/v1/shared_types.go

@@ -0,0 +1,738 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// ParentReference identifies an API object (usually a Gateway) that can be considered
+// a parent of this resource (usually a route). There are two kinds of parent resources
+// with "Core" support:
+//
+// * Gateway (Gateway conformance profile)
+// * Service (Mesh conformance profile, experimental, ClusterIP Services only)
+//
+// This API may be extended in the future to support additional kinds of parent
+// resources.
+//
+// The API object must be valid in the cluster; the Group and Kind must
+// be registered in the cluster for this reference to be valid.
+type ParentReference struct {
+	// Group is the group of the referent.
+	// When unspecified, "gateway.networking.k8s.io" is inferred.
+	// To set the core API group (such as for a "Service" kind referent),
+	// Group must be explicitly set to "" (empty string).
+	//
+	// Support: Core
+	//
+	// +kubebuilder:default=gateway.networking.k8s.io
+	// +optional
+	Group *Group `json:"group,omitempty"`
+
+	// Kind is kind of the referent.
+	//
+	// There are two kinds of parent resources with "Core" support:
+	//
+	// * Gateway (Gateway conformance profile)
+	// * Service (Mesh conformance profile, experimental, ClusterIP Services only)
+	//
+	// Support for other resources is Implementation-Specific.
+	//
+	// +kubebuilder:default=Gateway
+	// +optional
+	Kind *Kind `json:"kind,omitempty"`
+
+	// Namespace is the namespace of the referent. When unspecified, this refers
+	// to the local namespace of the Route.
+	//
+	// Note that there are specific rules for ParentRefs which cross namespace
+	// boundaries. Cross-namespace references are only valid if they are explicitly
+	// allowed by something in the namespace they are referring to. For example:
+	// Gateway has the AllowedRoutes field, and ReferenceGrant provides a
+	// generic way to enable any other kind of cross-namespace reference.
+	//
+	// <gateway:experimental:description>
+	// ParentRefs from a Route to a Service in the same namespace are "producer"
+	// routes, which apply default routing rules to inbound connections from
+	// any namespace to the Service.
+	//
+	// ParentRefs from a Route to a Service in a different namespace are
+	// "consumer" routes, and these routing rules are only applied to outbound
+	// connections originating from the same namespace as the Route, for which
+	// the intended destination of the connections are a Service targeted as a
+	// ParentRef of the Route.
+	// </gateway:experimental:description>
+	//
+	// Support: Core
+	//
+	// +optional
+	Namespace *Namespace `json:"namespace,omitempty"`
+
+	// Name is the name of the referent.
+	//
+	// Support: Core
+	Name ObjectName `json:"name"`
+
+	// SectionName is the name of a section within the target resource. In the
+	// following resources, SectionName is interpreted as the following:
+	//
+	// * Gateway: Listener Name. When both Port (experimental) and SectionName
+	// are specified, the name and port of the selected listener must match
+	// both specified values.
+	// * Service: Port Name. When both Port (experimental) and SectionName
+	// are specified, the name and port of the selected listener must match
+	// both specified values. Note that attaching Routes to Services as Parents
+	// is part of experimental Mesh support and is not supported for any other
+	// purpose.
+	//
+	// Implementations MAY choose to support attaching Routes to other resources.
+	// If that is the case, they MUST clearly document how SectionName is
+	// interpreted.
+	//
+	// When unspecified (empty string), this will reference the entire resource.
+	// For the purpose of status, an attachment is considered successful if at
+	// least one section in the parent resource accepts it. For example, Gateway
+	// listeners can restrict which Routes can attach to them by Route kind,
+	// namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
+	// the referencing Route, the Route MUST be considered successfully
+	// attached. If no Gateway listeners accept attachment from this Route, the
+	// Route MUST be considered detached from the Gateway.
+	//
+	// Support: Core
+	//
+	// +optional
+	SectionName *SectionName `json:"sectionName,omitempty"`
+
+	// Port is the network port this Route targets. It can be interpreted
+	// differently based on the type of parent resource.
+	//
+	// When the parent resource is a Gateway, this targets all listeners
+	// listening on the specified port that also support this kind of Route(and
+	// select this Route). It's not recommended to set `Port` unless the
+	// networking behaviors specified in a Route must apply to a specific port
+	// as opposed to a listener(s) whose port(s) may be changed. When both Port
+	// and SectionName are specified, the name and port of the selected listener
+	// must match both specified values.
+	//
+	// <gateway:experimental:description>
+	// When the parent resource is a Service, this targets a specific port in the
+	// Service spec. When both Port (experimental) and SectionName are specified,
+	// the name and port of the selected port must match both specified values.
+	// </gateway:experimental:description>
+	//
+	// Implementations MAY choose to support other parent resources.
+	// Implementations supporting other types of parent resources MUST clearly
+	// document how/if Port is interpreted.
+	//
+	// For the purpose of status, an attachment is considered successful as
+	// long as the parent resource accepts it partially. For example, Gateway
+	// listeners can restrict which Routes can attach to them by Route kind,
+	// namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
+	// from the referencing Route, the Route MUST be considered successfully
+	// attached. If no Gateway listeners accept attachment from this Route,
+	// the Route MUST be considered detached from the Gateway.
+	//
+	// Support: Extended
+	//
+	// +optional
+	// <gateway:experimental>
+	Port *PortNumber `json:"port,omitempty"`
+}
+
+// CommonRouteSpec defines the common attributes that all Routes MUST include
+// within their spec.
+type CommonRouteSpec struct {
+	// ParentRefs references the resources (usually Gateways) that a Route wants
+	// to be attached to. Note that the referenced parent resource needs to
+	// allow this for the attachment to be complete. For Gateways, that means
+	// the Gateway needs to allow attachment from Routes of this kind and
+	// namespace. For Services, that means the Service must either be in the same
+	// namespace for a "producer" route, or the mesh implementation must support
+	// and allow "consumer" routes for the referenced Service. ReferenceGrant is
+	// not applicable for governing ParentRefs to Services - it is not possible to
+	// create a "producer" route for a Service in a different namespace from the
+	// Route.
+	//
+	// There are two kinds of parent resources with "Core" support:
+	//
+	// * Gateway (Gateway conformance profile)
+	// <gateway:experimental:description>
+	// * Service (Mesh conformance profile, experimental, ClusterIP Services only)
+	// </gateway:experimental:description>
+	// This API may be extended in the future to support additional kinds of parent
+	// resources.
+	//
+	// ParentRefs must be _distinct_. This means either that:
+	//
+	// * They select different objects.  If this is the case, then parentRef
+	//   entries are distinct. In terms of fields, this means that the
+	//   multi-part key defined by `group`, `kind`, `namespace`, and `name` must
+	//   be unique across all parentRef entries in the Route.
+	// * They do not select different objects, but for each optional field used,
+	//   each ParentRef that selects the same object must set the same set of
+	//   optional fields to different values. If one ParentRef sets a
+	//   combination of optional fields, all must set the same combination.
+	//
+	// Some examples:
+	//
+	// * If one ParentRef sets `sectionName`, all ParentRefs referencing the
+	//   same object must also set `sectionName`.
+	// * If one ParentRef sets `port`, all ParentRefs referencing the same
+	//   object must also set `port`.
+	// * If one ParentRef sets `sectionName` and `port`, all ParentRefs
+	//   referencing the same object must also set `sectionName` and `port`.
+	//
+	// It is possible to separately reference multiple distinct objects that may
+	// be collapsed by an implementation. For example, some implementations may
+	// choose to merge compatible Gateway Listeners together. If that is the
+	// case, the list of routes attached to those resources should also be
+	// merged.
+	//
+	// Note that for ParentRefs that cross namespace boundaries, there are specific
+	// rules. Cross-namespace references are only valid if they are explicitly
+	// allowed by something in the namespace they are referring to. For example,
+	// Gateway has the AllowedRoutes field, and ReferenceGrant provides a
+	// generic way to enable other kinds of cross-namespace reference.
+	//
+	// <gateway:experimental:description>
+	// ParentRefs from a Route to a Service in the same namespace are "producer"
+	// routes, which apply default routing rules to inbound connections from
+	// any namespace to the Service.
+	//
+	// ParentRefs from a Route to a Service in a different namespace are
+	// "consumer" routes, and these routing rules are only applied to outbound
+	// connections originating from the same namespace as the Route, for which
+	// the intended destination of the connections are a Service targeted as a
+	// ParentRef of the Route.
+	// </gateway:experimental:description>
+	//
+	// +optional
+	// +kubebuilder:validation:MaxItems=32
+	// <gateway:standard:validation:XValidation:message="sectionName must be specified when parentRefs includes 2 or more references to the same parent",rule="self.all(p1, self.all(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__ )) ? ((!has(p1.sectionName) || p1.sectionName == '') == (!has(p2.sectionName) || p2.sectionName == '')) : true))">
+	// <gateway:standard:validation:XValidation:message="sectionName must be unique when parentRefs includes 2 or more references to the same parent",rule="self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName == '')) || (has(p1.sectionName) && has(p2.sectionName) && p1.sectionName == p2.sectionName))))">
+	// <gateway:experimental:validation:XValidation:message="sectionName or port must be specified when parentRefs includes 2 or more references to the same parent",rule="self.all(p1, self.all(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__)) ? ((!has(p1.sectionName) || p1.sectionName == '') == (!has(p2.sectionName) || p2.sectionName == '') && (!has(p1.port) || p1.port == 0) == (!has(p2.port) || p2.port == 0)): true))">
+	// <gateway:experimental:validation:XValidation:message="sectionName or port must be unique when parentRefs includes 2 or more references to the same parent",rule="self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName == '')) || ( has(p1.sectionName) && has(p2.sectionName) && p1.sectionName == p2.sectionName)) && (((!has(p1.port) || p1.port == 0) && (!has(p2.port) || p2.port == 0)) || (has(p1.port) && has(p2.port) && p1.port == p2.port))))">
+	ParentRefs []ParentReference `json:"parentRefs,omitempty"`
+}
+
+// PortNumber defines a network port.
+//
+// +kubebuilder:validation:Minimum=1
+// +kubebuilder:validation:Maximum=65535
+type PortNumber int32
+
+// BackendRef defines how a Route should forward a request to a Kubernetes
+// resource.
+//
+// Note that when a namespace different than the local namespace is specified, a
+// ReferenceGrant object is required in the referent namespace to allow that
+// namespace's owner to accept the reference. See the ReferenceGrant
+// documentation for details.
+//
+// <gateway:experimental:description>
+//
+// When the BackendRef points to a Kubernetes Service, implementations SHOULD
+// honor the appProtocol field if it is set for the target Service Port.
+//
+// Implementations supporting appProtocol SHOULD recognize the Kubernetes
+// Standard Application Protocols defined in KEP-3726.
+//
+// If a Service appProtocol isn't specified, an implementation MAY infer the
+// backend protocol through its own means. Implementations MAY infer the
+// protocol from the Route type referring to the backend Service.
+//
+// If a Route is not able to send traffic to the backend using the specified
+// protocol then the backend is considered invalid. Implementations MUST set the
+// "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason.
+//
+// </gateway:experimental:description>
+//
+// Note that when the BackendTLSPolicy object is enabled by the implementation,
+// there are some extra rules about validity to consider here. See the fields
+// where this struct is used for more information about the exact behavior.
+type BackendRef struct {
+	// BackendObjectReference references a Kubernetes object.
+	BackendObjectReference `json:",inline"`
+
+	// Weight specifies the proportion of requests forwarded to the referenced
+	// backend. This is computed as weight/(sum of all weights in this
+	// BackendRefs list). For non-zero values, there may be some epsilon from
+	// the exact proportion defined here depending on the precision an
+	// implementation supports. Weight is not a percentage and the sum of
+	// weights does not need to equal 100.
+	//
+	// If only one backend is specified and it has a weight greater than 0, 100%
+	// of the traffic is forwarded to that backend. If weight is set to 0, no
+	// traffic should be forwarded for this entry. If unspecified, weight
+	// defaults to 1.
+	//
+	// Support for this field varies based on the context where used.
+	//
+	// +optional
+	// +kubebuilder:default=1
+	// +kubebuilder:validation:Minimum=0
+	// +kubebuilder:validation:Maximum=1000000
+	Weight *int32 `json:"weight,omitempty"`
+}
+
+// RouteConditionType is a type of condition for a route.
+type RouteConditionType string
+
+// RouteConditionReason is a reason for a route condition.
+type RouteConditionReason string
+
+const (
+	// This condition indicates whether the route has been accepted or rejected
+	// by a Gateway, and why.
+	//
+	// Possible reasons for this condition to be True are:
+	//
+	// * "Accepted"
+	//
+	// Possible reasons for this condition to be False are:
+	//
+	// * "NotAllowedByListeners"
+	// * "NoMatchingListenerHostname"
+	// * "NoMatchingParent"
+	// * "UnsupportedValue"
+	//
+	// Possible reasons for this condition to be Unknown are:
+	//
+	// * "Pending"
+	//
+	// Controllers may raise this condition with other reasons,
+	// but should prefer to use the reasons listed above to improve
+	// interoperability.
+	RouteConditionAccepted RouteConditionType = "Accepted"
+
+	// This reason is used with the "Accepted" condition when the Route has been
+	// accepted by the Gateway.
+	RouteReasonAccepted RouteConditionReason = "Accepted"
+
+	// This reason is used with the "Accepted" condition when the route has not
+	// been accepted by a Gateway because the Gateway has no Listener whose
+	// allowedRoutes criteria permit the route
+	RouteReasonNotAllowedByListeners RouteConditionReason = "NotAllowedByListeners"
+
+	// This reason is used with the "Accepted" condition when the Gateway has no
+	// compatible Listeners whose Hostname matches the route
+	RouteReasonNoMatchingListenerHostname RouteConditionReason = "NoMatchingListenerHostname"
+
+	// This reason is used with the "Accepted" condition when there are
+	// no matching Parents. In the case of Gateways, this can occur when
+	// a Route ParentRef specifies a Port and/or SectionName that does not
+	// match any Listeners in the Gateway.
+	RouteReasonNoMatchingParent RouteConditionReason = "NoMatchingParent"
+
+	// This reason is used with the "Accepted" condition when a value for an Enum
+	// is not recognized.
+	RouteReasonUnsupportedValue RouteConditionReason = "UnsupportedValue"
+
+	// This reason is used with the "Accepted" when a controller has not yet
+	// reconciled the route.
+	RouteReasonPending RouteConditionReason = "Pending"
+
+	// This reason is used with the "Accepted" condition when there
+	// are incompatible filters present on a route rule (for example if
+	// the URLRewrite and RequestRedirect are both present on an HTTPRoute).
+	RouteReasonIncompatibleFilters RouteConditionReason = "IncompatibleFilters"
+)
+
+const (
+	// This condition indicates whether the controller was able to resolve all
+	// the object references for the Route.
+	//
+	// Possible reasons for this condition to be True are:
+	//
+	// * "ResolvedRefs"
+	//
+	// Possible reasons for this condition to be False are:
+	//
+	// * "RefNotPermitted"
+	// * "InvalidKind"
+	// * "BackendNotFound"
+	// * "UnsupportedProtocol"
+	//
+	// Controllers may raise this condition with other reasons,
+	// but should prefer to use the reasons listed above to improve
+	// interoperability.
+	RouteConditionResolvedRefs RouteConditionType = "ResolvedRefs"
+
+	// This reason is used with the "ResolvedRefs" condition when the condition
+	// is true.
+	RouteReasonResolvedRefs RouteConditionReason = "ResolvedRefs"
+
+	// This reason is used with the "ResolvedRefs" condition when
+	// one of the Listener's Routes has a BackendRef to an object in
+	// another namespace, where the object in the other namespace does
+	// not have a ReferenceGrant explicitly allowing the reference.
+	RouteReasonRefNotPermitted RouteConditionReason = "RefNotPermitted"
+
+	// This reason is used with the "ResolvedRefs" condition when
+	// one of the Route's rules has a reference to an unknown or unsupported
+	// Group and/or Kind.
+	RouteReasonInvalidKind RouteConditionReason = "InvalidKind"
+
+	// This reason is used with the "ResolvedRefs" condition when one of the
+	// Route's rules has a reference to a resource that does not exist.
+	RouteReasonBackendNotFound RouteConditionReason = "BackendNotFound"
+
+	// This reason is used with the "ResolvedRefs" condition when one of the
+	// Route's rules has a reference to a resource with an app protocol that
+	// is not supported by this implementation.
+	RouteReasonUnsupportedProtocol RouteConditionReason = "UnsupportedProtocol"
+)
+
+const (
+	// This condition indicates that the Route contains a combination of both
+	// valid and invalid rules.
+	//
+	// When this happens, implementations MUST take one of the following
+	// approaches:
+	//
+	// 1) Drop Rule(s): With this approach, implementations will drop the
+	//    invalid Route Rule(s) until they are fully valid again. The message
+	//    for this condition MUST start with the prefix "Dropped Rule" and
+	//    include information about which Rules have been dropped. In this
+	//    state, the "Accepted" condition MUST be set to "True" with the latest
+	//    generation of the resource.
+	// 2) Fall Back: With this approach, implementations will fall back to the
+	//    last known good state of the entire Route. The message for this
+	//    condition MUST start with the prefix "Fall Back" and include
+	//    information about why the current Rule(s) are invalid. To represent
+	//    this, the "Accepted" condition MUST be set to "True" with the
+	//    generation of the last known good state of the resource.
+	//
+	// Reverting to the last known good state should only be done by
+	// implementations that have a means of restoring that state if/when they
+	// are restarted.
+	//
+	// This condition MUST NOT be set if a Route is fully valid, fully invalid,
+	// or not accepted. By extension, that means that this condition MUST only
+	// be set when it is "True".
+	//
+	// Possible reasons for this condition to be True are:
+	//
+	// * "UnsupportedValue"
+	//
+	// Controllers may raise this condition with other reasons, but should
+	// prefer to use the reasons listed above to improve interoperability.
+	RouteConditionPartiallyInvalid RouteConditionType = "PartiallyInvalid"
+)
+
+// RouteParentStatus describes the status of a route with respect to an
+// associated Parent.
+type RouteParentStatus struct {
+	// ParentRef corresponds with a ParentRef in the spec that this
+	// RouteParentStatus struct describes the status of.
+	ParentRef ParentReference `json:"parentRef"`
+
+	// ControllerName is a domain/path string that indicates the name of the
+	// controller that wrote this status. This corresponds with the
+	// controllerName field on GatewayClass.
+	//
+	// Example: "example.net/gateway-controller".
+	//
+	// The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are
+	// valid Kubernetes names
+	// (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
+	//
+	// Controllers MUST populate this field when writing status. Controllers should ensure that
+	// entries to status populated with their ControllerName are cleaned up when they are no
+	// longer necessary.
+	ControllerName GatewayController `json:"controllerName"`
+
+	// Conditions describes the status of the route with respect to the Gateway.
+	// Note that the route's availability is also subject to the Gateway's own
+	// status conditions and listener status.
+	//
+	// If the Route's ParentRef specifies an existing Gateway that supports
+	// Routes of this kind AND that Gateway's controller has sufficient access,
+	// then that Gateway's controller MUST set the "Accepted" condition on the
+	// Route, to indicate whether the route has been accepted or rejected by the
+	// Gateway, and why.
+	//
+	// A Route MUST be considered "Accepted" if at least one of the Route's
+	// rules is implemented by the Gateway.
+	//
+	// There are a number of cases where the "Accepted" condition may not be set
+	// due to lack of controller visibility, that includes when:
+	//
+	// * The Route refers to a non-existent parent.
+	// * The Route is of a type that the controller does not support.
+	// * The Route is in a namespace the controller does not have access to.
+	//
+	// +listType=map
+	// +listMapKey=type
+	// +kubebuilder:validation:MinItems=1
+	// +kubebuilder:validation:MaxItems=8
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+}
+
+// RouteStatus defines the common attributes that all Routes MUST include within
+// their status.
+type RouteStatus struct {
+	// Parents is a list of parent resources (usually Gateways) that are
+	// associated with the route, and the status of the route with respect to
+	// each parent. When this route attaches to a parent, the controller that
+	// manages the parent must add an entry to this list when the controller
+	// first sees the route and should update the entry as appropriate when the
+	// route or gateway is modified.
+	//
+	// Note that parent references that cannot be resolved by an implementation
+	// of this API will not be added to this list. Implementations of this API
+	// can only populate Route status for the Gateways/parent resources they are
+	// responsible for.
+	//
+	// A maximum of 32 Gateways will be represented in this list. An empty list
+	// means the route has not been attached to any Gateway.
+	//
+	// +kubebuilder:validation:MaxItems=32
+	Parents []RouteParentStatus `json:"parents"`
+}
+
+// Hostname is the fully qualified domain name of a network host. This matches
+// the RFC 1123 definition of a hostname with 2 notable exceptions:
+//
+//  1. IPs are not allowed.
+//  2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard
+//     label must appear by itself as the first label.
+//
+// Hostname can be "precise" which is a domain name without the terminating
+// dot of a network host (e.g. "foo.example.com") or "wildcard", which is a
+// domain name prefixed with a single wildcard label (e.g. `*.example.com`).
+//
+// Note that as per RFC1035 and RFC1123, a *label* must consist of lower case
+// alphanumeric characters or '-', and must start and end with an alphanumeric
+// character. No other punctuation is allowed.
+//
+// +kubebuilder:validation:MinLength=1
+// +kubebuilder:validation:MaxLength=253
+// +kubebuilder:validation:Pattern=`^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
+type Hostname string
+
+// PreciseHostname is the fully qualified domain name of a network host. This
+// matches the RFC 1123 definition of a hostname with 1 notable exception that
+// numeric IP addresses are not allowed.
+//
+// Note that as per RFC1035 and RFC1123, a *label* must consist of lower case
+// alphanumeric characters or '-', and must start and end with an alphanumeric
+// character. No other punctuation is allowed.
+//
+// +kubebuilder:validation:MinLength=1
+// +kubebuilder:validation:MaxLength=253
+// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
+type PreciseHostname string
+
+// Group refers to a Kubernetes Group. It must either be an empty string or a
+// RFC 1123 subdomain.
+//
+// This validation is based off of the corresponding Kubernetes validation:
+// https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L208
+//
+// Valid values include:
+//
+// * "" - empty string implies core Kubernetes API group
+// * "gateway.networking.k8s.io"
+// * "foo.example.com"
+//
+// Invalid values include:
+//
+// * "example.com/bar" - "/" is an invalid character
+//
+// +kubebuilder:validation:MaxLength=253
+// +kubebuilder:validation:Pattern=`^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
+type Group string
+
+// Kind refers to a Kubernetes Kind.
+//
+// Valid values include:
+//
+// * "Service"
+// * "HTTPRoute"
+//
+// Invalid values include:
+//
+// * "invalid/kind" - "/" is an invalid character
+//
+// +kubebuilder:validation:MinLength=1
+// +kubebuilder:validation:MaxLength=63
+// +kubebuilder:validation:Pattern=`^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$`
+type Kind string
+
+// ObjectName refers to the name of a Kubernetes object.
+// Object names can have a variety of forms, including RFC1123 subdomains,
+// RFC 1123 labels, or RFC 1035 labels.
+//
+// +kubebuilder:validation:MinLength=1
+// +kubebuilder:validation:MaxLength=253
+type ObjectName string
+
+// Namespace refers to a Kubernetes namespace. It must be a RFC 1123 label.
+//
+// This validation is based off of the corresponding Kubernetes validation:
+// https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L187
+//
+// This is used for Namespace name validation here:
+// https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/api/validation/generic.go#L63
+//
+// Valid values include:
+//
+// * "example"
+//
+// Invalid values include:
+//
+// * "example.com" - "." is an invalid character
+//
+// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?$`
+// +kubebuilder:validation:MinLength=1
+// +kubebuilder:validation:MaxLength=63
+type Namespace string
+
+// SectionName is the name of a section in a Kubernetes resource.
+//
+// This validation is based off of the corresponding Kubernetes validation:
+// https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L208
+//
+// Valid values include:
+//
+// * "example.com"
+// * "foo.example.com"
+//
+// Invalid values include:
+//
+// * "example.com/bar" - "/" is an invalid character
+//
+// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
+// +kubebuilder:validation:MinLength=1
+// +kubebuilder:validation:MaxLength=253
+type SectionName string
+
+// GatewayController is the name of a Gateway API controller. It must be a
+// domain prefixed path.
+//
+// Valid values include:
+//
+// * "example.com/bar"
+//
+// Invalid values include:
+//
+// * "example.com" - must include path
+// * "foo.example.com" - must include path
+//
+// +kubebuilder:validation:MinLength=1
+// +kubebuilder:validation:MaxLength=253
+// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$`
+type GatewayController string
+
+// AnnotationKey is the key of an annotation in Gateway API. This is used for
+// validation of maps such as TLS options. This matches the Kubernetes
+// "qualified name" validation that is used for annotations and other common
+// values.
+//
+// Valid values include:
+//
+// * example
+// * example.com
+// * example.com/path
+// * example.com/path.html
+//
+// Invalid values include:
+//
+// * example~ - "~" is an invalid character
+// * example.com. - can not start or end with "."
+//
+// +kubebuilder:validation:MinLength=1
+// +kubebuilder:validation:MaxLength=253
+// +kubebuilder:validation:Pattern=`^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]/?)*$`
+type AnnotationKey string
+
+// AnnotationValue is the value of an annotation in Gateway API. This is used
+// for validation of maps such as TLS options. This roughly matches Kubernetes
+// annotation validation, although the length validation in that case is based
+// on the entire size of the annotations struct.
+//
+// +kubebuilder:validation:MinLength=0
+// +kubebuilder:validation:MaxLength=4096
+type AnnotationValue string
+
+// AddressType defines how a network address is represented as a text string.
+// This may take two possible forms:
+//
+// * A predefined CamelCase string identifier (currently limited to `IPAddress` or `Hostname`)
+// * A domain-prefixed string identifier (like `acme.io/CustomAddressType`)
+//
+// Values `IPAddress` and `Hostname` have Extended support.
+//
+// The `NamedAddress` value has been deprecated in favor of implementation
+// specific domain-prefixed strings.
+//
+// All other values, including domain-prefixed values have Implementation-specific support,
+// which are used in implementation-specific behaviors. Support for additional
+// predefined CamelCase identifiers may be added in future releases.
+//
+// +kubebuilder:validation:MinLength=1
+// +kubebuilder:validation:MaxLength=253
+// +kubebuilder:validation:Pattern=`^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$`
+type AddressType string
+
+// HeaderName is the name of a header or query parameter.
+//
+// +kubebuilder:validation:MinLength=1
+// +kubebuilder:validation:MaxLength=256
+// +kubebuilder:validation:Pattern=`^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$`
+// +k8s:deepcopy-gen=false
+type HeaderName string
+
+// Duration is a string value representing a duration in time. The format is as specified
+// in GEP-2257, a strict subset of the syntax parsed by Golang time.ParseDuration.
+//
+// +kubebuilder:validation:Pattern=`^([0-9]{1,5}(h|m|s|ms)){1,4}$`
+type Duration string
+
+const (
+	// A textual representation of a numeric IP address. IPv4
+	// addresses must be in dotted-decimal form. IPv6 addresses
+	// must be in a standard IPv6 text representation
+	// (see [RFC 5952](https://tools.ietf.org/html/rfc5952)).
+	//
+	// This type is intended for specific addresses. Address ranges are not
+	// supported (e.g. you can not use a CIDR range like 127.0.0.0/24 as an
+	// IPAddress).
+	//
+	// Support: Extended
+	IPAddressType AddressType = "IPAddress"
+
+	// A Hostname represents a DNS based ingress point. This is similar to the
+	// corresponding hostname field in Kubernetes load balancer status. For
+	// example, this concept may be used for cloud load balancers where a DNS
+	// name is used to expose a load balancer.
+	//
+	// Support: Extended
+	HostnameAddressType AddressType = "Hostname"
+
+	// A NamedAddress provides a way to reference a specific IP address by name.
+	// For example, this may be a name or other unique identifier that refers
+	// to a resource on a cloud provider such as a static IP.
+	//
+	// The `NamedAddress` type has been deprecated in favor of implementation
+	// specific domain-prefixed strings.
+	//
+	// Support: Implementation-specific
+	NamedAddressType AddressType = "NamedAddress"
+)

pkg/apis/gatewayapi/v1/zz_generated.deepcopy.go

@@ -19,64 +19,13 @@ limitations under the License.
 
 // Code generated by deepcopy-gen. DO NOT EDIT.
 
-package v1alpha2
+package v1
 
 import (
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *AddressMatch) DeepCopyInto(out *AddressMatch) {
-	*out = *in
-	if in.Type != nil {
-		in, out := &in.Type, &out.Type
-		*out = new(AddressType)
-		**out = **in
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AddressMatch.
-func (in *AddressMatch) DeepCopy() *AddressMatch {
-	if in == nil {
-		return nil
-	}
-	out := new(AddressMatch)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *AddressRouteMatches) DeepCopyInto(out *AddressRouteMatches) {
-	*out = *in
-	if in.SourceAddresses != nil {
-		in, out := &in.SourceAddresses, &out.SourceAddresses
-		*out = make([]AddressMatch, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-	if in.DestinationAddresses != nil {
-		in, out := &in.DestinationAddresses, &out.DestinationAddresses
-		*out = make([]AddressMatch, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AddressRouteMatches.
-func (in *AddressRouteMatches) DeepCopy() *AddressRouteMatches {
-	if in == nil {
-		return nil
-	}
-	out := new(AddressRouteMatches)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *BackendObjectReference) DeepCopyInto(out *BackendObjectReference) {
 	*out = *in
@@ -198,6 +147,37 @@ func (in *HTTPHeader) DeepCopy() *HTTPHeader {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *HTTPHeaderFilter) DeepCopyInto(out *HTTPHeaderFilter) {
+	*out = *in
+	if in.Set != nil {
+		in, out := &in.Set, &out.Set
+		*out = make([]HTTPHeader, len(*in))
+		copy(*out, *in)
+	}
+	if in.Add != nil {
+		in, out := &in.Add, &out.Add
+		*out = make([]HTTPHeader, len(*in))
+		copy(*out, *in)
+	}
+	if in.Remove != nil {
+		in, out := &in.Remove, &out.Remove
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHeaderFilter.
+func (in *HTTPHeaderFilter) DeepCopy() *HTTPHeaderFilter {
+	if in == nil {
+		return nil
+	}
+	out := new(HTTPHeaderFilter)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *HTTPHeaderMatch) DeepCopyInto(out *HTTPHeaderMatch) {
 	*out = *in
@@ -248,6 +228,16 @@ func (in *HTTPPathMatch) DeepCopy() *HTTPPathMatch {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *HTTPPathModifier) DeepCopyInto(out *HTTPPathModifier) {
 	*out = *in
+	if in.ReplaceFullPath != nil {
+		in, out := &in.ReplaceFullPath, &out.ReplaceFullPath
+		*out = new(string)
+		**out = **in
+	}
+	if in.ReplacePrefixMatch != nil {
+		in, out := &in.ReplacePrefixMatch, &out.ReplacePrefixMatch
+		*out = new(string)
+		**out = **in
+	}
 	return
 }
 
@@ -282,37 +272,6 @@ func (in *HTTPQueryParamMatch) DeepCopy() *HTTPQueryParamMatch {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *HTTPRequestHeaderFilter) DeepCopyInto(out *HTTPRequestHeaderFilter) {
-	*out = *in
-	if in.Set != nil {
-		in, out := &in.Set, &out.Set
-		*out = make([]HTTPHeader, len(*in))
-		copy(*out, *in)
-	}
-	if in.Add != nil {
-		in, out := &in.Add, &out.Add
-		*out = make([]HTTPHeader, len(*in))
-		copy(*out, *in)
-	}
-	if in.Remove != nil {
-		in, out := &in.Remove, &out.Remove
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRequestHeaderFilter.
-func (in *HTTPRequestHeaderFilter) DeepCopy() *HTTPRequestHeaderFilter {
-	if in == nil {
-		return nil
-	}
-	out := new(HTTPRequestHeaderFilter)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *HTTPRequestMirrorFilter) DeepCopyInto(out *HTTPRequestMirrorFilter) {
 	*out = *in
@@ -346,7 +305,7 @@ func (in *HTTPRequestRedirectFilter) DeepCopyInto(out *HTTPRequestRedirectFilter
 	if in.Path != nil {
 		in, out := &in.Path, &out.Path
 		*out = new(HTTPPathModifier)
-		**out = **in
+		(*in).DeepCopyInto(*out)
 	}
 	if in.Port != nil {
 		in, out := &in.Port, &out.Port
@@ -377,6 +336,7 @@ func (in *HTTPRoute) DeepCopyInto(out *HTTPRoute) {
 	out.TypeMeta = in.TypeMeta
 	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
 	in.Spec.DeepCopyInto(&out.Spec)
+	in.Status.DeepCopyInto(&out.Status)
 	return
 }
 
@@ -403,7 +363,12 @@ func (in *HTTPRouteFilter) DeepCopyInto(out *HTTPRouteFilter) {
 	*out = *in
 	if in.RequestHeaderModifier != nil {
 		in, out := &in.RequestHeaderModifier, &out.RequestHeaderModifier
-		*out = new(HTTPRequestHeaderFilter)
+		*out = new(HTTPHeaderFilter)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.ResponseHeaderModifier != nil {
+		in, out := &in.ResponseHeaderModifier, &out.ResponseHeaderModifier
+		*out = new(HTTPHeaderFilter)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.RequestMirror != nil {
@@ -536,6 +501,11 @@ func (in *HTTPRouteRule) DeepCopyInto(out *HTTPRouteRule) {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
+	if in.Timeouts != nil {
+		in, out := &in.Timeouts, &out.Timeouts
+		*out = new(HTTPRouteTimeouts)
+		(*in).DeepCopyInto(*out)
+	}
 	return
 }
 
@@ -595,18 +565,44 @@ func (in *HTTPRouteStatus) DeepCopy() *HTTPRouteStatus {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *HTTPRouteTimeouts) DeepCopyInto(out *HTTPRouteTimeouts) {
+	*out = *in
+	if in.Request != nil {
+		in, out := &in.Request, &out.Request
+		*out = new(Duration)
+		**out = **in
+	}
+	if in.BackendRequest != nil {
+		in, out := &in.BackendRequest, &out.BackendRequest
+		*out = new(Duration)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteTimeouts.
+func (in *HTTPRouteTimeouts) DeepCopy() *HTTPRouteTimeouts {
+	if in == nil {
+		return nil
+	}
+	out := new(HTTPRouteTimeouts)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *HTTPURLRewriteFilter) DeepCopyInto(out *HTTPURLRewriteFilter) {
 	*out = *in
 	if in.Hostname != nil {
 		in, out := &in.Hostname, &out.Hostname
-		*out = new(Hostname)
+		*out = new(PreciseHostname)
 		**out = **in
 	}
 	if in.Path != nil {
 		in, out := &in.Path, &out.Path
 		*out = new(HTTPPathModifier)
-		**out = **in
+		(*in).DeepCopyInto(*out)
 	}
 	return
 }
@@ -660,6 +656,11 @@ func (in *ParentReference) DeepCopyInto(out *ParentReference) {
 		*out = new(SectionName)
 		**out = **in
 	}
+	if in.Port != nil {
+		in, out := &in.Port, &out.Port
+		*out = new(PortNumber)
+		**out = **in
+	}
 	return
 }
 
@@ -679,7 +680,7 @@ func (in *RouteParentStatus) DeepCopyInto(out *RouteParentStatus) {
 	in.ParentRef.DeepCopyInto(&out.ParentRef)
 	if in.Conditions != nil {
 		in, out := &in.Conditions, &out.Conditions
-		*out = make([]v1.Condition, len(*in))
+		*out = make([]metav1.Condition, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}

pkg/apis/gatewayapi/v1alpha2/doc.go

@@ -1,6 +0,0 @@
-// +k8s:deepcopy-gen=package
-
-// Package v1alpha2 contains API Schema definitions for the
-// gateway.networking.k8s.io API group.
-
-package v1alpha2

pkg/apis/gatewayapi/v1alpha2/httproute_types.go

@@ -1,881 +0,0 @@
-/*
-Copyright 2020 The Kubernetes Authors.
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-    http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v1alpha2
-
-import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-// +genclient
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +kubebuilder:resource:categories=gateway-api
-// +kubebuilder:subresource:status
-// +kubebuilder:storageversion
-// +kubebuilder:printcolumn:name="Hostnames",type=string,JSONPath=`.spec.hostnames`
-// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
-
-// HTTPRoute provides a way to route HTTP requests. This includes the capability
-// to match requests by hostname, path, header, or query param. Filters can be
-// used to specify additional processing steps. Backends specify where matching
-// requests should be routed.
-type HTTPRoute struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	// Spec defines the desired state of HTTPRoute.
-	Spec HTTPRouteSpec `json:"spec"`
-}
-
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// HTTPRouteList contains a list of HTTPRoute.
-type HTTPRouteList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata,omitempty"`
-	Items           []HTTPRoute `json:"items"`
-}
-
-// HTTPRouteSpec defines the desired state of HTTPRoute
-type HTTPRouteSpec struct {
-	CommonRouteSpec `json:",inline"`
-
-	// Hostnames defines a set of hostname that should match against the HTTP
-	// Host header to select a HTTPRoute to process the request. This matches
-	// the RFC 1123 definition of a hostname with 2 notable exceptions:
-	//
-	// 1. IPs are not allowed.
-	// 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard
-	//    label must appear by itself as the first label.
-	//
-	// If a hostname is specified by both the Listener and HTTPRoute, there
-	// must be at least one intersecting hostname for the HTTPRoute to be
-	// attached to the Listener. For example:
-	//
-	// * A Listener with `test.example.com` as the hostname matches HTTPRoutes
-	//   that have either not specified any hostnames, or have specified at
-	//   least one of `test.example.com` or `*.example.com`.
-	// * A Listener with `*.example.com` as the hostname matches HTTPRoutes
-	//   that have either not specified any hostnames or have specified at least
-	//   one hostname that matches the Listener hostname. For example,
-	//   `test.example.com` and `*.example.com` would both match. On the other
-	//   hand, `example.com` and `test.example.net` would not match.
-	//
-	// If both the Listener and HTTPRoute have specified hostnames, any
-	// HTTPRoute hostnames that do not match the Listener hostname MUST be
-	// ignored. For example, if a Listener specified `*.example.com`, and the
-	// HTTPRoute specified `test.example.com` and `test.example.net`,
-	// `test.example.net` must not be considered for a match.
-	//
-	// If both the Listener and HTTPRoute have specified hostnames, and none
-	// match with the criteria above, then the HTTPRoute is not accepted. The
-	// implementation must raise an 'Accepted' Condition with a status of
-	// `False` in the corresponding RouteParentStatus.
-	//
-	// Support: Core
-	//
-	// +optional
-	// +kubebuilder:validation:MaxItems=16
-	Hostnames []Hostname `json:"hostnames,omitempty"`
-
-	// Rules are a list of HTTP matchers, filters and actions.
-	//
-	// +optional
-	// +kubebuilder:validation:MaxItems=16
-	// +kubebuilder:default={{matches: {{path: {type: "PathPrefix", value: "/"}}}}}
-	Rules []HTTPRouteRule `json:"rules,omitempty"`
-}
-
-// HTTPRouteRule defines semantics for matching an HTTP request based on
-// conditions (matches), processing it (filters), and forwarding the request to
-// an API object (backendRefs).
-type HTTPRouteRule struct {
-	// Matches define conditions used for matching the rule against incoming
-	// HTTP requests. Each match is independent, i.e. this rule will be matched
-	// if **any** one of the matches is satisfied.
-	//
-	// For example, take the following matches configuration:
-	//
-	// ```
-	// matches:
-	// - path:
-	//     value: "/foo"
-	//   headers:
-	//   - name: "version"
-	//     value: "v2"
-	// - path:
-	//     value: "/v2/foo"
-	// ```
-	//
-	// For a request to match against this rule, a request must satisfy
-	// EITHER of the two conditions:
-	//
-	// - path prefixed with `/foo` AND contains the header `version: v2`
-	// - path prefix of `/v2/foo`
-	//
-	// See the documentation for HTTPRouteMatch on how to specify multiple
-	// match conditions that should be ANDed together.
-	//
-	// If no matches are specified, the default is a prefix
-	// path match on "/", which has the effect of matching every
-	// HTTP request.
-	//
-	// Proxy or Load Balancer routing configuration generated from HTTPRoutes
-	// MUST prioritize rules based on the following criteria, continuing on
-	// ties. Precedence must be given to the the Rule with the largest number
-	// of:
-	//
-	// * Characters in a matching non-wildcard hostname.
-	// * Characters in a matching hostname.
-	// * Characters in a matching path.
-	// * Header matches.
-	// * Query param matches.
-	//
-	// If ties still exist across multiple Routes, matching precedence MUST be
-	// determined in order of the following criteria, continuing on ties:
-	//
-	// * The oldest Route based on creation timestamp.
-	// * The Route appearing first in alphabetical order by
-	//   "{namespace}/{name}".
-	//
-	// If ties still exist within the Route that has been given precedence,
-	// matching precedence MUST be granted to the first matching rule meeting
-	// the above criteria.
-	//
-	// +optional
-	// +kubebuilder:validation:MaxItems=8
-	// +kubebuilder:default={{path:{ type: "PathPrefix", value: "/"}}}
-	Matches []HTTPRouteMatch `json:"matches,omitempty"`
-
-	// Filters define the filters that are applied to requests that match
-	// this rule.
-	//
-	// The effects of ordering of multiple behaviors are currently unspecified.
-	// This can change in the future based on feedback during the alpha stage.
-	//
-	// Conformance-levels at this level are defined based on the type of filter:
-	//
-	// - ALL core filters MUST be supported by all implementations.
-	// - Implementers are encouraged to support extended filters.
-	// - Implementation-specific custom filters have no API guarantees across
-	//   implementations.
-	//
-	// Specifying a core filter multiple times has unspecified or custom
-	// conformance.
-	//
-	// Support: Core
-	//
-	// +optional
-	// +kubebuilder:validation:MaxItems=16
-	Filters []HTTPRouteFilter `json:"filters,omitempty"`
-
-	// BackendRefs defines the backend(s) where matching requests should be
-	// sent.
-
-	// If unspecified or invalid (refers to a non-existent resource or a Service
-	// with no endpoints), the rule performs no forwarding. If there are also no
-	// filters specified that would result in a response being sent, a HTTP 503
-	// status code is returned. 503 responses must be sent so that the overall
-	// weight is respected; if an invalid backend is requested to have 80% of
-	// requests, then 80% of requests must get a 503 instead.
-	//
-	// Support: Core for Kubernetes Service
-	// Support: Custom for any other resource
-	//
-	// Support for weight: Core
-	//
-	// +optional
-	// +kubebuilder:validation:MaxItems=16
-	BackendRefs []HTTPBackendRef `json:"backendRefs,omitempty"`
-}
-
-// PathMatchType specifies the semantics of how HTTP paths should be compared.
-// Valid PathMatchType values are:
-//
-// * "Exact"
-// * "PathPrefix"
-// * "RegularExpression"
-//
-// PathPrefix and Exact paths must be syntactically valid:
-//
-// - Must begin with the `/` character
-// - Must not contain consecutive `/` characters (e.g. `/foo///`, `//`).
-//
-// +kubebuilder:validation:Enum=Exact;PathPrefix;RegularExpression
-type PathMatchType string
-
-const (
-	// Matches the URL path exactly and with case sensitivity.
-	PathMatchExact PathMatchType = "Exact"
-
-	// Matches based on a URL path prefix split by `/`. Matching is
-	// case sensitive and done on a path element by element basis. A
-	// path element refers to the list of labels in the path split by
-	// the `/` separator. When specified, a trailing `/` is ignored.
-	//
-	// For example. the paths `/abc`, `/abc/`, and `/abc/def` would all match
-	// the prefix `/abc`, but the path `/abcd` would not.
-	//
-	// "PathPrefix" is semantically equivalent to the "Prefix" path type in the
-	// Kubernetes Ingress API.
-	PathMatchPathPrefix PathMatchType = "PathPrefix"
-
-	// Matches if the URL path matches the given regular expression with
-	// case sensitivity.
-	//
-	// Since `"RegularExpression"` has custom conformance, implementations
-	// can support POSIX, PCRE, RE2 or any other regular expression dialect.
-	// Please read the implementation's documentation to determine the supported
-	// dialect.
-	PathMatchRegularExpression PathMatchType = "RegularExpression"
-)
-
-// HTTPPathMatch describes how to select a HTTP route by matching the HTTP request path.
-type HTTPPathMatch struct {
-	// Type specifies how to match against the path Value.
-	//
-	// Support: Core (Exact, PathPrefix)
-	//
-	// Support: Custom (RegularExpression)
-	//
-	// +optional
-	// +kubebuilder:default=PathPrefix
-	Type *PathMatchType `json:"type,omitempty"`
-
-	// Value of the HTTP path to match against.
-	//
-	// +optional
-	// +kubebuilder:default="/"
-	// +kubebuilder:validation:MaxLength=1024
-	Value *string `json:"value,omitempty"`
-}
-
-// HeaderMatchType specifies the semantics of how HTTP header values should be
-// compared. Valid HeaderMatchType values are:
-//
-// * "Exact"
-// * "RegularExpression"
-//
-// +kubebuilder:validation:Enum=Exact;RegularExpression
-type HeaderMatchType string
-
-// HeaderMatchType constants.
-const (
-	HeaderMatchExact             HeaderMatchType = "Exact"
-	HeaderMatchRegularExpression HeaderMatchType = "RegularExpression"
-)
-
-// HTTPHeaderName is the name of an HTTP header.
-//
-// Valid values include:
-//
-// * "Authorization"
-// * "Set-Cookie"
-//
-// Invalid values include:
-//
-//   - ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
-//     headers are not currently supported by this type.
-//   - "/invalid" - "/" is an invalid character
-//
-// +kubebuilder:validation:MinLength=1
-// +kubebuilder:validation:MaxLength=256
-// +kubebuilder:validation:Pattern=`^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$`
-type HTTPHeaderName string
-
-// HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request
-// headers.
-type HTTPHeaderMatch struct {
-	// Type specifies how to match against the value of the header.
-	//
-	// Support: Core (Exact)
-	//
-	// Support: Custom (RegularExpression)
-	//
-	// Since RegularExpression HeaderMatchType has custom conformance,
-	// implementations can support POSIX, PCRE or any other dialects of regular
-	// expressions. Please read the implementation's documentation to determine
-	// the supported dialect.
-	//
-	// +optional
-	// +kubebuilder:default=Exact
-	Type *HeaderMatchType `json:"type,omitempty"`
-
-	// Name is the name of the HTTP Header to be matched. Name matching MUST be
-	// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
-	//
-	// If multiple entries specify equivalent header names, only the first
-	// entry with an equivalent name MUST be considered for a match. Subsequent
-	// entries with an equivalent header name MUST be ignored. Due to the
-	// case-insensitivity of header names, "foo" and "Foo" are considered
-	// equivalent.
-	//
-	// When a header is repeated in an HTTP request, it is
-	// implementation-specific behavior as to how this is represented.
-	// Generally, proxies should follow the guidance from the RFC:
-	// https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
-	// processing a repeated header, with special handling for "Set-Cookie".
-	Name HTTPHeaderName `json:"name"`
-
-	// Value is the value of HTTP Header to be matched.
-	//
-	// +kubebuilder:validation:MinLength=1
-	// +kubebuilder:validation:MaxLength=4096
-	Value string `json:"value"`
-}
-
-// QueryParamMatchType specifies the semantics of how HTTP query parameter
-// values should be compared. Valid QueryParamMatchType values are:
-//
-// * "Exact"
-// * "RegularExpression"
-//
-// +kubebuilder:validation:Enum=Exact;RegularExpression
-type QueryParamMatchType string
-
-// QueryParamMatchType constants.
-const (
-	QueryParamMatchExact             QueryParamMatchType = "Exact"
-	QueryParamMatchRegularExpression QueryParamMatchType = "RegularExpression"
-)
-
-// HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP
-// query parameters.
-type HTTPQueryParamMatch struct {
-	// Type specifies how to match against the value of the query parameter.
-	//
-	// Support: Extended (Exact)
-	//
-	// Support: Custom (RegularExpression)
-	//
-	// Since RegularExpression QueryParamMatchType has custom conformance,
-	// implementations can support POSIX, PCRE or any other dialects of regular
-	// expressions. Please read the implementation's documentation to determine
-	// the supported dialect.
-	//
-	// +optional
-	// +kubebuilder:default=Exact
-	Type *QueryParamMatchType `json:"type,omitempty"`
-
-	// Name is the name of the HTTP query param to be matched. This must be an
-	// exact string match. (See
-	// https://tools.ietf.org/html/rfc7230#section-2.7.3).
-	//
-	// +kubebuilder:validation:MinLength=1
-	// +kubebuilder:validation:MaxLength=256
-	Name string `json:"name"`
-
-	// Value is the value of HTTP query param to be matched.
-	//
-	// +kubebuilder:validation:MinLength=1
-	// +kubebuilder:validation:MaxLength=1024
-	Value string `json:"value"`
-}
-
-// HTTPMethod describes how to select a HTTP route by matching the HTTP
-// method as defined by
-// [RFC 7231](https://datatracker.ietf.org/doc/html/rfc7231#section-4) and
-// [RFC 5789](https://datatracker.ietf.org/doc/html/rfc5789#section-2).
-// The value is expected in upper case.
-// +kubebuilder:validation:Enum=GET;HEAD;POST;PUT;DELETE;CONNECT;OPTIONS;TRACE;PATCH
-type HTTPMethod string
-
-const (
-	HTTPMethodGet     HTTPMethod = "GET"
-	HTTPMethodHead    HTTPMethod = "HEAD"
-	HTTPMethodPost    HTTPMethod = "POST"
-	HTTPMethodPut     HTTPMethod = "PUT"
-	HTTPMethodDelete  HTTPMethod = "DELETE"
-	HTTPMethodConnect HTTPMethod = "CONNECT"
-	HTTPMethodOptions HTTPMethod = "OPTIONS"
-	HTTPMethodTrace   HTTPMethod = "TRACE"
-	HTTPMethodPatch   HTTPMethod = "PATCH"
-)
-
-// HTTPRouteMatch defines the predicate used to match requests to a given
-// action. Multiple match types are ANDed together, i.e. the match will
-// evaluate to true only if all conditions are satisfied.
-//
-// For example, the match below will match a HTTP request only if its path
-// starts with `/foo` AND it contains the `version: v1` header:
-//
-// ```
-// match:
-//
-//	path:
-//	  value: "/foo"
-//	headers:
-//	- name: "version"
-//	  value "v1"
-//
-// ```
-type HTTPRouteMatch struct {
-	// Path specifies a HTTP request path matcher. If this field is not
-	// specified, a default prefix match on the "/" path is provided.
-	//
-	// +optional
-	// +kubebuilder:default={type: "PathPrefix", value: "/"}
-	Path *HTTPPathMatch `json:"path,omitempty"`
-
-	// Headers specifies HTTP request header matchers. Multiple match values are
-	// ANDed together, meaning, a request must match all the specified headers
-	// to select the route.
-	//
-	// +listType=map
-	// +listMapKey=name
-	// +optional
-	// +kubebuilder:validation:MaxItems=16
-	Headers []HTTPHeaderMatch `json:"headers,omitempty"`
-
-	// QueryParams specifies HTTP query parameter matchers. Multiple match
-	// values are ANDed together, meaning, a request must match all the
-	// specified query parameters to select the route.
-	//
-	// +listType=map
-	// +listMapKey=name
-	// +optional
-	// +kubebuilder:validation:MaxItems=16
-	QueryParams []HTTPQueryParamMatch `json:"queryParams,omitempty"`
-
-	// Method specifies HTTP method matcher.
-	// When specified, this route will be matched only if the request has the
-	// specified method.
-	//
-	// Support: Extended
-	//
-	// +optional
-	Method *HTTPMethod `json:"method,omitempty"`
-}
-
-// HTTPRouteFilter defines processing steps that must be completed during the
-// request or response lifecycle. HTTPRouteFilters are meant as an extension
-// point to express processing that may be done in Gateway implementations. Some
-// examples include request or response modification, implementing
-// authentication strategies, rate-limiting, and traffic shaping. API
-// guarantee/conformance is defined based on the type of the filter.
-type HTTPRouteFilter struct {
-	// Type identifies the type of filter to apply. As with other API fields,
-	// types are classified into three conformance levels:
-	//
-	// - Core: Filter types and their corresponding configuration defined by
-	//   "Support: Core" in this package, e.g. "RequestHeaderModifier". All
-	//   implementations must support core filters.
-	//
-	// - Extended: Filter types and their corresponding configuration defined by
-	//   "Support: Extended" in this package, e.g. "RequestMirror". Implementers
-	//   are encouraged to support extended filters.
-	//
-	// - Custom: Filters that are defined and supported by specific vendors.
-	//   In the future, filters showing convergence in behavior across multiple
-	//   implementations will be considered for inclusion in extended or core
-	//   conformance levels. Filter-specific configuration for such filters
-	//   is specified using the ExtensionRef field. `Type` should be set to
-	//   "ExtensionRef" for custom filters.
-	//
-	// Implementers are encouraged to define custom implementation types to
-	// extend the core API with implementation-specific behavior.
-	//
-	// If a reference to a custom filter type cannot be resolved, the filter
-	// MUST NOT be skipped. Instead, requests that would have been processed by
-	// that filter MUST receive a HTTP error response.
-	//
-	// +unionDiscriminator
-	// +kubebuilder:validation:Enum=RequestHeaderModifier;RequestMirror;RequestRedirect;ExtensionRef
-	// <gateway:experimental:validation:Enum=RequestHeaderModifier;RequestMirror;RequestRedirect;URLRewrite;ExtensionRef>
-	Type HTTPRouteFilterType `json:"type"`
-
-	// RequestHeaderModifier defines a schema for a filter that modifies request
-	// headers.
-	//
-	// Support: Core
-	//
-	// +optional
-	RequestHeaderModifier *HTTPRequestHeaderFilter `json:"requestHeaderModifier,omitempty"`
-
-	// RequestMirror defines a schema for a filter that mirrors requests.
-	// Requests are sent to the specified destination, but responses from
-	// that destination are ignored.
-	//
-	// Support: Extended
-	//
-	// +optional
-	RequestMirror *HTTPRequestMirrorFilter `json:"requestMirror,omitempty"`
-
-	// RequestRedirect defines a schema for a filter that responds to the
-	// request with an HTTP redirection.
-	//
-	// Support: Core
-	//
-	// +optional
-	RequestRedirect *HTTPRequestRedirectFilter `json:"requestRedirect,omitempty"`
-
-	// URLRewrite defines a schema for a filter that responds to the
-	// request with an HTTP redirection.
-	//
-	// Support: Extended
-	//
-	// <gateway:experimental>
-	// +optional
-	URLRewrite *HTTPURLRewriteFilter `json:"urlRewrite,omitempty"`
-
-	// ExtensionRef is an optional, implementation-specific extension to the
-	// "filter" behavior.  For example, resource "myroutefilter" in group
-	// "networking.example.net"). ExtensionRef MUST NOT be used for core and
-	// extended filters.
-	//
-	// Support: Implementation-specific
-	//
-	// +optional
-	ExtensionRef *LocalObjectReference `json:"extensionRef,omitempty"`
-}
-
-// HTTPRouteFilterType identifies a type of HTTPRoute filter.
-type HTTPRouteFilterType string
-
-const (
-	// HTTPRouteFilterRequestHeaderModifier can be used to add or remove an HTTP
-	// header from an HTTP request before it is sent to the upstream target.
-	//
-	// Support in HTTPRouteRule: Core
-	//
-	// Support in HTTPBackendRef: Extended
-	HTTPRouteFilterRequestHeaderModifier HTTPRouteFilterType = "RequestHeaderModifier"
-
-	// HTTPRouteFilterRequestRedirect can be used to redirect a request to
-	// another location. This filter can also be used for HTTP to HTTPS
-	// redirects. This may not be used on the same Route rule or BackendRef as a
-	// URLRewrite filter.
-	//
-	// Support in HTTPRouteRule: Core
-	//
-	// Support in HTTPBackendRef: Extended
-	HTTPRouteFilterRequestRedirect HTTPRouteFilterType = "RequestRedirect"
-
-	// HTTPRouteFilterURLRewrite can be used to modify a request during
-	// forwarding. At most one of these filters may be used on a Route rule.
-	// This may not be used on the same Route rule or BackendRef as a
-	// RequestRedirect filter.
-	//
-	// Support in HTTPRouteRule: Extended
-	//
-	// Support in HTTPBackendRef: Extended
-	//
-	// <gateway:experimental>
-	HTTPRouteFilterURLRewrite HTTPRouteFilterType = "URLRewrite"
-
-	// HTTPRouteFilterRequestMirror can be used to mirror HTTP requests to a
-	// different backend. The responses from this backend MUST be ignored by
-	// the Gateway.
-	//
-	// Support in HTTPRouteRule: Extended
-	//
-	// Support in HTTPBackendRef: Extended
-	HTTPRouteFilterRequestMirror HTTPRouteFilterType = "RequestMirror"
-
-	// HTTPRouteFilterExtensionRef should be used for configuring custom
-	// HTTP filters.
-	//
-	// Support in HTTPRouteRule: Custom
-	//
-	// Support in HTTPBackendRef: Custom
-	HTTPRouteFilterExtensionRef HTTPRouteFilterType = "ExtensionRef"
-)
-
-// HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
-type HTTPHeader struct {
-	// Name is the name of the HTTP Header to be matched. Name matching MUST be
-	// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
-	//
-	// If multiple entries specify equivalent header names, the first entry with
-	// an equivalent name MUST be considered for a match. Subsequent entries
-	// with an equivalent header name MUST be ignored. Due to the
-	// case-insensitivity of header names, "foo" and "Foo" are considered
-	// equivalent.
-	Name HTTPHeaderName `json:"name"`
-
-	// Value is the value of HTTP Header to be matched.
-	//
-	// +kubebuilder:validation:MinLength=1
-	// +kubebuilder:validation:MaxLength=4096
-	Value string `json:"value"`
-}
-
-// HTTPRequestHeaderFilter defines configuration for the RequestHeaderModifier
-// filter.
-type HTTPRequestHeaderFilter struct {
-	// Set overwrites the request with the given header (name, value)
-	// before the action.
-	//
-	// Input:
-	//   GET /foo HTTP/1.1
-	//   my-header: foo
-	//
-	// Config:
-	//   set:
-	//   - name: "my-header"
-	//     value: "bar"
-	//
-	// Output:
-	//   GET /foo HTTP/1.1
-	//   my-header: bar
-	//
-	// +optional
-	// +listType=map
-	// +listMapKey=name
-	// +kubebuilder:validation:MaxItems=16
-	Set []HTTPHeader `json:"set,omitempty"`
-
-	// Add adds the given header(s) (name, value) to the request
-	// before the action. It appends to any existing values associated
-	// with the header name.
-	//
-	// Input:
-	//   GET /foo HTTP/1.1
-	//   my-header: foo
-	//
-	// Config:
-	//   add:
-	//   - name: "my-header"
-	//     value: "bar"
-	//
-	// Output:
-	//   GET /foo HTTP/1.1
-	//   my-header: foo
-	//   my-header: bar
-	//
-	// +optional
-	// +listType=map
-	// +listMapKey=name
-	// +kubebuilder:validation:MaxItems=16
-	Add []HTTPHeader `json:"add,omitempty"`
-
-	// Remove the given header(s) from the HTTP request before the action. The
-	// value of Remove is a list of HTTP header names. Note that the header
-	// names are case-insensitive (see
-	// https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
-	//
-	// Input:
-	//   GET /foo HTTP/1.1
-	//   my-header1: foo
-	//   my-header2: bar
-	//   my-header3: baz
-	//
-	// Config:
-	//   remove: ["my-header1", "my-header3"]
-	//
-	// Output:
-	//   GET /foo HTTP/1.1
-	//   my-header2: bar
-	//
-	// +optional
-	// +kubebuilder:validation:MaxItems=16
-	Remove []string `json:"remove,omitempty"`
-}
-
-// HTTPPathModifierType defines the type of path redirect.
-type HTTPPathModifierType string
-
-const (
-	// This type of modifier indicates that the complete path will be replaced
-	// by the path redirect value.
-	AbsoluteHTTPPathModifier HTTPPathModifierType = "Absolute"
-
-	// This type of modifier indicates that any prefix path matches will be
-	// replaced by the substitution value. For example, a path with a prefix
-	// match of "/foo" and a ReplacePrefixMatch substitution of "/bar" will have
-	// the "/foo" prefix replaced with "/bar" in matching requests.
-	PrefixMatchHTTPPathModifier HTTPPathModifierType = "ReplacePrefixMatch"
-)
-
-// HTTPPathModifier defines configuration for path modifiers.
-// <gateway:experimental>
-type HTTPPathModifier struct {
-	// Type defines the type of path modifier.
-	//
-	// <gateway:experimental>
-	// +kubebuilder:validation:Enum=Absolute;ReplacePrefixMatch
-	Type HTTPPathModifierType `json:"type"`
-
-	// Substitution defines the HTTP path value to substitute. An empty value
-	// ("") indicates that the portion of the path to be changed should be
-	// removed from the resulting path. For example, a request to "/foo/bar"
-	// with a prefix match of "/foo" would be modified to "/bar".
-	//
-	// <gateway:experimental>
-	// +kubebuilder:validation:MaxLength=1024
-	Substitution string `json:"substitution"`
-}
-
-// HTTPRequestRedirect defines a filter that redirects a request. This filter
-// MUST not be used on the same Route rule as a HTTPURLRewrite filter.
-type HTTPRequestRedirectFilter struct {
-	// Scheme is the scheme to be used in the value of the `Location`
-	// header in the response.
-	// When empty, the scheme of the request is used.
-	//
-	// Support: Extended
-	//
-	// +optional
-	// +kubebuilder:validation:Enum=http;https
-	Scheme *string `json:"scheme,omitempty"`
-
-	// Hostname is the hostname to be used in the value of the `Location`
-	// header in the response.
-	// When empty, the hostname of the request is used.
-	//
-	// Support: Core
-	//
-	// +optional
-	Hostname *PreciseHostname `json:"hostname,omitempty"`
-
-	// Path defines parameters used to modify the path of the incoming request.
-	// The modified path is then used to construct the `Location` header. When
-	// empty, the request path is used as-is.
-	//
-	// Support: Extended
-	//
-	// <gateway:experimental>
-	// +optional
-	Path *HTTPPathModifier `json:"path,omitempty"`
-
-	// Port is the port to be used in the value of the `Location`
-	// header in the response.
-	// When empty, port (if specified) of the request is used.
-	//
-	// Support: Extended
-	//
-	// +optional
-	Port *PortNumber `json:"port,omitempty"`
-
-	// StatusCode is the HTTP status code to be used in response.
-	//
-	// Support: Core
-	//
-	// +optional
-	// +kubebuilder:default=302
-	// +kubebuilder:validation:Enum=301;302
-	StatusCode *int `json:"statusCode,omitempty"`
-}
-
-// HTTPURLRewriteFilter defines a filter that modifies a request during
-// forwarding. At most one of these filters may be used on a Route rule. This
-// may not be used on the same Route rule as a HTTPRequestRedirect filter.
-//
-// <gateway:experimental>
-// Support: Extended
-type HTTPURLRewriteFilter struct {
-	// Hostname is the value to be used to replace the Host header value during
-	// forwarding.
-	//
-	// Support: Extended
-	//
-	// <gateway:experimental>
-	// +optional
-	Hostname *Hostname `json:"hostname,omitempty"`
-
-	// Path defines a path rewrite.
-	//
-	// Support: Extended
-	//
-	// <gateway:experimental>
-	// +optional
-	Path *HTTPPathModifier `json:"path,omitempty"`
-}
-
-// HTTPRequestMirrorFilter defines configuration for the RequestMirror filter.
-type HTTPRequestMirrorFilter struct {
-	// BackendRef references a resource where mirrored requests are sent.
-	//
-	// If the referent cannot be found, this BackendRef is invalid and must be
-	// dropped from the Gateway. The controller must ensure the "ResolvedRefs"
-	// condition on the Route status is set to `status: False` and not configure
-	// this backend in the underlying implementation.
-	//
-	// If there is a cross-namespace reference to an *existing* object
-	// that is not allowed by a ReferencePolicy, the controller must ensure the
-	// "ResolvedRefs"  condition on the Route is set to `status: False`,
-	// with the "RefNotPermitted" reason and not configure this backend in the
-	// underlying implementation.
-	//
-	// In either error case, the Message of the `ResolvedRefs` Condition
-	// should be used to provide more detail about the problem.
-	//
-	// Support: Extended for Kubernetes Service
-	// Support: Custom for any other resource
-	BackendRef BackendObjectReference `json:"backendRef"`
-}
-
-// HTTPBackendRef defines how a HTTPRoute should forward an HTTP request.
-type HTTPBackendRef struct {
-	// BackendRef is a reference to a backend to forward matched requests to.
-	//
-	// If the referent cannot be found, this HTTPBackendRef is invalid and must
-	// be dropped from the Gateway. The controller must ensure the
-	// "ResolvedRefs" condition on the Route is set to `status: False` and not
-	// configure this backend in the underlying implementation.
-	//
-	// If there is a cross-namespace reference to an *existing* object
-	// that is not covered by a ReferencePolicy, the controller must ensure the
-	// "ResolvedRefs"  condition on the Route is set to `status: False`,
-	// with the "RefNotPermitted" reason and not configure this backend in the
-	// underlying implementation.
-	//
-	// In either error case, the Message of the `ResolvedRefs` Condition
-	// should be used to provide more detail about the problem.
-	//
-	// Support: Custom
-	//
-	// +optional
-	BackendRef `json:",inline"`
-
-	// Filters defined at this level should be executed if and only if the
-	// request is being forwarded to the backend defined here.
-	//
-	// Support: Custom (For broader support of filters, use the Filters field
-	// in HTTPRouteRule.)
-	//
-	// +optional
-	// +kubebuilder:validation:MaxItems=16
-	Filters []HTTPRouteFilter `json:"filters,omitempty"`
-}
-
-// HTTPRouteStatus defines the observed state of HTTPRoute.
-type HTTPRouteStatus struct {
-	RouteStatus `json:",inline"`
-}
-
-// Hostname is the fully qualified domain name of a network host. This matches
-// the RFC 1123 definition of a hostname with 2 notable exceptions:
-//
-//  1. IPs are not allowed.
-//  2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard
-//     label must appear by itself as the first label.
-//
-// Hostname can be "precise" which is a domain name without the terminating
-// dot of a network host (e.g. "foo.example.com") or "wildcard", which is a
-// domain name prefixed with a single wildcard label (e.g. `*.example.com`).
-//
-// Note that as per RFC1035 and RFC1123, a *label* must consist of lower case
-// alphanumeric characters or '-', and must start and end with an alphanumeric
-// character. No other punctuation is allowed.
-//
-// +kubebuilder:validation:MinLength=1
-// +kubebuilder:validation:MaxLength=253
-// +kubebuilder:validation:Pattern=`^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
-type Hostname string
-
-// PortNumber defines a network port.
-//
-// +kubebuilder:validation:Minimum=1
-// +kubebuilder:validation:Maximum=65535
-type PortNumber int32

pkg/apis/gatewayapi/v1alpha2/shared_types.go

@@ -1,427 +0,0 @@
-/*
-Copyright 2020 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v1alpha2
-
-import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-// ParentReference identifies an API object (usually a Gateway) that can be considered
-// a parent of this resource (usually a route). The only kind of parent resource
-// with "Core" support is Gateway. This API may be extended in the future to
-// support additional kinds of parent resources, such as HTTPRoute.
-//
-// The API object must be valid in the cluster; the Group and Kind must
-// be registered in the cluster for this reference to be valid.
-//
-// References to objects with invalid Group and Kind are not valid, and must
-// be rejected by the implementation, with appropriate Conditions set
-// on the containing object.
-type ParentReference struct {
-	// Group is the group of the referent.
-	//
-	// Support: Core
-	//
-	// +kubebuilder:default=gateway.networking.k8s.io
-	// +optional
-	Group *Group `json:"group,omitempty"`
-
-	// Kind is kind of the referent.
-	//
-	// Support: Core (Gateway)
-	// Support: Custom (Other Resources)
-	//
-	// +kubebuilder:default=Gateway
-	// +optional
-	Kind *Kind `json:"kind,omitempty"`
-
-	// Namespace is the namespace of the referent. When unspecified (or empty
-	// string), this refers to the local namespace of the Route.
-	//
-	// Support: Core
-	//
-	// +optional
-	Namespace *Namespace `json:"namespace,omitempty"`
-
-	// Name is the name of the referent.
-	//
-	// Support: Core
-	Name ObjectName `json:"name"`
-
-	// SectionName is the name of a section within the target resource. In the
-	// following resources, SectionName is interpreted as the following:
-	//
-	// * Gateway: Listener Name
-	//
-	// Implementations MAY choose to support attaching Routes to other resources.
-	// If that is the case, they MUST clearly document how SectionName is
-	// interpreted.
-	//
-	// When unspecified (empty string), this will reference the entire resource.
-	// For the purpose of status, an attachment is considered successful if at
-	// least one section in the parent resource accepts it. For example, Gateway
-	// listeners can restrict which Routes can attach to them by Route kind,
-	// namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
-	// the referencing Route, the Route MUST be considered successfully
-	// attached. If no Gateway listeners accept attachment from this Route, the
-	// Route MUST be considered detached from the Gateway.
-	//
-	// Support: Core
-	//
-	// +optional
-	SectionName *SectionName `json:"sectionName,omitempty"`
-}
-
-// CommonRouteSpec defines the common attributes that all Routes MUST include
-// within their spec.
-type CommonRouteSpec struct {
-	// ParentRefs references the resources (usually Gateways) that a Route wants
-	// to be attached to. Note that the referenced parent resource needs to
-	// allow this for the attachment to be complete. For Gateways, that means
-	// the Gateway needs to allow attachment from Routes of this kind and
-	// namespace.
-	//
-	// The only kind of parent resource with "Core" support is Gateway. This API
-	// may be extended in the future to support additional kinds of parent
-	// resources such as one of the route kinds.
-	//
-	// It is invalid to reference an identical parent more than once. It is
-	// valid to reference multiple distinct sections within the same parent
-	// resource, such as 2 Listeners within a Gateway.
-	//
-	// It is possible to separately reference multiple distinct objects that may
-	// be collapsed by an implementation. For example, some implementations may
-	// choose to merge compatible Gateway Listeners together. If that is the
-	// case, the list of routes attached to those resources should also be
-	// merged.
-	//
-	// +optional
-	// +kubebuilder:validation:MaxItems=32
-	ParentRefs []ParentReference `json:"parentRefs,omitempty"`
-}
-
-// BackendRef defines how a Route should forward a request to a Kubernetes
-// resource.
-//
-// Note that when a namespace is specified, a ReferencePolicy object
-// is required in the referent namespace to allow that namespace's
-// owner to accept the reference. See the ReferencePolicy documentation
-// for details.
-type BackendRef struct {
-	// BackendObjectReference references a Kubernetes object.
-	BackendObjectReference `json:",inline"`
-
-	// Weight specifies the proportion of requests forwarded to the referenced
-	// backend. This is computed as weight/(sum of all weights in this
-	// BackendRefs list). For non-zero values, there may be some epsilon from
-	// the exact proportion defined here depending on the precision an
-	// implementation supports. Weight is not a percentage and the sum of
-	// weights does not need to equal 100.
-	//
-	// If only one backend is specified and it has a weight greater than 0, 100%
-	// of the traffic is forwarded to that backend. If weight is set to 0, no
-	// traffic should be forwarded for this entry. If unspecified, weight
-	// defaults to 1.
-	//
-	// Support for this field varies based on the context where used.
-	//
-	// +optional
-	// +kubebuilder:default=1
-	// +kubebuilder:validation:Minimum=0
-	// +kubebuilder:validation:Maximum=1000000
-	Weight *int32 `json:"weight,omitempty"`
-}
-
-// RouteConditionType is a type of condition for a route.
-type RouteConditionType string
-
-const (
-	// This condition indicates whether the route has been accepted or rejected
-	// by a Gateway, and why.
-	ConditionRouteAccepted RouteConditionType = "Accepted"
-
-	// This condition indicates whether the controller was able to resolve all
-	// the object references for the Route.
-	ConditionRouteResolvedRefs RouteConditionType = "ResolvedRefs"
-)
-
-// RouteParentStatus describes the status of a route with respect to an
-// associated Parent.
-type RouteParentStatus struct {
-	// ParentRef corresponds with a ParentRef in the spec that this
-	// RouteParentStatus struct describes the status of.
-	ParentRef ParentReference `json:"parentRef"`
-
-	// ControllerName is a domain/path string that indicates the name of the
-	// controller that wrote this status. This corresponds with the
-	// controllerName field on GatewayClass.
-	//
-	// Example: "example.net/gateway-controller".
-	//
-	// The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are
-	// valid Kubernetes names
-	// (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
-	ControllerName GatewayController `json:"controllerName"`
-
-	// Conditions describes the status of the route with respect to the Gateway.
-	// Note that the route's availability is also subject to the Gateway's own
-	// status conditions and listener status.
-	//
-	// If the Route's ParentRef specifies an existing Gateway that supports
-	// Routes of this kind AND that Gateway's controller has sufficient access,
-	// then that Gateway's controller MUST set the "Accepted" condition on the
-	// Route, to indicate whether the route has been accepted or rejected by the
-	// Gateway, and why.
-	//
-	// A Route MUST be considered "Accepted" if at least one of the Route's
-	// rules is implemented by the Gateway.
-	//
-	// There are a number of cases where the "Accepted" condition may not be set
-	// due to lack of controller visibility, that includes when:
-	//
-	// * The Route refers to a non-existent parent.
-	// * The Route is of a type that the controller does not support.
-	// * The Route is in a namespace the the controller does not have access to.
-	//
-	// +listType=map
-	// +listMapKey=type
-	// +kubebuilder:validation:MinItems=1
-	// +kubebuilder:validation:MaxItems=8
-	Conditions []metav1.Condition `json:"conditions,omitempty"`
-}
-
-// RouteStatus defines the common attributes that all Routes MUST include within
-// their status.
-type RouteStatus struct {
-	// Parents is a list of parent resources (usually Gateways) that are
-	// associated with the route, and the status of the route with respect to
-	// each parent. When this route attaches to a parent, the controller that
-	// manages the parent must add an entry to this list when the controller
-	// first sees the route and should update the entry as appropriate when the
-	// route or gateway is modified.
-	//
-	// Note that parent references that cannot be resolved by an implementation
-	// of this API will not be added to this list. Implementations of this API
-	// can only populate Route status for the Gateways/parent resources they are
-	// responsible for.
-	//
-	// A maximum of 32 Gateways will be represented in this list. An empty list
-	// means the route has not been attached to any Gateway.
-	//
-	// +kubebuilder:validation:MaxItems=32
-	Parents []RouteParentStatus `json:"parents"`
-}
-
-// PreciseHostname is the fully qualified domain name of a network host. This matches
-// the RFC 1123 definition of a hostname with 1 notable exception that
-// numeric IP addresses are not allowed.
-//
-// PreciseHostname can be "precise" which is a domain name without the terminating
-// dot of a network host (e.g. "foo.example.com").
-//
-// Note that as per RFC1035 and RFC1123, a *label* must consist of lower case
-// alphanumeric characters or '-', and must start and end with an alphanumeric
-// character. No other punctuation is allowed.
-//
-// +kubebuilder:validation:MinLength=1
-// +kubebuilder:validation:MaxLength=253
-// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
-type PreciseHostname string
-
-// Group refers to a Kubernetes Group. It must either be an empty string or a
-// RFC 1123 subdomain.
-//
-// This validation is based off of the corresponding Kubernetes validation:
-// https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L208
-//
-// Valid values include:
-//
-// * "" - empty string implies core Kubernetes API group
-// * "networking.k8s.io"
-// * "foo.example.com"
-//
-// Invalid values include:
-//
-// * "example.com/bar" - "/" is an invalid character
-//
-// +kubebuilder:validation:MaxLength=253
-// +kubebuilder:validation:Pattern=`^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
-type Group string
-
-// Kind refers to a Kubernetes Kind.
-//
-// Valid values include:
-//
-// * "Service"
-// * "HTTPRoute"
-//
-// Invalid values include:
-//
-// * "invalid/kind" - "/" is an invalid character
-//
-// +kubebuilder:validation:MinLength=1
-// +kubebuilder:validation:MaxLength=63
-// +kubebuilder:validation:Pattern=`^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$`
-type Kind string
-
-// ObjectName refers to the name of a Kubernetes object.
-// Object names can have a variety of forms, including RFC1123 subdomains,
-// RFC 1123 labels, or RFC 1035 labels.
-//
-// +kubebuilder:validation:MinLength=1
-// +kubebuilder:validation:MaxLength=253
-type ObjectName string
-
-// Namespace refers to a Kubernetes namespace. It must be a RFC 1123 label.
-//
-// This validation is based off of the corresponding Kubernetes validation:
-// https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L187
-//
-// This is used for Namespace name validation here:
-// https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/api/validation/generic.go#L63
-//
-// Valid values include:
-//
-// * "example"
-//
-// Invalid values include:
-//
-// * "example.com" - "." is an invalid character
-//
-// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?$`
-// +kubebuilder:validation:MinLength=1
-// +kubebuilder:validation:MaxLength=63
-type Namespace string
-
-// SectionName is the name of a section in a Kubernetes resource.
-//
-// This validation is based off of the corresponding Kubernetes validation:
-// https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L208
-//
-// Valid values include:
-//
-// * "example.com"
-// * "foo.example.com"
-//
-// Invalid values include:
-//
-// * "example.com/bar" - "/" is an invalid character
-//
-// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
-// +kubebuilder:validation:MinLength=1
-// +kubebuilder:validation:MaxLength=253
-type SectionName string
-
-// GatewayController is the name of a Gateway API controller. It must be a
-// domain prefixed path.
-//
-// Valid values include:
-//
-// * "example.com/bar"
-//
-// Invalid values include:
-//
-// * "example.com" - must include path
-// * "foo.example.com" - must include path
-//
-// +kubebuilder:validation:MinLength=1
-// +kubebuilder:validation:MaxLength=253
-// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$`
-type GatewayController string
-
-// AddressRouteMatches defines AddressMatch rules for inbound traffic according to
-// source and/or destination address of a packet or connection.
-type AddressRouteMatches struct {
-	// SourceAddresses indicates the originating (source) network
-	// addresses which are valid for routing traffic.
-	//
-	// Support: Extended
-	SourceAddresses []AddressMatch `json:"sourceAddresses"`
-
-	// DestinationAddresses indicates the destination network addresses
-	// which are valid for routing traffic.
-	//
-	// Support: Extended
-	DestinationAddresses []AddressMatch `json:"destinationAddresses"`
-}
-
-// AddressMatch defines matching rules for network addresses by type.
-type AddressMatch struct {
-	// Type of the address, either IPAddress or NamedAddress.
-	//
-	// If NamedAddress is used this is a custom and specific value for each
-	// implementation to handle (and add validation for) according to their
-	// own needs.
-	//
-	// For IPAddress the implementor may expect either IPv4 or IPv6.
-	//
-	// Support: Core (IPAddress)
-	// Support: Custom (NamedAddress)
-	//
-	// +optional
-	// +kubebuilder:validation:Enum=IPAddress;NamedAddress
-	// +kubebuilder:default=IPAddress
-	Type *AddressType `json:"type,omitempty"`
-
-	// Value of the address. The validity of the values will depend
-	// on the type and support by the controller.
-	//
-	// If implementations support proxy-protocol (see:
-	// https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) they
-	// must respect the connection metadata from proxy-protocol
-	// in the match logic implemented for these address values.
-	//
-	// Examples: `1.2.3.4`, `128::1`, `my-named-address`.
-	//
-	// Support: Core
-	//
-	// +kubebuilder:validation:MinLength=1
-	// +kubebuilder:validation:MaxLength=253
-	Value string `json:"value"`
-}
-
-// AddressType defines how a network address is represented as a text string.
-type AddressType string
-
-const (
-	// A textual representation of a numeric IP address. IPv4
-	// addresses must be in dotted-decimal form. IPv6 addresses
-	// must be in a standard IPv6 text representation
-	// (see [RFC 5952](https://tools.ietf.org/html/rfc5952)).
-	//
-	// This type is intended for specific addresses. Address ranges are not
-	// supported (e.g. you can not use a CIDR range like 127.0.0.0/24 as an
-	// IPAddress).
-	//
-	// Support: Extended
-	IPAddressType AddressType = "IPAddress"
-
-	// A Hostname represents a DNS based ingress point. This is similar to the
-	// corresponding hostname field in Kubernetes load balancer status. For
-	// example, this concept may be used for cloud load balancers where a DNS
-	// name is used to expose a load balancer.
-	//
-	// Support: Extended
-	HostnameAddressType AddressType = "Hostname"
-
-	// A NamedAddress provides a way to reference a specific IP address by name.
-	// For example, this may be a name or other unique identifier that refers
-	// to a resource on a cloud provider such as a static IP.
-	//
-	// Support: Implementation-Specific
-	NamedAddressType AddressType = "NamedAddress"
-)

pkg/apis/gatewayapi/v1beta1/doc.go

@@ -1,4 +1,4 @@
-// Package v1alpha2 contains API Schema definitions for the
+// Package v1beta1 contains API Schema definitions for the
 // gateway.networking.k8s.io API group.
 
 package v1beta1

pkg/apis/gloo/gloo/v1/types.go

@@ -22,6 +22,7 @@ type UpstreamSpec struct {
 	SslConfig                   *UpstreamSslConfig    `json:"sslConfig,omitempty"`
 	CircuitBreakers             *CircuitBreakerConfig `json:"circuitBreakers,omitempty"`
 	ConnectionConfig            *ConnectionConfig     `json:"connectionConfig,omitempty"`
+	LoadBalancerConfig          *LoadBalancerConfig   `json:"loadBalancerConfig,omitempty"`
 	UseHttp2                    bool                  `json:"useHttp2,omitempty"`
 	InitialStreamWindowSize     uint32                `json:"initialStreamWindowSize,omitempty"`
 	InitialConnectionWindowSize uint32                `json:"initialConnectionWindowSize,omitempty"`
@@ -90,28 +91,43 @@ type CircuitBreakerConfig struct {
 
 type ConnectionConfig struct {
 	MaxRequestsPerConnection      uint32                                `json:"maxRequestsPerConnection,omitempty"`
-	ConnectTimeout                *Duration                             `json:"connectTimeout,omitempty"`
+	ConnectTimeout                string                                `json:"connectTimeout,omitempty"`
 	TcpKeepalive                  *ConnectionConfig_TcpKeepAlive        `json:"tcpKeepalive,omitempty"`
 	PerConnectionBufferLimitBytes uint32                                `json:"perConnectionBufferLimitBytes,omitempty"`
 	CommonHttpProtocolOptions     *ConnectionConfig_HttpProtocolOptions `json:"commonHttpProtocolOptions,omitempty"`
 }
 
 type ConnectionConfig_TcpKeepAlive struct {
-	KeepaliveProbes   uint32    `json:"keepaliveProbes,omitempty"`
-	KeepaliveTime     *Duration `json:"keepaliveTime,omitempty"`
-	KeepaliveInterval *Duration `json:"keepaliveInterval,omitempty"`
+	KeepaliveProbes   uint32 `json:"keepaliveProbes,omitempty"`
+	KeepaliveTime     string `json:"keepaliveTime,omitempty"`
+	KeepaliveInterval string `json:"keepaliveInterval,omitempty"`
 }
 
 type ConnectionConfig_HttpProtocolOptions struct {
-	IdleTimeout                  *Duration `json:"idleTimeout,omitempty"`
-	MaxHeadersCount              uint32    `json:"maxHeadersCount,omitempty"`
-	MaxStreamDuration            *Duration `json:"maxStreamDuration,omitempty"`
-	HeadersWithUnderscoresAction uint32    `json:"headersWithUnderscoresAction,omitempty"`
+	IdleTimeout                  string `json:"idleTimeout,omitempty"`
+	MaxHeadersCount              uint32 `json:"maxHeadersCount,omitempty"`
+	MaxStreamDuration            string `json:"maxStreamDuration,omitempty"`
+	HeadersWithUnderscoresAction uint32 `json:"headersWithUnderscoresAction,omitempty"`
 }
 
-type Duration struct {
-	Seconds int64 `json:"seconds,omitempty"`
-	Nanos   int32 `json:"nanos,omitempty"`
+type LoadBalancerConfig struct {
+	RoundRobin   *LoadBalancerConfigRoundRobin   `json:"roundRobin,omitempty"`
+	LeastRequest *LoadBalancerConfigLeastRequest `json:"leastRequest,omitempty"`
+}
+
+type LoadBalancerConfigRoundRobin struct {
+	SlowStartConfig *SlowStartConfig `json:"slowStartConfig,omitempty"`
+}
+
+type LoadBalancerConfigLeastRequest struct {
+	SlowStartConfig *SlowStartConfig `json:"slowStartConfig,omitempty"`
+	ChoiceCount     uint32           `json:"choiceCount,omitempty"`
+}
+
+type SlowStartConfig struct {
+	SlowStartWindow  string  `json:"slowStartWindow,omitempty"`
+	Aggression       float64 `json:"aggression,omitempty"`
+	MinWeightPercent float64 `json:"minWeightPercent,omitempty"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

pkg/apis/gloo/gloo/v1/zz_generated.deepcopy.go

@@ -82,20 +82,15 @@ func (in *CircuitBreakerConfig) DeepCopy() *CircuitBreakerConfig {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ConnectionConfig) DeepCopyInto(out *ConnectionConfig) {
 	*out = *in
-	if in.ConnectTimeout != nil {
-		in, out := &in.ConnectTimeout, &out.ConnectTimeout
-		*out = new(Duration)
-		**out = **in
-	}
 	if in.TcpKeepalive != nil {
 		in, out := &in.TcpKeepalive, &out.TcpKeepalive
 		*out = new(ConnectionConfig_TcpKeepAlive)
-		(*in).DeepCopyInto(*out)
+		**out = **in
 	}
 	if in.CommonHttpProtocolOptions != nil {
 		in, out := &in.CommonHttpProtocolOptions, &out.CommonHttpProtocolOptions
 		*out = new(ConnectionConfig_HttpProtocolOptions)
-		(*in).DeepCopyInto(*out)
+		**out = **in
 	}
 	return
 }
@@ -113,16 +108,6 @@ func (in *ConnectionConfig) DeepCopy() *ConnectionConfig {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ConnectionConfig_HttpProtocolOptions) DeepCopyInto(out *ConnectionConfig_HttpProtocolOptions) {
 	*out = *in
-	if in.IdleTimeout != nil {
-		in, out := &in.IdleTimeout, &out.IdleTimeout
-		*out = new(Duration)
-		**out = **in
-	}
-	if in.MaxStreamDuration != nil {
-		in, out := &in.MaxStreamDuration, &out.MaxStreamDuration
-		*out = new(Duration)
-		**out = **in
-	}
 	return
 }
 
@@ -139,16 +124,6 @@ func (in *ConnectionConfig_HttpProtocolOptions) DeepCopy() *ConnectionConfig_Htt
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ConnectionConfig_TcpKeepAlive) DeepCopyInto(out *ConnectionConfig_TcpKeepAlive) {
 	*out = *in
-	if in.KeepaliveTime != nil {
-		in, out := &in.KeepaliveTime, &out.KeepaliveTime
-		*out = new(Duration)
-		**out = **in
-	}
-	if in.KeepaliveInterval != nil {
-		in, out := &in.KeepaliveInterval, &out.KeepaliveInterval
-		*out = new(Duration)
-		**out = **in
-	}
 	return
 }
 
@@ -162,22 +137,6 @@ func (in *ConnectionConfig_TcpKeepAlive) DeepCopy() *ConnectionConfig_TcpKeepAli
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *Duration) DeepCopyInto(out *Duration) {
-	*out = *in
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Duration.
-func (in *Duration) DeepCopy() *Duration {
-	if in == nil {
-		return nil
-	}
-	out := new(Duration)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *KubeUpstream) DeepCopyInto(out *KubeUpstream) {
 	*out = *in
@@ -201,6 +160,90 @@ func (in *KubeUpstream) DeepCopy() *KubeUpstream {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LoadBalancerConfig) DeepCopyInto(out *LoadBalancerConfig) {
+	*out = *in
+	if in.RoundRobin != nil {
+		in, out := &in.RoundRobin, &out.RoundRobin
+		*out = new(LoadBalancerConfigRoundRobin)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.LeastRequest != nil {
+		in, out := &in.LeastRequest, &out.LeastRequest
+		*out = new(LoadBalancerConfigLeastRequest)
+		(*in).DeepCopyInto(*out)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerConfig.
+func (in *LoadBalancerConfig) DeepCopy() *LoadBalancerConfig {
+	if in == nil {
+		return nil
+	}
+	out := new(LoadBalancerConfig)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LoadBalancerConfigLeastRequest) DeepCopyInto(out *LoadBalancerConfigLeastRequest) {
+	*out = *in
+	if in.SlowStartConfig != nil {
+		in, out := &in.SlowStartConfig, &out.SlowStartConfig
+		*out = new(SlowStartConfig)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerConfigLeastRequest.
+func (in *LoadBalancerConfigLeastRequest) DeepCopy() *LoadBalancerConfigLeastRequest {
+	if in == nil {
+		return nil
+	}
+	out := new(LoadBalancerConfigLeastRequest)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LoadBalancerConfigRoundRobin) DeepCopyInto(out *LoadBalancerConfigRoundRobin) {
+	*out = *in
+	if in.SlowStartConfig != nil {
+		in, out := &in.SlowStartConfig, &out.SlowStartConfig
+		*out = new(SlowStartConfig)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerConfigRoundRobin.
+func (in *LoadBalancerConfigRoundRobin) DeepCopy() *LoadBalancerConfigRoundRobin {
+	if in == nil {
+		return nil
+	}
+	out := new(LoadBalancerConfigRoundRobin)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SlowStartConfig) DeepCopyInto(out *SlowStartConfig) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SlowStartConfig.
+func (in *SlowStartConfig) DeepCopy() *SlowStartConfig {
+	if in == nil {
+		return nil
+	}
+	out := new(SlowStartConfig)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *SslParameters) DeepCopyInto(out *SslParameters) {
 	*out = *in
@@ -317,6 +360,11 @@ func (in *UpstreamSpec) DeepCopyInto(out *UpstreamSpec) {
 		*out = new(ConnectionConfig)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.LoadBalancerConfig != nil {
+		in, out := &in.LoadBalancerConfig, &out.LoadBalancerConfig
+		*out = new(LoadBalancerConfig)
+		(*in).DeepCopyInto(*out)
+	}
 	return
 }
 

pkg/apis/istio/v1alpha3/destination_rule.go

@@ -255,6 +255,15 @@ type LoadBalancerSettings struct {
 	// Locality load balancer settings, this will override mesh wide settings in entirety, meaning no merging would be performed
 	// between this object and the object one in MeshConfig
 	LocalityLbSetting *LocalityLbSetting `json:"localityLbSetting,omitempty"`
+	// Represents the warmup duration of Service. If set, the newly created endpoint of service
+	// remains in warmup mode starting from its creation time for the duration of this window and
+	// Istio progressively increases amount of traffic for that endpoint instead of sending proportional amount of traffic.
+	// This should be enabled for services that require warm up time to serve full production load with reasonable latency.
+	// Please note that this is most effective when few new endpoints come up like scale event in Kubernetes. When all the
+	// endpoints are relatively new like new deployment, this is not very effective as all endpoints end up getting same
+	// amount of requests.
+	// Currently this is only supported for ROUND_ROBIN and LEAST_REQUEST load balancers.
+	WarmupDurationSecs string `json:"warmupDurationSecs,omitempty"`
 }
 
 // Locality-weighted load balancing allows administrators to control the
@@ -419,6 +428,12 @@ const (
 	// advanced use cases. Refer to Original Destination load balancer in
 	// Envoy for further details.
 	SimpleLBPassthrough SimpleLB = "PASSTHROUGH"
+
+	// The least request load balancer spreads load across endpoints,
+	// favoring endpoints with the least outstanding requests. This is generally
+	// safer and outperforms ROUND_ROBIN in nearly all cases. Prefer to use LEAST_REQUEST
+	// as a drop-in replacement for ROUND_ROBIN.
+	SimpleLBLeastRequest SimpleLB = "LEAST_REQUEST"
 )
 
 // Consistent Hash-based load balancing can be used to provide soft

pkg/apis/istio/v1alpha3/virtual_service.go

@@ -597,7 +597,7 @@ type TCPRoute struct {
 	// Currently, only one destination is allowed for TCP services. When TCP
 	// weighted routing support is introduced in Envoy, multiple destinations
 	// with weights can be specified.
-	Route HTTPRouteDestination `json:"route"`
+	Route []HTTPRouteDestination `json:"route"`
 }
 
 // L4 connection match attributes. Note that L4 connection matching support
@@ -725,7 +725,7 @@ type HTTPRetry struct {
 	// REQUIRED. Number of retries for a given request. The interval
 	// between retries will be determined automatically (25ms+). Actual
 	// number of retries attempted depends on the httpReqTimeout.
-	Attempts int `json:"attempts,omitempty"`
+	Attempts int `json:"attempts"`
 
 	// Timeout per retry attempt for a given request. format: 1h/1m/1s/1ms. MUST BE >=1ms.
 	PerTryTimeout string `json:"perTryTimeout,omitempty"`

pkg/apis/istio/v1alpha3/zz_generated.deepcopy.go

@@ -848,7 +848,13 @@ func (in *TCPRoute) DeepCopyInto(out *TCPRoute) {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
-	in.Route.DeepCopyInto(&out.Route)
+	if in.Route != nil {
+		in, out := &in.Route, &out.Route
+		*out = make([]HTTPRouteDestination, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
 	return
 }