From 9dfc19895a60416f7dafdc6c7e4fe30c0afc1eb2 Mon Sep 17 00:00:00 2001 From: Ignas Baranauskas Date: Thu, 12 Oct 2023 12:51:31 +0100 Subject: [PATCH] backendtlspolicy --- config/default/custom-resource-state.yaml | 11 +-- config/examples/dashboards/policies.json | 68 ++----------------- config/examples/dashboards/policies.yaml | 2 +- config/examples/enterprise/all.yaml | 8 +-- config/examples/kube-prometheus/bundle.yaml | 9 --- ....networking.k8s.io_backendtlspolicies.yaml | 10 +-- config/gateway-api/kustomization.yaml | 1 + src/dashboards/policies.jsonnet | 10 ++- 8 files changed, 23 insertions(+), 96 deletions(-) diff --git a/config/default/custom-resource-state.yaml b/config/default/custom-resource-state.yaml index 3baa635..c6b5070 100644 --- a/config/default/custom-resource-state.yaml +++ b/config/default/custom-resource-state.yaml @@ -607,13 +607,4 @@ spec: target_group: ["group"] target_kind: ["kind"] target_name: ["name"] - target_namespace: ["namespace"] - - name: "status" - help: "status condition" - each: - type: Gauge - gauge: - path: [status, conditions] - labelsFromPath: - type: ["type"] - valueFrom: ["status"] \ No newline at end of file + target_namespace: ["namespace"] \ No newline at end of file diff --git a/config/examples/dashboards/policies.json b/config/examples/dashboards/policies.json index 66eb35d..6d1f984 100644 --- a/config/examples/dashboards/policies.json +++ b/config/examples/dashboards/policies.json @@ -33,7 +33,7 @@ "description": "Total number of TLSPolicy across all clusters", "gridPos": { "h": 3, - "w": 4, + "w": 2, "x": 0, "y": 1 }, @@ -61,8 +61,8 @@ "gridPos": { "h": 3, "w": 2, - "x": 0, - "y": 2 + "x": 2, + "y": 1 }, "id": 3, "pluginVersion": "v10.0.0", @@ -150,7 +150,7 @@ "description": "Total number of RateLimitPolicy across all clusters", "gridPos": { "h": 3, - "w": 4, + "w": 2, "x": 0, "y": 3 }, @@ -178,8 +178,8 @@ "gridPos": { "h": 3, "w": 2, - "x": 0, - "y": 4 + "x": 2, + "y": 3 }, "id": 7, "pluginVersion": "v10.0.0", @@ -259,60 +259,6 @@ "title": "BackendTLSPolicy", "type": "row" }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "Total number of BackendTLSPolicy across all clusters", - "gridPos": { - "h": 3, - "w": 4, - "x": 0, - "y": 9 - }, - "id": 10, - "pluginVersion": "v10.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "expr": "count(gatewayapi_Available_status)", - "instant": true - } - ], - "title": "Total", - "type": "stat" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "Total BackendTLSPolicy with an Available state", - "gridPos": { - "h": 3, - "w": 2, - "x": 0, - "y": 9 - }, - "id": 11, - "pluginVersion": "v10.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "expr": "count(gatewayapi_backendtlspolicy_status{type=\"Available\"})", - "instant": true - } - ], - "title": "Available", - "type": "stat" - }, { "datasource": { "type": "prometheus", @@ -324,7 +270,7 @@ "x": 4, "y": 9 }, - "id": 12, + "id": 10, "pluginVersion": "v10.0.0", "targets": [ { diff --git a/config/examples/dashboards/policies.yaml b/config/examples/dashboards/policies.yaml index b7e50e6..3ee86b6 100644 --- a/config/examples/dashboards/policies.yaml +++ b/config/examples/dashboards/policies.yaml @@ -7,4 +7,4 @@ spec: matchLabels: dashboards: "grafana" json: > - {"editable":false,"links":[{"asDropdown":false,"includeVars":true,"keepTime":true,"tags":["gateway-api-state"],"targetBlank":false,"title":"Gateway Dashboards","type":"dashboards"}],"panels":[{"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":1,"title":"TLSPolicy","type":"row"},{"datasource":{"type":"prometheus","uid":"$datasource"},"description":"Total number of TLSPolicy across all clusters","gridPos":{"h":3,"w":4,"x":0,"y":1},"id":2,"pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"count(gatewayapi_tlspolicy_status)","instant":true}],"title":"Total","type":"stat"},{"datasource":{"type":"prometheus","uid":"$datasource"},"description":"Total TLSPolicy with an Ready state","gridPos":{"h":3,"w":2,"x":0,"y":2},"id":3,"pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"count(gatewayapi_tlspolicy_status{type=\"Ready\"})","instant":true}],"title":"Ready","type":"stat"},{"datasource":{"type":"prometheus","uid":"$datasource"},"gridPos":{"h":6,"w":10,"x":4,"y":1},"id":4,"pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"gatewayapi_tlspolicy_target_info","format":"table","instant":true,"range":false}],"title":"TLSPolicy","transformations":[{"id":"filterFieldsByName","options":{"include":{"names":["name","target_kind","target_name"]}}},{"id":"organize","options":{"renameByName":{"name":"Name","target_kind":"Target Kind","target_name":"Target Name"}}}],"type":"table"},{"gridPos":{"h":1,"w":24,"x":0,"y":2},"id":5,"title":"RateLimitPolicy","type":"row"},{"datasource":{"type":"prometheus","uid":"$datasource"},"description":"Total number of RateLimitPolicy across all clusters","gridPos":{"h":3,"w":4,"x":0,"y":3},"id":6,"pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"count(gatewayapi_ratelimitpolicy_status)","instant":true}],"title":"Total","type":"stat"},{"datasource":{"type":"prometheus","uid":"$datasource"},"description":"Total RateLimitPolicy with an Available state","gridPos":{"h":3,"w":2,"x":0,"y":4},"id":7,"pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"count(gatewayapi_ratelimitpolicy_status{type=\"Available\"})","instant":true}],"title":"Available","type":"stat"},{"datasource":{"type":"prometheus","uid":"$datasource"},"gridPos":{"h":6,"w":10,"x":4,"y":7},"id":8,"pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"gatewayapi_ratelimitpolicy_target_info","format":"table","instant":true,"range":false}],"title":"RateLimitPolicy","transformations":[{"id":"filterFieldsByName","options":{"include":{"names":["name","target_kind","target_name"]}}},{"id":"organize","options":{"renameByName":{"name":"Name","target_kind":"Target Kind","target_name":"Target Name"}}}],"type":"table"},{"gridPos":{"h":1,"w":24,"x":0,"y":8},"id":9,"title":"BackendTLSPolicy","type":"row"},{"datasource":{"type":"prometheus","uid":"$datasource"},"description":"Total number of BackendTLSPolicy across all clusters","gridPos":{"h":3,"w":4,"x":0,"y":9},"id":10,"pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"count(gatewayapi_Available_status)","instant":true}],"title":"Total","type":"stat"},{"datasource":{"type":"prometheus","uid":"$datasource"},"description":"Total BackendTLSPolicy with an Available state","gridPos":{"h":3,"w":2,"x":0,"y":9},"id":11,"pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"count(gatewayapi_backendtlspolicy_status{type=\"Available\"})","instant":true}],"title":"Available","type":"stat"},{"datasource":{"type":"prometheus","uid":"$datasource"},"gridPos":{"h":6,"w":10,"x":4,"y":9},"id":12,"pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"gatewayapi_backendtlspolicy_target_info","format":"table","instant":true,"range":false}],"title":"BackendTLSPolicy","transformations":[{"id":"filterFieldsByName","options":{"include":{"names":["name","target_kind","target_name"]}}},{"id":"organize","options":{"renameByName":{"name":"Name","target_kind":"Target Kind","target_name":"Target Name"}}}],"type":"table"}],"schemaVersion":36,"style":"dark","tags":["gateway-api","gateway-api-state"],"templating":{"list":[{"label":"Data Source","name":"datasource","query":"prometheus","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"includeAll":true,"label":"TLSPolicy","multi":true,"name":"tlspolicy","query":{"query":"label_values(gatewayapi_tlspolicy_created, name)","refId":"StandardVariableQuery"},"regex":"/(.*)/","type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"includeAll":true,"label":"RateLimitPolicy","multi":true,"name":"ratelimitpolicy","query":{"query":"label_values(gatewayapi_ratelimitpolicy_created, name)","refId":"StandardVariableQuery"},"regex":"/(.*)/","type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"includeAll":true,"label":"BackendTLSPolicy","multi":true,"name":"backendtlspolicy","query":{"query":"label_values(gatewayapi_backendtlspolicy_created, name)","refId":"StandardVariableQuery"},"regex":"/(.*)/","type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone":"utc","title":"Gateway API State / Policies","uid":"gatewayapipolicies"} + {"editable":false,"links":[{"asDropdown":false,"includeVars":true,"keepTime":true,"tags":["gateway-api-state"],"targetBlank":false,"title":"Gateway Dashboards","type":"dashboards"}],"panels":[{"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":1,"title":"TLSPolicy","type":"row"},{"datasource":{"type":"prometheus","uid":"$datasource"},"description":"Total number of TLSPolicy across all clusters","gridPos":{"h":3,"w":2,"x":0,"y":1},"id":2,"pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"count(gatewayapi_tlspolicy_status)","instant":true}],"title":"Total","type":"stat"},{"datasource":{"type":"prometheus","uid":"$datasource"},"description":"Total TLSPolicy with an Ready state","gridPos":{"h":3,"w":2,"x":2,"y":1},"id":3,"pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"count(gatewayapi_tlspolicy_status{type=\"Ready\"})","instant":true}],"title":"Ready","type":"stat"},{"datasource":{"type":"prometheus","uid":"$datasource"},"gridPos":{"h":6,"w":10,"x":4,"y":1},"id":4,"pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"gatewayapi_tlspolicy_target_info","format":"table","instant":true,"range":false}],"title":"TLSPolicy","transformations":[{"id":"filterFieldsByName","options":{"include":{"names":["name","target_kind","target_name"]}}},{"id":"organize","options":{"renameByName":{"name":"Name","target_kind":"Target Kind","target_name":"Target Name"}}}],"type":"table"},{"gridPos":{"h":1,"w":24,"x":0,"y":2},"id":5,"title":"RateLimitPolicy","type":"row"},{"datasource":{"type":"prometheus","uid":"$datasource"},"description":"Total number of RateLimitPolicy across all clusters","gridPos":{"h":3,"w":2,"x":0,"y":3},"id":6,"pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"count(gatewayapi_ratelimitpolicy_status)","instant":true}],"title":"Total","type":"stat"},{"datasource":{"type":"prometheus","uid":"$datasource"},"description":"Total RateLimitPolicy with an Available state","gridPos":{"h":3,"w":2,"x":2,"y":3},"id":7,"pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"count(gatewayapi_ratelimitpolicy_status{type=\"Available\"})","instant":true}],"title":"Available","type":"stat"},{"datasource":{"type":"prometheus","uid":"$datasource"},"gridPos":{"h":6,"w":10,"x":4,"y":7},"id":8,"pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"gatewayapi_ratelimitpolicy_target_info","format":"table","instant":true,"range":false}],"title":"RateLimitPolicy","transformations":[{"id":"filterFieldsByName","options":{"include":{"names":["name","target_kind","target_name"]}}},{"id":"organize","options":{"renameByName":{"name":"Name","target_kind":"Target Kind","target_name":"Target Name"}}}],"type":"table"},{"gridPos":{"h":1,"w":24,"x":0,"y":8},"id":9,"title":"BackendTLSPolicy","type":"row"},{"datasource":{"type":"prometheus","uid":"$datasource"},"gridPos":{"h":6,"w":10,"x":4,"y":9},"id":10,"pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"gatewayapi_backendtlspolicy_target_info","format":"table","instant":true,"range":false}],"title":"BackendTLSPolicy","transformations":[{"id":"filterFieldsByName","options":{"include":{"names":["name","target_kind","target_name"]}}},{"id":"organize","options":{"renameByName":{"name":"Name","target_kind":"Target Kind","target_name":"Target Name"}}}],"type":"table"}],"schemaVersion":36,"style":"dark","tags":["gateway-api","gateway-api-state"],"templating":{"list":[{"label":"Data Source","name":"datasource","query":"prometheus","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"includeAll":true,"label":"TLSPolicy","multi":true,"name":"tlspolicy","query":{"query":"label_values(gatewayapi_tlspolicy_created, name)","refId":"StandardVariableQuery"},"regex":"/(.*)/","type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"includeAll":true,"label":"RateLimitPolicy","multi":true,"name":"ratelimitpolicy","query":{"query":"label_values(gatewayapi_ratelimitpolicy_created, name)","refId":"StandardVariableQuery"},"regex":"/(.*)/","type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"includeAll":true,"label":"BackendTLSPolicy","multi":true,"name":"backendtlspolicy","query":{"query":"label_values(gatewayapi_backendtlspolicy_created, name)","refId":"StandardVariableQuery"},"regex":"/(.*)/","type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone":"utc","title":"Gateway API State / Policies","uid":"gatewayapipolicies"} diff --git a/config/examples/enterprise/all.yaml b/config/examples/enterprise/all.yaml index 1821db8..045f1ca 100644 --- a/config/examples/enterprise/all.yaml +++ b/config/examples/enterprise/all.yaml @@ -725,11 +725,11 @@ spec: kind: Service name: grafana-service tls: - hostname: grafana.example.com caCertRefs: - group: "" name: "grafana" - kind: "Service" + kind: "ConfigMap" + hostname: grafana.example.com --- apiVersion: gateway.networking.k8s.io/v1alpha2 kind: BackendTLSPolicy @@ -741,11 +741,11 @@ spec: kind: Service name: kubernetes tls: - hostname: kubernetes.example.com caCertRefs: - group: "" name: "kubernetes" - kind: "Service" + kind: "ConfigMap" + hostname: kubernetes.example.com --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute diff --git a/config/examples/kube-prometheus/bundle.yaml b/config/examples/kube-prometheus/bundle.yaml index 86625b1..01aa0b4 100644 --- a/config/examples/kube-prometheus/bundle.yaml +++ b/config/examples/kube-prometheus/bundle.yaml @@ -1601,15 +1601,6 @@ data: target_kind: ["kind"] target_name: ["name"] target_namespace: ["namespace"] - - name: "status" - help: "status condition" - each: - type: Gauge - gauge: - path: [status, conditions] - labelsFromPath: - type: ["type"] - valueFrom: ["status"] kind: ConfigMap metadata: name: custom-resource-state diff --git a/config/gateway-api/crd/standard/gateway.networking.k8s.io_backendtlspolicies.yaml b/config/gateway-api/crd/standard/gateway.networking.k8s.io_backendtlspolicies.yaml index 76b224f..c5d71bd 100644 --- a/config/gateway-api/crd/standard/gateway.networking.k8s.io_backendtlspolicies.yaml +++ b/config/gateway-api/crd/standard/gateway.networking.k8s.io_backendtlspolicies.yaml @@ -193,11 +193,11 @@ spec: - hostname type: object x-kubernetes-validations: - - message: must not contain both CertRefs and StandardCerts - rule: (has(self.caCertRefs) && size(self.caCertRefs) > 0 && has(self.wellKnownCACerts) - && self.wellKnownCACerts != "") - - message: must specify either CertRefs or StandardCerts - rule: '!(has(self.caCertRefs) && size(self.caCertRefs) > 0 || has(self.wellKnownCACerts) + - message: must not contain both CaCertRefs and WellKnownCACerts + rule: '(has(self.caCertRefs) && size(self.caCertRefs) > 0 || has(self.wellKnownCACerts) + && self.wellKnownCACerts != "")' + - message: must specify either CaCertRefs or WellKnownCACerts + rule: '!(has(self.caCertRefs) && size(self.caCertRefs) > 0 && has(self.wellKnownCACerts) && self.wellKnownCACerts != "")' required: - targetRef diff --git a/config/gateway-api/kustomization.yaml b/config/gateway-api/kustomization.yaml index bf91648..3649661 100644 --- a/config/gateway-api/kustomization.yaml +++ b/config/gateway-api/kustomization.yaml @@ -6,4 +6,5 @@ resources: - crd/standard/gateway.networking.k8s.io_tcproutes.yaml - crd/standard/gateway.networking.k8s.io_tlsroutes.yaml - crd/standard/gateway.networking.k8s.io_udproutes.yaml +- crd/standart/gateway.networking.k8s.io_backendtlspolicies.yaml # From https://github.com/kubernetes-sigs/gateway-api/blob/v0.6.2/config/crd/kustomization.yaml \ No newline at end of file diff --git a/src/dashboards/policies.jsonnet b/src/dashboards/policies.jsonnet index e6cf13b..85d5042 100644 --- a/src/dashboards/policies.jsonnet +++ b/src/dashboards/policies.jsonnet @@ -9,15 +9,13 @@ gwapi.dashboard('Policies', 'gatewayapipolicies', [ ]) + g.dashboard.withPanels([ gwapi.row('TLSPolicy', 1, 24, 0, 0), - gwapi.stat('Total', 3, 4, 0, 1, 'Total number of TLSPolicy across all clusters', 'count(gatewayapi_tlspolicy_status)'), - gwapi.stat('Ready', 3, 2, 0, 2, 'Total TLSPolicy with an Ready state', 'count(gatewayapi_tlspolicy_status{type="Ready"})'), + gwapi.stat('Total', 3, 2, 0, 1, 'Total number of TLSPolicy across all clusters', 'count(gatewayapi_tlspolicy_status)'), + gwapi.stat('Ready', 3, 2, 2, 1, 'Total TLSPolicy with an Ready state', 'count(gatewayapi_tlspolicy_status{type="Ready"})'), gwapi.policyPanel('TLSPolicy',6,10,4,1,'gatewayapi_tlspolicy_target_info'), gwapi.row('RateLimitPolicy', 1, 24, 0, 2), - gwapi.stat('Total', 3, 4, 0, 3, 'Total number of RateLimitPolicy across all clusters', 'count(gatewayapi_ratelimitpolicy_status)'), - gwapi.stat('Available', 3, 2, 0, 4, 'Total RateLimitPolicy with an Available state', 'count(gatewayapi_ratelimitpolicy_status{type="Available"})'), + gwapi.stat('Total', 3, 2, 0, 3, 'Total number of RateLimitPolicy across all clusters', 'count(gatewayapi_ratelimitpolicy_status)'), + gwapi.stat('Available', 3, 2, 2, 3, 'Total RateLimitPolicy with an Available state', 'count(gatewayapi_ratelimitpolicy_status{type="Available"})'), gwapi.policyPanel('RateLimitPolicy',6,10,4,7,'gatewayapi_ratelimitpolicy_target_info'), gwapi.row('BackendTLSPolicy', 1, 24, 0, 8), - gwapi.stat('Total', 3, 4, 0, 9, 'Total number of BackendTLSPolicy across all clusters', 'count(gatewayapi_Available_status)'), - gwapi.stat('Available', 3, 2, 0, 9, 'Total BackendTLSPolicy with an Available state', 'count(gatewayapi_backendtlspolicy_status{type="Available"})'), gwapi.policyPanel('BackendTLSPolicy',6,10,4,9,'gatewayapi_backendtlspolicy_target_info'), ]) \ No newline at end of file