* build: fix a minor compilation issue
Signed-off-by: Kuat Yessenov <kuat@google.com>
* fixes
Signed-off-by: Kuat Yessenov <kuat@google.com>
* fixes
Signed-off-by: Kuat Yessenov <kuat@google.com>
---------
Signed-off-by: Kuat Yessenov <kuat@google.com>
Two parts:
* Cleanup DOCKER_REPOSITORY, which is strictly dead code
* Cleanup WASM_REPOSITORY, which is used to push WASM images. This has
moved to istio-ecosystem
* fix ARM format script
Signed-off-by: Kuat Yessenov <kuat@google.com>
* use image clang
Signed-off-by: Kuat Yessenov <kuat@google.com>
* fix buildifier
Signed-off-by: Kuat Yessenov <kuat@google.com>
* make manual
Signed-off-by: Kuat Yessenov <kuat@google.com>
* disable wasm build unless needed
Signed-off-by: Kuat Yessenov <kuat@google.com>
* fix
Signed-off-by: Kuat Yessenov <kuat@google.com>
---------
Signed-off-by: Kuat Yessenov <kuat@google.com>
* wasm: remove stats and attributegen from the tree
Signed-off-by: Kuat Yessenov <kuat@google.com>
* fix lint
Signed-off-by: Kuat Yessenov <kuat@google.com>
* fix lint
Signed-off-by: Kuat Yessenov <kuat@google.com>
* skip tsan for v8
Signed-off-by: Kuat Yessenov <kuat@google.com>
* fix
Signed-off-by: Kuat Yessenov <kuat@google.com>
---------
Signed-off-by: Kuat Yessenov <kuat@google.com>
* add server gateway
Signed-off-by: Kuat Yessenov <kuat@google.com>
* defaults
Signed-off-by: Kuat Yessenov <kuat@google.com>
* review
Signed-off-by: Kuat Yessenov <kuat@google.com>
Signed-off-by: Kuat Yessenov <kuat@google.com>
* fixes
Signed-off-by: Kuat Yessenov <kuat@google.com>
* handle all wasm properties
Signed-off-by: Kuat Yessenov <kuat@google.com>
Signed-off-by: Kuat Yessenov <kuat@google.com>
* workload metadata: harden parsing
Signed-off-by: Kuat Yessenov <kuat@google.com>
* fix test
Signed-off-by: Kuat Yessenov <kuat@google.com>
* fix test
Signed-off-by: Kuat Yessenov <kuat@google.com>
Signed-off-by: Kuat Yessenov <kuat@google.com>
* wip
Signed-off-by: Kuat Yessenov <kuat@google.com>
* fix
Signed-off-by: Kuat Yessenov <kuat@google.com>
* fix
Signed-off-by: Kuat Yessenov <kuat@google.com>
* wip
Signed-off-by: Kuat Yessenov <kuat@google.com>
* complete
Signed-off-by: Kuat Yessenov <kuat@google.com>
* reserve tags vector
Signed-off-by: Kuat Yessenov <kuat@google.com>
* change to statnames from elements
Signed-off-by: Kuat Yessenov <kuat@google.com>
* implement customization
Signed-off-by: Kuat Yessenov <kuat@google.com>
* test
Signed-off-by: Kuat Yessenov <kuat@google.com>
* run test
Signed-off-by: Kuat Yessenov <kuat@google.com>
* add expressions
Signed-off-by: Kuat Yessenov <kuat@google.com>
* finish expressions
Signed-off-by: Kuat Yessenov <kuat@google.com>
Signed-off-by: Kuat Yessenov <kuat@google.com>
* cleanup ssl from metadata object
Signed-off-by: Kuat Yessenov <kuat@google.com>
* fix test
Signed-off-by: Kuat Yessenov <kuat@google.com>
* refactor
Signed-off-by: Kuat Yessenov <kuat@google.com>
* fix wasm
Signed-off-by: Kuat Yessenov <kuat@google.com>
* format
Signed-off-by: Kuat Yessenov <kuat@google.com>
* wasm fix
Signed-off-by: Kuat Yessenov <kuat@google.com>
* fix
Signed-off-by: Kuat Yessenov <kuat@google.com>
* benchmark
Signed-off-by: Kuat Yessenov <kuat@google.com>
* review
Signed-off-by: Kuat Yessenov <kuat@google.com>
Signed-off-by: Kuat Yessenov <kuat@google.com>
* Automator: update envoy@ in istio/proxy@master (#3817)
switched envoy commit to fork with L7 PEP changes
testing
wrong SHA
added internal listener and transport_socket
* Use new envoy
Change-Id: I80a834b7b995973ead80f3f1e1e8e795ca95c4a5
* telemetry: add workload_metadata filter (#2)
* telemetry: add workload_metadata filter
This PR is intended to establish a basic framework for a Listener filter
that will be used to lookup client/server metadata for workload
instances. If metadata can be found (based on IP addresses), the
metadata will be written into FilterState, where it can be exploited by
subsequent filters (for reporting, protocol encoding, etc.).
It is expected that this filter will need to undergo significant
modification as we flesh out the implementation (and relationship to
other filters in the chain). For instance, ECDS support will need to be
added.
* update to match control plane PR
* add support for baggage generation
* fix errors from clang-format
* address code review comments
* clean up consts, etc.
* rebase ambient changes on envoy main
Change-Id: I2cc0960342f2e7e0d48b69f4bdf85db78cbcdbaf
* bazel: use envoy newly declared python toolchain
Signed-off-by: Yuchen Dai <lambdai@google.com>
Change-Id: I84d69936b4bdaf10a0e325e2d64d1a074be6fd1d
* fixed syntax err
Change-Id: I36d6ff42d9d8c397e015b4d8647b277662b5c6cb
* sha
Change-Id: I234c56c8889a0921df65ca03b64e9598a4e2721d
* try fix filter
Change-Id: Ib528be1d24609422afc5d66ca2d66b38eaabff8c
* more fix filter
Change-Id: Ia08f1498d10ccba0677409a1a2c55367eb3f912d
* try again
Change-Id: Id954d72f04c2823ea1dac235485e604e9cdfab50
* thank god for clion
Change-Id: Ibceaa1a916cd4236021643088c6f5feb2f468f8a
* format
Change-Id: If4cc136a1839f044b5cc709d3db645d50e207858
* add dynamic metadata
* convert str
* fix keys
* fmt
* telemetry: add filter to move baggage header to filter state object
This PR creates a new HTTP filter that is intended to live in the
inbound_CONNECT_terminate chain. It will take the received baggage
header and build a WorkloadMetadataObject filter state object to match.
This filter state object can then be passed to the internal listener
chain for processing by a subsequent filter that can (a) set the SSL
connection info appropriately and (b) create a PeerInfo CEL filter state
object for use in the stats filter.
It is modeled after the header_to_metadata filter. If/once this is
working, it can be likewise expanded to be a more general purpose (if
warranted).
* address initial comments
* Automator: update envoy@ in istio/proxy@master (#3817)
switched envoy commit to fork with L7 PEP changes
testing
wrong SHA
added internal listener and transport_socket
* Use new envoy
Change-Id: I80a834b7b995973ead80f3f1e1e8e795ca95c4a5
* telemetry: add workload_metadata filter (#2)
* telemetry: add workload_metadata filter
This PR is intended to establish a basic framework for a Listener filter
that will be used to lookup client/server metadata for workload
instances. If metadata can be found (based on IP addresses), the
metadata will be written into FilterState, where it can be exploited by
subsequent filters (for reporting, protocol encoding, etc.).
It is expected that this filter will need to undergo significant
modification as we flesh out the implementation (and relationship to
other filters in the chain). For instance, ECDS support will need to be
added.
* update to match control plane PR
* add support for baggage generation
* fix errors from clang-format
* address code review comments
* clean up consts, etc.
* rebase ambient changes on envoy main
Change-Id: I2cc0960342f2e7e0d48b69f4bdf85db78cbcdbaf
* bazel: use envoy newly declared python toolchain
Signed-off-by: Yuchen Dai <lambdai@google.com>
Change-Id: I84d69936b4bdaf10a0e325e2d64d1a074be6fd1d
* fixed syntax err
Change-Id: I36d6ff42d9d8c397e015b4d8647b277662b5c6cb
* sha
Change-Id: I234c56c8889a0921df65ca03b64e9598a4e2721d
* try fix filter
Change-Id: Ib528be1d24609422afc5d66ca2d66b38eaabff8c
* more fix filter
Change-Id: Ia08f1498d10ccba0677409a1a2c55367eb3f912d
* try again
Change-Id: Id954d72f04c2823ea1dac235485e604e9cdfab50
* thank god for clion
Change-Id: Ibceaa1a916cd4236021643088c6f5feb2f468f8a
* format
Change-Id: If4cc136a1839f044b5cc709d3db645d50e207858
* add dynamic metadata
* convert str
* fix keys
* fmt
* pull in envoy upstream changes
* update date
* checksum
* fmt
* more review changes
* telemetry: add support in stats filter for ambient server pep mode
This PR establishes an extra config parameter for the stats mode to
allow local node info mapping on a per request basis (pulling from host
metadata set on the target endpoint). This is required for Ambient
Server PEP operation because upstream metadata will not be available
entirely from the Envoy node metadata (as it was with sidecar
operations). The control plane _should_ still provide the required
metadata for the endpoint.
Note: at present, there is no mapping support for other pod labels or
even 'app' and 'version' labels, as those are not supplied in the host
metadata. if more upstream metadata is required, beyond what is
currently available, more work is likely necessary. There may also be
work required to properly convey service account info, etc.
* add copyright header
* telemetry: add filter to create peer info obj for internal chain
This PR is meant to pull the WorkloadMetadataObject created by the
CONNECT_terminate filter and create the peer info FBB objects expected
by the existing stats filter in the internal listener filter chain.
This filter also transfers the SSL connection across to the internal
listener connection info as well.
* address review comments
* cleanup config doc comment
* fix config build breakage
* telemetry: set SharedWithUpstreamConnection on workload meta obj
* telemetry: add new extensions to envoy build
* listener filter: set original dst from metadata
Signed-off-by: Kuat Yessenov <kuat@google.com>
* reformat
Signed-off-by: Kuat Yessenov <kuat@google.com>
* comments
Signed-off-by: Kuat Yessenov <kuat@google.com>
* telemetry: make filter interaction more debuggable
* address review comments
* telemetry: add support for cluster id in baggage
* update
Signed-off-by: Kuat Yessenov <kuat@google.com>
* fix go checks
* telemetry: pass in SSL info to internal listener
This PR adds a network filter to setting the SSL connection on the
internal listener connection. This new filter can be configured in the
chain on internal VIP listeners to allow telemetry (and other)
inspection.
This has been manually tested and validated with a locally-modified control plane.
The updated Envoy reference includes the set of two outstanding PRs as
well as the functionality needed to unblock setting SSL on a socket in a
listener filter.
* add basic test
* reintroduce fork for orig dest port override
* directly on top of last commit
* lint: run buildifier
* fix eds dedupe
* add back internal upstream hack
* Create filter state with string accessor
* Lint fixes
* Lint fix for BUILD
* Targeting review comment and updated test
* test with upstream envoy
* add to inventory
* update envoy
* update commit
* update internal listener and envoy
* go control plane doesnt have endpoint_id
* explicit
* internal
* refactor
Signed-off-by: Kuat Yessenov <kuat@google.com>
* testing
Signed-off-by: Kuat Yessenov <kuat@google.com>
* modify test
Signed-off-by: Kuat Yessenov <kuat@google.com>
* disable load
Signed-off-by: Kuat Yessenov <kuat@google.com>
* lint
Signed-off-by: Kuat Yessenov <kuat@google.com>
* revert internal transport hack
* switch forks (#29)
* Added uProxy metadata mode
* Lint fix
* Another lint fix
* Wrong metadata attribute name
* Set filter state with baggage from header
* fixes
Signed-off-by: Kuat Yessenov <kuat@google.com>
* add tls passthrough
Signed-off-by: Kuat Yessenov <kuat@google.com>
* remove load
Signed-off-by: Kuat Yessenov <kuat@google.com>
* remove
Signed-off-by: Kuat Yessenov <kuat@google.com>
* wrap up
Signed-off-by: Kuat Yessenov <kuat@google.com>
* clean up
Signed-off-by: Kuat Yessenov <kuat@google.com>
* lint
Signed-off-by: Kuat Yessenov <kuat@google.com>
* fix assertion
Signed-off-by: Kuat Yessenov <kuat@google.com>
* half-close fix
* fix build
* fix optref in tests
* rename ambient components
* even better names
* Switch to istio/envoy repo
* format
Signed-off-by: Kuat Yessenov <kuat@google.com>
* status note
Signed-off-by: Kuat Yessenov <kuat@google.com>
* style
Signed-off-by: Kuat Yessenov <kuat@google.com>
Signed-off-by: Yuchen Dai <lambdai@google.com>
Signed-off-by: Kuat Yessenov <kuat@google.com>
Co-authored-by: Istio Automation <istio-testing-bot@google.com>
Co-authored-by: John Howard <howardjohn@google.com>
Co-authored-by: Douglas Reid <douglas-reid@users.noreply.github.com>
Co-authored-by: Steven Landow <landow@google.com>
Co-authored-by: Yuchen Dai <lambdai@google.com>
Co-authored-by: Douglas Reid <dougreid@google.com>
Co-authored-by: Yossi Mesika <yossi.mesika@solo.io>
Co-authored-by: Yuval Kohavi <yuval.kohavi@gmail.com>
Some combinations of compiler/c++ libraries don't include <optional>
header by default, making the build fail with
```
./extensions/common/wasm/json_util.h:36:6: error: no template named 'optional' in namespace 'std'
```
* fixes
Signed-off-by: Kuat Yessenov <kuat@google.com>
* bump abseil
Signed-off-by: Kuat Yessenov <kuat@google.com>
* fast forward
Signed-off-by: Kuat Yessenov <kuat@google.com>
Jonh Wendell