parent 6e381b9

author Guillaume LEGRAIN <guillaume.legrain@numberly.com> 1718101662 +0200 committer Guillaume LEGRAIN <guillaume.legrain@numberly.com> 1722243307 +0200 gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEORTfpVstjZQgZKvXNxO9Ho+SqB8FAmanWOsACgkQNxO9Ho+S qB+7LBAAhHw2xJ9O7Ctq92LjtrGG45Lyyt5twSxCwd9Ddh94dRxABX27UnRoHiyw sY/cNzxI9xwYyZ2oK4Xcu29Preza/1MpTTt+Ya+saBHjRh45ROldyddF6oSDycir 80XSDtOZqhO2/n/nnySyx1floN2EWxBiiMGA3oTNubPuzsVnW2+de59Uz+Uxpe0e 9d7cA2e+vrKJNJ7HEg15ncNPySj0qmOlP6Ses/Zw0fTmnT1PQLj9K/cP+CFvglW4 HcBgqwh47bIUnAicPGjD16nHqU0TATrAyQ0T2rQZUfW/dMAi4XZ6l3DfDW0V16t8 7NoqbFFjaEkPIYoO+VUJJvESldaTu5RGSaFkQpu1TMHjlQ1bd6gZBdOGr7UcIBlh njR+nGv0V/bP8RNdTt5hqgTwfA29gu8mwdLT3UnIIblRQgr5jtQ+lbfoJmCFFa4D kd/18D0zeNa7ffD7q1qXFAH+MPt3JOXZuSnRdzqtAs42geu9nDJuLHZd+m6Srk/m 1jtf0pquik0ToiImMRHEZ7vvepI/Lo+GliaZyjdGth93pOijpipAFkqF2nMCT0SG RPKn5byqxSv8ZrtJKfNNQUDV1MMWh1d5ZDJPR0J+KDVWpEXU4LFVk6xrW/ur1gdl a30Sn04uXrPgLWAW5Gq8N/fJHfnDtc4ccv3jHYE8cIif1h41GPE= =vr/y -----END PGP SIGNATURE----- parent 6e381b9 author Guillaume LEGRAIN <guillaume.legrain@numberly.com> 1718101662 +0200 committer Guillaume LEGRAIN <guillaume.legrain@numberly.com> 1722243288 +0200 gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEORTfpVstjZQgZKvXNxO9Ho+SqB8FAmanWNgACgkQNxO9Ho+S qB+VvQ//bwTyuT5fZn7qtnUpCHbKIWkklV1J4FjrJtekrsqsDbM7OisoeZ6QCdJO 3C4EkKy7GxIML4F2qKnSxKMhHdtqTqFUM1qQqcjJMLlalUmsuG7WS74tPFDbQven X/PVgDOUjevlYPJGugtEdOLlAC1tpJDeIQp7ZejtObkAfjH3p+3lVruSrc2Wf5mx 6rS+MvDKfykeBim5+L23rG89LrD+0T2ZjGB72jzisOcfH67+T7LK0CoaPugEX3j/ BydD6QJ68thx8pQxiMPi6m+4YaWIqkn9Fa1HNx21cJKa++snunHKAcE9DEiLTq5e nit3FLcEHjhqsRHa8XkvCTIKE+5QqfGMZXpzOUeQF0zJTI1u1lLrfsgdi3zt/6y4 582iGq9MPV0ptXmrgd2G93+rQ8QBIaKu7GlpXmJerCR+CQUmdxZ4VmrO/iZ+KLdN AXBvS3j9NXguRaeQL+nIkZLw/s1eqRj+KsvZCml5bvPVV06kPqusyeSrKBnzbnwG 1MzucHqRSskA4yATTqFwpTFBI43nIYgE93ueX8IcJwampCRsAb0slalJgdEercPa OExhU33ys64cbY8PhvA49D6XZZwZjNhDRZtnJIPSu0fSwE4bduyeDbBfPbR4FRH8 liq7+B+2cAJAUB8Zw6xkqrhqxqMFwHbg7Ua9vYIGf7o+LxNiY0g= =2/zM -----END PGP SIGNATURE----- parent 6e381b9 author Guillaume LEGRAIN <guillaume.legrain@numberly.com> 1718101662 +0200 committer Guillaume LEGRAIN <guillaume.legrain@numberly.com> 1722243258 +0200 gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEORTfpVstjZQgZKvXNxO9Ho+SqB8FAmanWLoACgkQNxO9Ho+S qB9AZA/8CcRRDZAdrRUatOv4rorIbicQ4zJ/Nflz2OFprxidTSD3fKyd010O8h09 QBIWefUiwnkE5E/riZkwYaiyGTtMu7CkhgcCasYV61XvwkbZNFVT4zZfhLhuU6CD lumMxHRVNDR2tk8cky7VK6Ncl82uRi3/ErGJ8BNqwYpqluLQxXpwOegXfi1uYbii VIM0jGF8Q2UASrmk4qQRbntIScdSdZIZIZMezMljpW0JHB+SF4yYPtEJB+wIX9SJ PO+ZkErdZuhi7I/F/ZWJb3weGEmYb8s/QVl7BxDL6AFF5afTkVz75R7NdGWii93O YtlKSA5UQRsDPK4jrY+y1SW5rtZICF4yEGBLWhiAg+1ZneZHNbJyPTNauNRYNG+i MXkHQMPRNIkHHVNjIbth+yLrGuPSo//qhFN9iYipXDoWe9ypWRJtvP6jO79GGegA dVASsVodITkLjOgaKDNtGxJGN55/R7/g42LBrODMQmLWewtjBB2joqwmQQCimzvx ZO+GrS3CXlDpPH2JwDIeezxt24ijbFnaAEx6ggYO9W0IxULgnsamipAXd/BoAffL EpubXP499QbOYjT7YvoathrGIDbbd9uMNlbilOm3AG1v5wWhfZJ0dJFMdKmnBiYV y5EYJhJ/C5cDSzvHwIZx55IqPAnQsCBWDUlF+kkPi+kpNc4wsaQ= =9NUu -----END PGP SIGNATURE----- parent 6e381b9 author Guillaume LEGRAIN <guillaume.legrain@numberly.com> 1718101662 +0200 committer Guillaume LEGRAIN <guillaume.legrain@numberly.com> 1722243202 +0200 gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEORTfpVstjZQgZKvXNxO9Ho+SqB8FAmanWIIACgkQNxO9Ho+S qB/XIA/+IyA7a9n+KLEW0IhliW9Gq6B3g49Fqgb/zzrsxksFZJQWXt/0IBPjh47Y Rmm0tJwdZgZPdNVNttVP/5uNdv5+5J29l7HdGe+cH95PZGXCW3+YjzvttSXQhJu3 iQxMso0BjaWbA8vPVondhWlANr7q7hcDR0S4Zuwjw9hhEzSAAq9hGNG37/RPcG0U EiHhvWQV+BgG8xgF6FW0o+Zut9pboK+xqcR2z0nh5GhByXSJ2Z7l//s9A6EwpQLQ 7JiiinrKjTWHDytdWOlAHDPb9FPeqoAU3X8RJRMwsCvu1PrLAOwX+2lICJIzd9L6 YWKNkKQlsVjBqy/AWPiLoDKjc1YPlLDF8qKZ4qubs1Lm9gW5q0SBBSNJDBoXWJqC pGe+nJMhesciKb6nEm7idwP82mO2zmPdto6YEm8BvF8jVDa1mgs4W8cYDVOn7YEY lxolKT6m5nVnN04qxNFOPum4b0fan5mXAogRb9BPDFKeEZ/4eB1rxFm3Eh7gmlp7 dU5YGl8FEw208PpZLM15htlPkkVVI8IzAkQOb5u1Vb8oce71cMxL3O+qRFz/auCX Gnf8tx6mD7DuTsq3+7tEIwD9C8sVA5bdmelv+UWndq4QQEw8GKRzBGkOVsdkcB6y N2EvGBz/ZDuTosxNCpu5SIda+/unGfSbYl4fP6tn7+Bsgp5Z0IA= =GHG+ -----END PGP SIGNATURE----- parent 6e381b9 author Guillaume LEGRAIN <guillaume.legrain@numberly.com> 1718101662 +0200 committer Guillaume LEGRAIN <guillaume.legrain@numberly.com> 1722243119 +0200 gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEORTfpVstjZQgZKvXNxO9Ho+SqB8FAmanWC8ACgkQNxO9Ho+S qB/rKw/+NG8JhYtyruI/3tnnVwKEBzhJ96jLgzl3bkbk8BW5KMPwb7soDjaatHPG 4M9wTBXxHZ2vgsHE1onqODNKLlSffMGiXF0sJDTym65V/XAYo5bTPFKk9YMpXDzr nBUmG87li2swmbOZBZpfiplJ7S7zXsp7v+BDgv+FVi+rZR22OExg3IF1ubHc1iws oymrpX4967/d5VMx3kNAJfAY5+JxrbzUeae7uzxNxSPC3cXN+Ji70x9wwxoK9UH4 yGjWgch6Du0UAjtNJ2ibCm7i2sYabPbSsssT9A44npqbcQ/vpDV3UX3LJGZusk/S tUjb1xz5iWcB8y9AmTLPv/DQpKldUgRY5U0ibTCfoK+cssaQlpvTd2KcihDIVZ6H qFD7nc/h8nBNjrbLogqc1Xtj4IbaSA6JAViN4SRW3lFmIkpBngLZcl/+5aZZGmv1 Klw8edcDSTaAG2vudrsRwiCTGjwW0t+urNv0YSWRpsXL710lx83sq6yEOoCnFmJT dch13Bxgvq52eMWSraVbLjiQ73RHXR22pLmfqii+IhFYdX2DBVl6XROQlZ3bWyjM FUb6kHXDdG2Ef3TPKxY3BVwo8JKr9fowAz2dGXCb2d8f93UA0jDA3DTXy3jaz0T5 NUuL+xEPh//afr+P1cSteWEviNF3l0Y2wOOrAsD+vVzrdOqYrtM= =jF81 -----END PGP SIGNATURE----- parent 6e381b9 author Guillaume LEGRAIN <guillaume.legrain@numberly.com> 1718101662 +0200 committer Guillaume LEGRAIN <guillaume.legrain@numberly.com> 1722243039 +0200 gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEORTfpVstjZQgZKvXNxO9Ho+SqB8FAmanV98ACgkQNxO9Ho+S qB9CTw//YuoHBylgsdG3ElPVcEp5tIOHPlfkd1gSitSnVzz9Cyn74hhcMHvDcW6N jZSNa1KTQFWFw/sMctmlqXysT8LFyfQWxJfNlh2L7ORYW6GuRy9Droy+gnuMHsV/ OGCY+PCjVo7DwbE9H25I92wCm0Q83MH9mETkra3elJVg2KV8mLIYGUs3LFdUDfJ2 xgjbq7kYY2FyjlwCqc53apCa/MkpFl2kUySFMPq3FoP4NzoJAJjtvIzWx4xms/xX HgJrDoPiGq2GV9wt+bA8Az4GZAMyH1oL1muy+rnxLvPuHceVrlbMFHuAReQgx5gK 8lIRiBQYe5FHPpJx3cubJMzY8kZGlLsjYe+QnxGL06A/UNjROuHDYTwqvlfaW7jk 7tFBVtH2EMKVECL3ZNNskMDufYNqPILvVwzNtwD24u36nMf1VoQiJmC9xgfdBPtG udwjm/+f6sSPakTNgrjhleR928Rsg9l1/na0ElzSP7+RBsjERKhtrGE4Q2Zx7Rjz 5GqWUw18S0WyAq4by1Z6LQEXfEUxD/yfvW6n4GvMbwtlyqJNxBVVfqTSNX2e/d0O UMkIzIp+b/uUZfv3Iu2yAu3qIjm6cShmV06BnGUYHr2gsh07HiJLFA8wPgIkDLt9 wWq06xX2HZfoY8nP2F3OQM23vDCpHlf42dgfTVX3vZIycBAI9tc= =duIV -----END PGP SIGNATURE----- parent 6e381b9 author Guillaume LEGRAIN <guillaume.legrain@numberly.com> 1718101662 +0200 committer Guillaume LEGRAIN <guillaume.legrain@numberly.com> 1722242933 +0200 gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEORTfpVstjZQgZKvXNxO9Ho+SqB8FAmanV3UACgkQNxO9Ho+S qB+tFBAA0wui5jICurgymL4bRPBNNTcuGaXO8RwXBgp3lFLHmB4rXxbnjC2kbGpI g496TGdrhKaGsUFfP5EkQea8cloHTq9f76mT8jnQhjMfCGNp0TvVs+NWilBrdRau KBiwvSqF8M8eL4MjtXP6AImNFOo44s0RztRphdyf3U/s6LjmEWYhhVNeq2hTVCmc uWOJGuFiLh6i3YZ3Bh9P6fNXCyPexlhWyjHm14MU8pQiAR8HQsCFoXX78iKPsCja YMcOwWL0cZB0P3v01DHM8OWVg8EHrb6ikDkpdJgoWGSmA0NWnxAioTfBiBwCif33 A7jmofZ5YLEboBpvRY57laCSnHAvc2x2/IFwE2lX599yaRz5QA3L63riauTKLinn Rcr8Cq6kMlmR85z2FpPyFFRGxMJLfn+ggdl+/OZ+39Nze4J09SIlq/sx3V2zUXY4 voPRkcs5LvUt66QFW9FA2JXiSle+bWc0m2hy6mDSTHDpmwfEGv72IEdvbcTj+Msh 9MkMAFc8W9FJXz9BgkHlY/fXnuucCsx4/aXsFIfyJKjo8mYKQHy5iA0hDp/OnW2a pfeGxTGywBcgPxYnYq5it8HxnrI7eIip/KG2XPUUQmyHfGfteCWpTSwPTThcBpbV 4y6cv5oCFxz9xjmvReTbgrVk1IapztKd1ZtFeHJL3wT/uJgUqKw= =WITQ -----END PGP SIGNATURE----- parent 6e381b9 author Guillaume LEGRAIN <guillaume.legrain@numberly.com> 1718101662 +0200 committer Guillaume LEGRAIN <guillaume.legrain@numberly.com> 1722242872 +0200 gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEORTfpVstjZQgZKvXNxO9Ho+SqB8FAmanVzgACgkQNxO9Ho+S qB+Cpg//dkPglWvhMvmBzv6nAgMRpvee5K+cAInLyR5so9YOSufFS35BScWeBg7d Rvbc80fqhwSqtCHhr4LwAepX9AzPka3jHOzmBWET35SViYIegm1nDuxiTXD/JOZ7 4FcqHtlUFcHnExffBy/5JWWbmnHfzBgWucJSc8/LlapL+QQzDWZ0iVWjBnHyc6gd djudTGg3ogsKTCh39rwej6OHYrpeTAv9boQpJGhLOPt5LbbSDyLpKRv32QFv5XSe 1qIy5oGxw+1hBNdlZN87+NfFwPXmFzeICGUyrAKGPAQcJS1rAxdGx/uEcYVCEOdV JEdCqPO2zsSYgvlwQNg7e3rSBnpxZQgF1QV9kWgH/lxRMFytA6evgQRAJUH4q7mA lG8ljBWQuv9XZnlDr6129SRPNQR6XuXzOh7RefclkrI3CPasMB6vcO5vBxh2i9lQ 8Uje9myLzTUCe9JCJ4vkQkN79bX9pl5FqlRIvbeMjCNXSzg8HaMmZFX8O5MQMIlu TjaHYROBE44kulBMrv2e7Tc9p1yBrPV01N0I3HoBVPEolB6dSk7aENhOxkhzek/M ZuXFseRFzIfh4dVyQ7IwhwDmmzLUGSU28wUCfpEEZmYkhm4eJf7z1q4ycg36azNz I1XijXlw8V979hjNN3CWXsrusftoD/4uhg5EpYl5+77rIOFsYHY= =xb0k -----END PGP SIGNATURE----- parent 6e381b9 author Guillaume LEGRAIN <guillaume.legrain@numberly.com> 1718101662 +0200 committer Guillaume LEGRAIN <guillaume.legrain@numberly.com> 1722242723 +0200 gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEORTfpVstjZQgZKvXNxO9Ho+SqB8FAmanVqMACgkQNxO9Ho+S qB+Hkw//SG8xTcVpnyFrMvjZrbr71UtbXvN9iBgraDj5SJL2ayrq76+5B4nm2zEx iTLo25DqKdCtZPCVlQaUADyhQ2EZkryD/pyGwBrqUPcEOpgusB75WW3MJTjqndhT CfcerbiTN1fUBPhH8fRGKNXW/JfvupMln9fedo/UMyPy3WePBkER0A/+Cx5diQb0 b+KnDMAA6UuAbZKKJJbiJtph+c3Q/6ZGAF6RCEljNeUXN6EZcPR6ecPI6yaaRrvY 2CbpI1Cr7geCOhRF9TLmDVSjvJnia+flJiqu3DNeB4advyBNo8AQKhZ6RHVdazpN GPQ9j5du/z3zO+I9TzwSrv3QP7S7YHdYX3ctMsjPMUm7RkE7MQrM7tXSiu5IPdUx IIAou6PZn756Zxx0NLPXHlnCjqErAzewUcOYmkXd+qgUjM/jpoQf3fw/x3z+QyXB dBW7+POPcC6e22DvWR2kdEgPqAHb82nfe8EbBWM8rydSRg7nhOzIWaUWUQMDU74x 9bECsXy1NCqIJzoiiVNBXZCFiDjpPl2aSXugEQGIVKZxShGB206fm+fdXrqYoDwk eNWPrPhJCgvovhK74S6bJUuFRHTA8GrDdYuf+UYnwIse7/QsQWmehpW3yA7wyr2b KGkU7JKcJA1WFqCpMCOJWzRHR7008/N5fx23i/BR13eJ3wZW438= =GB76 -----END PGP SIGNATURE----- parent 6e381b9 author Guillaume LEGRAIN <guillaume.legrain@numberly.com> 1718101662 +0200 committer Guillaume LEGRAIN <guillaume.legrain@numberly.com> 1722242518 +0200 gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEORTfpVstjZQgZKvXNxO9Ho+SqB8FAmanVdYACgkQNxO9Ho+S qB8QRw/9H+T5Ju2Jsjv+NdZH0pZntJzbVvfjKXMR/Y4HflTxf/Kc0o53w9aojhZX fVaCTMUhOeBBls+qM9C/9tFxKK8tIz30KTy1ojxQ8noRUr2eSUXJopQ+lPqL2X4g O2vopN6IK9sUDFbeAgb7myJa9xeFY0/wFVPKvI5DuhpX4/7qa+PseaiOCOcPeHgK 2KIqC9eCTTITrviwfljdkp7Uk7PIjFkFEjZ5/FJAxF5yMQUaAr9IKYZA4qh13k9k oNEiWkoTeKl5F7bZCJ/bKzNKIKvdsC5TcehNvZTvNjkBOPN4NGFOjMqtPYpbE47G xjIQyAnnlMguef6+kZWykDTorurEP+bwMVQ21UMD5SNwB09gONlyyUedkzLP2zuX Knh0d8qTJ4+nD/PL6oqt98EFjSv+1SO+ycOf5+yMdy/x7syq7TQcyYtz4gsYR0lJ NKScH8TV25TjowKn2F0BjLZnrRxntMeiUZSIMQ3ljf0KrgqCPyWNk3RcAGq16rVs Oomkm+/ZIfMBzrZyhi7jyozYiuJCpMqWshGq59gdYA75AVyOACkSejxN0TO4dZvM 7tGZPCSDTBtUV64nLoeB9ZwQRGdLiwX8WmmlAo/XIJXkTQoARw22Vxn8No+w9xLS Omh7w8b68+eL9o22o/oDE4MQL3dlh40auwhpRg9yu5t9rkorZPE= =Kpl0 -----END PGP SIGNATURE----- Handle maintenance mode for yggdrasil Correct some typo Co-authored-by: Laurent Marchaud <16262531+Aluxima@users.noreply.github.com> remove comment Co-authored-by: Laurent Marchaud <16262531+Aluxima@users.noreply.github.com> Cluster is singular Co-authored-by: Laurent Marchaud <16262531+Aluxima@users.noreply.github.com> fix(mode-maintenance): Explain its the Kubernetes that is in maintenance Add README documentation about syncSecrets Signed-off-by: Laurent Marchaud <laurent@marchaud.com> Fix README typo Signed-off-by: Laurent Marchaud <laurent@marchaud.com> AIRSHIP-2080 Add PackAsBytes option to ExtAuthz filter AIRSHIP-2080 Leave default to false to ensure backwards compatibility AIRSHIP-2080 Go fmt AIRSHIP-2080 Fix names for config properties Add TypeConfig for tls_inspector fix typedConfig types by skipping extra convert to struct Fix makefile docker build target Fix build step in ci after rename in makefile chore: update documentation for envoy version bump Signed-off-by: Laurent Marchaud <laurent@marchaud.com> Bump golang.org/x/crypto from 0.0.0-20220214200702-86341886e292 to 0.1.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.0.0-20220214200702-86341886e292 to 0.1.0. - [Commits](https://github.com/golang/crypto/commits/v0.1.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Bump golang.org/x/net from 0.0.0-20220127200216-cd36cc0744dd to 0.7.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.0.0-20220127200216-cd36cc0744dd to 0.7.0. - [Commits](https://github.com/golang/net/commits/v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Bump github.com/prometheus/client_golang from 0.9.0 to 1.11.1 Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 0.9.0 to 1.11.1. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v0.9.0...v1.11.1) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> AIRSHIP-2978 Enable custom access log format configuration AIRSHIP-2978 Remove unused test and add link AIRSHIP-2978 Sort log lines AIRSHIP-2978 Add config dump endpoint for testing AIRSHIP-2978 Improve docs for config dump flag airship-3070: migrate to github actions fix file exec permissions in docker entrypoint temp build image on any branch refactor docker-build-push on master or tag only add tracing-provider flag details on README add prefix v to images pushed to quay in gha change tag pattern to raw to use exact tag created feat(weight-annotation): Annotation to add load-balancing weight Set tls1.2 as minimum downstream proto Signed-off-by: Laurent Marchaud <laurent@marchaud.com> Update README.md Applying @Aluxima suggestion Co-authored-by: Laurent Marchaud <16262531+Aluxima@users.noreply.github.com> Raise default circuit breaker limits Add configurable listener ALPN protocols to enable downstream http2 Signed-off-by: Laurent Marchaud <laurent@marchaud.com> Allow matching <host>:* Signed-off-by: Laurent Marchaud <laurent@marchaud.com> replace deprecated ioutils with os. Add annotation on README Ignoring launch.json test: correct address as a list Fix tests Signed-off-by: Laurent Marchaud <laurent@marchaud.com>
numberly · Jul 29, 2024 · c4e970c · c4e970c
1 parent 6e381b9
commit c4e970c
Show file tree

Hide file tree

Showing 24 changed files with 600 additions and 223 deletions.
diff --git a/.drone.yml b/.drone.yml
diff --git a/.github/rvu/labels.yaml b/.github/rvu/labels.yaml
@@ -0,0 +1 @@
+service.rvu.co.uk/brand: airship
diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml
@@ -0,0 +1,57 @@
+name: push
+on: push
+permissions:
+  contents: read
+  id-token: write
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - uses: actions/setup-go@v4
+      with:
+        go-version: "1.17"
+    - run: make test
+  build:
+    runs-on: ubuntu-latest
+    needs: test
+    steps:
+    - uses: actions/checkout@v4
+    - uses: actions/setup-go@v4
+      with:
+        go-version: "1.17"
+    - run: make build-linux
+    - uses: actions/upload-artifact@v3
+      with:
+        name: bin
+        path: bin/
+  docker-build-push:
+    if: github.ref_name == 'master' || startsWith(github.ref, 'refs/tags/v')
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - uses: actions/download-artifact@v3
+      with:
+        name: bin
+        path: bin/
+    - name: Login to Quay.io
+      uses: docker/login-action@v3
+      with:
+        registry: quay.io
+        username: ${{ secrets.QUAY_USERNAME }}
+        password: ${{ secrets.QUAY_PASSWORD }}
+    - id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: quay.io/uswitch/yggdrasil
+        tags: |
+          type=semver,pattern={{raw}}
+          type=sha,prefix=,format=long,
+    - uses: docker/build-push-action@v5
+      with:
+        context: .
+        labels: ${{ steps.meta.outputs.labels }}
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+
diff --git a/.tool-versions b/.tool-versions
@@ -0,0 +1 @@
+golang 1.17.13
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 FROM scratch
 
-ADD bin/yggdrasil-linux-amd64 yggdrasil
+COPY --chmod=755 bin/yggdrasil-linux-amd64 yggdrasil
 
 ENTRYPOINT ["/yggdrasil"]
diff --git a/Makefile b/Makefile
@@ -5,14 +5,16 @@ BIN_DARWIN = $(BIN)-darwin-$(ARCH)
 
 SOURCES := $(shell find . -iname '*.go')
 
-.PHONY: test clean all
+.PHONY: test clean all build-linux
 
-all: build-darwin build-linux
+all: build-darwin $(BIN_LINUX)
 
 build-darwin: $(SOURCES)
 	GOARCH=$(ARCH) GOOS=darwin go build -o $(BIN_DARWIN)
 
-build-linux: $(SOURCES)
+build-linux: $(BIN_LINUX)
+
+$(BIN_LINUX): $(SOURCES)
 	GOARCH=$(ARCH) GOOS=linux CGO_ENABLED=0 go build -o $(BIN_LINUX)
 
 test: $(SOURCES)
@@ -22,7 +24,7 @@ bench: $(SOURCES)
 	go test -run=XX -bench=. $(shell go list ./... | grep -v /vendor)
 
 docker: Dockerfile $(BIN_LINUX)
-	docker image build -t quay.io/uswitch/yggdrasil:devel .
+	docker image build -t registry.airship.rvu.cloud/cloud/yggdrasil:devel .
 
 clean:
 	rm -rf bin/
diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 # Yggdrasil
 Yggdrasil is an Envoy control plane that configures listeners and clusters based off Kubernetes ingresses from multiple Kube Clusters. This allows you to have an envoy cluster acting as a mutli-cluster loadbalancer for Kubernetes. This was something we needed as we wanted our apps to be highly available in the event of a cluster outage but did not want the solution to live inside of Kubernetes itself.
 
-`Note:` Currently we support version 1.19.x of Envoy.</br>
+`Note:` Currently we support versions 1.20.x to 1.26.x of Envoy.</br>
 `Note:` Yggdrasil now uses [Go modules](https://github.com/golang/go/wiki/Modules) to handle dependencies.
 
 ## Usage
@@ -133,12 +133,22 @@ spec:
           servicePort: 80
 ```
 
+## Dynamic TLS certificates synchronization from Kubernetes secrets
+
+Downstream TLS certificates can be dynamically fetched and updated from Kubernetes secrets configured under ingresses' `spec.tls` by setting `syncSecrets` true in Yggdrasil configuration (false by default).
+
+In this mode, only a single `certificate` may be specified in Yggdrasil configuration. It will be used for hosts with misconfigured or invalid secret.
+
+**Note**: ECDSA >256 keys are not supported by envoy and will be discarded. See https://github.com/envoyproxy/envoy/issues/10855
+
 ## Configuration
 Yggdrasil can be configured using a config file e.g:
 ```json
 {
   "nodeName": "foo",
   "ingressClasses": ["multi-cluster", "multi-cluster-staging"],
+  "accessLog": "/var/log/envoy/",
+  "syncSecrets": false,
   "certificates": [
     {
       "hosts": ["*.api.com"],
@@ -176,7 +186,7 @@ Maintenance is a new mode that allow to set a cluster in maintenance mode :
 
 This is optional and equal to `false` by default.
 
-kubernetesClusterName is the name of the cluster, its only for information and will be used for metrics. Optional default to `""`
+kubernetesClusterName is the name of the cluster, it's only for information and will be used for metrics. Optional defaults to `""`
 
 ## Metrics
 Yggdrasil has a number of Go, gRPC, Prometheus, and Yggdrasil-specific metrics built in which can be reached by cURLing the `/metrics` path at the health API address/port (default: 8081). See [Flags](#Flags) for more information on configuring the health API address/port.
@@ -199,17 +209,19 @@ The Yggdrasil-specific metrics which are available from the API are:
 --ca string                                   trustedCA
 --cert string                                 certfile
 --config string                               config file
+--config-dump                                 Enable config dump endpoint at /configdump on the health-address HTTP server
 --debug                                       Log at debug level
+--access-log                                  path for the file logs
 --envoy-listener-ipv4-address strings         IPv4 addresses by the envoy proxy to accept incoming connections (default "0.0.0.0")
 --envoy-port uint32                           port by the envoy proxy to accept incoming connections (default 10000)
 --health-address string                       yggdrasil health API listen address (default "0.0.0.0:8081")
---help                                        help for yggdrasil
+-h, --help                                        help for yggdrasil
 --host-selection-retry-attempts int           Number of host selection retry attempts. Set to value >=0 to enable (default -1)
---retry-on                                    Default comma-separated list of retry policies (default 5xx)
 --http-ext-authz-allow-partial-message        When this field is true, Envoy will buffer the message until max_request_bytes is reached (default true)
 --http-ext-authz-cluster string               The name of the upstream gRPC cluster
 --http-ext-authz-failure-mode-allow           Changes filters behaviour on errors (default true)
 --http-ext-authz-max-request-bytes uint32     Sets the maximum size of a message body that the filter will hold in memory (default 8192)
+--http-ext-authz-pack-as-bytes                When this field is true, Envoy will send the body as raw bytes.
 --http-ext-authz-timeout duration             The timeout for the gRPC request. This is the timeout for a specific request. (default 200ms)
 --http-grpc-logger-cluster string             The name of the upstream gRPC cluster
 --http-grpc-logger-name string                Name of the access log
@@ -221,10 +233,12 @@ The Yggdrasil-specific metrics which are available from the API are:
 --kube-config stringArray                     Path to kube config
 --max-ejection-percentage int32               maximal percentage of hosts ejected via outlier detection. Set to >=0 to activate outlier detection in envoy. (default -1)
 --node-name string                            envoy node name
+--retry-on string                             default comma-separated list of retry policies (default "5xx")
+--tracing-provider                            name of HTTP Connection Manager tracing provider to include - currently only zipkin config is supported
 --upstream-healthcheck-healthy uint32         number of successful healthchecks before the backend is considered healthy (default 3)
 --upstream-healthcheck-interval duration      duration of the upstream health check interval (default 10s)
 --upstream-healthcheck-timeout duration       timeout of the upstream healthchecks (default 5s)
 --upstream-healthcheck-unhealthy uint32       number of failed healthchecks before the backend is considered unhealthy (default 3)
 --upstream-port uint32                        port used to connect to the upstream ingresses (default 443)
 --use-remote-address                          populates the X-Forwarded-For header with the client address. Set to true when used as edge proxy
-```
+```
diff --git a/cmd/root.go b/cmd/root.go
@@ -36,6 +36,7 @@ type config struct {
 	NodeName                   string                    `json:"nodeName"`
 	Clusters                   []clusterConfig           `json:"clusters"`
 	SyncSecrets                bool                      `json:"syncSecrets"`
+	AccessLog                  string                    `json:"accessLog"`
 	Certificates               []envoy.Certificate       `json:"certificates"`
 	TrustCA                    string                    `json:"trustCA"`
 	UpstreamPort               uint32                    `json:"upstreamPort"`
@@ -49,6 +50,7 @@ type config struct {
 	HttpGrpcLogger             envoy.HttpGrpcLogger      `json:"httpGrpcLogger"`
 	DefaultTimeouts            envoy.DefaultTimeouts     `json:"defaultTimeouts"`
 	AlpnProtocols              []string                  `json:"alpnProtocols"`
+	AccessLogger               envoy.AccessLogger        `json:"accessLogger"`
 }
 
 // Hasher returns node ID as an ID
@@ -80,18 +82,21 @@ func init() {
 	rootCmd.PersistentFlags().String("address", "0.0.0.0:8080", "yggdrasil envoy control plane listen address")
 	rootCmd.PersistentFlags().String("health-address", "0.0.0.0:8081", "yggdrasil health API listen address")
 	rootCmd.PersistentFlags().String("node-name", "", "envoy node name")
+	rootCmd.PersistentFlags().String("access-log", "/var/log/envoy/", "envoy default access log file")
 	rootCmd.PersistentFlags().String("cert", "", "certfile")
 	rootCmd.PersistentFlags().String("key", "", "keyfile")
 	rootCmd.PersistentFlags().String("ca", "", "trustedCA")
 	rootCmd.PersistentFlags().StringSlice("ingress-classes", nil, "Ingress classes to watch")
 	rootCmd.PersistentFlags().StringArrayVar(&kubeConfig, "kube-config", nil, "Path to kube config")
 	rootCmd.PersistentFlags().Bool("debug", false, "Log at debug level")
+	rootCmd.PersistentFlags().Bool("config-dump", false, "Enable config dump endpoint at /configdump on the health-address HTTP server")
 	rootCmd.PersistentFlags().Uint32("upstream-port", 443, "port used to connect to the upstream ingresses")
 	rootCmd.PersistentFlags().StringSlice("envoy-listener-ipv4-address", []string{"0.0.0.0"}, "IPv4 address by the envoy proxy to accept incoming connections")
 	rootCmd.PersistentFlags().Uint32("envoy-port", 10000, "port by the envoy proxy to accept incoming connections")
 	rootCmd.PersistentFlags().Int32("max-ejection-percentage", -1, "maximal percentage of hosts ejected via outlier detection. Set to >=0 to activate outlier detection in envoy.")
 	rootCmd.PersistentFlags().Int64("host-selection-retry-attempts", -1, "Number of host selection retry attempts. Set to value >=0 to enable")
 	rootCmd.PersistentFlags().String("retry-on", "5xx", "default comma-separated list of retry policies")
+	rootCmd.PersistentFlags().String("tracing-provider", "", "HTTP Connection Manager tracing provider block to include")
 	rootCmd.PersistentFlags().Duration("upstream-healthcheck-interval", 10*time.Second, "duration of the upstream health check interval")
 	rootCmd.PersistentFlags().Duration("upstream-healthcheck-timeout", 5*time.Second, "timeout of the upstream healthchecks")
 	rootCmd.PersistentFlags().Uint32("upstream-healthcheck-healthy", 3, "number of successful healthchecks before the backend is considered healthy")
@@ -106,15 +111,19 @@ func init() {
 	rootCmd.PersistentFlags().Duration("http-ext-authz-timeout", 200*time.Millisecond, "The timeout for the gRPC request. This is the timeout for a specific request.")
 	rootCmd.PersistentFlags().Uint32("http-ext-authz-max-request-bytes", 8192, "Sets the maximum size of a message body that the filter will hold in memory")
 	rootCmd.PersistentFlags().Bool("http-ext-authz-allow-partial-message", true, "When this field is true, Envoy will buffer the message until max_request_bytes is reached")
+	rootCmd.PersistentFlags().Bool("http-ext-authz-pack-as-bytes", false, "When this field is true, Envoy will send the body as raw bytes.")
 	rootCmd.PersistentFlags().Bool("http-ext-authz-failure-mode-allow", true, "Changes filters behaviour on errors")
+
 	rootCmd.PersistentFlags().Duration("default-route-timeout", 15*time.Second, "Default timeout of the routes")
 	rootCmd.PersistentFlags().Duration("default-cluster-timeout", 30*time.Second, "Default timeout of the cluster")
 	rootCmd.PersistentFlags().Duration("default-per-try-timeout", 5*time.Second, "Default timeout of PerTry")
 	rootCmd.PersistentFlags().StringSlice("alpn-protocols", []string{}, "exposed listener ALPN protocols")
 	viper.BindPFlag("debug", rootCmd.PersistentFlags().Lookup("debug"))
+	viper.BindPFlag("configDump", rootCmd.PersistentFlags().Lookup("config-dump"))
 	viper.BindPFlag("address", rootCmd.PersistentFlags().Lookup("address"))
 	viper.BindPFlag("healthAddress", rootCmd.PersistentFlags().Lookup("health-address"))
 	viper.BindPFlag("nodeName", rootCmd.PersistentFlags().Lookup("node-name"))
+	viper.BindPFlag("accessLog", rootCmd.PersistentFlags().Lookup("access-log"))
 	viper.BindPFlag("ingressClasses", rootCmd.PersistentFlags().Lookup("ingress-classes"))
 	viper.BindPFlag("cert", rootCmd.PersistentFlags().Lookup("cert"))
 	viper.BindPFlag("key", rootCmd.PersistentFlags().Lookup("key"))
@@ -125,6 +134,7 @@ func init() {
 	viper.BindPFlag("maxEjectionPercentage", rootCmd.PersistentFlags().Lookup("max-ejection-percentage"))
 	viper.BindPFlag("hostSelectionRetryAttempts", rootCmd.PersistentFlags().Lookup("host-selection-retry-attempts"))
 	viper.BindPFlag("retryOn", rootCmd.PersistentFlags().Lookup("retry-on"))
+	viper.BindPFlag("tracingProvider", rootCmd.PersistentFlags().Lookup("tracing-provider"))
 	viper.BindPFlag("upstreamHealthCheck.interval", rootCmd.PersistentFlags().Lookup("upstream-healthcheck-interval"))
 	viper.BindPFlag("upstreamHealthCheck.timeout", rootCmd.PersistentFlags().Lookup("upstream-healthcheck-timeout"))
 	viper.BindPFlag("upstreamHealthCheck.healthyThreshold", rootCmd.PersistentFlags().Lookup("upstream-healthcheck-healthy"))
@@ -139,6 +149,7 @@ func init() {
 	viper.BindPFlag("httpExtAuthz.timeout", rootCmd.PersistentFlags().Lookup("http-ext-authz-timeout"))
 	viper.BindPFlag("httpExtAuthz.maxRequestBytes", rootCmd.PersistentFlags().Lookup("http-ext-authz-max-request-bytes"))
 	viper.BindPFlag("httpExtAuthz.allowPartialMessage", rootCmd.PersistentFlags().Lookup("http-ext-authz-allow-partial-message"))
+	viper.BindPFlag("httpExtAuthz.packAsBytes", rootCmd.PersistentFlags().Lookup("http-ext-authz-pack-as-bytes"))
 	viper.BindPFlag("httpExtAuthz.FailureModeAllow", rootCmd.PersistentFlags().Lookup("http-ext-authz-failure-mode-allow"))
 	viper.BindPFlag("defaultTimeouts.Route", rootCmd.PersistentFlags().Lookup("default-route-timeout"))
 	viper.BindPFlag("defaultTimeouts.Cluster", rootCmd.PersistentFlags().Lookup("default-cluster-timeout"))
@@ -234,6 +245,7 @@ func main(*cobra.Command, []string) error {
 		c.Certificates,
 		viper.GetString("trustCA"),
 		viper.GetStringSlice("ingressClasses"),
+		viper.GetString("accessLog"),
 		envoy.WithUpstreamPort(uint32(viper.GetInt32("upstreamPort"))),
 		envoy.WithEnvoyListenerIpv4Address(viper.GetStringSlice("envoyListenerIpv4Address")),
 		envoy.WithEnvoyPort(uint32(viper.GetInt32("envoyPort"))),
@@ -246,15 +258,18 @@ func main(*cobra.Command, []string) error {
 		envoy.WithSyncSecrets(c.SyncSecrets),
 		envoy.WithDefaultTimeouts(c.DefaultTimeouts),
 		envoy.WithDefaultRetryOn(viper.GetString("retryOn")),
+		envoy.WithAccessLog(c.AccessLogger),
+		envoy.WithTracingProvider(viper.GetString("tracingProvider")),
 		envoy.WithAlpnProtocols(viper.GetStringSlice("alpnProtocols")),
 	)
+	configurator.ValidateAndFormatPath()
 	snapshotter := envoy.NewSnapshotter(envoyCache, configurator, aggregator)
 
 	go snapshotter.Run(aggregator)
 	go aggregator.Run()
 
 	envoyServer := server.NewServer(ctx, envoyCache, &callbacks{})
-	go runEnvoyServer(envoyServer, viper.GetString("address"), viper.GetString("healthAddress"), ctx.Done())
+	go runEnvoyServer(envoyServer, snapshotter, viper.GetBool("configDump"), viper.GetString("address"), viper.GetString("healthAddress"), ctx.Done())
 
 	<-stopCh
 	return nil
@@ -279,17 +294,17 @@ func createClientConfig(path string) (*rest.Config, error) {
 	return clientcmd.BuildConfigFromFlags("", path)
 }
 
-func createSources(clusters []clusterConfig) ([]*kubernetes.Clientset, error) {
-	sources := []*kubernetes.Clientset{}
+func createSources(clusters []clusterConfig) ([]k8s.KubernetesConfig, error) {
+	var sources []k8s.KubernetesConfig
+	allInMaintenance := true
 
 	for _, cluster := range clusters {
-
 		var token string
 
 		if cluster.TokenPath != "" {
 			bytes, err := os.ReadFile(cluster.TokenPath)
 			if err != nil {
-				return sources, err
+				return nil, err
 			}
 			token = string(bytes)
 		} else {
@@ -314,7 +329,7 @@ func createSources(clusters []clusterConfig) ([]*kubernetes.Clientset, error) {
 
 		if cluster.Maintenance {
 			envoy.KubernetesClusterInMaintenance.WithLabelValues(cluster.APIServer).Set(float64(1))
-			log.Warnf("Cluster with API Endpoint %s is in maintenance mode", cluster.APIServer)
+			log.Warnf("Kubernetes Cluster with API Endpoint %s is in maintenance mode", cluster.APIServer)
 		} else {
 			allInMaintenance = false
 		}
@@ -329,8 +344,8 @@ func createSources(clusters []clusterConfig) ([]*kubernetes.Clientset, error) {
 	return sources, nil
 }
 
-func configFromKubeConfig(paths []string) ([]*kubernetes.Clientset, error) {
-	sources := []*kubernetes.Clientset{}
+func configFromKubeConfig(paths []string) ([]k8s.KubernetesConfig, error) {
+	var sources []k8s.KubernetesConfig
 
 	for _, configPath := range paths {
 		config, err := createClientConfig(configPath)