kuma

loader_test.go
1017 строк · 58.9 Кб
Перенос по словам
1
package config_test
2

3
import (
4
	"os"
5
	"time"
6

7
	. "github.com/onsi/ginkgo/v2"
8
	. "github.com/onsi/gomega"
9
	"golang.org/x/exp/maps"
10

11
	"github.com/kumahq/kuma/pkg/config"
12
	kuma_cp "github.com/kumahq/kuma/pkg/config/app/kuma-cp"
13
	config_core "github.com/kumahq/kuma/pkg/config/core"
14
	"github.com/kumahq/kuma/pkg/config/core/resources/store"
15
	"github.com/kumahq/kuma/pkg/config/plugins/resources/postgres"
16
	"github.com/kumahq/kuma/test/testenvconfig"
17
)
18

19
var _ = Describe("Config loader", func() {
20
	var configFile *os.File
21

22
	BeforeEach(func() {
23
		os.Clearenv()
24
		file, err := os.CreateTemp("", "*")
25
		Expect(err).ToNot(HaveOccurred())
26
		configFile = file
27
	})
28

29
	AfterEach(func() {
30
		if configFile != nil {
31
			err := os.Remove(configFile.Name())
32
			Expect(err).ToNot(HaveOccurred())
33
		}
34
	})
35

36
	setEnv := func(key, value string) {
37
		err := os.Setenv(key, value)
38
		Expect(err).ToNot(HaveOccurred())
39
	}
40

41
	type testCase struct {
42
		yamlFileConfig string
43
		envVars        map[string]string
44
	}
45
	DescribeTable("should load config",
46
		func(given testCase) {
47
			// given file with sample config
48
			file, err := os.CreateTemp("", "*")
49
			Expect(err).ToNot(HaveOccurred())
50
			_, err = file.WriteString(given.yamlFileConfig)
51
			Expect(err).ToNot(HaveOccurred())
52

53
			// and config from environment variables
54
			for key, value := range given.envVars {
55
				setEnv(key, value)
56
			}
57

58
			// when
59
			cfg := kuma_cp.DefaultConfig()
60
			err = config.Load(file.Name(), &cfg)
61
			Expect(err).ToNot(HaveOccurred())
62

63
			// then
64
			if len(given.envVars) != 0 {
65
				infos, err := testenvconfig.GatherInfo("", &cfg)
66
				Expect(err).ToNot(HaveOccurred())
67

68
				configEnvs := map[string]struct{}{}
69
				for _, info := range infos {
70
					if info.Alt != "" {
71
						configEnvs[info.Alt] = struct{}{}
72
					}
73
				}
74

75
				testEnvs := map[string]struct{}{}
76
				for key := range given.envVars {
77
					testEnvs[key] = struct{}{}
78
				}
79

80
				Expect(maps.Keys(testEnvs)).To(ConsistOf(maps.Keys(configEnvs)), "config values are not overridden in the test. Add overrides for them with a value that is different than default.")
81
			}
82

83
			Expect(cfg.BootstrapServer.Params.AdminPort).To(Equal(uint32(1234)))
84
			Expect(cfg.BootstrapServer.Params.XdsHost).To(Equal("kuma-control-plane"))
85
			Expect(cfg.BootstrapServer.Params.XdsPort).To(Equal(uint32(4321)))
86
			Expect(cfg.BootstrapServer.Params.XdsConnectTimeout.Duration).To(Equal(13 * time.Second))
87
			Expect(cfg.BootstrapServer.Params.AdminAccessLogPath).To(Equal("/access/log/test"))
88
			Expect(cfg.BootstrapServer.Params.AdminAddress).To(Equal("1.1.1.1"))
89

90
			Expect(cfg.Environment).To(Equal(config_core.KubernetesEnvironment))
91

92
			Expect(cfg.Store.Type).To(Equal(store.PostgresStore))
93
			Expect(cfg.Store.UnsafeDelete).To(BeTrue())
94
			Expect(cfg.Store.Postgres.Host).To(Equal("postgres.host"))
95
			Expect(cfg.Store.Postgres.Port).To(Equal(5432))
96
			Expect(cfg.Store.Postgres.User).To(Equal("kuma"))
97
			Expect(cfg.Store.Postgres.Password).To(Equal("kuma"))
98
			Expect(cfg.Store.Postgres.DbName).To(Equal("kuma"))
99
			Expect(cfg.Store.Postgres.DriverName).To(Equal("postgres"))
100
			Expect(cfg.Store.Postgres.ConnectionTimeout).To(Equal(10))
101
			Expect(cfg.Store.Postgres.MaxConnectionLifetime.Duration).To(Equal(123 * time.Minute))
102
			Expect(cfg.Store.Postgres.MaxConnectionLifetimeJitter.Duration).To(Equal(456 * time.Second))
103
			Expect(cfg.Store.Postgres.HealthCheckInterval.Duration).To(Equal(78 * time.Second))
104
			Expect(cfg.Store.Postgres.MinOpenConnections).To(Equal(3))
105
			Expect(cfg.Store.Postgres.MaxOpenConnections).To(Equal(300))
106
			Expect(cfg.Store.Postgres.MaxIdleConnections).To(Equal(300))
107
			Expect(cfg.Store.Postgres.MinReconnectInterval.Duration).To(Equal(44 * time.Second))
108
			Expect(cfg.Store.Postgres.MaxReconnectInterval.Duration).To(Equal(55 * time.Second))
109
			Expect(cfg.Store.Postgres.MaxListQueryElements).To(Equal(uint32(111)))
110

111
			Expect(cfg.Store.Kubernetes.SystemNamespace).To(Equal("test-namespace"))
112

113
			Expect(cfg.Store.Cache.Enabled).To(BeFalse())
114
			Expect(cfg.Store.Cache.ExpirationTime.Duration).To(Equal(3 * time.Second))
115

116
			Expect(cfg.Store.Upsert.ConflictRetryBaseBackoff.Duration).To(Equal(4 * time.Second))
117
			Expect(cfg.Store.Upsert.ConflictRetryMaxTimes).To(Equal(uint(15)))
118
			Expect(cfg.Store.Upsert.ConflictRetryJitterPercent).To(Equal(uint(10)))
119

120
			Expect(cfg.Store.Postgres.TLS.Mode).To(Equal(postgres.VerifyFull))
121
			Expect(cfg.Store.Postgres.TLS.CertPath).To(Equal("/path/to/cert"))
122
			Expect(cfg.Store.Postgres.TLS.KeyPath).To(Equal("/path/to/key"))
123
			Expect(cfg.Store.Postgres.TLS.CAPath).To(Equal("/path/to/rootCert"))
124
			Expect(cfg.Store.Postgres.TLS.DisableSSLSNI).To(BeTrue())
125

126
			Expect(cfg.Store.Postgres.ReadReplica.Host).To(Equal("ro.host"))
127
			Expect(cfg.Store.Postgres.ReadReplica.Port).To(Equal(uint(35432)))
128
			Expect(cfg.Store.Postgres.ReadReplica.Ratio).To(Equal(uint(80)))
129

130
			Expect(cfg.ApiServer.ReadOnly).To(BeTrue())
131
			Expect(cfg.ApiServer.HTTP.Enabled).To(BeFalse())
132
			Expect(cfg.ApiServer.HTTP.Interface).To(Equal("192.168.0.1"))
133
			Expect(cfg.ApiServer.HTTP.Port).To(Equal(uint32(15681)))
134
			Expect(cfg.ApiServer.HTTPS.Enabled).To(BeFalse())
135
			Expect(cfg.ApiServer.HTTPS.Interface).To(Equal("192.168.0.2"))
136
			Expect(cfg.ApiServer.HTTPS.Port).To(Equal(uint32(15682)))
137
			Expect(cfg.ApiServer.HTTPS.TlsCertFile).To(Equal("/cert"))
138
			Expect(cfg.ApiServer.HTTPS.TlsKeyFile).To(Equal("/key"))
139
			Expect(cfg.ApiServer.HTTPS.TlsCaFile).To(Equal("/ca"))
140
			Expect(cfg.ApiServer.HTTPS.TlsMinVersion).To(Equal("TLSv1_3"))
141
			Expect(cfg.ApiServer.HTTPS.TlsMaxVersion).To(Equal("TLSv1_3"))
142
			Expect(cfg.ApiServer.HTTPS.TlsCipherSuites).To(Equal([]string{"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"}))
143
			Expect(cfg.ApiServer.HTTPS.RequireClientCert).To(BeTrue())
144
			Expect(cfg.ApiServer.Auth.ClientCertsDir).To(Equal("/certs"))
145
			Expect(cfg.ApiServer.Authn.LocalhostIsAdmin).To(BeFalse())
146
			Expect(cfg.ApiServer.Authn.Type).To(Equal("custom-authn"))
147
			Expect(cfg.ApiServer.Authn.Tokens.BootstrapAdminToken).To(BeFalse())
148
			Expect(cfg.ApiServer.Authn.Tokens.EnableIssuer).To(BeFalse())
149
			Expect(cfg.ApiServer.Authn.Tokens.Validator.UseSecrets).To(BeFalse())
150
			Expect(cfg.ApiServer.CorsAllowedDomains).To(Equal([]string{"https://kuma", "https://someapi"}))
151
			Expect(cfg.ApiServer.BasePath).To(Equal("/api"))
152
			Expect(cfg.ApiServer.RootUrl).To(Equal("https://foo.com"))
153
			Expect(cfg.ApiServer.GUI.RootUrl).To(Equal("https://bar.com"))
154
			Expect(cfg.ApiServer.GUI.Enabled).To(BeFalse())
155
			Expect(cfg.ApiServer.GUI.BasePath).To(Equal("/ui"))
156

157
			Expect(cfg.MonitoringAssignmentServer.Port).To(Equal(uint32(2222)))
158
			Expect(cfg.MonitoringAssignmentServer.AssignmentRefreshInterval.Duration).To(Equal(12 * time.Second))
159
			Expect(cfg.MonitoringAssignmentServer.DefaultFetchTimeout.Duration).To(Equal(45 * time.Second))
160
			Expect(cfg.MonitoringAssignmentServer.ApiVersions).To(HaveLen(1))
161
			Expect(cfg.MonitoringAssignmentServer.ApiVersions).To(ContainElements("v1"))
162
			Expect(cfg.MonitoringAssignmentServer.TlsEnabled).To(BeTrue())
163
			Expect(cfg.MonitoringAssignmentServer.TlsCertFile).To(Equal("/cert"))
164
			Expect(cfg.MonitoringAssignmentServer.TlsKeyFile).To(Equal("/key"))
165
			Expect(cfg.MonitoringAssignmentServer.TlsMinVersion).To(Equal("TLSv1_3"))
166
			Expect(cfg.MonitoringAssignmentServer.TlsMaxVersion).To(Equal("TLSv1_3"))
167
			Expect(cfg.MonitoringAssignmentServer.TlsCipherSuites).To(Equal([]string{"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"}))
168

169
			Expect(cfg.Runtime.Kubernetes.ControlPlaneServiceName).To(Equal("custom-control-plane"))
170
			Expect(cfg.Runtime.Kubernetes.ServiceAccountName).To(Equal("custom-sa"))
171
			Expect(cfg.Runtime.Kubernetes.AllowedUsers).To(Equal([]string{"allowed-usr-1", "allowed-usr-2"}))
172
			Expect(cfg.Runtime.Kubernetes.NodeTaintController.Enabled).To(BeTrue())
173
			Expect(cfg.Runtime.Kubernetes.NodeTaintController.CniApp).To(Equal("kuma-cni"))
174

175
			Expect(cfg.Runtime.Kubernetes.AdmissionServer.Address).To(Equal("127.0.0.2"))
176
			Expect(cfg.Runtime.Kubernetes.AdmissionServer.Port).To(Equal(uint32(9443)))
177
			Expect(cfg.Runtime.Kubernetes.AdmissionServer.CertDir).To(Equal("/var/run/secrets/kuma.io/kuma-admission-server/tls-cert"))
178
			Expect(cfg.Runtime.Kubernetes.MarshalingCacheExpirationTime.Duration).To(Equal(28 * time.Second))
179

180
			Expect(cfg.Runtime.Kubernetes.Injector.Exceptions.Labels).To(Equal(map[string]string{"openshift.io/build.name": "value1", "openshift.io/deployer-pod-for.name": "value2"}))
181
			Expect(cfg.Runtime.Kubernetes.Injector.SidecarTraffic.ExcludeInboundPorts).To(Equal([]uint32{1234, 5678}))
182
			Expect(cfg.Runtime.Kubernetes.Injector.CaCertFile).To(Equal("/tmp/ca.crt"))
183
			Expect(cfg.Runtime.Kubernetes.Injector.SidecarTraffic.ExcludeOutboundPorts).To(Equal([]uint32{4321, 8765}))
184
			Expect(cfg.Runtime.Kubernetes.Injector.VirtualProbesEnabled).To(BeFalse())
185
			Expect(cfg.Runtime.Kubernetes.Injector.VirtualProbesPort).To(Equal(uint32(1111)))
186
			Expect(cfg.Runtime.Kubernetes.Injector.CNIEnabled).To(BeTrue())
187
			Expect(cfg.Runtime.Kubernetes.Injector.ContainerPatches).To(Equal([]string{"patch1", "patch2"}))
188
			Expect(cfg.Runtime.Kubernetes.Injector.InitContainer.Image).To(Equal("test-image:test"))
189
			Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.EnvVars).To(Equal(map[string]string{"a": "b", "c": "d"}))
190
			Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.RedirectPortInbound).To(Equal(uint32(2020)))
191
			Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.RedirectPortInboundV6).To(Equal(uint32(2021)))
192
			Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.RedirectPortOutbound).To(Equal(uint32(1010)))
193
			Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.UID).To(Equal(int64(100)))
194
			Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.GID).To(Equal(int64(1212)))
195
			Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.Image).To(Equal("image:test"))
196
			Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.AdminPort).To(Equal(uint32(1099)))
197
			Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.DrainTime.Duration).To(Equal(33 * time.Second))
198
			Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.Resources.Requests.Memory).To(Equal("4Gi"))
199
			Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.Resources.Requests.CPU).To(Equal("123m"))
200
			Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.Resources.Limits.Memory).To(Equal("8Gi"))
201
			Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.Resources.Limits.CPU).To(Equal("100m"))
202
			Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.LivenessProbe.InitialDelaySeconds).To(Equal(int32(10)))
203
			Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.LivenessProbe.PeriodSeconds).To(Equal(int32(8)))
204
			Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.LivenessProbe.FailureThreshold).To(Equal(int32(31)))
205
			Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.LivenessProbe.TimeoutSeconds).To(Equal(int32(51)))
206
			Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.ReadinessProbe.SuccessThreshold).To(Equal(int32(17)))
207
			Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.ReadinessProbe.PeriodSeconds).To(Equal(int32(18)))
208
			Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.ReadinessProbe.FailureThreshold).To(Equal(int32(22)))
209
			Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.ReadinessProbe.TimeoutSeconds).To(Equal(int32(24)))
210
			Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.ReadinessProbe.InitialDelaySeconds).To(Equal(int32(41)))
211
			Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.WaitForDataplaneReady).To(BeTrue())
212
			Expect(cfg.Runtime.Kubernetes.Injector.BuiltinDNS.Enabled).To(BeTrue())
213
			Expect(cfg.Runtime.Kubernetes.Injector.BuiltinDNS.Port).To(Equal(uint32(1053)))
214
			Expect(cfg.Runtime.Kubernetes.Injector.EBPF.Enabled).To(BeTrue())
215
			Expect(cfg.Runtime.Kubernetes.Injector.EBPF.InstanceIPEnvVarName).To(Equal("FOO"))
216
			Expect(cfg.Runtime.Kubernetes.Injector.EBPF.BPFFSPath).To(Equal("/run/kuma/bar"))
217
			Expect(cfg.Runtime.Kubernetes.Injector.EBPF.CgroupPath).To(Equal("/faz/daz/zaz"))
218
			Expect(cfg.Runtime.Kubernetes.Injector.EBPF.TCAttachIface).To(Equal("veth1"))
219
			Expect(cfg.Runtime.Kubernetes.Injector.EBPF.ProgramsSourcePath).To(Equal("/kuma/baz"))
220
			Expect(cfg.Runtime.Kubernetes.Injector.IgnoredServiceSelectorLabels).To(Equal([]string{"x", "y"}))
221
			Expect(cfg.Runtime.Kubernetes.NodeTaintController.CniNamespace).To(Equal("kuma-system"))
222
			Expect(cfg.Runtime.Kubernetes.ControllersConcurrency.PodController).To(Equal(10))
223
			Expect(cfg.Runtime.Kubernetes.ClientConfig.Qps).To(Equal(100))
224
			Expect(cfg.Runtime.Kubernetes.ClientConfig.BurstQps).To(Equal(100))
225
			Expect(cfg.Runtime.Kubernetes.LeaderElection.LeaseDuration.Duration).To(Equal(199 * time.Second))
226
			Expect(cfg.Runtime.Kubernetes.LeaderElection.RenewDeadline.Duration).To(Equal(99 * time.Second))
227
			Expect(cfg.Runtime.Universal.DataplaneCleanupAge.Duration).To(Equal(1 * time.Hour))
228
			Expect(cfg.Runtime.Universal.VIPRefreshInterval.Duration).To(Equal(10 * time.Second))
229

230
			Expect(cfg.Reports.Enabled).To(BeFalse())
231

232
			Expect(cfg.General.TlsCertFile).To(Equal("/tmp/cert"))
233
			Expect(cfg.General.TlsKeyFile).To(Equal("/tmp/key"))
234
			Expect(cfg.General.TlsMinVersion).To(Equal("TLSv1_3"))
235
			Expect(cfg.General.TlsMaxVersion).To(Equal("TLSv1_3"))
236
			Expect(cfg.General.TlsCipherSuites).To(Equal([]string{"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"}))
237
			Expect(cfg.General.DNSCacheTTL.Duration).To(Equal(19 * time.Second))
238
			Expect(cfg.General.WorkDir).To(Equal("/custom/work/dir"))
239

240
			Expect(cfg.Mode).To(Equal(config_core.Zone))
241
			Expect(cfg.Multizone.Zone.Name).To(Equal("zone-1"))
242

243
			Expect(cfg.Multizone.Global.KDS.GrpcPort).To(Equal(uint32(1234)))
244
			Expect(cfg.Multizone.Global.KDS.RefreshInterval.Duration).To(Equal(time.Second * 2))
245
			Expect(cfg.Multizone.Global.KDS.ZoneInsightFlushInterval.Duration).To(Equal(time.Second * 5))
246
			Expect(cfg.Multizone.Global.KDS.TlsMinVersion).To(Equal("TLSv1_3"))
247
			Expect(cfg.Multizone.Global.KDS.TlsMaxVersion).To(Equal("TLSv1_3"))
248
			Expect(cfg.Multizone.Global.KDS.TlsCipherSuites).To(Equal([]string{"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"}))
249
			Expect(cfg.Multizone.Global.KDS.TlsEnabled).To(BeFalse())
250
			Expect(cfg.Multizone.Global.KDS.TlsCertFile).To(Equal("/cert"))
251
			Expect(cfg.Multizone.Global.KDS.TlsKeyFile).To(Equal("/key"))
252
			Expect(cfg.Multizone.Global.KDS.MaxMsgSize).To(Equal(uint32(1)))
253
			Expect(cfg.Multizone.Global.KDS.MsgSendTimeout.Duration).To(Equal(10 * time.Second))
254
			Expect(cfg.Multizone.Global.KDS.NackBackoff.Duration).To(Equal(11 * time.Second))
255
			Expect(cfg.Multizone.Global.KDS.DisableSOTW).To(BeTrue())
256
			Expect(cfg.Multizone.Global.KDS.ResponseBackoff.Duration).To(Equal(time.Second))
257
			Expect(cfg.Multizone.Global.KDS.ZoneHealthCheck.PollInterval.Duration).To(Equal(11 * time.Second))
258
			Expect(cfg.Multizone.Global.KDS.ZoneHealthCheck.Timeout.Duration).To(Equal(110 * time.Second))
259
			Expect(cfg.Multizone.Zone.GlobalAddress).To(Equal("grpc://1.1.1.1:5685"))
260
			Expect(cfg.Multizone.Zone.Name).To(Equal("zone-1"))
261
			Expect(cfg.Multizone.Zone.KDS.RootCAFile).To(Equal("/rootCa"))
262
			Expect(cfg.Multizone.Zone.KDS.RefreshInterval.Duration).To(Equal(9 * time.Second))
263
			Expect(cfg.Multizone.Zone.KDS.MaxMsgSize).To(Equal(uint32(2)))
264
			Expect(cfg.Multizone.Zone.KDS.MsgSendTimeout.Duration).To(Equal(20 * time.Second))
265
			Expect(cfg.Multizone.Zone.KDS.NackBackoff.Duration).To(Equal(21 * time.Second))
266
			Expect(cfg.Multizone.Zone.KDS.ResponseBackoff.Duration).To(Equal(2 * time.Second))
267
			Expect(cfg.Multizone.Zone.KDS.TlsSkipVerify).To(BeTrue())
268

269
			Expect(cfg.Defaults.SkipMeshCreation).To(BeTrue())
270
			Expect(cfg.Defaults.SkipTenantResources).To(BeTrue())
271
			Expect(cfg.Defaults.CreateMeshRoutingResources).To(BeTrue())
272

273
			Expect(cfg.Diagnostics.ServerPort).To(Equal(uint32(5003)))
274
			Expect(cfg.Diagnostics.DebugEndpoints).To(BeTrue())
275
			Expect(cfg.Diagnostics.TlsEnabled).To(BeTrue())
276
			Expect(cfg.Diagnostics.TlsCertFile).To(Equal("/cert"))
277
			Expect(cfg.Diagnostics.TlsKeyFile).To(Equal("/key"))
278
			Expect(cfg.Diagnostics.TlsMinVersion).To(Equal("TLSv1_3"))
279
			Expect(cfg.Diagnostics.TlsMaxVersion).To(Equal("TLSv1_3"))
280
			Expect(cfg.Diagnostics.TlsCipherSuites).To(Equal([]string{"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"}))
281

282
			Expect(cfg.DNSServer.Domain).To(Equal("test-domain"))
283
			Expect(cfg.DNSServer.CIDR).To(Equal("127.1.0.0/16"))
284
			Expect(cfg.DNSServer.ServiceVipEnabled).To(BeFalse())
285
			Expect(cfg.DNSServer.ServiceVipPort).To(Equal(uint32(9090)))
286

287
			Expect(cfg.XdsServer.DataplaneStatusFlushInterval.Duration).To(Equal(7 * time.Second))
288
			Expect(cfg.XdsServer.DataplaneConfigurationRefreshInterval.Duration).To(Equal(21 * time.Second))
289
			Expect(cfg.XdsServer.DataplaneDeregistrationDelay.Duration).To(Equal(11 * time.Second))
290
			Expect(cfg.XdsServer.NACKBackoff.Duration).To(Equal(10 * time.Second))
291

292
			Expect(cfg.Metrics.Zone.SubscriptionLimit).To(Equal(23))
293
			Expect(cfg.Metrics.Zone.IdleTimeout.Duration).To(Equal(2 * time.Minute))
294
			Expect(cfg.Metrics.Zone.CompactFinishedSubscriptions).To(BeTrue())
295
			Expect(cfg.Metrics.Mesh.MinResyncInterval.Duration).To(Equal(27 * time.Second))
296
			Expect(cfg.Metrics.Mesh.FullResyncInterval.Duration).To(Equal(35 * time.Second))
297
			Expect(cfg.Metrics.Mesh.BufferSize).To(Equal(23))
298
			Expect(cfg.Metrics.Mesh.EventProcessors).To(Equal(2))
299
			Expect(cfg.Metrics.Dataplane.SubscriptionLimit).To(Equal(47))
300
			Expect(cfg.Metrics.Dataplane.IdleTimeout.Duration).To(Equal(1 * time.Minute))
301
			Expect(cfg.Metrics.ControlPlane.ReportResourcesCount).To(BeTrue())
302

303
			Expect(cfg.DpServer.TlsCertFile).To(Equal("/test/path"))
304
			Expect(cfg.DpServer.TlsKeyFile).To(Equal("/test/path/key"))
305
			Expect(cfg.DpServer.Auth.Type).To(Equal("dpToken"))
306
			Expect(cfg.DpServer.Authn.DpProxy.Type).To(Equal("dpToken"))
307
			Expect(cfg.DpServer.Authn.DpProxy.DpToken.EnableIssuer).To(BeFalse())
308
			Expect(cfg.DpServer.Authn.DpProxy.DpToken.Validator.UseSecrets).To(BeFalse())
309
			Expect(cfg.DpServer.Authn.ZoneProxy.Type).To(Equal("zoneToken"))
310
			Expect(cfg.DpServer.Authn.ZoneProxy.ZoneToken.EnableIssuer).To(BeFalse())
311
			Expect(cfg.DpServer.Authn.ZoneProxy.ZoneToken.Validator.UseSecrets).To(BeFalse())
312
			Expect(cfg.DpServer.Authn.EnableReloadableTokens).To(BeTrue())
313
			Expect(cfg.DpServer.Port).To(Equal(9876))
314
			Expect(cfg.DpServer.TlsMinVersion).To(Equal("TLSv1_3"))
315
			Expect(cfg.DpServer.TlsMaxVersion).To(Equal("TLSv1_3"))
316
			Expect(cfg.DpServer.TlsCipherSuites).To(Equal([]string{"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"}))
317
			Expect(cfg.DpServer.ReadHeaderTimeout.Duration).To(Equal(11 * time.Second))
318
			Expect(cfg.DpServer.Hds.Enabled).To(BeFalse())
319
			Expect(cfg.DpServer.Hds.Interval.Duration).To(Equal(11 * time.Second))
320
			Expect(cfg.DpServer.Hds.RefreshInterval.Duration).To(Equal(12 * time.Second))
321
			Expect(cfg.DpServer.Hds.CheckDefaults.Timeout.Duration).To(Equal(5 * time.Second))
322
			Expect(cfg.DpServer.Hds.CheckDefaults.Interval.Duration).To(Equal(6 * time.Second))
323
			Expect(cfg.DpServer.Hds.CheckDefaults.NoTrafficInterval.Duration).To(Equal(7 * time.Second))
324
			Expect(cfg.DpServer.Hds.CheckDefaults.HealthyThreshold).To(Equal(uint32(8)))
325
			Expect(cfg.DpServer.Hds.CheckDefaults.UnhealthyThreshold).To(Equal(uint32(9)))
326

327
			Expect(cfg.InterCp.Catalog.InstanceAddress).To(Equal("192.168.0.1"))
328
			Expect(cfg.InterCp.Catalog.HeartbeatInterval.Duration).To(Equal(time.Second))
329
			Expect(cfg.InterCp.Catalog.WriterInterval.Duration).To(Equal(2 * time.Second))
330
			Expect(cfg.InterCp.Server.Port).To(Equal(uint16(15683)))
331
			Expect(cfg.InterCp.Server.TlsMinVersion).To(Equal("TLSv1_3"))
332
			Expect(cfg.InterCp.Server.TlsMaxVersion).To(Equal("TLSv1_3"))
333
			Expect(cfg.InterCp.Server.TlsCipherSuites).To(Equal([]string{"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"}))
334

335
			Expect(cfg.Access.Type).To(Equal("custom-rbac"))
336
			Expect(cfg.Access.Static.AdminResources.Users).To(Equal([]string{"ar-admin1", "ar-admin2"}))
337
			Expect(cfg.Access.Static.AdminResources.Groups).To(Equal([]string{"ar-group1", "ar-group2"}))
338
			Expect(cfg.Access.Static.GenerateDPToken.Users).To(Equal([]string{"dp-admin1", "dp-admin2"}))
339
			Expect(cfg.Access.Static.GenerateDPToken.Groups).To(Equal([]string{"dp-group1", "dp-group2"}))
340
			Expect(cfg.Access.Static.GenerateUserToken.Users).To(Equal([]string{"ut-admin1", "ut-admin2"}))
341
			Expect(cfg.Access.Static.GenerateUserToken.Groups).To(Equal([]string{"ut-group1", "ut-group2"}))
342
			Expect(cfg.Access.Static.GenerateZoneToken.Users).To(Equal([]string{"zt-admin1", "zt-admin2"}))
343
			Expect(cfg.Access.Static.GenerateZoneToken.Groups).To(Equal([]string{"zt-group1", "zt-group2"}))
344
			Expect(cfg.Access.Static.ViewConfigDump.Users).To(Equal([]string{"zt-admin1", "zt-admin2"}))
345
			Expect(cfg.Access.Static.ViewConfigDump.Groups).To(Equal([]string{"zt-group1", "zt-group2"}))
346
			Expect(cfg.Access.Static.ViewStats.Users).To(Equal([]string{"zt-admin1", "zt-admin2"}))
347
			Expect(cfg.Access.Static.ViewStats.Groups).To(Equal([]string{"zt-group1", "zt-group2"}))
348
			Expect(cfg.Access.Static.ViewClusters.Users).To(Equal([]string{"zt-admin1", "zt-admin2"}))
349
			Expect(cfg.Access.Static.ViewClusters.Groups).To(Equal([]string{"zt-group1", "zt-group2"}))
350

351
			Expect(cfg.Experimental.GatewayAPI).To(BeTrue())
352
			Expect(cfg.Experimental.KubeOutboundsAsVIPs).To(BeTrue())
353
			Expect(cfg.Experimental.KDSDeltaEnabled).To(BeTrue())
354
			Expect(cfg.Experimental.UseTagFirstVirtualOutboundModel).To(BeFalse())
355
			Expect(cfg.Experimental.IngressTagFilters).To(ContainElements("kuma.io/service"))
356
			Expect(cfg.Experimental.KDSEventBasedWatchdog.Enabled).To(BeTrue())
357
			Expect(cfg.Experimental.KDSEventBasedWatchdog.FlushInterval.Duration).To(Equal(10 * time.Second))
358
			Expect(cfg.Experimental.KDSEventBasedWatchdog.FullResyncInterval.Duration).To(Equal(15 * time.Second))
359
			Expect(cfg.Experimental.KDSEventBasedWatchdog.DelayFullResync).To(BeTrue())
360
			Expect(cfg.Experimental.AutoReachableServices).To(BeTrue())
361
			Expect(cfg.Experimental.SidecarContainers).To(BeTrue())
362

363
			Expect(cfg.Proxy.Gateway.GlobalDownstreamMaxConnections).To(BeNumerically("==", 1))
364
			Expect(cfg.EventBus.BufferSize).To(Equal(uint(30)))
365
		},
366
		Entry("from config file", testCase{
367
			envVars: map[string]string{},
368
			yamlFileConfig: `
369
environment: kubernetes
370
store:
371
  type: postgres
372
  unsafeDelete: true
373
  postgres:
374
    host: postgres.host
375
    port: 5432
376
    user: kuma
377
    password: kuma
378
    dbName: kuma
379
    driverName: postgres
380
    connectionTimeout: 10
381
    minOpenConnections: 3
382
    maxOpenConnections: 300
383
    maxConnectionLifetime: 123m
384
    maxConnectionLifetimeJitter: 456s
385
    healthCheckInterval: 78s
386
    maxIdleConnections: 300
387
    minReconnectInterval: 44s
388
    maxReconnectInterval: 55s
389
    maxListQueryElements: 111
390
    tls:
391
      mode: verifyFull
392
      certPath: /path/to/cert
393
      keyPath: /path/to/key
394
      caPath: /path/to/rootCert
395
      disableSSLSNI: true
396
    readReplica:
397
      host: ro.host
398
      port: 35432
399
      ratio: 80
400
  kubernetes:
401
    systemNamespace: test-namespace
402
  cache:
403
    enabled: false
404
    expirationTime: 3s
405
  upsert:
406
    conflictRetryBaseBackoff: 4s
407
    conflictRetryMaxTimes: 15
408
    conflictRetryJitterPercent: 10
409
bootstrapServer:
410
  params:
411
    adminPort: 1234
412
    adminAccessLogPath: /access/log/test
413
    adminAddress: 1.1.1.1
414
    xdsHost: kuma-control-plane
415
    xdsPort: 4321
416
    xdsConnectTimeout: 13s
417
apiServer:
418
  http:
419
    enabled: false # ENV: KUMA_API_SERVER_HTTP_ENABLED
420
    interface: 192.168.0.1 # ENV: KUMA_API_SERVER_HTTP_INTERFACE
421
    port: 15681 # ENV: KUMA_API_SERVER_PORT
422
  https:
423
    enabled: false # ENV: KUMA_API_SERVER_HTTPS_ENABLED
424
    interface: 192.168.0.2 # ENV: KUMA_API_SERVER_HTTPS_INTERFACE
425
    port: 15682 # ENV: KUMA_API_SERVER_HTTPS_PORT
426
    tlsCertFile: "/cert" # ENV: KUMA_API_SERVER_HTTPS_TLS_CERT_FILE
427
    tlsKeyFile: "/key" # ENV: KUMA_API_SERVER_HTTPS_TLS_KEY_FILE
428
    tlsCaFile: "/ca"
429
    tlsMinVersion: TLSv1_3
430
    tlsMaxVersion: TLSv1_3
431
    tlsCipherSuites: ["TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"]
432
    requireClientCert: true
433
  auth:
434
    clientCertsDir: "/certs" # ENV: KUMA_API_SERVER_AUTH_CLIENT_CERTS_DIR
435
  authn:
436
    type: custom-authn
437
    localhostIsAdmin: false
438
    tokens:
439
      bootstrapAdminToken: false
440
      enableIssuer: false
441
      validator:
442
        useSecrets: false
443
  readOnly: true
444
  corsAllowedDomains:
445
    - https://kuma
446
    - https://someapi
447
  rootUrl: https://foo.com
448
  basePath: /api
449
  gui:
450
    enabled: false
451
    rootUrl: https://bar.com
452
    basePath: /ui
453
monitoringAssignmentServer:
454
  port: 2222
455
  defaultFetchTimeout: 45s
456
  apiVersions: [v1]
457
  assignmentRefreshInterval: 12s
458
  tlsEnabled: true
459
  tlsCertFile: "/cert"
460
  tlsKeyFile: "/key"
461
  tlsMinVersion: TLSv1_3
462
  tlsMaxVersion: TLSv1_3
463
  tlsCipherSuites: ["TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"]
464
runtime:
465
  universal:
466
    dataplaneCleanupAge: 1h
467
    vipRefreshInterval: 10s
468
  kubernetes:
469
    serviceAccountName: custom-sa
470
    allowedUsers: ["allowed-usr-1", "allowed-usr-2"]
471
    controlPlaneServiceName: custom-control-plane
472
    nodeTaintController:
473
      enabled: true
474
      cniApp: kuma-cni
475
      cniNamespace: kuma-system
476
    admissionServer:
477
      address: 127.0.0.2
478
      port: 9443
479
      certDir: /var/run/secrets/kuma.io/kuma-admission-server/tls-cert
480
    marshalingCacheExpirationTime: 28s
481
    injector:
482
      exceptions:
483
        labels:
484
          openshift.io/build.name: value1
485
          openshift.io/deployer-pod-for.name: value2
486
      cniEnabled: true
487
      caCertFile: /tmp/ca.crt
488
      virtualProbesEnabled: false
489
      virtualProbesPort: 1111
490
      containerPatches: ["patch1", "patch2"]
491
      initContainer:
492
        image: test-image:test
493
      sidecarContainer:
494
        waitForDataplaneReady: true
495
        image: image:test
496
        redirectPortInbound: 2020
497
        redirectPortInboundV6: 2021
498
        redirectPortOutbound: 1010
499
        uid: 100
500
        gid: 1212
501
        adminPort: 1099
502
        drainTime: 33s
503
        resources:
504
          requests:
505
            memory: 4Gi
506
            cpu: 123m
507
          limits:
508
            memory: 8Gi
509
            cpu: 100m
510
        livenessProbe:
511
          initialDelaySeconds: 10
512
          periodSeconds: 8
513
          failureThreshold: 31
514
          timeoutSeconds: 51
515
        readinessProbe:
516
          initialDelaySeconds: 41
517
          successThreshold: 17
518
          periodSeconds: 18
519
          failureThreshold: 22
520
          timeoutSeconds: 24
521
        envVars:
522
          a: b
523
          c: d
524
      sidecarTraffic:
525
        excludeInboundPorts:
526
        - 1234
527
        - 5678
528
        excludeOutboundPorts:
529
        - 4321
530
        - 8765
531
      builtinDNS:
532
        enabled: true
533
        port: 1053
534
        logging: false
535
      ebpf:
536
        enabled: true
537
        instanceIPEnvVarName: FOO
538
        bpffsPath: /run/kuma/bar
539
        cgroupPath: /faz/daz/zaz
540
        tcAttachIface: veth1
541
        programsSourcePath: /kuma/baz
542
      ignoredServiceSelectorLabels: ["x", "y"]
543
    controllersConcurrency: 
544
      podController: 10
545
    clientConfig:
546
      qps: 100
547
      burstQps: 100
548
    leaderElection:
549
      leaseDuration: 199s
550
      renewDeadline: 99s
551
reports:
552
  enabled: false
553
general:
554
  tlsKeyFile: /tmp/key
555
  tlsCertFile: /tmp/cert
556
  tlsMinVersion: TLSv1_3
557
  tlsMaxVersion: TLSv1_3
558
  tlsCipherSuites: ["TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"]
559
  dnsCacheTTL: 19s
560
  workDir: /custom/work/dir
561
mode: zone
562
multizone:
563
  global:
564
    kds:
565
      grpcPort: 1234
566
      refreshInterval: 2s
567
      zoneInsightFlushInterval: 5s
568
      tlsEnabled: false
569
      tlsCertFile: /cert
570
      tlsKeyFile: /key
571
      tlsMinVersion: TLSv1_3
572
      tlsMaxVersion: TLSv1_3
573
      tlsCipherSuites: ["TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"]
574
      maxMsgSize: 1
575
      msgSendTimeout: 10s
576
      nackBackoff: 11s
577
      responseBackoff: 1s
578
      disableSOTW: true
579
      zoneHealthCheck:
580
        pollInterval: 11s
581
        timeout: 110s
582
  zone:
583
    globalAddress: "grpc://1.1.1.1:5685"
584
    name: "zone-1"
585
    kds:
586
      refreshInterval: 9s
587
      rootCaFile: /rootCa
588
      maxMsgSize: 2
589
      msgSendTimeout: 20s
590
      nackBackoff: 21s
591
      responseBackoff: 2s
592
      tlsSkipVerify: true
593
    disableOriginLabelValidation: true
594
dnsServer:
595
  domain: test-domain
596
  CIDR: 127.1.0.0/16
597
  serviceVipEnabled: false
598
  serviceVipPort: 9090
599
defaults:
600
  skipMeshCreation: true
601
  skipTenantResources: true
602
  createMeshRoutingResources: true
603
diagnostics:
604
  serverPort: 5003
605
  debugEndpoints: true
606
  tlsEnabled: true
607
  tlsCertFile: "/cert"
608
  tlsKeyFile: "/key"
609
  tlsMinVersion: TLSv1_3
610
  tlsMaxVersion: TLSv1_3
611
  tlsCipherSuites: ["TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"]
612
xdsServer:
613
  dataplaneConfigurationRefreshInterval: 21s
614
  dataplaneStatusFlushInterval: 7s
615
  dataplaneDeregistrationDelay: 11s
616
  nackBackoff: 10s
617
metrics:
618
  zone:
619
    subscriptionLimit: 23
620
    idleTimeout: 2m
621
    compactFinishedSubscriptions: true
622
  mesh:
623
    fullResyncInterval: 35s
624
    minResyncInterval: 27s
625
    bufferSize: 23
626
    eventProcessors: 2
627
  dataplane:
628
    subscriptionLimit: 47
629
    idleTimeout: 1m
630
  controlPlane:
631
    reportResourcesCount: true
632
dpServer:
633
  tlsCertFile: /test/path
634
  tlsKeyFile: /test/path/key
635
  tlsMinVersion: TLSv1_3
636
  tlsMaxVersion: TLSv1_3
637
  tlsCipherSuites: ["TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"]
638
  readHeaderTimeout: 11s
639
  port: 9876
640
  auth:
641
    type: dpToken
642
  authn:
643
    dpProxy:
644
      type: dpToken
645
      dpToken:
646
        enableIssuer: false
647
        validator:
648
          useSecrets: false
649
    zoneProxy:
650
      type: zoneToken
651
      zoneToken:
652
        enableIssuer: false
653
        validator:
654
          useSecrets: false
655
    enableReloadableTokens: true
656
  hds:
657
    enabled: false
658
    interval: 11s
659
    refreshInterval: 12s
660
    checkDefaults:
661
      timeout: 5s
662
      interval: 6s
663
      noTrafficInterval: 7s
664
      healthyThreshold: 8
665
      unhealthyThreshold: 9
666
interCp:
667
  catalog:
668
    instanceAddress: "192.168.0.1"
669
    heartbeatInterval: 1s
670
    writerInterval: 2s
671
  server:
672
    port: 15683
673
    tlsMinVersion: "TLSv1_3"
674
    tlsMaxVersion: "TLSv1_3"
675
    tlsCipherSuites: ["TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"]
676
access:
677
  type: custom-rbac
678
  static:
679
    adminResources:
680
      users: ["ar-admin1", "ar-admin2"]
681
      groups: ["ar-group1", "ar-group2"]
682
    generateDpToken:
683
      users: ["dp-admin1", "dp-admin2"]
684
      groups: ["dp-group1", "dp-group2"]
685
    generateUserToken:
686
      users: ["ut-admin1", "ut-admin2"]
687
      groups: ["ut-group1", "ut-group2"]
688
    generateZoneToken:
689
      users: ["zt-admin1", "zt-admin2"]
690
      groups: ["zt-group1", "zt-group2"]
691
    viewConfigDump:
692
      users: ["zt-admin1", "zt-admin2"]
693
      groups: ["zt-group1", "zt-group2"]
694
    viewStats:
695
      users: ["zt-admin1", "zt-admin2"]
696
      groups: ["zt-group1", "zt-group2"]
697
    viewClusters:
698
      users: ["zt-admin1", "zt-admin2"]
699
      groups: ["zt-group1", "zt-group2"]
700
experimental:
701
  gatewayAPI: true
702
  kubeOutboundsAsVIPs: true
703
  cniApp: "kuma-cni"
704
  kdsDeltaEnabled: true
705
  useTagFirstVirtualOutboundModel: false
706
  ingressTagFilters: ["kuma.io/service"]
707
  kdsEventBasedWatchdog:
708
    enabled: true
709
    flushInterval: 10s
710
    fullResyncInterval: 15s
711
    delayFullResync: true
712
  autoReachableServices: true
713
  sidecarContainers: true
714
proxy:
715
  gateway:
716
    globalDownstreamMaxConnections: 1
717
eventBus:
718
  bufferSize: 30
719
policies:
720
  pluginPoliciesEnabled:
721
    - meshaccesslog
722
    - meshcircuitbreaker
723
tracing:
724
  openTelemetry:
725
    enabled: true
726
    endpoint: collector:4317
727
`,
728
		}),
729
		Entry("from env variables", testCase{
730
			envVars: map[string]string{
731
				"KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_PORT":             "1234",
732
				"KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_HOST":               "kuma-control-plane",
733
				"KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_PORT":               "4321",
734
				"KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_CONNECT_TIMEOUT":    "13s",
735
				"KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_ACCESS_LOG_PATH":  "/access/log/test",
736
				"KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_ADDRESS":          "1.1.1.1",
737
				"KUMA_BOOTSTRAP_SERVER_PARAMS_COREFILE_TEMPLATE_PATH": "/etc/resolv.conf",
738
				"KUMA_ENVIRONMENT":                                                                         "kubernetes",
739
				"KUMA_STORE_TYPE":                                                                          "postgres",
740
				"KUMA_STORE_UNSAFE_DELETE":                                                                 "true",
741
				"KUMA_STORE_POSTGRES_HOST":                                                                 "postgres.host",
742
				"KUMA_STORE_POSTGRES_PORT":                                                                 "5432",
743
				"KUMA_STORE_POSTGRES_USER":                                                                 "kuma",
744
				"KUMA_STORE_POSTGRES_PASSWORD":                                                             "kuma",
745
				"KUMA_STORE_POSTGRES_DB_NAME":                                                              "kuma",
746
				"KUMA_STORE_POSTGRES_DRIVER_NAME":                                                          "postgres",
747
				"KUMA_STORE_POSTGRES_CONNECTION_TIMEOUT":                                                   "10",
748
				"KUMA_STORE_POSTGRES_MIN_OPEN_CONNECTIONS":                                                 "3",
749
				"KUMA_STORE_POSTGRES_MAX_OPEN_CONNECTIONS":                                                 "300",
750
				"KUMA_STORE_POSTGRES_MAX_IDLE_CONNECTIONS":                                                 "300",
751
				"KUMA_STORE_POSTGRES_MAX_CONNECTION_LIFETIME":                                              "123m",
752
				"KUMA_STORE_POSTGRES_MAX_CONNECTION_LIFETIME_JITTER":                                       "456s",
753
				"KUMA_STORE_POSTGRES_HEALTH_CHECK_INTERVAL":                                                "78s",
754
				"KUMA_STORE_POSTGRES_TLS_MODE":                                                             "verifyFull",
755
				"KUMA_STORE_POSTGRES_TLS_CERT_PATH":                                                        "/path/to/cert",
756
				"KUMA_STORE_POSTGRES_TLS_KEY_PATH":                                                         "/path/to/key",
757
				"KUMA_STORE_POSTGRES_TLS_CA_PATH":                                                          "/path/to/rootCert",
758
				"KUMA_STORE_POSTGRES_TLS_DISABLE_SSLSNI":                                                   "true",
759
				"KUMA_STORE_POSTGRES_MIN_RECONNECT_INTERVAL":                                               "44s",
760
				"KUMA_STORE_POSTGRES_MAX_RECONNECT_INTERVAL":                                               "55s",
761
				"KUMA_STORE_POSTGRES_MAX_LIST_QUERY_ELEMENTS":                                              "111",
762
				"KUMA_STORE_POSTGRES_READ_REPLICA_HOST":                                                    "ro.host",
763
				"KUMA_STORE_POSTGRES_READ_REPLICA_PORT":                                                    "35432",
764
				"KUMA_STORE_POSTGRES_READ_REPLICA_RATIO":                                                   "80",
765
				"KUMA_STORE_KUBERNETES_SYSTEM_NAMESPACE":                                                   "test-namespace",
766
				"KUMA_STORE_CACHE_ENABLED":                                                                 "false",
767
				"KUMA_STORE_CACHE_EXPIRATION_TIME":                                                         "3s",
768
				"KUMA_STORE_UPSERT_CONFLICT_RETRY_BASE_BACKOFF":                                            "4s",
769
				"KUMA_STORE_UPSERT_CONFLICT_RETRY_MAX_TIMES":                                               "15",
770
				"KUMA_STORE_UPSERT_CONFLICT_RETRY_JITTER_PERCENT":                                          "10",
771
				"KUMA_API_SERVER_READ_ONLY":                                                                "true",
772
				"KUMA_API_SERVER_HTTP_PORT":                                                                "15681",
773
				"KUMA_API_SERVER_HTTP_INTERFACE":                                                           "192.168.0.1",
774
				"KUMA_API_SERVER_HTTP_ENABLED":                                                             "false",
775
				"KUMA_API_SERVER_HTTPS_ENABLED":                                                            "false",
776
				"KUMA_API_SERVER_HTTPS_PORT":                                                               "15682",
777
				"KUMA_API_SERVER_HTTPS_INTERFACE":                                                          "192.168.0.2",
778
				"KUMA_API_SERVER_HTTPS_TLS_CERT_FILE":                                                      "/cert",
779
				"KUMA_API_SERVER_HTTPS_TLS_KEY_FILE":                                                       "/key",
780
				"KUMA_API_SERVER_HTTPS_TLS_CA_FILE":                                                        "/ca",
781
				"KUMA_API_SERVER_HTTPS_TLS_MIN_VERSION":                                                    "TLSv1_3",
782
				"KUMA_API_SERVER_HTTPS_TLS_MAX_VERSION":                                                    "TLSv1_3",
783
				"KUMA_API_SERVER_HTTPS_TLS_CIPHER_SUITES":                                                  "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_AES_256_GCM_SHA384",
784
				"KUMA_API_SERVER_HTTPS_REQUIRE_CLIENT_CERT":                                                "true",
785
				"KUMA_API_SERVER_AUTH_CLIENT_CERTS_DIR":                                                    "/certs",
786
				"KUMA_API_SERVER_AUTHN_TYPE":                                                               "custom-authn",
787
				"KUMA_API_SERVER_AUTHN_LOCALHOST_IS_ADMIN":                                                 "false",
788
				"KUMA_API_SERVER_AUTHN_TOKENS_BOOTSTRAP_ADMIN_TOKEN":                                       "false",
789
				"KUMA_API_SERVER_AUTHN_TOKENS_ENABLE_ISSUER":                                               "false",
790
				"KUMA_API_SERVER_AUTHN_TOKENS_VALIDATOR_USE_SECRETS":                                       "false",
791
				"KUMA_API_SERVER_ROOT_URL":                                                                 "https://foo.com",
792
				"KUMA_API_SERVER_BASE_PATH":                                                                "/api",
793
				"KUMA_API_SERVER_GUI_ENABLED":                                                              "false",
794
				"KUMA_API_SERVER_GUI_ROOT_URL":                                                             "https://bar.com",
795
				"KUMA_API_SERVER_GUI_BASE_PATH":                                                            "/ui",
796
				"KUMA_MONITORING_ASSIGNMENT_SERVER_PORT":                                                   "2222",
797
				"KUMA_MONITORING_ASSIGNMENT_SERVER_DEFAULT_FETCH_TIMEOUT":                                  "45s",
798
				"KUMA_MONITORING_ASSIGNMENT_SERVER_API_VERSIONS":                                           "v1",
799
				"KUMA_MONITORING_ASSIGNMENT_SERVER_ASSIGNMENT_REFRESH_INTERVAL":                            "12s",
800
				"KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_ENABLED":                                            "true",
801
				"KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_CERT_FILE":                                          "/cert",
802
				"KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_KEY_FILE":                                           "/key",
803
				"KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_MIN_VERSION":                                        "TLSv1_3",
804
				"KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_MAX_VERSION":                                        "TLSv1_3",
805
				"KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_CIPHER_SUITES":                                      "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_AES_256_GCM_SHA384",
806
				"KUMA_REPORTS_ENABLED":                                                                     "false",
807
				"KUMA_RUNTIME_KUBERNETES_CONTROL_PLANE_SERVICE_NAME":                                       "custom-control-plane",
808
				"KUMA_RUNTIME_KUBERNETES_SERVICE_ACCOUNT_NAME":                                             "custom-sa",
809
				"KUMA_RUNTIME_KUBERNETES_ALLOWED_USERS":                                                    "allowed-usr-1,allowed-usr-2",
810
				"KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_ENABLED":                                    "true",
811
				"KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_CNI_APP":                                    "kuma-cni",
812
				"KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_CNI_NAMESPACE":                              "kuma-system",
813
				"KUMA_RUNTIME_KUBERNETES_ADMISSION_SERVER_ADDRESS":                                         "127.0.0.2",
814
				"KUMA_RUNTIME_KUBERNETES_ADMISSION_SERVER_PORT":                                            "9443",
815
				"KUMA_RUNTIME_KUBERNETES_ADMISSION_SERVER_CERT_DIR":                                        "/var/run/secrets/kuma.io/kuma-admission-server/tls-cert",
816
				"KUMA_RUNTIME_KUBERNETES_SIDECAR_TRAFFIC_EXCLUDE_INBOUND_PORTS":                            "1234,5678",
817
				"KUMA_RUNTIME_KUBERNETES_SIDECAR_TRAFFIC_EXCLUDE_OUTBOUND_PORTS":                           "4321,8765",
818
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_CA_CERT_FILE":                                            "/tmp/ca.crt",
819
				"KUMA_RUNTIME_KUBERNETES_MARSHALING_CACHE_EXPIRATION_TIME":                                 "28s",
820
				"KUMA_INJECTOR_INIT_CONTAINER_IMAGE":                                                       "test-image:test",
821
				"KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_REQUESTS_MEMORY":                                "4Gi",
822
				"KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_REQUESTS_CPU":                                   "123m",
823
				"KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_LIMITS_MEMORY":                                  "8Gi",
824
				"KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_LIMITS_CPU":                                     "100m",
825
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_CONTAINER_PATCHES":                                       "patch1,patch2",
826
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_INBOUND":                 "2020",
827
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_INBOUND_V6":              "2021",
828
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_OUTBOUND":                "1010",
829
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_CNI_ENABLED":                                             "true",
830
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_ENV_VARS":                              "a:b,c:d",
831
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_UID":                                   "100",
832
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_ADMIN_PORT":                            "1099",
833
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_DRAIN_TIME":                            "33s",
834
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_GUI":                                   "1212",
835
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_IMAGE":                                 "image:test",
836
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_INITIAL_DELAY_SECONDS":  "10",
837
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_PERIOD_SECONDS":         "8",
838
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_FAILURE_THRESHOLD":      "31",
839
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_TIMEOUT_SECONDS":        "51",
840
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_SUCCESS_THRESHOLD":     "17",
841
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_PERIOD_SECONDS":        "18",
842
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_FAILURE_THRESHOLD":     "22",
843
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_TIMEOUT_SECONDS":       "24",
844
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_INITIAL_DELAY_SECONDS": "41",
845
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_WAIT_FOR_DATAPLANE_READY":              "true",
846
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_BUILTIN_DNS_ENABLED":                                     "true",
847
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_BUILTIN_DNS_PORT":                                        "1053",
848
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_BUILTIN_DNS_LOGGING":                                     "false",
849
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_ENABLED":                                            "true",
850
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_INSTANCE_IP_ENV_VAR_NAME":                           "FOO",
851
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_BPFFS_PATH":                                         "/run/kuma/bar",
852
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_CGROUP_PATH":                                        "/faz/daz/zaz",
853
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_TC_ATTACH_IFACE":                                    "veth1",
854
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_PROGRAMS_SOURCE_PATH":                               "/kuma/baz",
855
				"KUMA_RUNTIME_KUBERNETES_INJECTOR_IGNORED_SERVICE_SELECTOR_LABELS":                         "x,y",
856
				"KUMA_RUNTIME_KUBERNETES_VIRTUAL_PROBES_ENABLED":                                           "false",
857
				"KUMA_RUNTIME_KUBERNETES_VIRTUAL_PROBES_PORT":                                              "1111",
858
				"KUMA_RUNTIME_KUBERNETES_EXCEPTIONS_LABELS":                                                "openshift.io/build.name:value1,openshift.io/deployer-pod-for.name:value2",
859
				"KUMA_RUNTIME_KUBERNETES_CONTROLLERS_CONCURRENCY_POD_CONTROLLER":                           "10",
860
				"KUMA_RUNTIME_KUBERNETES_CLIENT_CONFIG_QPS":                                                "100",
861
				"KUMA_RUNTIME_KUBERNETES_CLIENT_CONFIG_BURST_QPS":                                          "100",
862
				"KUMA_RUNTIME_KUBERNETES_LEADER_ELECTION_LEASE_DURATION":                                   "199s",
863
				"KUMA_RUNTIME_KUBERNETES_LEADER_ELECTION_RENEW_DEADLINE":                                   "99s",
864
				"KUMA_RUNTIME_UNIVERSAL_DATAPLANE_CLEANUP_AGE":                                             "1h",
865
				"KUMA_RUNTIME_UNIVERSAL_VIP_REFRESH_INTERVAL":                                              "10s",
866
				"KUMA_GENERAL_TLS_CERT_FILE":                                                               "/tmp/cert",
867
				"KUMA_GENERAL_TLS_KEY_FILE":                                                                "/tmp/key",
868
				"KUMA_GENERAL_TLS_MAX_VERSION":                                                             "TLSv1_3",
869
				"KUMA_GENERAL_TLS_MIN_VERSION":                                                             "TLSv1_3",
870
				"KUMA_GENERAL_TLS_CIPHER_SUITES":                                                           "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_AES_256_GCM_SHA384",
871
				"KUMA_GENERAL_DNS_CACHE_TTL":                                                               "19s",
872
				"KUMA_GENERAL_WORK_DIR":                                                                    "/custom/work/dir",
873
				"KUMA_API_SERVER_CORS_ALLOWED_DOMAINS":                                                     "https://kuma,https://someapi",
874
				"KUMA_DNS_SERVER_DOMAIN":                                                                   "test-domain",
875
				"KUMA_DNS_SERVER_CIDR":                                                                     "127.1.0.0/16",
876
				"KUMA_DNS_SERVER_SERVICE_VIP_ENABLED":                                                      "false",
877
				"KUMA_DNS_SERVER_SERVICE_VIP_PORT":                                                         "9090",
878
				"KUMA_MODE":                                                                                "zone",
879
				"KUMA_MULTIZONE_GLOBAL_KDS_GRPC_PORT":                                                      "1234",
880
				"KUMA_MULTIZONE_GLOBAL_KDS_REFRESH_INTERVAL":                                               "2s",
881
				"KUMA_MULTIZONE_GLOBAL_KDS_TLS_ENABLED":                                                    "false",
882
				"KUMA_MULTIZONE_GLOBAL_KDS_TLS_CERT_FILE":                                                  "/cert",
883
				"KUMA_MULTIZONE_GLOBAL_KDS_TLS_KEY_FILE":                                                   "/key",
884
				"KUMA_MULTIZONE_GLOBAL_KDS_TLS_MIN_VERSION":                                                "TLSv1_3",
885
				"KUMA_MULTIZONE_GLOBAL_KDS_TLS_MAX_VERSION":                                                "TLSv1_3",
886
				"KUMA_MULTIZONE_GLOBAL_KDS_TLS_CIPHER_SUITES":                                              "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_AES_256_GCM_SHA384",
887
				"KUMA_MULTIZONE_GLOBAL_KDS_MAX_MSG_SIZE":                                                   "1",
888
				"KUMA_MULTIZONE_GLOBAL_KDS_MSG_SEND_TIMEOUT":                                               "10s",
889
				"KUMA_MULTIZONE_GLOBAL_KDS_NACK_BACKOFF":                                                   "11s",
890
				"KUMA_MULTIZONE_GLOBAL_KDS_RESPONSE_BACKOFF":                                               "1s",
891
				"KUMA_MULTIZONE_GLOBAL_KDS_DISABLE_SOTW":                                                   "true",
892
				"KUMA_MULTIZONE_GLOBAL_KDS_ZONE_HEALTH_CHECK_POLL_INTERVAL":                                "11s",
893
				"KUMA_MULTIZONE_GLOBAL_KDS_ZONE_HEALTH_CHECK_TIMEOUT":                                      "110s",
894
				"KUMA_MULTIZONE_ZONE_GLOBAL_ADDRESS":                                                       "grpc://1.1.1.1:5685",
895
				"KUMA_MULTIZONE_ZONE_NAME":                                                                 "zone-1",
896
				"KUMA_MULTIZONE_ZONE_KDS_ROOT_CA_FILE":                                                     "/rootCa",
897
				"KUMA_MULTIZONE_ZONE_KDS_REFRESH_INTERVAL":                                                 "9s",
898
				"KUMA_MULTIZONE_ZONE_KDS_MAX_MSG_SIZE":                                                     "2",
899
				"KUMA_MULTIZONE_ZONE_KDS_MSG_SEND_TIMEOUT":                                                 "20s",
900
				"KUMA_MULTIZONE_ZONE_KDS_NACK_BACKOFF":                                                     "21s",
901
				"KUMA_MULTIZONE_ZONE_KDS_RESPONSE_BACKOFF":                                                 "2s",
902
				"KUMA_MULTIZONE_ZONE_KDS_TLS_SKIP_VERIFY":                                                  "true",
903
				"KUMA_MULTIZONE_ZONE_DISABLE_ORIGIN_LABEL_VALIDATION":                                      "true",
904
				"KUMA_EXPERIMENTAL_KDS_DELTA_ENABLED":                                                      "true",
905
				"KUMA_MULTIZONE_GLOBAL_KDS_ZONE_INSIGHT_FLUSH_INTERVAL":                                    "5s",
906
				"KUMA_DEFAULTS_SKIP_MESH_CREATION":                                                         "true",
907
				"KUMA_DEFAULTS_SKIP_TENANT_RESOURCES":                                                      "true",
908
				"KUMA_DEFAULTS_CREATE_MESH_ROUTING_RESOURCES":                                              "true",
909
				"KUMA_DIAGNOSTICS_SERVER_PORT":                                                             "5003",
910
				"KUMA_DIAGNOSTICS_DEBUG_ENDPOINTS":                                                         "true",
911
				"KUMA_DIAGNOSTICS_TLS_ENABLED":                                                             "true",
912
				"KUMA_DIAGNOSTICS_TLS_CERT_FILE":                                                           "/cert",
913
				"KUMA_DIAGNOSTICS_TLS_KEY_FILE":                                                            "/key",
914
				"KUMA_DIAGNOSTICS_TLS_MIN_VERSION":                                                         "TLSv1_3",
915
				"KUMA_DIAGNOSTICS_TLS_MAX_VERSION":                                                         "TLSv1_3",
916
				"KUMA_DIAGNOSTICS_TLS_CIPHER_SUITES":                                                       "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_AES_256_GCM_SHA384",
917
				"KUMA_XDS_SERVER_DATAPLANE_STATUS_FLUSH_INTERVAL":                                          "7s",
918
				"KUMA_XDS_SERVER_DATAPLANE_CONFIGURATION_REFRESH_INTERVAL":                                 "21s",
919
				"KUMA_XDS_DATAPLANE_DEREGISTRATION_DELAY":                                                  "11s",
920
				"KUMA_XDS_SERVER_NACK_BACKOFF":                                                             "10s",
921
				"KUMA_METRICS_ZONE_SUBSCRIPTION_LIMIT":                                                     "23",
922
				"KUMA_METRICS_ZONE_IDLE_TIMEOUT":                                                           "2m",
923
				"KUMA_METRICS_ZONE_COMPACT_FINISHED_SUBSCRIPTIONS":                                         "true",
924
				"KUMA_METRICS_MESH_MIN_RESYNC_TIMEOUT":                                                     "27s",
925
				"KUMA_METRICS_MESH_MAX_RESYNC_TIMEOUT":                                                     "35s",
926
				"KUMA_METRICS_MESH_MIN_RESYNC_INTERVAL":                                                    "27s",
927
				"KUMA_METRICS_MESH_FULL_RESYNC_INTERVAL":                                                   "35s",
928
				"KUMA_METRICS_MESH_BUFFER_SIZE":                                                            "23",
929
				"KUMA_METRICS_MESH_EVENT_PROCESSORS":                                                       "2",
930
				"KUMA_METRICS_DATAPLANE_SUBSCRIPTION_LIMIT":                                                "47",
931
				"KUMA_METRICS_DATAPLANE_IDLE_TIMEOUT":                                                      "1m",
932
				"KUMA_METRICS_CONTROL_PLANE_REPORT_RESOURCES_COUNT":                                        "true",
933
				"KUMA_DP_SERVER_TLS_CERT_FILE":                                                             "/test/path",
934
				"KUMA_DP_SERVER_TLS_KEY_FILE":                                                              "/test/path/key",
935
				"KUMA_DP_SERVER_TLS_MIN_VERSION":                                                           "TLSv1_3",
936
				"KUMA_DP_SERVER_TLS_MAX_VERSION":                                                           "TLSv1_3",
937
				"KUMA_DP_SERVER_TLS_CIPHER_SUITES":                                                         "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_AES_256_GCM_SHA384",
938
				"KUMA_DP_SERVER_READ_HEADER_TIMEOUT":                                                       "11s",
939
				"KUMA_DP_SERVER_AUTH_TYPE":                                                                 "dpToken",
940
				"KUMA_DP_SERVER_AUTH_USE_TOKEN_PATH":                                                       "true",
941
				"KUMA_DP_SERVER_AUTHN_DP_PROXY_TYPE":                                                       "dpToken",
942
				"KUMA_DP_SERVER_AUTHN_DP_PROXY_DP_TOKEN_ENABLE_ISSUER":                                     "false",
943
				"KUMA_DP_SERVER_AUTHN_DP_PROXY_DP_TOKEN_VALIDATOR_USE_SECRETS":                             "false",
944
				"KUMA_DP_SERVER_AUTHN_ZONE_PROXY_TYPE":                                                     "zoneToken",
945
				"KUMA_DP_SERVER_AUTHN_ZONE_PROXY_ZONE_TOKEN_ENABLE_ISSUER":                                 "false",
946
				"KUMA_DP_SERVER_AUTHN_ZONE_PROXY_ZONE_TOKEN_VALIDATOR_USE_SECRETS":                         "false",
947
				"KUMA_DP_SERVER_AUTHN_ENABLE_RELOADABLE_TOKENS":                                            "true",
948
				"KUMA_DP_SERVER_PORT":                                                                      "9876",
949
				"KUMA_DP_SERVER_HDS_ENABLED":                                                               "false",
950
				"KUMA_DP_SERVER_HDS_INTERVAL":                                                              "11s",
951
				"KUMA_DP_SERVER_HDS_REFRESH_INTERVAL":                                                      "12s",
952
				"KUMA_DP_SERVER_HDS_CHECK_TIMEOUT":                                                         "5s",
953
				"KUMA_DP_SERVER_HDS_CHECK_INTERVAL":                                                        "6s",
954
				"KUMA_DP_SERVER_HDS_CHECK_NO_TRAFFIC_INTERVAL":                                             "7s",
955
				"KUMA_DP_SERVER_HDS_CHECK_HEALTHY_THRESHOLD":                                               "8",
956
				"KUMA_DP_SERVER_HDS_CHECK_UNHEALTHY_THRESHOLD":                                             "9",
957
				"KUMA_INTER_CP_CATALOG_INSTANCE_ADDRESS":                                                   "192.168.0.1",
958
				"KUMA_INTER_CP_CATALOG_HEARTBEAT_INTERVAL":                                                 "1s",
959
				"KUMA_INTER_CP_CATALOG_WRITER_INTERVAL":                                                    "2s",
960
				"KUMA_INTER_CP_SERVER_PORT":                                                                "15683",
961
				"KUMA_INTER_CP_SERVER_TLS_MIN_VERSION":                                                     "TLSv1_3",
962
				"KUMA_INTER_CP_SERVER_TLS_MAX_VERSION":                                                     "TLSv1_3",
963
				"KUMA_INTER_CP_SERVER_TLS_CIPHER_SUITES":                                                   "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_AES_256_GCM_SHA384",
964
				"KUMA_ACCESS_TYPE":                                                                         "custom-rbac",
965
				"KUMA_ACCESS_STATIC_ADMIN_RESOURCES_USERS":                                                 "ar-admin1,ar-admin2",
966
				"KUMA_ACCESS_STATIC_ADMIN_RESOURCES_GROUPS":                                                "ar-group1,ar-group2",
967
				"KUMA_ACCESS_STATIC_GENERATE_DP_TOKEN_USERS":                                               "dp-admin1,dp-admin2",
968
				"KUMA_ACCESS_STATIC_GENERATE_DP_TOKEN_GROUPS":                                              "dp-group1,dp-group2",
969
				"KUMA_ACCESS_STATIC_GENERATE_USER_TOKEN_USERS":                                             "ut-admin1,ut-admin2",
970
				"KUMA_ACCESS_STATIC_GENERATE_USER_TOKEN_GROUPS":                                            "ut-group1,ut-group2",
971
				"KUMA_ACCESS_STATIC_GENERATE_ZONE_TOKEN_USERS":                                             "zt-admin1,zt-admin2",
972
				"KUMA_ACCESS_STATIC_GENERATE_ZONE_TOKEN_GROUPS":                                            "zt-group1,zt-group2",
973
				"KUMA_ACCESS_STATIC_GET_CONFIG_DUMP_USERS":                                                 "zt-admin1,zt-admin2",
974
				"KUMA_ACCESS_STATIC_GET_CONFIG_DUMP_GROUPS":                                                "zt-group1,zt-group2",
975
				"KUMA_ACCESS_STATIC_VIEW_STATS_USERS":                                                      "zt-admin1,zt-admin2",
976
				"KUMA_ACCESS_STATIC_VIEW_STATS_GROUPS":                                                     "zt-group1,zt-group2",
977
				"KUMA_ACCESS_STATIC_VIEW_CLUSTERS_USERS":                                                   "zt-admin1,zt-admin2",
978
				"KUMA_ACCESS_STATIC_VIEW_CLUSTERS_GROUPS":                                                  "zt-group1,zt-group2",
979
				"KUMA_EXPERIMENTAL_GATEWAY_API":                                                            "true",
980
				"KUMA_EXPERIMENTAL_KUBE_OUTBOUNDS_AS_VIPS":                                                 "true",
981
				"KUMA_EXPERIMENTAL_USE_TAG_FIRST_VIRTUAL_OUTBOUND_MODEL":                                   "false",
982
				"KUMA_EXPERIMENTAL_INGRESS_TAG_FILTERS":                                                    "kuma.io/service",
983
				"KUMA_EXPERIMENTAL_KDS_EVENT_BASED_WATCHDOG_ENABLED":                                       "true",
984
				"KUMA_EXPERIMENTAL_KDS_EVENT_BASED_WATCHDOG_FLUSH_INTERVAL":                                "10s",
985
				"KUMA_EXPERIMENTAL_KDS_EVENT_BASED_WATCHDOG_FULL_RESYNC_INTERVAL":                          "15s",
986
				"KUMA_EXPERIMENTAL_KDS_EVENT_BASED_WATCHDOG_DELAY_FULL_RESYNC":                             "true",
987
				"KUMA_EXPERIMENTAL_AUTO_REACHABLE_SERVICES":                                                "true",
988
				"KUMA_EXPERIMENTAL_SIDECAR_CONTAINERS":                                                     "true",
989
				"KUMA_PROXY_GATEWAY_GLOBAL_DOWNSTREAM_MAX_CONNECTIONS":                                     "1",
990
				"KUMA_TRACING_OPENTELEMETRY_ENDPOINT":                                                      "otel-collector:4317",
991
				"KUMA_TRACING_OPENTELEMETRY_ENABLED":                                                       "true",
992
				"KUMA_EVENT_BUS_BUFFER_SIZE":                                                               "30",
993
				"KUMA_PLUGIN_POLICIES_ENABLED":                                                             "meshaccesslog,meshcircuitbreaker",
994
			},
995
			yamlFileConfig: "",
996
		}),
997
	)
998

999
	It("should override via env var", func() {
1000
		// given file with sample cfg
1001
		file, err := os.CreateTemp("", "*")
1002
		Expect(err).ToNot(HaveOccurred())
1003
		_, err = file.WriteString("environment: kubernetes")
1004
		Expect(err).ToNot(HaveOccurred())
1005

1006
		// and overridden config
1007
		setEnv("KUMA_ENVIRONMENT", "universal")
1008

1009
		// when
1010
		cfg := kuma_cp.DefaultConfig()
1011
		err = config.Load(file.Name(), &cfg)
1012
		Expect(err).ToNot(HaveOccurred())
1013

1014
		// then
1015
		Expect(cfg.Environment).To(Equal(config_core.UniversalEnvironment))
1016
	})
1017
})
1018
kuma

Использование cookies
