7
. "github.com/onsi/ginkgo/v2"
8
. "github.com/onsi/gomega"
9
"golang.org/x/exp/maps"
11
"github.com/kumahq/kuma/pkg/config"
12
kuma_cp "github.com/kumahq/kuma/pkg/config/app/kuma-cp"
13
config_core "github.com/kumahq/kuma/pkg/config/core"
14
"github.com/kumahq/kuma/pkg/config/core/resources/store"
15
"github.com/kumahq/kuma/pkg/config/plugins/resources/postgres"
16
"github.com/kumahq/kuma/test/testenvconfig"
19
var _ = Describe("Config loader", func() {
20
var configFile *os.File
24
file, err := os.CreateTemp("", "*")
25
Expect(err).ToNot(HaveOccurred())
30
if configFile != nil {
31
err := os.Remove(configFile.Name())
32
Expect(err).ToNot(HaveOccurred())
36
setEnv := func(key, value string) {
37
err := os.Setenv(key, value)
38
Expect(err).ToNot(HaveOccurred())
41
type testCase struct {
43
envVars map[string]string
45
DescribeTable("should load config",
46
func(given testCase) {
47
// given file with sample config
48
file, err := os.CreateTemp("", "*")
49
Expect(err).ToNot(HaveOccurred())
50
_, err = file.WriteString(given.yamlFileConfig)
51
Expect(err).ToNot(HaveOccurred())
53
// and config from environment variables
54
for key, value := range given.envVars {
59
cfg := kuma_cp.DefaultConfig()
60
err = config.Load(file.Name(), &cfg)
61
Expect(err).ToNot(HaveOccurred())
64
if len(given.envVars) != 0 {
65
infos, err := testenvconfig.GatherInfo("", &cfg)
66
Expect(err).ToNot(HaveOccurred())
68
configEnvs := map[string]struct{}{}
69
for _, info := range infos {
71
configEnvs[info.Alt] = struct{}{}
75
testEnvs := map[string]struct{}{}
76
for key := range given.envVars {
77
testEnvs[key] = struct{}{}
80
Expect(maps.Keys(testEnvs)).To(ConsistOf(maps.Keys(configEnvs)), "config values are not overridden in the test. Add overrides for them with a value that is different than default.")
83
Expect(cfg.BootstrapServer.Params.AdminPort).To(Equal(uint32(1234)))
84
Expect(cfg.BootstrapServer.Params.XdsHost).To(Equal("kuma-control-plane"))
85
Expect(cfg.BootstrapServer.Params.XdsPort).To(Equal(uint32(4321)))
86
Expect(cfg.BootstrapServer.Params.XdsConnectTimeout.Duration).To(Equal(13 * time.Second))
87
Expect(cfg.BootstrapServer.Params.AdminAccessLogPath).To(Equal("/access/log/test"))
88
Expect(cfg.BootstrapServer.Params.AdminAddress).To(Equal("1.1.1.1"))
90
Expect(cfg.Environment).To(Equal(config_core.KubernetesEnvironment))
92
Expect(cfg.Store.Type).To(Equal(store.PostgresStore))
93
Expect(cfg.Store.UnsafeDelete).To(BeTrue())
94
Expect(cfg.Store.Postgres.Host).To(Equal("postgres.host"))
95
Expect(cfg.Store.Postgres.Port).To(Equal(5432))
96
Expect(cfg.Store.Postgres.User).To(Equal("kuma"))
97
Expect(cfg.Store.Postgres.Password).To(Equal("kuma"))
98
Expect(cfg.Store.Postgres.DbName).To(Equal("kuma"))
99
Expect(cfg.Store.Postgres.DriverName).To(Equal("postgres"))
100
Expect(cfg.Store.Postgres.ConnectionTimeout).To(Equal(10))
101
Expect(cfg.Store.Postgres.MaxConnectionLifetime.Duration).To(Equal(123 * time.Minute))
102
Expect(cfg.Store.Postgres.MaxConnectionLifetimeJitter.Duration).To(Equal(456 * time.Second))
103
Expect(cfg.Store.Postgres.HealthCheckInterval.Duration).To(Equal(78 * time.Second))
104
Expect(cfg.Store.Postgres.MinOpenConnections).To(Equal(3))
105
Expect(cfg.Store.Postgres.MaxOpenConnections).To(Equal(300))
106
Expect(cfg.Store.Postgres.MaxIdleConnections).To(Equal(300))
107
Expect(cfg.Store.Postgres.MinReconnectInterval.Duration).To(Equal(44 * time.Second))
108
Expect(cfg.Store.Postgres.MaxReconnectInterval.Duration).To(Equal(55 * time.Second))
109
Expect(cfg.Store.Postgres.MaxListQueryElements).To(Equal(uint32(111)))
111
Expect(cfg.Store.Kubernetes.SystemNamespace).To(Equal("test-namespace"))
113
Expect(cfg.Store.Cache.Enabled).To(BeFalse())
114
Expect(cfg.Store.Cache.ExpirationTime.Duration).To(Equal(3 * time.Second))
116
Expect(cfg.Store.Upsert.ConflictRetryBaseBackoff.Duration).To(Equal(4 * time.Second))
117
Expect(cfg.Store.Upsert.ConflictRetryMaxTimes).To(Equal(uint(15)))
118
Expect(cfg.Store.Upsert.ConflictRetryJitterPercent).To(Equal(uint(10)))
120
Expect(cfg.Store.Postgres.TLS.Mode).To(Equal(postgres.VerifyFull))
121
Expect(cfg.Store.Postgres.TLS.CertPath).To(Equal("/path/to/cert"))
122
Expect(cfg.Store.Postgres.TLS.KeyPath).To(Equal("/path/to/key"))
123
Expect(cfg.Store.Postgres.TLS.CAPath).To(Equal("/path/to/rootCert"))
124
Expect(cfg.Store.Postgres.TLS.DisableSSLSNI).To(BeTrue())
126
Expect(cfg.Store.Postgres.ReadReplica.Host).To(Equal("ro.host"))
127
Expect(cfg.Store.Postgres.ReadReplica.Port).To(Equal(uint(35432)))
128
Expect(cfg.Store.Postgres.ReadReplica.Ratio).To(Equal(uint(80)))
130
Expect(cfg.ApiServer.ReadOnly).To(BeTrue())
131
Expect(cfg.ApiServer.HTTP.Enabled).To(BeFalse())
132
Expect(cfg.ApiServer.HTTP.Interface).To(Equal("192.168.0.1"))
133
Expect(cfg.ApiServer.HTTP.Port).To(Equal(uint32(15681)))
134
Expect(cfg.ApiServer.HTTPS.Enabled).To(BeFalse())
135
Expect(cfg.ApiServer.HTTPS.Interface).To(Equal("192.168.0.2"))
136
Expect(cfg.ApiServer.HTTPS.Port).To(Equal(uint32(15682)))
137
Expect(cfg.ApiServer.HTTPS.TlsCertFile).To(Equal("/cert"))
138
Expect(cfg.ApiServer.HTTPS.TlsKeyFile).To(Equal("/key"))
139
Expect(cfg.ApiServer.HTTPS.TlsCaFile).To(Equal("/ca"))
140
Expect(cfg.ApiServer.HTTPS.TlsMinVersion).To(Equal("TLSv1_3"))
141
Expect(cfg.ApiServer.HTTPS.TlsMaxVersion).To(Equal("TLSv1_3"))
142
Expect(cfg.ApiServer.HTTPS.TlsCipherSuites).To(Equal([]string{"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"}))
143
Expect(cfg.ApiServer.HTTPS.RequireClientCert).To(BeTrue())
144
Expect(cfg.ApiServer.Auth.ClientCertsDir).To(Equal("/certs"))
145
Expect(cfg.ApiServer.Authn.LocalhostIsAdmin).To(BeFalse())
146
Expect(cfg.ApiServer.Authn.Type).To(Equal("custom-authn"))
147
Expect(cfg.ApiServer.Authn.Tokens.BootstrapAdminToken).To(BeFalse())
148
Expect(cfg.ApiServer.Authn.Tokens.EnableIssuer).To(BeFalse())
149
Expect(cfg.ApiServer.Authn.Tokens.Validator.UseSecrets).To(BeFalse())
150
Expect(cfg.ApiServer.CorsAllowedDomains).To(Equal([]string{"https://kuma", "https://someapi"}))
151
Expect(cfg.ApiServer.BasePath).To(Equal("/api"))
152
Expect(cfg.ApiServer.RootUrl).To(Equal("https://foo.com"))
153
Expect(cfg.ApiServer.GUI.RootUrl).To(Equal("https://bar.com"))
154
Expect(cfg.ApiServer.GUI.Enabled).To(BeFalse())
155
Expect(cfg.ApiServer.GUI.BasePath).To(Equal("/ui"))
157
Expect(cfg.MonitoringAssignmentServer.Port).To(Equal(uint32(2222)))
158
Expect(cfg.MonitoringAssignmentServer.AssignmentRefreshInterval.Duration).To(Equal(12 * time.Second))
159
Expect(cfg.MonitoringAssignmentServer.DefaultFetchTimeout.Duration).To(Equal(45 * time.Second))
160
Expect(cfg.MonitoringAssignmentServer.ApiVersions).To(HaveLen(1))
161
Expect(cfg.MonitoringAssignmentServer.ApiVersions).To(ContainElements("v1"))
162
Expect(cfg.MonitoringAssignmentServer.TlsEnabled).To(BeTrue())
163
Expect(cfg.MonitoringAssignmentServer.TlsCertFile).To(Equal("/cert"))
164
Expect(cfg.MonitoringAssignmentServer.TlsKeyFile).To(Equal("/key"))
165
Expect(cfg.MonitoringAssignmentServer.TlsMinVersion).To(Equal("TLSv1_3"))
166
Expect(cfg.MonitoringAssignmentServer.TlsMaxVersion).To(Equal("TLSv1_3"))
167
Expect(cfg.MonitoringAssignmentServer.TlsCipherSuites).To(Equal([]string{"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"}))
169
Expect(cfg.Runtime.Kubernetes.ControlPlaneServiceName).To(Equal("custom-control-plane"))
170
Expect(cfg.Runtime.Kubernetes.ServiceAccountName).To(Equal("custom-sa"))
171
Expect(cfg.Runtime.Kubernetes.AllowedUsers).To(Equal([]string{"allowed-usr-1", "allowed-usr-2"}))
172
Expect(cfg.Runtime.Kubernetes.NodeTaintController.Enabled).To(BeTrue())
173
Expect(cfg.Runtime.Kubernetes.NodeTaintController.CniApp).To(Equal("kuma-cni"))
175
Expect(cfg.Runtime.Kubernetes.AdmissionServer.Address).To(Equal("127.0.0.2"))
176
Expect(cfg.Runtime.Kubernetes.AdmissionServer.Port).To(Equal(uint32(9443)))
177
Expect(cfg.Runtime.Kubernetes.AdmissionServer.CertDir).To(Equal("/var/run/secrets/kuma.io/kuma-admission-server/tls-cert"))
178
Expect(cfg.Runtime.Kubernetes.MarshalingCacheExpirationTime.Duration).To(Equal(28 * time.Second))
180
Expect(cfg.Runtime.Kubernetes.Injector.Exceptions.Labels).To(Equal(map[string]string{"openshift.io/build.name": "value1", "openshift.io/deployer-pod-for.name": "value2"}))
181
Expect(cfg.Runtime.Kubernetes.Injector.SidecarTraffic.ExcludeInboundPorts).To(Equal([]uint32{1234, 5678}))
182
Expect(cfg.Runtime.Kubernetes.Injector.CaCertFile).To(Equal("/tmp/ca.crt"))
183
Expect(cfg.Runtime.Kubernetes.Injector.SidecarTraffic.ExcludeOutboundPorts).To(Equal([]uint32{4321, 8765}))
184
Expect(cfg.Runtime.Kubernetes.Injector.VirtualProbesEnabled).To(BeFalse())
185
Expect(cfg.Runtime.Kubernetes.Injector.VirtualProbesPort).To(Equal(uint32(1111)))
186
Expect(cfg.Runtime.Kubernetes.Injector.CNIEnabled).To(BeTrue())
187
Expect(cfg.Runtime.Kubernetes.Injector.ContainerPatches).To(Equal([]string{"patch1", "patch2"}))
188
Expect(cfg.Runtime.Kubernetes.Injector.InitContainer.Image).To(Equal("test-image:test"))
189
Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.EnvVars).To(Equal(map[string]string{"a": "b", "c": "d"}))
190
Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.RedirectPortInbound).To(Equal(uint32(2020)))
191
Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.RedirectPortInboundV6).To(Equal(uint32(2021)))
192
Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.RedirectPortOutbound).To(Equal(uint32(1010)))
193
Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.UID).To(Equal(int64(100)))
194
Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.GID).To(Equal(int64(1212)))
195
Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.Image).To(Equal("image:test"))
196
Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.AdminPort).To(Equal(uint32(1099)))
197
Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.DrainTime.Duration).To(Equal(33 * time.Second))
198
Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.Resources.Requests.Memory).To(Equal("4Gi"))
199
Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.Resources.Requests.CPU).To(Equal("123m"))
200
Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.Resources.Limits.Memory).To(Equal("8Gi"))
201
Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.Resources.Limits.CPU).To(Equal("100m"))
202
Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.LivenessProbe.InitialDelaySeconds).To(Equal(int32(10)))
203
Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.LivenessProbe.PeriodSeconds).To(Equal(int32(8)))
204
Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.LivenessProbe.FailureThreshold).To(Equal(int32(31)))
205
Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.LivenessProbe.TimeoutSeconds).To(Equal(int32(51)))
206
Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.ReadinessProbe.SuccessThreshold).To(Equal(int32(17)))
207
Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.ReadinessProbe.PeriodSeconds).To(Equal(int32(18)))
208
Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.ReadinessProbe.FailureThreshold).To(Equal(int32(22)))
209
Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.ReadinessProbe.TimeoutSeconds).To(Equal(int32(24)))
210
Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.ReadinessProbe.InitialDelaySeconds).To(Equal(int32(41)))
211
Expect(cfg.Runtime.Kubernetes.Injector.SidecarContainer.WaitForDataplaneReady).To(BeTrue())
212
Expect(cfg.Runtime.Kubernetes.Injector.BuiltinDNS.Enabled).To(BeTrue())
213
Expect(cfg.Runtime.Kubernetes.Injector.BuiltinDNS.Port).To(Equal(uint32(1053)))
214
Expect(cfg.Runtime.Kubernetes.Injector.EBPF.Enabled).To(BeTrue())
215
Expect(cfg.Runtime.Kubernetes.Injector.EBPF.InstanceIPEnvVarName).To(Equal("FOO"))
216
Expect(cfg.Runtime.Kubernetes.Injector.EBPF.BPFFSPath).To(Equal("/run/kuma/bar"))
217
Expect(cfg.Runtime.Kubernetes.Injector.EBPF.CgroupPath).To(Equal("/faz/daz/zaz"))
218
Expect(cfg.Runtime.Kubernetes.Injector.EBPF.TCAttachIface).To(Equal("veth1"))
219
Expect(cfg.Runtime.Kubernetes.Injector.EBPF.ProgramsSourcePath).To(Equal("/kuma/baz"))
220
Expect(cfg.Runtime.Kubernetes.Injector.IgnoredServiceSelectorLabels).To(Equal([]string{"x", "y"}))
221
Expect(cfg.Runtime.Kubernetes.NodeTaintController.CniNamespace).To(Equal("kuma-system"))
222
Expect(cfg.Runtime.Kubernetes.ControllersConcurrency.PodController).To(Equal(10))
223
Expect(cfg.Runtime.Kubernetes.ClientConfig.Qps).To(Equal(100))
224
Expect(cfg.Runtime.Kubernetes.ClientConfig.BurstQps).To(Equal(100))
225
Expect(cfg.Runtime.Kubernetes.LeaderElection.LeaseDuration.Duration).To(Equal(199 * time.Second))
226
Expect(cfg.Runtime.Kubernetes.LeaderElection.RenewDeadline.Duration).To(Equal(99 * time.Second))
227
Expect(cfg.Runtime.Universal.DataplaneCleanupAge.Duration).To(Equal(1 * time.Hour))
228
Expect(cfg.Runtime.Universal.VIPRefreshInterval.Duration).To(Equal(10 * time.Second))
230
Expect(cfg.Reports.Enabled).To(BeFalse())
232
Expect(cfg.General.TlsCertFile).To(Equal("/tmp/cert"))
233
Expect(cfg.General.TlsKeyFile).To(Equal("/tmp/key"))
234
Expect(cfg.General.TlsMinVersion).To(Equal("TLSv1_3"))
235
Expect(cfg.General.TlsMaxVersion).To(Equal("TLSv1_3"))
236
Expect(cfg.General.TlsCipherSuites).To(Equal([]string{"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"}))
237
Expect(cfg.General.DNSCacheTTL.Duration).To(Equal(19 * time.Second))
238
Expect(cfg.General.WorkDir).To(Equal("/custom/work/dir"))
240
Expect(cfg.Mode).To(Equal(config_core.Zone))
241
Expect(cfg.Multizone.Zone.Name).To(Equal("zone-1"))
243
Expect(cfg.Multizone.Global.KDS.GrpcPort).To(Equal(uint32(1234)))
244
Expect(cfg.Multizone.Global.KDS.RefreshInterval.Duration).To(Equal(time.Second * 2))
245
Expect(cfg.Multizone.Global.KDS.ZoneInsightFlushInterval.Duration).To(Equal(time.Second * 5))
246
Expect(cfg.Multizone.Global.KDS.TlsMinVersion).To(Equal("TLSv1_3"))
247
Expect(cfg.Multizone.Global.KDS.TlsMaxVersion).To(Equal("TLSv1_3"))
248
Expect(cfg.Multizone.Global.KDS.TlsCipherSuites).To(Equal([]string{"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"}))
249
Expect(cfg.Multizone.Global.KDS.TlsEnabled).To(BeFalse())
250
Expect(cfg.Multizone.Global.KDS.TlsCertFile).To(Equal("/cert"))
251
Expect(cfg.Multizone.Global.KDS.TlsKeyFile).To(Equal("/key"))
252
Expect(cfg.Multizone.Global.KDS.MaxMsgSize).To(Equal(uint32(1)))
253
Expect(cfg.Multizone.Global.KDS.MsgSendTimeout.Duration).To(Equal(10 * time.Second))
254
Expect(cfg.Multizone.Global.KDS.NackBackoff.Duration).To(Equal(11 * time.Second))
255
Expect(cfg.Multizone.Global.KDS.DisableSOTW).To(BeTrue())
256
Expect(cfg.Multizone.Global.KDS.ResponseBackoff.Duration).To(Equal(time.Second))
257
Expect(cfg.Multizone.Global.KDS.ZoneHealthCheck.PollInterval.Duration).To(Equal(11 * time.Second))
258
Expect(cfg.Multizone.Global.KDS.ZoneHealthCheck.Timeout.Duration).To(Equal(110 * time.Second))
259
Expect(cfg.Multizone.Zone.GlobalAddress).To(Equal("grpc://1.1.1.1:5685"))
260
Expect(cfg.Multizone.Zone.Name).To(Equal("zone-1"))
261
Expect(cfg.Multizone.Zone.KDS.RootCAFile).To(Equal("/rootCa"))
262
Expect(cfg.Multizone.Zone.KDS.RefreshInterval.Duration).To(Equal(9 * time.Second))
263
Expect(cfg.Multizone.Zone.KDS.MaxMsgSize).To(Equal(uint32(2)))
264
Expect(cfg.Multizone.Zone.KDS.MsgSendTimeout.Duration).To(Equal(20 * time.Second))
265
Expect(cfg.Multizone.Zone.KDS.NackBackoff.Duration).To(Equal(21 * time.Second))
266
Expect(cfg.Multizone.Zone.KDS.ResponseBackoff.Duration).To(Equal(2 * time.Second))
267
Expect(cfg.Multizone.Zone.KDS.TlsSkipVerify).To(BeTrue())
269
Expect(cfg.Defaults.SkipMeshCreation).To(BeTrue())
270
Expect(cfg.Defaults.SkipTenantResources).To(BeTrue())
271
Expect(cfg.Defaults.CreateMeshRoutingResources).To(BeTrue())
273
Expect(cfg.Diagnostics.ServerPort).To(Equal(uint32(5003)))
274
Expect(cfg.Diagnostics.DebugEndpoints).To(BeTrue())
275
Expect(cfg.Diagnostics.TlsEnabled).To(BeTrue())
276
Expect(cfg.Diagnostics.TlsCertFile).To(Equal("/cert"))
277
Expect(cfg.Diagnostics.TlsKeyFile).To(Equal("/key"))
278
Expect(cfg.Diagnostics.TlsMinVersion).To(Equal("TLSv1_3"))
279
Expect(cfg.Diagnostics.TlsMaxVersion).To(Equal("TLSv1_3"))
280
Expect(cfg.Diagnostics.TlsCipherSuites).To(Equal([]string{"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"}))
282
Expect(cfg.DNSServer.Domain).To(Equal("test-domain"))
283
Expect(cfg.DNSServer.CIDR).To(Equal("127.1.0.0/16"))
284
Expect(cfg.DNSServer.ServiceVipEnabled).To(BeFalse())
285
Expect(cfg.DNSServer.ServiceVipPort).To(Equal(uint32(9090)))
287
Expect(cfg.XdsServer.DataplaneStatusFlushInterval.Duration).To(Equal(7 * time.Second))
288
Expect(cfg.XdsServer.DataplaneConfigurationRefreshInterval.Duration).To(Equal(21 * time.Second))
289
Expect(cfg.XdsServer.DataplaneDeregistrationDelay.Duration).To(Equal(11 * time.Second))
290
Expect(cfg.XdsServer.NACKBackoff.Duration).To(Equal(10 * time.Second))
292
Expect(cfg.Metrics.Zone.SubscriptionLimit).To(Equal(23))
293
Expect(cfg.Metrics.Zone.IdleTimeout.Duration).To(Equal(2 * time.Minute))
294
Expect(cfg.Metrics.Zone.CompactFinishedSubscriptions).To(BeTrue())
295
Expect(cfg.Metrics.Mesh.MinResyncInterval.Duration).To(Equal(27 * time.Second))
296
Expect(cfg.Metrics.Mesh.FullResyncInterval.Duration).To(Equal(35 * time.Second))
297
Expect(cfg.Metrics.Mesh.BufferSize).To(Equal(23))
298
Expect(cfg.Metrics.Mesh.EventProcessors).To(Equal(2))
299
Expect(cfg.Metrics.Dataplane.SubscriptionLimit).To(Equal(47))
300
Expect(cfg.Metrics.Dataplane.IdleTimeout.Duration).To(Equal(1 * time.Minute))
301
Expect(cfg.Metrics.ControlPlane.ReportResourcesCount).To(BeTrue())
303
Expect(cfg.DpServer.TlsCertFile).To(Equal("/test/path"))
304
Expect(cfg.DpServer.TlsKeyFile).To(Equal("/test/path/key"))
305
Expect(cfg.DpServer.Auth.Type).To(Equal("dpToken"))
306
Expect(cfg.DpServer.Authn.DpProxy.Type).To(Equal("dpToken"))
307
Expect(cfg.DpServer.Authn.DpProxy.DpToken.EnableIssuer).To(BeFalse())
308
Expect(cfg.DpServer.Authn.DpProxy.DpToken.Validator.UseSecrets).To(BeFalse())
309
Expect(cfg.DpServer.Authn.ZoneProxy.Type).To(Equal("zoneToken"))
310
Expect(cfg.DpServer.Authn.ZoneProxy.ZoneToken.EnableIssuer).To(BeFalse())
311
Expect(cfg.DpServer.Authn.ZoneProxy.ZoneToken.Validator.UseSecrets).To(BeFalse())
312
Expect(cfg.DpServer.Authn.EnableReloadableTokens).To(BeTrue())
313
Expect(cfg.DpServer.Port).To(Equal(9876))
314
Expect(cfg.DpServer.TlsMinVersion).To(Equal("TLSv1_3"))
315
Expect(cfg.DpServer.TlsMaxVersion).To(Equal("TLSv1_3"))
316
Expect(cfg.DpServer.TlsCipherSuites).To(Equal([]string{"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"}))
317
Expect(cfg.DpServer.ReadHeaderTimeout.Duration).To(Equal(11 * time.Second))
318
Expect(cfg.DpServer.Hds.Enabled).To(BeFalse())
319
Expect(cfg.DpServer.Hds.Interval.Duration).To(Equal(11 * time.Second))
320
Expect(cfg.DpServer.Hds.RefreshInterval.Duration).To(Equal(12 * time.Second))
321
Expect(cfg.DpServer.Hds.CheckDefaults.Timeout.Duration).To(Equal(5 * time.Second))
322
Expect(cfg.DpServer.Hds.CheckDefaults.Interval.Duration).To(Equal(6 * time.Second))
323
Expect(cfg.DpServer.Hds.CheckDefaults.NoTrafficInterval.Duration).To(Equal(7 * time.Second))
324
Expect(cfg.DpServer.Hds.CheckDefaults.HealthyThreshold).To(Equal(uint32(8)))
325
Expect(cfg.DpServer.Hds.CheckDefaults.UnhealthyThreshold).To(Equal(uint32(9)))
327
Expect(cfg.InterCp.Catalog.InstanceAddress).To(Equal("192.168.0.1"))
328
Expect(cfg.InterCp.Catalog.HeartbeatInterval.Duration).To(Equal(time.Second))
329
Expect(cfg.InterCp.Catalog.WriterInterval.Duration).To(Equal(2 * time.Second))
330
Expect(cfg.InterCp.Server.Port).To(Equal(uint16(15683)))
331
Expect(cfg.InterCp.Server.TlsMinVersion).To(Equal("TLSv1_3"))
332
Expect(cfg.InterCp.Server.TlsMaxVersion).To(Equal("TLSv1_3"))
333
Expect(cfg.InterCp.Server.TlsCipherSuites).To(Equal([]string{"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"}))
335
Expect(cfg.Access.Type).To(Equal("custom-rbac"))
336
Expect(cfg.Access.Static.AdminResources.Users).To(Equal([]string{"ar-admin1", "ar-admin2"}))
337
Expect(cfg.Access.Static.AdminResources.Groups).To(Equal([]string{"ar-group1", "ar-group2"}))
338
Expect(cfg.Access.Static.GenerateDPToken.Users).To(Equal([]string{"dp-admin1", "dp-admin2"}))
339
Expect(cfg.Access.Static.GenerateDPToken.Groups).To(Equal([]string{"dp-group1", "dp-group2"}))
340
Expect(cfg.Access.Static.GenerateUserToken.Users).To(Equal([]string{"ut-admin1", "ut-admin2"}))
341
Expect(cfg.Access.Static.GenerateUserToken.Groups).To(Equal([]string{"ut-group1", "ut-group2"}))
342
Expect(cfg.Access.Static.GenerateZoneToken.Users).To(Equal([]string{"zt-admin1", "zt-admin2"}))
343
Expect(cfg.Access.Static.GenerateZoneToken.Groups).To(Equal([]string{"zt-group1", "zt-group2"}))
344
Expect(cfg.Access.Static.ViewConfigDump.Users).To(Equal([]string{"zt-admin1", "zt-admin2"}))
345
Expect(cfg.Access.Static.ViewConfigDump.Groups).To(Equal([]string{"zt-group1", "zt-group2"}))
346
Expect(cfg.Access.Static.ViewStats.Users).To(Equal([]string{"zt-admin1", "zt-admin2"}))
347
Expect(cfg.Access.Static.ViewStats.Groups).To(Equal([]string{"zt-group1", "zt-group2"}))
348
Expect(cfg.Access.Static.ViewClusters.Users).To(Equal([]string{"zt-admin1", "zt-admin2"}))
349
Expect(cfg.Access.Static.ViewClusters.Groups).To(Equal([]string{"zt-group1", "zt-group2"}))
351
Expect(cfg.Experimental.GatewayAPI).To(BeTrue())
352
Expect(cfg.Experimental.KubeOutboundsAsVIPs).To(BeTrue())
353
Expect(cfg.Experimental.KDSDeltaEnabled).To(BeTrue())
354
Expect(cfg.Experimental.UseTagFirstVirtualOutboundModel).To(BeFalse())
355
Expect(cfg.Experimental.IngressTagFilters).To(ContainElements("kuma.io/service"))
356
Expect(cfg.Experimental.KDSEventBasedWatchdog.Enabled).To(BeTrue())
357
Expect(cfg.Experimental.KDSEventBasedWatchdog.FlushInterval.Duration).To(Equal(10 * time.Second))
358
Expect(cfg.Experimental.KDSEventBasedWatchdog.FullResyncInterval.Duration).To(Equal(15 * time.Second))
359
Expect(cfg.Experimental.KDSEventBasedWatchdog.DelayFullResync).To(BeTrue())
360
Expect(cfg.Experimental.AutoReachableServices).To(BeTrue())
361
Expect(cfg.Experimental.SidecarContainers).To(BeTrue())
363
Expect(cfg.Proxy.Gateway.GlobalDownstreamMaxConnections).To(BeNumerically("==", 1))
364
Expect(cfg.EventBus.BufferSize).To(Equal(uint(30)))
366
Entry("from config file", testCase{
367
envVars: map[string]string{},
369
environment: kubernetes
380
connectionTimeout: 10
381
minOpenConnections: 3
382
maxOpenConnections: 300
383
maxConnectionLifetime: 123m
384
maxConnectionLifetimeJitter: 456s
385
healthCheckInterval: 78s
386
maxIdleConnections: 300
387
minReconnectInterval: 44s
388
maxReconnectInterval: 55s
389
maxListQueryElements: 111
392
certPath: /path/to/cert
393
keyPath: /path/to/key
394
caPath: /path/to/rootCert
401
systemNamespace: test-namespace
406
conflictRetryBaseBackoff: 4s
407
conflictRetryMaxTimes: 15
408
conflictRetryJitterPercent: 10
412
adminAccessLogPath: /access/log/test
413
adminAddress: 1.1.1.1
414
xdsHost: kuma-control-plane
416
xdsConnectTimeout: 13s
419
enabled: false # ENV: KUMA_API_SERVER_HTTP_ENABLED
420
interface: 192.168.0.1 # ENV: KUMA_API_SERVER_HTTP_INTERFACE
421
port: 15681 # ENV: KUMA_API_SERVER_PORT
423
enabled: false # ENV: KUMA_API_SERVER_HTTPS_ENABLED
424
interface: 192.168.0.2 # ENV: KUMA_API_SERVER_HTTPS_INTERFACE
425
port: 15682 # ENV: KUMA_API_SERVER_HTTPS_PORT
426
tlsCertFile: "/cert" # ENV: KUMA_API_SERVER_HTTPS_TLS_CERT_FILE
427
tlsKeyFile: "/key" # ENV: KUMA_API_SERVER_HTTPS_TLS_KEY_FILE
429
tlsMinVersion: TLSv1_3
430
tlsMaxVersion: TLSv1_3
431
tlsCipherSuites: ["TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"]
432
requireClientCert: true
434
clientCertsDir: "/certs" # ENV: KUMA_API_SERVER_AUTH_CLIENT_CERTS_DIR
437
localhostIsAdmin: false
439
bootstrapAdminToken: false
447
rootUrl: https://foo.com
451
rootUrl: https://bar.com
453
monitoringAssignmentServer:
455
defaultFetchTimeout: 45s
457
assignmentRefreshInterval: 12s
461
tlsMinVersion: TLSv1_3
462
tlsMaxVersion: TLSv1_3
463
tlsCipherSuites: ["TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"]
466
dataplaneCleanupAge: 1h
467
vipRefreshInterval: 10s
469
serviceAccountName: custom-sa
470
allowedUsers: ["allowed-usr-1", "allowed-usr-2"]
471
controlPlaneServiceName: custom-control-plane
475
cniNamespace: kuma-system
479
certDir: /var/run/secrets/kuma.io/kuma-admission-server/tls-cert
480
marshalingCacheExpirationTime: 28s
484
openshift.io/build.name: value1
485
openshift.io/deployer-pod-for.name: value2
487
caCertFile: /tmp/ca.crt
488
virtualProbesEnabled: false
489
virtualProbesPort: 1111
490
containerPatches: ["patch1", "patch2"]
492
image: test-image:test
494
waitForDataplaneReady: true
496
redirectPortInbound: 2020
497
redirectPortInboundV6: 2021
498
redirectPortOutbound: 1010
511
initialDelaySeconds: 10
516
initialDelaySeconds: 41
528
excludeOutboundPorts:
537
instanceIPEnvVarName: FOO
538
bpffsPath: /run/kuma/bar
539
cgroupPath: /faz/daz/zaz
541
programsSourcePath: /kuma/baz
542
ignoredServiceSelectorLabels: ["x", "y"]
543
controllersConcurrency:
555
tlsCertFile: /tmp/cert
556
tlsMinVersion: TLSv1_3
557
tlsMaxVersion: TLSv1_3
558
tlsCipherSuites: ["TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"]
560
workDir: /custom/work/dir
567
zoneInsightFlushInterval: 5s
571
tlsMinVersion: TLSv1_3
572
tlsMaxVersion: TLSv1_3
573
tlsCipherSuites: ["TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"]
583
globalAddress: "grpc://1.1.1.1:5685"
593
disableOriginLabelValidation: true
597
serviceVipEnabled: false
600
skipMeshCreation: true
601
skipTenantResources: true
602
createMeshRoutingResources: true
609
tlsMinVersion: TLSv1_3
610
tlsMaxVersion: TLSv1_3
611
tlsCipherSuites: ["TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"]
613
dataplaneConfigurationRefreshInterval: 21s
614
dataplaneStatusFlushInterval: 7s
615
dataplaneDeregistrationDelay: 11s
619
subscriptionLimit: 23
621
compactFinishedSubscriptions: true
623
fullResyncInterval: 35s
624
minResyncInterval: 27s
628
subscriptionLimit: 47
631
reportResourcesCount: true
633
tlsCertFile: /test/path
634
tlsKeyFile: /test/path/key
635
tlsMinVersion: TLSv1_3
636
tlsMaxVersion: TLSv1_3
637
tlsCipherSuites: ["TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"]
638
readHeaderTimeout: 11s
655
enableReloadableTokens: true
663
noTrafficInterval: 7s
665
unhealthyThreshold: 9
668
instanceAddress: "192.168.0.1"
669
heartbeatInterval: 1s
673
tlsMinVersion: "TLSv1_3"
674
tlsMaxVersion: "TLSv1_3"
675
tlsCipherSuites: ["TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"]
680
users: ["ar-admin1", "ar-admin2"]
681
groups: ["ar-group1", "ar-group2"]
683
users: ["dp-admin1", "dp-admin2"]
684
groups: ["dp-group1", "dp-group2"]
686
users: ["ut-admin1", "ut-admin2"]
687
groups: ["ut-group1", "ut-group2"]
689
users: ["zt-admin1", "zt-admin2"]
690
groups: ["zt-group1", "zt-group2"]
692
users: ["zt-admin1", "zt-admin2"]
693
groups: ["zt-group1", "zt-group2"]
695
users: ["zt-admin1", "zt-admin2"]
696
groups: ["zt-group1", "zt-group2"]
698
users: ["zt-admin1", "zt-admin2"]
699
groups: ["zt-group1", "zt-group2"]
702
kubeOutboundsAsVIPs: true
704
kdsDeltaEnabled: true
705
useTagFirstVirtualOutboundModel: false
706
ingressTagFilters: ["kuma.io/service"]
707
kdsEventBasedWatchdog:
710
fullResyncInterval: 15s
711
delayFullResync: true
712
autoReachableServices: true
713
sidecarContainers: true
716
globalDownstreamMaxConnections: 1
720
pluginPoliciesEnabled:
726
endpoint: collector:4317
729
Entry("from env variables", testCase{
730
envVars: map[string]string{
731
"KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_PORT": "1234",
732
"KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_HOST": "kuma-control-plane",
733
"KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_PORT": "4321",
734
"KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_CONNECT_TIMEOUT": "13s",
735
"KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_ACCESS_LOG_PATH": "/access/log/test",
736
"KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_ADDRESS": "1.1.1.1",
737
"KUMA_BOOTSTRAP_SERVER_PARAMS_COREFILE_TEMPLATE_PATH": "/etc/resolv.conf",
738
"KUMA_ENVIRONMENT": "kubernetes",
739
"KUMA_STORE_TYPE": "postgres",
740
"KUMA_STORE_UNSAFE_DELETE": "true",
741
"KUMA_STORE_POSTGRES_HOST": "postgres.host",
742
"KUMA_STORE_POSTGRES_PORT": "5432",
743
"KUMA_STORE_POSTGRES_USER": "kuma",
744
"KUMA_STORE_POSTGRES_PASSWORD": "kuma",
745
"KUMA_STORE_POSTGRES_DB_NAME": "kuma",
746
"KUMA_STORE_POSTGRES_DRIVER_NAME": "postgres",
747
"KUMA_STORE_POSTGRES_CONNECTION_TIMEOUT": "10",
748
"KUMA_STORE_POSTGRES_MIN_OPEN_CONNECTIONS": "3",
749
"KUMA_STORE_POSTGRES_MAX_OPEN_CONNECTIONS": "300",
750
"KUMA_STORE_POSTGRES_MAX_IDLE_CONNECTIONS": "300",
751
"KUMA_STORE_POSTGRES_MAX_CONNECTION_LIFETIME": "123m",
752
"KUMA_STORE_POSTGRES_MAX_CONNECTION_LIFETIME_JITTER": "456s",
753
"KUMA_STORE_POSTGRES_HEALTH_CHECK_INTERVAL": "78s",
754
"KUMA_STORE_POSTGRES_TLS_MODE": "verifyFull",
755
"KUMA_STORE_POSTGRES_TLS_CERT_PATH": "/path/to/cert",
756
"KUMA_STORE_POSTGRES_TLS_KEY_PATH": "/path/to/key",
757
"KUMA_STORE_POSTGRES_TLS_CA_PATH": "/path/to/rootCert",
758
"KUMA_STORE_POSTGRES_TLS_DISABLE_SSLSNI": "true",
759
"KUMA_STORE_POSTGRES_MIN_RECONNECT_INTERVAL": "44s",
760
"KUMA_STORE_POSTGRES_MAX_RECONNECT_INTERVAL": "55s",
761
"KUMA_STORE_POSTGRES_MAX_LIST_QUERY_ELEMENTS": "111",
762
"KUMA_STORE_POSTGRES_READ_REPLICA_HOST": "ro.host",
763
"KUMA_STORE_POSTGRES_READ_REPLICA_PORT": "35432",
764
"KUMA_STORE_POSTGRES_READ_REPLICA_RATIO": "80",
765
"KUMA_STORE_KUBERNETES_SYSTEM_NAMESPACE": "test-namespace",
766
"KUMA_STORE_CACHE_ENABLED": "false",
767
"KUMA_STORE_CACHE_EXPIRATION_TIME": "3s",
768
"KUMA_STORE_UPSERT_CONFLICT_RETRY_BASE_BACKOFF": "4s",
769
"KUMA_STORE_UPSERT_CONFLICT_RETRY_MAX_TIMES": "15",
770
"KUMA_STORE_UPSERT_CONFLICT_RETRY_JITTER_PERCENT": "10",
771
"KUMA_API_SERVER_READ_ONLY": "true",
772
"KUMA_API_SERVER_HTTP_PORT": "15681",
773
"KUMA_API_SERVER_HTTP_INTERFACE": "192.168.0.1",
774
"KUMA_API_SERVER_HTTP_ENABLED": "false",
775
"KUMA_API_SERVER_HTTPS_ENABLED": "false",
776
"KUMA_API_SERVER_HTTPS_PORT": "15682",
777
"KUMA_API_SERVER_HTTPS_INTERFACE": "192.168.0.2",
778
"KUMA_API_SERVER_HTTPS_TLS_CERT_FILE": "/cert",
779
"KUMA_API_SERVER_HTTPS_TLS_KEY_FILE": "/key",
780
"KUMA_API_SERVER_HTTPS_TLS_CA_FILE": "/ca",
781
"KUMA_API_SERVER_HTTPS_TLS_MIN_VERSION": "TLSv1_3",
782
"KUMA_API_SERVER_HTTPS_TLS_MAX_VERSION": "TLSv1_3",
783
"KUMA_API_SERVER_HTTPS_TLS_CIPHER_SUITES": "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_AES_256_GCM_SHA384",
784
"KUMA_API_SERVER_HTTPS_REQUIRE_CLIENT_CERT": "true",
785
"KUMA_API_SERVER_AUTH_CLIENT_CERTS_DIR": "/certs",
786
"KUMA_API_SERVER_AUTHN_TYPE": "custom-authn",
787
"KUMA_API_SERVER_AUTHN_LOCALHOST_IS_ADMIN": "false",
788
"KUMA_API_SERVER_AUTHN_TOKENS_BOOTSTRAP_ADMIN_TOKEN": "false",
789
"KUMA_API_SERVER_AUTHN_TOKENS_ENABLE_ISSUER": "false",
790
"KUMA_API_SERVER_AUTHN_TOKENS_VALIDATOR_USE_SECRETS": "false",
791
"KUMA_API_SERVER_ROOT_URL": "https://foo.com",
792
"KUMA_API_SERVER_BASE_PATH": "/api",
793
"KUMA_API_SERVER_GUI_ENABLED": "false",
794
"KUMA_API_SERVER_GUI_ROOT_URL": "https://bar.com",
795
"KUMA_API_SERVER_GUI_BASE_PATH": "/ui",
796
"KUMA_MONITORING_ASSIGNMENT_SERVER_PORT": "2222",
797
"KUMA_MONITORING_ASSIGNMENT_SERVER_DEFAULT_FETCH_TIMEOUT": "45s",
798
"KUMA_MONITORING_ASSIGNMENT_SERVER_API_VERSIONS": "v1",
799
"KUMA_MONITORING_ASSIGNMENT_SERVER_ASSIGNMENT_REFRESH_INTERVAL": "12s",
800
"KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_ENABLED": "true",
801
"KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_CERT_FILE": "/cert",
802
"KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_KEY_FILE": "/key",
803
"KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_MIN_VERSION": "TLSv1_3",
804
"KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_MAX_VERSION": "TLSv1_3",
805
"KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_CIPHER_SUITES": "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_AES_256_GCM_SHA384",
806
"KUMA_REPORTS_ENABLED": "false",
807
"KUMA_RUNTIME_KUBERNETES_CONTROL_PLANE_SERVICE_NAME": "custom-control-plane",
808
"KUMA_RUNTIME_KUBERNETES_SERVICE_ACCOUNT_NAME": "custom-sa",
809
"KUMA_RUNTIME_KUBERNETES_ALLOWED_USERS": "allowed-usr-1,allowed-usr-2",
810
"KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_ENABLED": "true",
811
"KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_CNI_APP": "kuma-cni",
812
"KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_CNI_NAMESPACE": "kuma-system",
813
"KUMA_RUNTIME_KUBERNETES_ADMISSION_SERVER_ADDRESS": "127.0.0.2",
814
"KUMA_RUNTIME_KUBERNETES_ADMISSION_SERVER_PORT": "9443",
815
"KUMA_RUNTIME_KUBERNETES_ADMISSION_SERVER_CERT_DIR": "/var/run/secrets/kuma.io/kuma-admission-server/tls-cert",
816
"KUMA_RUNTIME_KUBERNETES_SIDECAR_TRAFFIC_EXCLUDE_INBOUND_PORTS": "1234,5678",
817
"KUMA_RUNTIME_KUBERNETES_SIDECAR_TRAFFIC_EXCLUDE_OUTBOUND_PORTS": "4321,8765",
818
"KUMA_RUNTIME_KUBERNETES_INJECTOR_CA_CERT_FILE": "/tmp/ca.crt",
819
"KUMA_RUNTIME_KUBERNETES_MARSHALING_CACHE_EXPIRATION_TIME": "28s",
820
"KUMA_INJECTOR_INIT_CONTAINER_IMAGE": "test-image:test",
821
"KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_REQUESTS_MEMORY": "4Gi",
822
"KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_REQUESTS_CPU": "123m",
823
"KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_LIMITS_MEMORY": "8Gi",
824
"KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_LIMITS_CPU": "100m",
825
"KUMA_RUNTIME_KUBERNETES_INJECTOR_CONTAINER_PATCHES": "patch1,patch2",
826
"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_INBOUND": "2020",
827
"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_INBOUND_V6": "2021",
828
"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_OUTBOUND": "1010",
829
"KUMA_RUNTIME_KUBERNETES_INJECTOR_CNI_ENABLED": "true",
830
"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_ENV_VARS": "a:b,c:d",
831
"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_UID": "100",
832
"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_ADMIN_PORT": "1099",
833
"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_DRAIN_TIME": "33s",
834
"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_GUI": "1212",
835
"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_IMAGE": "image:test",
836
"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_INITIAL_DELAY_SECONDS": "10",
837
"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_PERIOD_SECONDS": "8",
838
"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_FAILURE_THRESHOLD": "31",
839
"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_TIMEOUT_SECONDS": "51",
840
"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_SUCCESS_THRESHOLD": "17",
841
"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_PERIOD_SECONDS": "18",
842
"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_FAILURE_THRESHOLD": "22",
843
"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_TIMEOUT_SECONDS": "24",
844
"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_INITIAL_DELAY_SECONDS": "41",
845
"KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_WAIT_FOR_DATAPLANE_READY": "true",
846
"KUMA_RUNTIME_KUBERNETES_INJECTOR_BUILTIN_DNS_ENABLED": "true",
847
"KUMA_RUNTIME_KUBERNETES_INJECTOR_BUILTIN_DNS_PORT": "1053",
848
"KUMA_RUNTIME_KUBERNETES_INJECTOR_BUILTIN_DNS_LOGGING": "false",
849
"KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_ENABLED": "true",
850
"KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_INSTANCE_IP_ENV_VAR_NAME": "FOO",
851
"KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_BPFFS_PATH": "/run/kuma/bar",
852
"KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_CGROUP_PATH": "/faz/daz/zaz",
853
"KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_TC_ATTACH_IFACE": "veth1",
854
"KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_PROGRAMS_SOURCE_PATH": "/kuma/baz",
855
"KUMA_RUNTIME_KUBERNETES_INJECTOR_IGNORED_SERVICE_SELECTOR_LABELS": "x,y",
856
"KUMA_RUNTIME_KUBERNETES_VIRTUAL_PROBES_ENABLED": "false",
857
"KUMA_RUNTIME_KUBERNETES_VIRTUAL_PROBES_PORT": "1111",
858
"KUMA_RUNTIME_KUBERNETES_EXCEPTIONS_LABELS": "openshift.io/build.name:value1,openshift.io/deployer-pod-for.name:value2",
859
"KUMA_RUNTIME_KUBERNETES_CONTROLLERS_CONCURRENCY_POD_CONTROLLER": "10",
860
"KUMA_RUNTIME_KUBERNETES_CLIENT_CONFIG_QPS": "100",
861
"KUMA_RUNTIME_KUBERNETES_CLIENT_CONFIG_BURST_QPS": "100",
862
"KUMA_RUNTIME_KUBERNETES_LEADER_ELECTION_LEASE_DURATION": "199s",
863
"KUMA_RUNTIME_KUBERNETES_LEADER_ELECTION_RENEW_DEADLINE": "99s",
864
"KUMA_RUNTIME_UNIVERSAL_DATAPLANE_CLEANUP_AGE": "1h",
865
"KUMA_RUNTIME_UNIVERSAL_VIP_REFRESH_INTERVAL": "10s",
866
"KUMA_GENERAL_TLS_CERT_FILE": "/tmp/cert",
867
"KUMA_GENERAL_TLS_KEY_FILE": "/tmp/key",
868
"KUMA_GENERAL_TLS_MAX_VERSION": "TLSv1_3",
869
"KUMA_GENERAL_TLS_MIN_VERSION": "TLSv1_3",
870
"KUMA_GENERAL_TLS_CIPHER_SUITES": "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_AES_256_GCM_SHA384",
871
"KUMA_GENERAL_DNS_CACHE_TTL": "19s",
872
"KUMA_GENERAL_WORK_DIR": "/custom/work/dir",
873
"KUMA_API_SERVER_CORS_ALLOWED_DOMAINS": "https://kuma,https://someapi",
874
"KUMA_DNS_SERVER_DOMAIN": "test-domain",
875
"KUMA_DNS_SERVER_CIDR": "127.1.0.0/16",
876
"KUMA_DNS_SERVER_SERVICE_VIP_ENABLED": "false",
877
"KUMA_DNS_SERVER_SERVICE_VIP_PORT": "9090",
879
"KUMA_MULTIZONE_GLOBAL_KDS_GRPC_PORT": "1234",
880
"KUMA_MULTIZONE_GLOBAL_KDS_REFRESH_INTERVAL": "2s",
881
"KUMA_MULTIZONE_GLOBAL_KDS_TLS_ENABLED": "false",
882
"KUMA_MULTIZONE_GLOBAL_KDS_TLS_CERT_FILE": "/cert",
883
"KUMA_MULTIZONE_GLOBAL_KDS_TLS_KEY_FILE": "/key",
884
"KUMA_MULTIZONE_GLOBAL_KDS_TLS_MIN_VERSION": "TLSv1_3",
885
"KUMA_MULTIZONE_GLOBAL_KDS_TLS_MAX_VERSION": "TLSv1_3",
886
"KUMA_MULTIZONE_GLOBAL_KDS_TLS_CIPHER_SUITES": "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_AES_256_GCM_SHA384",
887
"KUMA_MULTIZONE_GLOBAL_KDS_MAX_MSG_SIZE": "1",
888
"KUMA_MULTIZONE_GLOBAL_KDS_MSG_SEND_TIMEOUT": "10s",
889
"KUMA_MULTIZONE_GLOBAL_KDS_NACK_BACKOFF": "11s",
890
"KUMA_MULTIZONE_GLOBAL_KDS_RESPONSE_BACKOFF": "1s",
891
"KUMA_MULTIZONE_GLOBAL_KDS_DISABLE_SOTW": "true",
892
"KUMA_MULTIZONE_GLOBAL_KDS_ZONE_HEALTH_CHECK_POLL_INTERVAL": "11s",
893
"KUMA_MULTIZONE_GLOBAL_KDS_ZONE_HEALTH_CHECK_TIMEOUT": "110s",
894
"KUMA_MULTIZONE_ZONE_GLOBAL_ADDRESS": "grpc://1.1.1.1:5685",
895
"KUMA_MULTIZONE_ZONE_NAME": "zone-1",
896
"KUMA_MULTIZONE_ZONE_KDS_ROOT_CA_FILE": "/rootCa",
897
"KUMA_MULTIZONE_ZONE_KDS_REFRESH_INTERVAL": "9s",
898
"KUMA_MULTIZONE_ZONE_KDS_MAX_MSG_SIZE": "2",
899
"KUMA_MULTIZONE_ZONE_KDS_MSG_SEND_TIMEOUT": "20s",
900
"KUMA_MULTIZONE_ZONE_KDS_NACK_BACKOFF": "21s",
901
"KUMA_MULTIZONE_ZONE_KDS_RESPONSE_BACKOFF": "2s",
902
"KUMA_MULTIZONE_ZONE_KDS_TLS_SKIP_VERIFY": "true",
903
"KUMA_MULTIZONE_ZONE_DISABLE_ORIGIN_LABEL_VALIDATION": "true",
904
"KUMA_EXPERIMENTAL_KDS_DELTA_ENABLED": "true",
905
"KUMA_MULTIZONE_GLOBAL_KDS_ZONE_INSIGHT_FLUSH_INTERVAL": "5s",
906
"KUMA_DEFAULTS_SKIP_MESH_CREATION": "true",
907
"KUMA_DEFAULTS_SKIP_TENANT_RESOURCES": "true",
908
"KUMA_DEFAULTS_CREATE_MESH_ROUTING_RESOURCES": "true",
909
"KUMA_DIAGNOSTICS_SERVER_PORT": "5003",
910
"KUMA_DIAGNOSTICS_DEBUG_ENDPOINTS": "true",
911
"KUMA_DIAGNOSTICS_TLS_ENABLED": "true",
912
"KUMA_DIAGNOSTICS_TLS_CERT_FILE": "/cert",
913
"KUMA_DIAGNOSTICS_TLS_KEY_FILE": "/key",
914
"KUMA_DIAGNOSTICS_TLS_MIN_VERSION": "TLSv1_3",
915
"KUMA_DIAGNOSTICS_TLS_MAX_VERSION": "TLSv1_3",
916
"KUMA_DIAGNOSTICS_TLS_CIPHER_SUITES": "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_AES_256_GCM_SHA384",
917
"KUMA_XDS_SERVER_DATAPLANE_STATUS_FLUSH_INTERVAL": "7s",
918
"KUMA_XDS_SERVER_DATAPLANE_CONFIGURATION_REFRESH_INTERVAL": "21s",
919
"KUMA_XDS_DATAPLANE_DEREGISTRATION_DELAY": "11s",
920
"KUMA_XDS_SERVER_NACK_BACKOFF": "10s",
921
"KUMA_METRICS_ZONE_SUBSCRIPTION_LIMIT": "23",
922
"KUMA_METRICS_ZONE_IDLE_TIMEOUT": "2m",
923
"KUMA_METRICS_ZONE_COMPACT_FINISHED_SUBSCRIPTIONS": "true",
924
"KUMA_METRICS_MESH_MIN_RESYNC_TIMEOUT": "27s",
925
"KUMA_METRICS_MESH_MAX_RESYNC_TIMEOUT": "35s",
926
"KUMA_METRICS_MESH_MIN_RESYNC_INTERVAL": "27s",
927
"KUMA_METRICS_MESH_FULL_RESYNC_INTERVAL": "35s",
928
"KUMA_METRICS_MESH_BUFFER_SIZE": "23",
929
"KUMA_METRICS_MESH_EVENT_PROCESSORS": "2",
930
"KUMA_METRICS_DATAPLANE_SUBSCRIPTION_LIMIT": "47",
931
"KUMA_METRICS_DATAPLANE_IDLE_TIMEOUT": "1m",
932
"KUMA_METRICS_CONTROL_PLANE_REPORT_RESOURCES_COUNT": "true",
933
"KUMA_DP_SERVER_TLS_CERT_FILE": "/test/path",
934
"KUMA_DP_SERVER_TLS_KEY_FILE": "/test/path/key",
935
"KUMA_DP_SERVER_TLS_MIN_VERSION": "TLSv1_3",
936
"KUMA_DP_SERVER_TLS_MAX_VERSION": "TLSv1_3",
937
"KUMA_DP_SERVER_TLS_CIPHER_SUITES": "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_AES_256_GCM_SHA384",
938
"KUMA_DP_SERVER_READ_HEADER_TIMEOUT": "11s",
939
"KUMA_DP_SERVER_AUTH_TYPE": "dpToken",
940
"KUMA_DP_SERVER_AUTH_USE_TOKEN_PATH": "true",
941
"KUMA_DP_SERVER_AUTHN_DP_PROXY_TYPE": "dpToken",
942
"KUMA_DP_SERVER_AUTHN_DP_PROXY_DP_TOKEN_ENABLE_ISSUER": "false",
943
"KUMA_DP_SERVER_AUTHN_DP_PROXY_DP_TOKEN_VALIDATOR_USE_SECRETS": "false",
944
"KUMA_DP_SERVER_AUTHN_ZONE_PROXY_TYPE": "zoneToken",
945
"KUMA_DP_SERVER_AUTHN_ZONE_PROXY_ZONE_TOKEN_ENABLE_ISSUER": "false",
946
"KUMA_DP_SERVER_AUTHN_ZONE_PROXY_ZONE_TOKEN_VALIDATOR_USE_SECRETS": "false",
947
"KUMA_DP_SERVER_AUTHN_ENABLE_RELOADABLE_TOKENS": "true",
948
"KUMA_DP_SERVER_PORT": "9876",
949
"KUMA_DP_SERVER_HDS_ENABLED": "false",
950
"KUMA_DP_SERVER_HDS_INTERVAL": "11s",
951
"KUMA_DP_SERVER_HDS_REFRESH_INTERVAL": "12s",
952
"KUMA_DP_SERVER_HDS_CHECK_TIMEOUT": "5s",
953
"KUMA_DP_SERVER_HDS_CHECK_INTERVAL": "6s",
954
"KUMA_DP_SERVER_HDS_CHECK_NO_TRAFFIC_INTERVAL": "7s",
955
"KUMA_DP_SERVER_HDS_CHECK_HEALTHY_THRESHOLD": "8",
956
"KUMA_DP_SERVER_HDS_CHECK_UNHEALTHY_THRESHOLD": "9",
957
"KUMA_INTER_CP_CATALOG_INSTANCE_ADDRESS": "192.168.0.1",
958
"KUMA_INTER_CP_CATALOG_HEARTBEAT_INTERVAL": "1s",
959
"KUMA_INTER_CP_CATALOG_WRITER_INTERVAL": "2s",
960
"KUMA_INTER_CP_SERVER_PORT": "15683",
961
"KUMA_INTER_CP_SERVER_TLS_MIN_VERSION": "TLSv1_3",
962
"KUMA_INTER_CP_SERVER_TLS_MAX_VERSION": "TLSv1_3",
963
"KUMA_INTER_CP_SERVER_TLS_CIPHER_SUITES": "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_AES_256_GCM_SHA384",
964
"KUMA_ACCESS_TYPE": "custom-rbac",
965
"KUMA_ACCESS_STATIC_ADMIN_RESOURCES_USERS": "ar-admin1,ar-admin2",
966
"KUMA_ACCESS_STATIC_ADMIN_RESOURCES_GROUPS": "ar-group1,ar-group2",
967
"KUMA_ACCESS_STATIC_GENERATE_DP_TOKEN_USERS": "dp-admin1,dp-admin2",
968
"KUMA_ACCESS_STATIC_GENERATE_DP_TOKEN_GROUPS": "dp-group1,dp-group2",
969
"KUMA_ACCESS_STATIC_GENERATE_USER_TOKEN_USERS": "ut-admin1,ut-admin2",
970
"KUMA_ACCESS_STATIC_GENERATE_USER_TOKEN_GROUPS": "ut-group1,ut-group2",
971
"KUMA_ACCESS_STATIC_GENERATE_ZONE_TOKEN_USERS": "zt-admin1,zt-admin2",
972
"KUMA_ACCESS_STATIC_GENERATE_ZONE_TOKEN_GROUPS": "zt-group1,zt-group2",
973
"KUMA_ACCESS_STATIC_GET_CONFIG_DUMP_USERS": "zt-admin1,zt-admin2",
974
"KUMA_ACCESS_STATIC_GET_CONFIG_DUMP_GROUPS": "zt-group1,zt-group2",
975
"KUMA_ACCESS_STATIC_VIEW_STATS_USERS": "zt-admin1,zt-admin2",
976
"KUMA_ACCESS_STATIC_VIEW_STATS_GROUPS": "zt-group1,zt-group2",
977
"KUMA_ACCESS_STATIC_VIEW_CLUSTERS_USERS": "zt-admin1,zt-admin2",
978
"KUMA_ACCESS_STATIC_VIEW_CLUSTERS_GROUPS": "zt-group1,zt-group2",
979
"KUMA_EXPERIMENTAL_GATEWAY_API": "true",
980
"KUMA_EXPERIMENTAL_KUBE_OUTBOUNDS_AS_VIPS": "true",
981
"KUMA_EXPERIMENTAL_USE_TAG_FIRST_VIRTUAL_OUTBOUND_MODEL": "false",
982
"KUMA_EXPERIMENTAL_INGRESS_TAG_FILTERS": "kuma.io/service",
983
"KUMA_EXPERIMENTAL_KDS_EVENT_BASED_WATCHDOG_ENABLED": "true",
984
"KUMA_EXPERIMENTAL_KDS_EVENT_BASED_WATCHDOG_FLUSH_INTERVAL": "10s",
985
"KUMA_EXPERIMENTAL_KDS_EVENT_BASED_WATCHDOG_FULL_RESYNC_INTERVAL": "15s",
986
"KUMA_EXPERIMENTAL_KDS_EVENT_BASED_WATCHDOG_DELAY_FULL_RESYNC": "true",
987
"KUMA_EXPERIMENTAL_AUTO_REACHABLE_SERVICES": "true",
988
"KUMA_EXPERIMENTAL_SIDECAR_CONTAINERS": "true",
989
"KUMA_PROXY_GATEWAY_GLOBAL_DOWNSTREAM_MAX_CONNECTIONS": "1",
990
"KUMA_TRACING_OPENTELEMETRY_ENDPOINT": "otel-collector:4317",
991
"KUMA_TRACING_OPENTELEMETRY_ENABLED": "true",
992
"KUMA_EVENT_BUS_BUFFER_SIZE": "30",
993
"KUMA_PLUGIN_POLICIES_ENABLED": "meshaccesslog,meshcircuitbreaker",
999
It("should override via env var", func() {
1000
// given file with sample cfg
1001
file, err := os.CreateTemp("", "*")
1002
Expect(err).ToNot(HaveOccurred())
1003
_, err = file.WriteString("environment: kubernetes")
1004
Expect(err).ToNot(HaveOccurred())
1006
// and overridden config
1007
setEnv("KUMA_ENVIRONMENT", "universal")
1010
cfg := kuma_cp.DefaultConfig()
1011
err = config.Load(file.Name(), &cfg)
1012
Expect(err).ToNot(HaveOccurred())
1015
Expect(cfg.Environment).To(Equal(config_core.UniversalEnvironment))