diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 000000000..2688d5e37 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,135 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: release + +on: + workflow_dispatch: + inputs: + tag: + description: 'Image tag (e.g. v1.2.3-rc1). Leave blank to auto-generate from branch+SHA.' + required: false + create_release: + description: 'Create a GitHub release' + type: boolean + default: false + +permissions: + contents: write + packages: write + +jobs: + release: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Validate and resolve tag + id: tag + run: | + TAG="${{ inputs.tag }}" + if [[ -z "${TAG}" ]]; then + BRANCH="${GITHUB_REF_NAME//\//-}" + SHA="$(git rev-parse --short HEAD)" + TAG="${BRANCH}-${SHA}" + fi + if [[ "${{ inputs.create_release }}" == "true" ]]; then + if [[ ! "${TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9._-]+)?$ ]]; then + echo "::error::Tag '${TAG}' must match vMAJOR.MINOR.PATCH[-prerelease] when creating a release (e.g. v1.2.3 or v1.2.3-rc1)" + exit 1 + fi + fi + echo "value=${TAG}" >> "$GITHUB_OUTPUT" + if [[ "${{ inputs.create_release }}" == "true" ]]; then + echo "tags=${TAG},latest" >> "$GITHUB_OUTPUT" + else + echo "tags=${TAG}" >> "$GITHUB_OUTPUT" + fi + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + + - name: Install ko + uses: ko-build/setup-ko@v0.7 + + - name: Install Helm + uses: azure/setup-helm@v4 + + - name: Log in to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up QEMU (multi-arch) + uses: docker/setup-qemu-action@v3 + + - name: Build and push images + env: + # ghcr.io// — resolves correctly in forks + IMAGE_REPOSITORY: ghcr.io/${{ github.repository }} + IMAGE_TAGS: ${{ steps.tag.outputs.tags }} + run: | + set -o errexit -o nounset -o pipefail + + for component in ateapi atecontroller atelet ateom-gvisor podcertcontroller atenet; do + KO_DOCKER_REPO="${IMAGE_REPOSITORY}/${component}" \ + ./hack/run-tool.sh ko build \ + --tags "${IMAGE_TAGS}" \ + --platform linux/amd64,linux/arm64 \ + --bare \ + "./cmd/${component}" + done + + - name: Package and push Helm charts + if: inputs.create_release + env: + HELM_EXPERIMENTAL_OCI: "1" + CHART_REPOSITORY: oci://ghcr.io/kagent-dev/substrate/helm + run: | + set -o errexit -o nounset -o pipefail + + tag="${{ steps.tag.outputs.value }}" + chart_version="${tag#v}" + package_dir="${RUNNER_TEMP}/helm-packages" + mkdir -p "${package_dir}" + + echo "${{ secrets.GITHUB_TOKEN }}" \ + | helm registry login ghcr.io \ + --username "${{ github.actor }}" \ + --password-stdin + + helm package charts/substrate-crds \ + --destination "${package_dir}" \ + --version "${chart_version}" \ + --app-version "${tag}" + helm package charts/substrate \ + --destination "${package_dir}" \ + --version "${chart_version}" \ + --app-version "${tag}" + + helm push "${package_dir}/substrate-crds-${chart_version}.tgz" "${CHART_REPOSITORY}" + helm push "${package_dir}/substrate-${chart_version}.tgz" "${CHART_REPOSITORY}" + + - name: Create GitHub Release + if: inputs.create_release + uses: softprops/action-gh-release@v2 + with: + tag_name: ${{ steps.tag.outputs.value }} + generate_release_notes: true diff --git a/.ko.yaml b/.ko.yaml index 774665cec..a001cee43 100644 --- a/.ko.yaml +++ b/.ko.yaml @@ -21,3 +21,6 @@ defaultPlatforms: baseImageOverrides: github.com/agent-substrate/substrate/demos/sandbox: alpine github.com/agent-substrate/substrate/demos/agent-secret: alpine + +x-agentgatewayEgressBaseImageOverrides: + github.com/agent-substrate/substrate/cmd/ateom-gvisor: cr.agentgateway.dev/agentgateway:latest-dev diff --git a/Makefile b/Makefile index c6b70cc5e..770d426e7 100644 --- a/Makefile +++ b/Makefile @@ -44,10 +44,11 @@ build: build-images build-atectl .PHONY: build-images build-images: - $(KO) build --ldflags "$(LDFLAGS)" ./cmd/ateapi - $(KO) build --ldflags "$(LDFLAGS)" ./cmd/atelet - $(KO) build --ldflags "$(LDFLAGS)" ./cmd/podcertcontroller - $(KO) build --ldflags "$(LDFLAGS)" ./cmd/atenet + $(KO) build --base-import-paths --ldflags "$(LDFLAGS)" ./cmd/ateapi + $(KO) build --base-import-paths --ldflags "$(LDFLAGS)" ./cmd/atecontroller + $(KO) build --base-import-paths --ldflags "$(LDFLAGS)" ./cmd/atelet + $(KO) build --base-import-paths --ldflags "$(LDFLAGS)" ./cmd/podcertcontroller + $(KO) build --base-import-paths --ldflags "$(LDFLAGS)" ./cmd/atenet .PHONY: build-atectl build-atectl: @@ -92,3 +93,19 @@ verify: test .PHONY: clean clean: rm -rf $(BINDIR) + +# Render the substrate Helm chart into manifests/ate-install/ (mTLS mode, +# the historical default install). Run this whenever charts/substrate/ changes. +.PHONY: helm-template +helm-template: + @./hack/render-manifests.sh + +# Verify that manifests/ate-install/ matches the chart output. Used in CI. +.PHONY: verify-helm-template +verify-helm-template: + @./hack/render-manifests.sh --check + +# Verify that the CRD chart mirrors the generated CRDs. +.PHONY: verify-crd-chart +verify-crd-chart: + @./hack/verify/crd-chart.sh diff --git a/README.md b/README.md index fb63afb54..a29bdebe3 100644 --- a/README.md +++ b/README.md @@ -103,10 +103,10 @@ To quickly set up the complete environment: 2. Run the following steps: ```shell # create cluster and local registry -hack/create-kind-cluster.sh +KIND_ENABLE_PODCERT=false hack/create-kind-cluster.sh -# install ate, valkey, rustfs -hack/install-ate-kind.sh --deploy-ate-system +# install ate, valkey, rustfs using Helm in JWT mode +hack/install-ate-kind-jwt.sh # install counter demo hack/install-ate-kind.sh --deploy-demo-counter @@ -126,6 +126,21 @@ kubectl port-forward -n ate-system svc/atenet-router 8000:80 curl -X POST -H "Host: my-counter-1.actors.resources.substrate.ate.dev" -i http://localhost:8000/ ``` +#### mTLS mode + +JWT mode is the default install path and does not require pod certificate +feature gates. To test the older mTLS path, create kind with the +`ClusterTrustBundle` / `PodCertificateRequest` feature gates enabled and use the +mTLS install helper. + +```shell +# create cluster WITH podcert feature gates +hack/create-kind-cluster.sh + +# install ate using the mTLS manifests path +hack/install-ate-kind.sh --deploy-ate-system +``` + ### GKE Quickstart (Development) 1. Create and configure your environment file: diff --git a/manifests/ate-install/ate-system-namespace.yaml b/charts/substrate-crds/Chart.yaml similarity index 65% rename from manifests/ate-install/ate-system-namespace.yaml rename to charts/substrate-crds/Chart.yaml index 4fa19da0a..a69dcee0e 100644 --- a/manifests/ate-install/ate-system-namespace.yaml +++ b/charts/substrate-crds/Chart.yaml @@ -12,7 +12,17 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Namespace -metadata: - name: ate-system \ No newline at end of file +apiVersion: v2 +name: substrate-crds +description: Agent Substrate CustomResourceDefinitions. +type: application +version: 0.1.0 +appVersion: "0.1.0" +home: https://github.com/agent-substrate/substrate +sources: +- https://github.com/agent-substrate/substrate +keywords: +- agent +- actor +- substrate +- crds diff --git a/charts/substrate-crds/README.md b/charts/substrate-crds/README.md new file mode 100644 index 000000000..12fa31f0a --- /dev/null +++ b/charts/substrate-crds/README.md @@ -0,0 +1,13 @@ +# substrate-crds + +Helm chart for installing the Agent Substrate CRDs. + +Install this chart before installing the main `substrate` chart: + +```bash +helm upgrade --install substrate-crds ./charts/substrate-crds +helm upgrade --install substrate ./charts/substrate --namespace ate-system --create-namespace +``` + +The CRD YAMLs in `templates/` mirror `manifests/ate-install/generated/`. +Run `hack/verify/crd-chart.sh` to verify they are in sync. diff --git a/charts/substrate-crds/templates/ate.dev_actortemplates.yaml b/charts/substrate-crds/templates/ate.dev_actortemplates.yaml new file mode 100644 index 000000000..e0b9a98f4 --- /dev/null +++ b/charts/substrate-crds/templates/ate.dev_actortemplates.yaml @@ -0,0 +1,680 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.20.1 + name: actortemplates.ate.dev +spec: + group: ate.dev + names: + kind: ActorTemplate + listKind: ActorTemplateList + plural: actortemplates + shortNames: + - actortemplate + singular: actortemplate + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec defines the desired state of ActorTemplate + properties: + containers: + description: Containers is the workload definition. + items: + description: A single application container that you want to run + within a WorkerPool. + properties: + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + maxItems: 64 + type: array + x-kubernetes-list-type: atomic + env: + description: Environment variables to set in the worker replicas. + items: + description: |- + EnvVar represents an environment variable supplied to a container in an + ActorTemplate. It models only a subset of Kubernetes Pod env behavior: + literal values are not expanded with Kubernetes-style $(VAR) references, + envFrom is not supported, and valueFrom currently supports only secretKeyRef. + properties: + name: + description: |- + Name is the name of the environment variable. May be any printable ASCII + character except '='. + minLength: 1 + pattern: ^[ -<>-~]+$ + type: string + value: + description: |- + Variable value. Mutually exclusive with ValueFrom. + Value is the literal value of the environment variable. Unlike in + Kubernetes pods, this value is not interpolated, and $(VAR) + references are not expanded. + minLength: 0 + type: string + valueFrom: + description: |- + Source for the environment variable's value. Mutually exclusive with + Value. + maxProperties: 1 + minProperties: 1 + properties: + secretKeyRef: + description: Selects a key of a Secret in the ActorTemplate's + namespace. + properties: + key: + description: Key to select within the Secret. + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: Name of the referent Secret. + maxLength: 253 + type: string + x-kubernetes-validations: + - message: Name must be a valid DNS subdomain + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + optional: + description: Specify whether the Secret or its + key must be defined. + type: boolean + required: + - key + - name + type: object + type: object + required: + - name + type: object + x-kubernetes-validations: + - message: exactly one of the fields in [value valueFrom] + must be set + rule: '[has(self.value),has(self.valueFrom)].filter(x,x==true).size() + == 1' + maxItems: 32 + type: array + image: + description: Image to use for the worker replicas. + type: string + x-kubernetes-validations: + - message: All images must be pinned (changing the image invalidates + snapshots) + rule: self.contains('@') + name: + description: Name of the container. + maxLength: 63 + type: string + x-kubernetes-validations: + - message: Name must be a valid DNS label + rule: '!format.dns1123Label().validate(self).hasValue()' + required: + - image + - name + type: object + maxItems: 10 + type: array + egressPolicy: + description: |- + EgressPolicy defines the default outbound network policy for actors + created from this template. + properties: + allow: + description: Allow contains destination rules actors created from + this template may reach. + items: + properties: + credentials: + description: |- + Credentials configures explicit egress gateway credential injection for + matching outbound requests. + properties: + inject: + description: |- + Inject configures credentials that the egress gateway injects into + matching outbound requests. Values are referenced from Kubernetes Secrets; + the policy does not contain credential material. + items: + properties: + header: + description: Header is the outbound HTTP header + name to set. + type: string + valueFrom: + description: ValueFrom selects the source of the + injected credential value. + properties: + secretKeyRef: + description: SecretKeyRef selects a key in + a Kubernetes Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - header + - valueFrom + type: object + type: array + type: object + name: + description: Name is an optional human-readable identifier + for this rule. + type: string + ports: + description: |- + Ports is the list of destination ports matched by this rule. + If empty, the rule applies to all destination ports. + items: + properties: + port: + description: Port is the destination port number. + format: int32 + type: integer + protocol: + description: Protocol is the transport protocol for + this port. + type: string + required: + - port + type: object + type: array + tls: + description: TLS defines transport security requirements + for this destination. + properties: + intercept: + description: Intercept configures explicit TLS interception + for matching egress traffic. + properties: + issuerSecretRef: + description: |- + IssuerSecretRef references the CA material used by the egress gateway to + issue certificates for intercepted TLS traffic. + properties: + name: + description: name is unique within a namespace + to reference a secret resource. + type: string + namespace: + description: namespace defines the space within + which the secret name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + validateUpstream: + description: |- + ValidateUpstream controls whether the egress gateway validates the + upstream service certificate before proxying intercepted traffic. + type: boolean + type: object + mode: + description: Mode controls how TLS is handled for matching + egress traffic. + enum: + - Require + - Originate + - Intercept + - Disable + type: string + required: + description: Required controls whether matching egress + traffic must use TLS. + type: boolean + type: object + to: + description: To lists the destinations matched by this rule. + items: + properties: + host: + description: Host is the DNS name to match for egress + traffic. + type: string + ipBlock: + description: IPBlock is the IP range to match for + egress traffic. + properties: + cidr: + description: CIDR is an IP address range in CIDR + notation. + type: string + required: + - cidr + type: object + type: object + type: array + type: object + type: array + audit: + description: Audit configures egress logging and tracing for actors + created from this template. + properties: + logs: + description: Logs enables egress access logs for actors created + from this template. + type: boolean + redactHeaders: + description: RedactHeaders is the list of headers that must + be redacted from audit output. + items: + type: string + type: array + traces: + description: Traces enables egress tracing for actors created + from this template. + type: boolean + type: object + defaultAction: + description: DefaultAction is applied when no allow rule matches. + enum: + - Allow + - Deny + type: string + deny: + description: Deny contains destination rules actors created from + this template may not reach. + items: + properties: + credentials: + description: |- + Credentials configures explicit egress gateway credential injection for + matching outbound requests. + properties: + inject: + description: |- + Inject configures credentials that the egress gateway injects into + matching outbound requests. Values are referenced from Kubernetes Secrets; + the policy does not contain credential material. + items: + properties: + header: + description: Header is the outbound HTTP header + name to set. + type: string + valueFrom: + description: ValueFrom selects the source of the + injected credential value. + properties: + secretKeyRef: + description: SecretKeyRef selects a key in + a Kubernetes Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - header + - valueFrom + type: object + type: array + type: object + name: + description: Name is an optional human-readable identifier + for this rule. + type: string + ports: + description: |- + Ports is the list of destination ports matched by this rule. + If empty, the rule applies to all destination ports. + items: + properties: + port: + description: Port is the destination port number. + format: int32 + type: integer + protocol: + description: Protocol is the transport protocol for + this port. + type: string + required: + - port + type: object + type: array + tls: + description: TLS defines transport security requirements + for this destination. + properties: + intercept: + description: Intercept configures explicit TLS interception + for matching egress traffic. + properties: + issuerSecretRef: + description: |- + IssuerSecretRef references the CA material used by the egress gateway to + issue certificates for intercepted TLS traffic. + properties: + name: + description: name is unique within a namespace + to reference a secret resource. + type: string + namespace: + description: namespace defines the space within + which the secret name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + validateUpstream: + description: |- + ValidateUpstream controls whether the egress gateway validates the + upstream service certificate before proxying intercepted traffic. + type: boolean + type: object + mode: + description: Mode controls how TLS is handled for matching + egress traffic. + enum: + - Require + - Originate + - Intercept + - Disable + type: string + required: + description: Required controls whether matching egress + traffic must use TLS. + type: boolean + type: object + to: + description: To lists the destinations matched by this rule. + items: + properties: + host: + description: Host is the DNS name to match for egress + traffic. + type: string + ipBlock: + description: IPBlock is the IP range to match for + egress traffic. + properties: + cidr: + description: CIDR is an IP address range in CIDR + notation. + type: string + required: + - cidr + type: object + type: object + type: array + type: object + type: array + type: object + pauseImage: + description: |- + PauseImage is the container to use as the root sandbox container. + + Typically, set it to [1] for on-gcp, and [2] for off-gcp + + - [1] gcr.io/gke-release/pause@sha256:bcbd57ba5653580ec647b16d8163cdd1112df3609129b01f912a8032e48265da + - [2] registry.k8s.io/pause:3.10.2@sha256:f548e0e8e3dc1896ca956272154dde3314e8cc4fde0a57577ee9fa1c63f5baf4 + type: string + x-kubernetes-validations: + - message: All images must be pinned (changing the image invalidates + snapshots) + rule: self.contains('@') + runsc: + description: Parameters for fetching the runsc binary to use. + properties: + amd64: + description: Configuration for the amd64 binary. + properties: + sha256Hash: + description: |- + The SHA256 hash of the binary to download. Used both to name the + downloaded file (for preventing conflicts), and to check the integrity of + the downloaded file. + pattern: ^[a-z0-9]+$ + type: string + url: + description: | + A gs:// URL pointing to a runsc binary that can be downloaded (possibly + with atelet's credentials). + minLength: 1 + type: string + required: + - sha256Hash + - url + type: object + arm64: + description: Configuration for the arm64 binary. + properties: + sha256Hash: + description: |- + The SHA256 hash of the binary to download. Used both to name the + downloaded file (for preventing conflicts), and to check the integrity of + the downloaded file. + pattern: ^[a-z0-9]+$ + type: string + url: + description: | + A gs:// URL pointing to a runsc binary that can be downloaded (possibly + with atelet's credentials). + minLength: 1 + type: string + required: + - sha256Hash + - url + type: object + authentication: + description: How should atelet authenticate to download the runsc + binary? + properties: + gcp: + description: Use GCP application-default credentials. + type: object + type: object + type: object + snapshotsConfig: + description: Snapshots configuration for the actor. + properties: + location: + description: Location to store snapshots in. + minLength: 1 + type: string + required: + - location + type: object + workerPoolRef: + description: | + Name of the worker pool to use for the actor. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - pauseImage + - runsc + - snapshotsConfig + - workerPoolRef + type: object + status: + description: status is the observed state of ActorTemplate + properties: + conditions: + description: conditions defines the status conditions array + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + goldenActorID: + type: string + goldenSnapshot: + type: string + phase: + description: Phase of the actor template. + type: string + takeGoldenSnapshotAt: + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/substrate-crds/templates/ate.dev_workerpools.yaml b/charts/substrate-crds/templates/ate.dev_workerpools.yaml new file mode 100644 index 000000000..3e2387802 --- /dev/null +++ b/charts/substrate-crds/templates/ate.dev_workerpools.yaml @@ -0,0 +1,99 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.20.1 + name: workerpools.ate.dev +spec: + group: ate.dev + names: + kind: WorkerPool + listKind: WorkerPoolList + plural: workerpools + shortNames: + - workerpool + singular: workerpool + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.replicas + name: Desired + type: integer + - jsonPath: .status.replicas + name: Replicas + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: WorkerPool is the Schema for the workerpools API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec defines the desired state of WorkerPool + properties: + ateomImage: + description: AteomImage is the ateom container image to deploy as + workers. + minLength: 1 + type: string + replicas: + description: Replicas is the number of worker pods to run. + format: int32 + minimum: 0 + type: integer + required: + - ateomImage + - replicas + type: object + status: + description: status is the observed state of WorkerPool + properties: + replicas: + description: Replicas is the total number of worker pods. + format: int32 + minimum: 0 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} diff --git a/charts/substrate/Chart.yaml b/charts/substrate/Chart.yaml new file mode 100644 index 000000000..52bd74800 --- /dev/null +++ b/charts/substrate/Chart.yaml @@ -0,0 +1,27 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v2 +name: substrate +description: Agent Substrate — actor runtime, control plane, and data-plane router. +type: application +version: 0.1.0 +appVersion: "0.1.0" +home: https://github.com/agent-substrate/substrate +sources: +- https://github.com/agent-substrate/substrate +keywords: +- agent +- actor +- substrate diff --git a/charts/substrate/README.md b/charts/substrate/README.md new file mode 100644 index 000000000..2fe9bbbbb --- /dev/null +++ b/charts/substrate/README.md @@ -0,0 +1,71 @@ +# substrate + +Helm chart for installing Agent Substrate. + +## Install modes + +| Mode | Default? | Cluster requirements | Trade-off | +|------|----------|----------------------|-----------| +| `jwt` | yes | none beyond stock K8s | Server certs and session signing pools are generated by the chart; clients authenticate via projected ServiceAccount tokens. Valkey runs plaintext intra-cluster. | +| `mtls` | | feature gates `ClusterTrustBundle`, `ClusterTrustBundleProjection`, `PodCertificateRequest` + `certificates.k8s.io/v1beta1` API | Full in-cluster mTLS via the bundled `podcertcontroller`. | + +```bash +# CRDs +helm upgrade --install substrate-crds ./charts/substrate-crds + +# JWT mode (default; no off-by-default feature gates) +helm upgrade --install substrate ./charts/substrate + +# mTLS mode (requires off-by-default feature gates) +helm upgrade --install substrate ./charts/substrate \ + --set auth.mode=mtls +``` + +By default, component images are pulled from `ghcr.io/kagent-dev/substrate` +using the chart `appVersion` as the tag. Override `image.registry` and +`image.tag` to install from a different image repository or tag. + +## JWT-mode bootstrap + +JWT mode is standalone by default. The chart generates: + +- `Secret/ateapi-tls` +- `ConfigMap/ateapi-ca` +- `Secret/session-id-jwt-pool` +- `Secret/session-id-ca-pool` + +Existing generated data is reused on upgrade so key material does not rotate +during normal chart upgrades. Set `auth.jwt.bootstrap.enabled=false` to bring +your own resources with those names. + +## Render manifests without applying + +```bash +helm template substrate ./charts/substrate # jwt +helm template substrate ./charts/substrate --set auth.mode=mtls +``` + +`manifests/ate-install/` in the repo is the rendered mTLS output and is +regenerated by `make helm-template`. The separate `substrate-crds` chart +mirrors `manifests/ate-install/generated/`. + +## Values + +See `values.yaml` for the full set; the important keys: + +| Key | Default | Notes | +|-----|---------|-------| +| `auth.mode` | `jwt` | `jwt` or `mtls` | +| `auth.jwt.issuer` | `https://kubernetes.default.svc.cluster.local` | Override for managed clusters with provider-specific issuers | +| `auth.jwt.audience` | `api.ate-system.svc` | SA token audience | +| `auth.jwt.bootstrap.enabled` | `true` | Generate JWT TLS and session signing material | +| `auth.jwt.serverCertSecret` | `ateapi-tls` | Secret name | +| `auth.jwt.caBundleConfigMap` | `ateapi-ca` | ConfigMap name | +| `valkey.enabled` | `true` | Set false if you bring your own Redis/Valkey | +| `valkey.replicas` | `6` | StatefulSet size | +| `rustfs.enabled` | `true` | Deploy an in-cluster S3-compatible RustFS bucket for snapshots | +| `atelet.storageBackend` | `s3` | Default snapshot backend, wired to RustFS when `rustfs.enabled=true` | +| `redis.clusterAddress` | `""` (in-cluster) | Override to use external Redis | +| `redis.useIAMAuth` | `false` | Google IAM auth | +| `atelet.gcpAuthForImagePulls` | `false` | Enable only when using GCP registry auth | +| `otel.endpoint` | `""` | Set to an OTLP endpoint to export traces/metrics | diff --git a/charts/substrate/templates/NOTES.txt b/charts/substrate/templates/NOTES.txt new file mode 100644 index 000000000..f736c32f7 --- /dev/null +++ b/charts/substrate/templates/NOTES.txt @@ -0,0 +1,21 @@ +substrate {{ .Chart.AppVersion }} installed in mode: {{ .Values.auth.mode }} + +{{ if eq .Values.auth.mode "mtls" -}} +NOTE: mtls mode REQUIRES the following Kubernetes feature gates to be enabled: + - ClusterTrustBundle + - ClusterTrustBundleProjection + - PodCertificateRequest +plus the v1beta1 certificates API. On vanilla clusters (kind, EKS, etc.) you +must enable these explicitly. To install without them, pick auth.mode=jwt. +{{- else }} +JWT mode is active. + +{{- if .Values.auth.jwt.bootstrap.enabled }} +JWT bootstrap resources are managed by this chart. Existing key material is +reused on upgrade. +{{- else }} +JWT bootstrap is disabled. Provide {{ .Values.auth.jwt.serverCertSecret }}, +{{ .Values.auth.jwt.caBundleConfigMap }}, session-id-jwt-pool, and +session-id-ca-pool before pods become healthy. +{{- end }} +{{- end }} diff --git a/charts/substrate/templates/_helpers.tpl b/charts/substrate/templates/_helpers.tpl new file mode 100644 index 000000000..2f8ecc8e6 --- /dev/null +++ b/charts/substrate/templates/_helpers.tpl @@ -0,0 +1,80 @@ +{{/* +Copyright 2026 Google LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +Qualified resource name for a chart component. + +Usage: + {{ include "substrate.fullname" (list "ate-api-server" .) }} + +When the release name equals the chart name (the canonical render in +hack/render-manifests.sh — `helm template substrate charts/substrate`), this +returns the bare component name, so the generated manifests/ate-install/ +files keep their historical names ("ate-api-server", "ate-controller", ...). + +Otherwise resources are prefixed with the release name in the standard Helm +style ("foo-ate-api-server", ...) so multiple releases coexist without +colliding. +*/}} +{{- define "substrate.fullname" -}} +{{- $name := index . 0 -}} +{{- $ctx := index . 1 -}} +{{- if eq $ctx.Release.Name $ctx.Chart.Name -}} +{{- $name -}} +{{- else -}} +{{- printf "%s-%s" $ctx.Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Build an image reference for a substrate component binary. + +Usage: + {{ include "substrate.componentImage" (list "ateapi" .) }} + +Produces {image.registry}/{name}:{tag} where tag is resolved as: + 1. image.tag value, if set and not the sentinel "" + 2. .Chart.AppVersion, if image.tag is empty + 3. no tag (no colon) when image.tag is the sentinel "" + +The "" sentinel is used by hack/render-manifests.sh so that ko:// refs +are emitted without a tag, letting `ko resolve` supply the digest at build time. +*/}} +{{- define "substrate.componentImage" -}} +{{- $name := index . 0 -}} +{{- $ctx := index . 1 -}} +{{- $registry := $ctx.Values.image.registry -}} +{{- $tag := $ctx.Values.image.tag | default $ctx.Chart.AppVersion -}} +{{- if ne $tag "" -}} +{{- printf "%s/%s:%s" $registry $name $tag -}} +{{- else -}} +{{- printf "%s/%s" $registry $name -}} +{{- end -}} +{{- end -}} + +{{/* +Validate auth.mode at template time. +*/}} +{{- define "substrate.validateAuthMode" -}} +{{- if not (or (eq .Values.auth.mode "mtls") (eq .Values.auth.mode "jwt")) -}} +{{- fail (printf "auth.mode must be 'mtls' or 'jwt', got %q" .Values.auth.mode) -}} +{{- end -}} +{{- if eq .Values.auth.mode "jwt" -}} +{{- if not .Values.auth.jwt.issuer -}} +{{- fail "auth.jwt.issuer is required when auth.mode=jwt" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/substrate/templates/ate-api-server-envvars.yaml b/charts/substrate/templates/ate-api-server-envvars.yaml new file mode 100644 index 000000000..d294a8046 --- /dev/null +++ b/charts/substrate/templates/ate-api-server-envvars.yaml @@ -0,0 +1,27 @@ +{{/* +Copyright 2026 Google LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.ateApiServerEnvVarsConfigMap }} + namespace: {{ .Release.Namespace }} +data: + ATE_API_REDIS_ADDRESS: {{ .Values.redis.clusterAddress | default (printf "valkey-cluster.%s.svc:6379" .Release.Namespace) | quote }} + ATE_API_REDIS_USE_IAM_AUTH: {{ .Values.redis.useIAMAuth | toString | quote }} + ATE_API_REDIS_TLS_SERVER_NAME: {{ .Values.redis.tlsServerName | quote }} + ATE_API_REDIS_CLIENT_CERT: {{ .Values.redis.clientCert | default "" | quote }} + ATE_API_K8SJWT_ISSUER: {{ .Values.auth.jwt.issuer | quote }} diff --git a/charts/substrate/templates/ate-api-server.yaml b/charts/substrate/templates/ate-api-server.yaml new file mode 100644 index 000000000..fcf5ccc7e --- /dev/null +++ b/charts/substrate/templates/ate-api-server.yaml @@ -0,0 +1,232 @@ +{{/* +Copyright 2026 Google LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "substrate.fullname" (list "ate-api-server-role" .) }} +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "watch", "list"] +- apiGroups: ["ate.dev"] + resources: ["actortemplates"] + verbs: ["get", "watch", "list"] +# Secret reads for env source resolution are intentionally NOT granted +# cluster-wide here. Each demo / tenant is responsible for granting +# ate-api-server read access only to the specific Secrets referenced by its +# ActorTemplates (e.g. via a namespace-scoped Role + RoleBinding using +# resourceNames). +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "substrate.fullname" (list "ate-api-server" .) }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "substrate.fullname" (list "ate-api-server-binding" .) }} +subjects: +- kind: ServiceAccount + name: {{ include "substrate.fullname" (list "ate-api-server" .) }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "substrate.fullname" (list "ate-api-server-role" .) }} + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "substrate.fullname" (list "ate-api-server-deployment" .) }} + namespace: {{ .Release.Namespace }} +spec: + replicas: 1 + selector: + matchLabels: + app: ate-api-server + template: + metadata: + labels: + app: ate-api-server + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9090" + spec: + serviceAccountName: {{ include "substrate.fullname" (list "ate-api-server" .) }} +{{- if eq .Values.auth.mode "jwt" }} + initContainers: + - name: assemble-cred-bundle + image: {{ .Values.images.busybox }} + command: + - sh + - -c + - cat /run/ateapi-tls-src/tls.crt /run/ateapi-tls-src/tls.key > /run/ateapi-tls/credential-bundle.pem + volumeMounts: + - { name: ateapi-tls-src, mountPath: /run/ateapi-tls-src, readOnly: true } + - { name: ateapi-tls, mountPath: /run/ateapi-tls } +{{- end }} + containers: + - name: ate-api-server + image: {{ include "substrate.componentImage" (list "ateapi" .) }} + args: + - "--grpc-listen-addr=0.0.0.0:443" +{{- if eq .Values.auth.mode "mtls" }} + - "--grpc-server-cred-bundle=/run/servicedns.podcert.ate.dev/credential-bundle.pem" + - "--redis-cluster-address=@env" + - "--redis-ca-certs=/etc/valkey-ca/ca.crt" + - "--redis-use-iam-auth=@env" + - "--redis-tls-server-name=@env" + - "--redis-client-cert=@env" + - "--client-jwt-issuer=@env" + - "--client-jwt-audience={{ .Values.auth.jwt.audience }}" + - "--session-id-jwt-pool=/run/session-id-jwt-pool/pool.json" + - "--session-id-ca-pool=/run/session-id-ca-pool/pool.json" + - "--workerpool-ca-certs=/run/workerpool-ca-certs/trust-bundle.pem" +{{- else }} + - "--grpc-server-cred-bundle=/run/ateapi-tls/credential-bundle.pem" + - "--auth-mode=jwt" + - "--redis-cluster-address=@env" + - "--redis-no-tls=true" + - "--redis-use-iam-auth=@env" + - "--client-jwt-issuer={{ .Values.auth.jwt.issuer }}" + - "--client-jwt-audience={{ .Values.auth.jwt.audience }}" + - "--session-id-jwt-pool=/run/session-id-jwt-pool/pool.json" + - "--session-id-ca-pool=/run/session-id-ca-pool/pool.json" + - "--client-jwt-ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" +{{- end }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + - name: OTEL_RESOURCE_ATTRIBUTES + value: k8s.namespace.name=$(POD_NAMESPACE),k8s.pod.name=$(POD_NAME),k8s.pod.uid=$(POD_UID),service.instance.id=$(POD_UID) +{{- if .Values.otel.endpoint }} + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: {{ .Values.otel.endpoint | quote }} +{{- end }} + envFrom: + - configMapRef: + name: {{ .Values.ateApiServerEnvVarsConfigMap }} + optional: true + volumeMounts: +{{- if eq .Values.auth.mode "mtls" }} + - { name: servicedns, mountPath: /run/servicedns.podcert.ate.dev } + - { name: session-id-jwt-pool, mountPath: /run/session-id-jwt-pool } + - { name: valkey-ca-certs, mountPath: /etc/valkey-ca, readOnly: true } + - { name: session-id-ca-pool, mountPath: /run/session-id-ca-pool, readOnly: true } + - { name: workerpool-ca-certs, mountPath: /run/workerpool-ca-certs, readOnly: true } +{{- else }} + - { name: ateapi-tls, mountPath: /run/ateapi-tls, readOnly: true } + - { name: session-id-jwt-pool, mountPath: /run/session-id-jwt-pool } + - { name: session-id-ca-pool, mountPath: /run/session-id-ca-pool, readOnly: true } +{{- end }} + ports: + - containerPort: 443 + - name: prometheus + containerPort: 9090 + readinessProbe: + httpGet: + path: /readyz + port: 9090 + initialDelaySeconds: 5 + periodSeconds: 2 + volumes: +{{- if eq .Values.auth.mode "mtls" }} + - name: servicedns + projected: + sources: + - podCertificate: + signerName: servicedns.podcert.ate.dev/identity + keyType: ECDSAP256 + credentialBundlePath: credential-bundle.pem + - name: session-id-jwt-pool + projected: + sources: + - secret: + name: session-id-jwt-pool + items: + - { key: pool, path: pool.json } + - name: valkey-ca-certs + projected: + sources: + - secret: + name: valkey-ca-certs + items: + - { key: ca.crt, path: ca.crt } + - name: session-id-ca-pool + projected: + sources: + - secret: + name: session-id-ca-pool + items: + - { key: pool, path: pool.json } + - name: workerpool-ca-certs + projected: + sources: + - clusterTrustBundle: + signerName: podidentity.podcert.ate.dev/identity + labelSelector: + matchLabels: + podcert.ate.dev/canarying: live + path: trust-bundle.pem +{{- else }} + - name: ateapi-tls-src + secret: + secretName: {{ .Values.auth.jwt.serverCertSecret }} + - name: ateapi-tls + emptyDir: {} + - name: session-id-jwt-pool + projected: + sources: + - secret: + name: session-id-jwt-pool + items: + - { key: pool, path: pool.json } + - name: session-id-ca-pool + projected: + sources: + - secret: + name: session-id-ca-pool + items: + - { key: pool, path: pool.json } +{{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "substrate.fullname" (list "api" .) }} + namespace: {{ .Release.Namespace }} +spec: + type: ClusterIP + selector: + app: ate-api-server + ports: + - name: grpc + protocol: TCP + port: 443 + targetPort: 443 diff --git a/charts/substrate/templates/ate-controller.yaml b/charts/substrate/templates/ate-controller.yaml new file mode 100644 index 000000000..5c403837c --- /dev/null +++ b/charts/substrate/templates/ate-controller.yaml @@ -0,0 +1,102 @@ +{{/* +Copyright 2026 Google LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "substrate.fullname" (list "ate-controller" .) }} + namespace: {{ .Release.Namespace }} + labels: + apps: ate-controller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "substrate.fullname" (list "ate-controller" .) }} +subjects: +- kind: ServiceAccount + name: {{ include "substrate.fullname" (list "ate-controller" .) }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "substrate.fullname" (list "ate-controller" .) }} + apiGroup: rbac.authorization.k8s.io +--- +kind: Service +apiVersion: v1 +metadata: + name: {{ include "substrate.fullname" (list "ate-controller" .) }} + namespace: {{ .Release.Namespace }} + labels: + app: ate-controller +spec: + selector: + app: ate-controller + ports: + - name: metrics + port: 8080 + targetPort: metrics + protocol: TCP +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ include "substrate.fullname" (list "ate-controller" .) }} + namespace: {{ .Release.Namespace }} +spec: + replicas: 1 + selector: + matchLabels: + app: ate-controller + template: + metadata: + labels: + app: ate-controller + spec: + serviceAccountName: {{ include "substrate.fullname" (list "ate-controller" .) }} + containers: + - name: ate-controller + image: {{ include "substrate.componentImage" (list "atecontroller" .) }} +{{- if eq .Values.auth.mode "jwt" }} + args: + - "--ateapi-auth=jwt" + - "--ateapi-ca-file=/run/ateapi-ca/ca.crt" + - "--ateapi-server-name={{ include "substrate.fullname" (list "api" .) }}.{{ .Release.Namespace }}.svc" + - "--ateapi-token-file=/var/run/secrets/tokens/ateapi/token" +{{- end }} + ports: + - name: metrics + containerPort: 8080 + protocol: TCP + - name: healthz + containerPort: 8081 + protocol: TCP +{{- if eq .Values.auth.mode "jwt" }} + volumeMounts: + - { name: ateapi-ca, mountPath: /run/ateapi-ca, readOnly: true } + - { name: ateapi-token, mountPath: /var/run/secrets/tokens/ateapi, readOnly: true } + volumes: + - name: ateapi-ca + configMap: + name: {{ .Values.auth.jwt.caBundleConfigMap }} + - name: ateapi-token + projected: + sources: + - serviceAccountToken: + audience: {{ .Values.auth.jwt.audience }} + expirationSeconds: 3600 + path: token +{{- end }} diff --git a/charts/substrate/templates/atelet.yaml b/charts/substrate/templates/atelet.yaml new file mode 100644 index 000000000..10a13f505 --- /dev/null +++ b/charts/substrate/templates/atelet.yaml @@ -0,0 +1,117 @@ +{{/* +Copyright 2026 Google LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# atelet — identical across auth modes (does not dial ateapi). +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "substrate.fullname" (list "atelet" .) }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "substrate.fullname" (list "atelet-role" .) }} +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "watch", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "substrate.fullname" (list "atelet-binding" .) }} +subjects: +- kind: ServiceAccount + name: {{ include "substrate.fullname" (list "atelet" .) }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "substrate.fullname" (list "atelet-role" .) }} + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "substrate.fullname" (list "atelet" .) }} + namespace: {{ .Release.Namespace }} + labels: + app: atelet +spec: + selector: + matchLabels: + app: atelet + template: + metadata: + labels: + app: atelet + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9090" + spec: + serviceAccountName: {{ include "substrate.fullname" (list "atelet" .) }} + containers: + - name: atelet + image: {{ include "substrate.componentImage" (list "atelet" .) }} + args: + - --gcp-auth-for-image-pulls={{ .Values.atelet.gcpAuthForImagePulls }} +{{- with .Values.atelet.extraArgs }} +{{ toYaml . | indent 8 }} +{{- end }} + securityContext: + privileged: true + env: + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName +{{- if .Values.otel.endpoint }} + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: {{ .Values.otel.endpoint | quote }} +{{- end }} + - name: ATE_STORAGE_BACKEND + value: {{ .Values.atelet.storageBackend | quote }} +{{- if .Values.rustfs.enabled }} + - name: AWS_REGION + value: us-east-1 + - name: AWS_ENDPOINT_URL + value: http://{{ include "substrate.fullname" (list "rustfs" .) }}.{{ .Release.Namespace }}.svc:9000 + - name: AWS_S3_USE_PATH_STYLE + value: "true" + - name: AWS_ACCESS_KEY_ID + value: {{ .Values.rustfs.accessKey | quote }} + - name: AWS_SECRET_ACCESS_KEY + value: {{ .Values.rustfs.secretKey | quote }} +{{- end }} +{{- with .Values.atelet.extraEnv }} +{{ toYaml . | indent 8 }} +{{- end }} + ports: + - name: grpc + containerPort: 8085 + hostPort: 8085 + - name: prometheus + containerPort: 9090 + hostPort: 9090 + protocol: TCP + volumeMounts: + - name: run-ateom + mountPath: /var/lib/ateom-gvisor + volumes: + - name: run-ateom + hostPath: + path: /var/lib/ateom-gvisor + type: DirectoryOrCreate diff --git a/charts/substrate/templates/atenet-dns.yaml b/charts/substrate/templates/atenet-dns.yaml new file mode 100644 index 000000000..0838d2c0b --- /dev/null +++ b/charts/substrate/templates/atenet-dns.yaml @@ -0,0 +1,177 @@ +{{/* +Copyright 2026 Google LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# atenet-dns — identical across auth modes (does not dial ateapi). +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "substrate.fullname" (list "atenet-dns" .) }} + namespace: {{ .Release.Namespace }} + labels: + app: dns +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "substrate.fullname" (list "atenet-dns" .) }} + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: [""] + resources: ["services"] + verbs: ["get", "list", "watch"] +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch", "create", "update", "patch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "substrate.fullname" (list "atenet-dns" .) }} + namespace: {{ .Release.Namespace }} +subjects: +- kind: ServiceAccount + name: {{ include "substrate.fullname" (list "atenet-dns" .) }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ include "substrate.fullname" (list "atenet-dns" .) }} + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "substrate.fullname" (list "atenet-dns" .) }} + namespace: kube-system +rules: +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch", "create", "update", "patch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "substrate.fullname" (list "atenet-dns" .) }} + namespace: kube-system +subjects: +- kind: ServiceAccount + name: {{ include "substrate.fullname" (list "atenet-dns" .) }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ include "substrate.fullname" (list "atenet-dns" .) }} + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "substrate.fullname" (list "dns" .) }} + namespace: {{ .Release.Namespace }} + labels: + app: dns +spec: + replicas: 1 + selector: + matchLabels: + app: dns + template: + metadata: + labels: + app: dns + spec: + serviceAccountName: {{ include "substrate.fullname" (list "atenet-dns" .) }} + shareProcessNamespace: true + initContainers: + - name: init-dns + image: {{ .Values.images.busybox }} + command: ["sh", "-c"] + args: + - | + cat <<'EOF' > /etc/coredns/Corefile + .:53 { + errors + health :8080 + ready :8181 + reload + } + EOF + volumeMounts: + - name: dns-config-volume + mountPath: /etc/coredns + containers: + - name: coredns + image: {{ .Values.images.coredns }} + imagePullPolicy: IfNotPresent + args: [ "-conf", "/etc/coredns/Corefile" ] + volumeMounts: + - name: dns-config-volume + mountPath: /etc/coredns + ports: + - name: dns + containerPort: 53 + protocol: UDP + - name: dns-tcp + containerPort: 53 + protocol: TCP + livenessProbe: + httpGet: + path: /health + port: 8080 + scheme: HTTP + initialDelaySeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + readinessProbe: + httpGet: + path: /ready + port: 8181 + scheme: HTTP + initialDelaySeconds: 5 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + - name: dns-controller + image: {{ include "substrate.componentImage" (list "atenet" .) }} + args: + - "dns" + - "--log-level=debug" + - "--interval=10s" + - "--corefile-path=/etc/coredns/Corefile" + volumeMounts: + - name: dns-config-volume + mountPath: /etc/coredns + volumes: + - name: dns-config-volume + emptyDir: {} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "substrate.fullname" (list "dns" .) }} + namespace: {{ .Release.Namespace }} + labels: + app: dns +spec: + selector: + app: dns + type: ClusterIP + ports: + - name: dns + port: 53 + protocol: UDP + - name: dns-tcp + port: 53 + protocol: TCP diff --git a/charts/substrate/templates/atenet-router.yaml b/charts/substrate/templates/atenet-router.yaml new file mode 100644 index 000000000..01536184a --- /dev/null +++ b/charts/substrate/templates/atenet-router.yaml @@ -0,0 +1,270 @@ +{{/* +Copyright 2026 Google LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "substrate.fullname" (list "atenet-router" .) }} + namespace: {{ .Release.Namespace }} + labels: + app: atenet-router +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "substrate.fullname" (list "atenet-router" .) }} +rules: +- apiGroups: + - "ate.dev" + resources: + - actortemplates + verbs: + - get + - watch + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "substrate.fullname" (list "atenet-router" .) }} +subjects: +- kind: ServiceAccount + name: {{ include "substrate.fullname" (list "atenet-router" .) }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "substrate.fullname" (list "atenet-router" .) }} + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "substrate.fullname" (list "atenet-router-agentgateway-config" .) }} + namespace: {{ .Release.Namespace }} +data: + config.yaml: | + # yaml-language-server: $schema=https://agentgateway.dev/schema/config + config: + adminAddr: "127.0.0.1:15000" + readinessAddr: "0.0.0.0:15021" + statsAddr: "0.0.0.0:15020" + binds: + - port: 8080 + listeners: + - name: http + protocol: HTTP + routes: + - name: substrate-http + matches: + - path: + pathPrefix: / + policies: + extProc: + host: "127.0.0.1:50051" + failureMode: failClosed + processingOptions: + requestBodyMode: none + responseBodyMode: none + requestHeaderMode: send + responseHeaderMode: skip + requestTrailerMode: skip + responseTrailerMode: skip + backends: + - dynamic: {} + - port: 8443 + listeners: + - name: https + protocol: HTTPS + tls: +{{ if eq .Values.auth.mode "mtls" }} + cert: "/run/servicedns.podcert.ate.dev/cert.pem" + key: "/run/servicedns.podcert.ate.dev/key.pem" +{{ else }} + cert: "/run/agentgateway-tls/tls.crt" + key: "/run/agentgateway-tls/tls.key" +{{ end }} + routes: + - name: substrate-https + matches: + - path: + pathPrefix: / + policies: + extProc: + host: "127.0.0.1:50051" + failureMode: failClosed + processingOptions: + requestBodyMode: none + responseBodyMode: none + requestHeaderMode: send + responseHeaderMode: skip + requestTrailerMode: skip + responseTrailerMode: skip + backends: + - dynamic: {} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "substrate.fullname" (list "atenet-router" .) }} + namespace: {{ .Release.Namespace }} + labels: + app: atenet-router +spec: + replicas: 1 + selector: + matchLabels: + app: atenet-router + template: + metadata: + labels: + app: atenet-router + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9090" + spec: + serviceAccountName: {{ include "substrate.fullname" (list "atenet-router" .) }} + containers: + - name: atenet-router + image: {{ include "substrate.componentImage" (list "atenet" .) }} + args: + - "router" + - "--standalone" + - "--networking-mode=agentgateway" + - "--namespace={{ .Release.Namespace }}" + - "--port-http=8080" + - "--port-extproc=50051" + - "--extproc-address=127.0.0.1" + - "--ateapi-address={{ include "substrate.fullname" (list "api" .) }}.{{ .Release.Namespace }}.svc:443" +{{- if eq .Values.auth.mode "jwt" }} + - "--ateapi-auth=jwt" + - "--ateapi-ca-file=/run/ateapi-ca/ca.crt" + - "--ateapi-server-name={{ include "substrate.fullname" (list "api" .) }}.{{ .Release.Namespace }}.svc" + - "--ateapi-token-file=/var/run/secrets/tokens/ateapi/token" +{{- end }} + - "--status-port=4040" + - "--port-https=8443" + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + - name: OTEL_RESOURCE_ATTRIBUTES + value: k8s.namespace.name=$(POD_NAMESPACE),k8s.pod.name=$(POD_NAME),k8s.pod.uid=$(POD_UID),service.instance.id=$(POD_UID) +{{- if .Values.otel.endpoint }} + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: {{ .Values.otel.endpoint | quote }} +{{- end }} + ports: + - name: extproc + containerPort: 50051 + - name: status + containerPort: 4040 + - name: metrics + containerPort: 9090 +{{- if eq .Values.auth.mode "jwt" }} + volumeMounts: + - name: ateapi-ca + mountPath: /run/ateapi-ca + readOnly: true + - name: ateapi-token + mountPath: /var/run/secrets/tokens/ateapi + readOnly: true +{{- end }} + - name: agentgateway + image: {{ .Values.images.agentgateway }} + args: + - "-f" + - "/etc/agentgateway/config.yaml" + ports: + - name: http + containerPort: 8080 + - name: https + containerPort: 8443 + - name: readiness + containerPort: 15021 + - name: gw-metrics + containerPort: 15020 + volumeMounts: + - name: agentgateway-config + mountPath: /etc/agentgateway +{{- if eq .Values.auth.mode "mtls" }} + - name: "servicedns" + mountPath: "/run/servicedns.podcert.ate.dev" +{{- else }} + - name: agentgateway-tls + mountPath: /run/agentgateway-tls + readOnly: true +{{- end }} + readinessProbe: + httpGet: + path: /healthz/ready + port: readiness + periodSeconds: 10 + volumes: + - name: agentgateway-config + configMap: + name: {{ include "substrate.fullname" (list "atenet-router-agentgateway-config" .) }} +{{- if eq .Values.auth.mode "mtls" }} + - name: "servicedns" + projected: + sources: + - podCertificate: + signerName: servicedns.podcert.ate.dev/identity + keyType: ECDSAP256 + certificateChainPath: cert.pem + keyPath: key.pem +{{- else }} + - name: agentgateway-tls + secret: + secretName: {{ .Values.auth.jwt.serverCertSecret }} + - name: ateapi-ca + configMap: + name: {{ .Values.auth.jwt.caBundleConfigMap }} + - name: ateapi-token + projected: + sources: + - serviceAccountToken: + audience: {{ .Values.auth.jwt.audience }} + expirationSeconds: 3600 + path: token +{{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "substrate.fullname" (list "atenet-router" .) }} + namespace: {{ .Release.Namespace }} +spec: + type: ClusterIP + selector: + app: atenet-router + ports: + - name: http + port: 80 + targetPort: 8080 + protocol: TCP + - name: https + port: 443 + targetPort: 8443 + protocol: TCP diff --git a/charts/substrate/templates/jwt-bootstrap.yaml b/charts/substrate/templates/jwt-bootstrap.yaml new file mode 100644 index 000000000..e3299fe08 --- /dev/null +++ b/charts/substrate/templates/jwt-bootstrap.yaml @@ -0,0 +1,73 @@ +{{/* +Copyright 2026 Google LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and (eq .Values.auth.mode "jwt") .Values.auth.jwt.bootstrap.enabled }} +{{- $apiName := include "substrate.fullname" (list "api" .) }} +{{- $routerName := include "substrate.fullname" (list "atenet-router" .) }} +{{- $apiHost := printf "%s.%s.svc" $apiName .Release.Namespace }} +{{- $ca := genCA (printf "%s-ca" $apiName) 3650 }} +{{- $serverCert := genSignedCert $apiHost nil (list $apiHost (printf "%s.%s.svc.cluster.local" $apiName .Release.Namespace) (printf "%s.%s.svc" $routerName .Release.Namespace)) 365 $ca }} +{{- $sessionJWTKey := genPrivateKey "ecdsa" }} +{{- $sessionCA := genCA "session-id-ca" 3650 }} +{{- if .Values.auth.jwt.bootstrap.serverCert.enabled }} +{{- $existingTLS := lookup "v1" "Secret" .Release.Namespace .Values.auth.jwt.serverCertSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.auth.jwt.serverCertSecret }} + namespace: {{ .Release.Namespace }} +type: kubernetes.io/tls +data: + tls.crt: {{ if $existingTLS }}{{ index $existingTLS.data "tls.crt" }}{{ else }}{{ $serverCert.Cert | b64enc }}{{ end }} + tls.key: {{ if $existingTLS }}{{ index $existingTLS.data "tls.key" }}{{ else }}{{ $serverCert.Key | b64enc }}{{ end }} +--- +{{- $existingCA := lookup "v1" "ConfigMap" .Release.Namespace .Values.auth.jwt.caBundleConfigMap }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.auth.jwt.caBundleConfigMap }} + namespace: {{ .Release.Namespace }} +data: + ca.crt: | +{{- if $existingCA }} +{{ index $existingCA.data "ca.crt" | nindent 4 }} +{{- else }} +{{ $ca.Cert | nindent 4 }} +{{- end }} +{{- end }} +{{- if .Values.auth.jwt.bootstrap.sessionPools.enabled }} +--- +{{- $existingJWTSecret := lookup "v1" "Secret" .Release.Namespace "session-id-jwt-pool" }} +apiVersion: v1 +kind: Secret +metadata: + name: session-id-jwt-pool + namespace: {{ .Release.Namespace }} +type: Opaque +data: + pool: {{ if $existingJWTSecret }}{{ index $existingJWTSecret.data "pool" }}{{ else }}{{ dict "Authorities" (list (dict "ID" "1" "Algorithm" "ES256" "SigningKeyPEM" $sessionJWTKey)) | toJson | b64enc }}{{ end }} +--- +{{- $existingCASecret := lookup "v1" "Secret" .Release.Namespace "session-id-ca-pool" }} +apiVersion: v1 +kind: Secret +metadata: + name: session-id-ca-pool + namespace: {{ .Release.Namespace }} +type: Opaque +data: + pool: {{ if $existingCASecret }}{{ index $existingCASecret.data "pool" }}{{ else }}{{ dict "CAs" (list (dict "ID" "1" "SigningKeyPEM" $sessionCA.Key "RootCertificatePEM" $sessionCA.Cert)) | toJson | b64enc }}{{ end }} +{{- end }} +{{- end }} diff --git a/charts/substrate/templates/jwt-oidc-rbac.yaml b/charts/substrate/templates/jwt-oidc-rbac.yaml new file mode 100644 index 000000000..a9fd499e9 --- /dev/null +++ b/charts/substrate/templates/jwt-oidc-rbac.yaml @@ -0,0 +1,42 @@ +{{/* +Copyright 2026 Google LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if eq .Values.auth.mode "jwt" }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "substrate.fullname" (list "oidc-discovery-viewer" .) }} +rules: +- nonResourceURLs: + - /.well-known/openid-configuration + - /openid/v1/jwks + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "substrate.fullname" (list "oidc-discovery-viewer" .) }} +subjects: +- kind: ServiceAccount + name: {{ include "substrate.fullname" (list "ate-api-server" .) }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "substrate.fullname" (list "oidc-discovery-viewer" .) }} + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/charts/substrate/templates/namespace.yaml b/charts/substrate/templates/namespace.yaml new file mode 100644 index 000000000..63401c00d --- /dev/null +++ b/charts/substrate/templates/namespace.yaml @@ -0,0 +1,23 @@ +{{/* +Copyright 2026 Google LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- include "substrate.validateAuthMode" . -}} +{{- if .Values.createNamespace }} +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/substrate/templates/pod-certificate-controller.yaml b/charts/substrate/templates/pod-certificate-controller.yaml new file mode 100644 index 000000000..3aaaa9df9 --- /dev/null +++ b/charts/substrate/templates/pod-certificate-controller.yaml @@ -0,0 +1,200 @@ +{{/* +Copyright 2026 Google LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if eq .Values.auth.mode "mtls" -}} +apiVersion: v1 +kind: Namespace +metadata: + name: podcertificate-controller-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "substrate.fullname" (list "podcert-ate-dev-signer" .) }} +rules: +# The service signer needs to be able to read services and pods. +- apiGroups: + - "" + resources: + - services + - pods + verbs: + - get + - list + - watch +- apiGroups: + - certificates.k8s.io + resources: + - podcertificaterequests + verbs: + - get + - list + - watch + - update +- apiGroups: + - certificates.k8s.io + resources: + - clustertrustbundles + verbs: + - create + - get + - list + - watch + - update + - delete +- apiGroups: + - certificates.k8s.io + resources: + - podcertificaterequests/status + verbs: + - update +- apiGroups: + - certificates.k8s.io + resources: + - signers + resourceNames: + - servicedns.podcert.ate.dev/* + - podidentity.podcert.ate.dev/* + verbs: + - sign + - attest +- apiGroups: + - events.k8s.io + resources: + - events + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "substrate.fullname" (list "podcert-ate-dev-signer" .) }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "substrate.fullname" (list "podcert-ate-dev-signer" .) }} +subjects: +- kind: ServiceAccount + namespace: podcertificate-controller-system + name: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: podcertificate-controller-system + name: coordinator +rules: +- apiGroups: + - "coordination.k8s.io" + resources: + - "leases" + verbs: + - create + - get + - list + - watch + - update + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: podcertificate-controller-is-a-coordinator + namespace: podcertificate-controller-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coordinator +subjects: +- kind: ServiceAccount + namespace: podcertificate-controller-system + name: default +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: podcertificate-controller + namespace: podcertificate-controller-system + labels: + app: podcertificate-controller +spec: + replicas: 1 + selector: + matchLabels: + app: podcertificate-controller + template: + metadata: + labels: + app: podcertificate-controller + spec: + containers: + - name: controller + image: {{ include "substrate.componentImage" (list "podcertcontroller" .) }} + args: + - --in-cluster=true + - --sharding-pod-namespace=$(POD_NAMESPACE) + - --sharding-pod-name=$(POD_NAME) + - --sharding-pod-uid=$(POD_UID) + - --sharding-application-name=podcertificate-controller + - --service-dns-ca-pool=/run/ca-state/service-dns-pool.json + - --pod-identity-ca-pool=/run/ca-state/pod-identity-pool.json + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + volumeMounts: + - name: "ca-state" + mountPath: "/run/ca-state" + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + readOnlyRootFilesystem: true + volumes: + - name: "ca-state" + projected: + sources: + - secret: + name: "service-dns-ca-pool" + items: + - key: "pool" + path: "service-dns-pool.json" + - secret: + name: "pod-identity-ca-pool" + items: + - key: "pool" + path: "pod-identity-pool.json" + dnsPolicy: Default + nodeSelector: + kubernetes.io/os: linux + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccountName: default + terminationGracePeriodSeconds: 30 +{{- end }} diff --git a/manifests/ate-install/generated/role.yaml b/charts/substrate/templates/role.yaml similarity index 95% rename from manifests/ate-install/generated/role.yaml rename to charts/substrate/templates/role.yaml index 7341d28dd..8e3f7117d 100644 --- a/manifests/ate-install/generated/role.yaml +++ b/charts/substrate/templates/role.yaml @@ -16,7 +16,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: ate-controller + name: {{ include "substrate.fullname" (list "ate-controller" .) }} rules: - apiGroups: - "" diff --git a/charts/substrate/templates/rustfs.yaml b/charts/substrate/templates/rustfs.yaml new file mode 100644 index 000000000..edaad3cfa --- /dev/null +++ b/charts/substrate/templates/rustfs.yaml @@ -0,0 +1,137 @@ +{{/* +Copyright 2026 Google LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.rustfs.enabled -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "substrate.fullname" (list "rustfs-data" .) }} + namespace: {{ .Release.Namespace }} +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.rustfs.storageSize }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "substrate.fullname" (list "rustfs" .) }} + namespace: {{ .Release.Namespace }} +spec: + selector: + app: rustfs + ports: + - name: api + port: 9000 + targetPort: 9000 + - name: console + port: 9001 + targetPort: 9001 + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "substrate.fullname" (list "rustfs" .) }} + namespace: {{ .Release.Namespace }} +spec: + replicas: 1 + selector: + matchLabels: + app: rustfs + template: + metadata: + labels: + app: rustfs + spec: + securityContext: + runAsUser: 10001 + runAsGroup: 10001 + fsGroup: 10001 + containers: + - name: rustfs + image: {{ .Values.images.rustfs }} + imagePullPolicy: IfNotPresent + ports: + - containerPort: 9000 + name: api + - containerPort: 9001 + name: console + env: + - name: RUSTFS_ADDRESS + value: ":9000" + - name: RUSTFS_CONSOLE_ADDRESS + value: ":9001" + - name: RUSTFS_CONSOLE_ENABLE + value: "true" + - name: RUSTFS_VOLUMES + value: "/data" + - name: RUSTFS_ACCESS_KEY + value: {{ .Values.rustfs.accessKey | quote }} + - name: RUSTFS_SECRET_KEY + value: {{ .Values.rustfs.secretKey | quote }} + volumeMounts: + - name: data + mountPath: /data + volumes: + - name: data + persistentVolumeClaim: + claimName: {{ include "substrate.fullname" (list "rustfs-data" .) }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "substrate.fullname" (list "rustfs-bucket-init" .) }} + namespace: {{ .Release.Namespace }} +spec: + backoffLimit: 10 + template: + spec: + restartPolicy: OnFailure + containers: + - name: create-bucket + image: {{ .Values.images.awsCli }} + env: + - name: AWS_ACCESS_KEY_ID + value: {{ .Values.rustfs.accessKey | quote }} + - name: AWS_SECRET_ACCESS_KEY + value: {{ .Values.rustfs.secretKey | quote }} + - name: AWS_REGION + value: us-east-1 + - name: AWS_ENDPOINT_URL + value: http://{{ include "substrate.fullname" (list "rustfs" .) }}.{{ .Release.Namespace }}.svc:9000 + command: + - /bin/sh + - -c + - | + set -e + for i in $(seq 1 60); do + if aws s3api head-bucket --bucket {{ .Values.rustfs.bucket }} 2>/dev/null; then + echo "bucket {{ .Values.rustfs.bucket }} already exists" + exit 0 + fi + if aws s3api create-bucket --bucket {{ .Values.rustfs.bucket }} 2>/dev/null; then + echo "bucket {{ .Values.rustfs.bucket }} created" + exit 0 + fi + echo "waiting for rustfs to become available... ($i/60)" + sleep 2 + done + echo "timed out waiting for rustfs" + exit 1 +{{- end }} diff --git a/charts/substrate/templates/valkey.yaml b/charts/substrate/templates/valkey.yaml new file mode 100644 index 000000000..b8233eea9 --- /dev/null +++ b/charts/substrate/templates/valkey.yaml @@ -0,0 +1,253 @@ +{{/* +Copyright 2026 Google LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.valkey.enabled -}} +{{- $sts := include "substrate.fullname" (list "valkey-cluster" .) -}} +{{- $headless := include "substrate.fullname" (list "valkey-cluster-service" .) -}} +{{- $ns := .Release.Namespace -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "substrate.fullname" (list "valkey-config" .) }} + namespace: {{ .Release.Namespace }} +data: + valkey.conf: | +{{- if eq .Values.auth.mode "mtls" }} + # Enforce TLS and disable standard port + port 0 + tls-port 6379 + tls-cluster yes + tls-replication yes + + # Load certificates from projected volume + tls-cert-file /run/servicedns.podcert.ate.dev/credential-bundle.pem + tls-key-file /run/servicedns.podcert.ate.dev/credential-bundle.pem + tls-ca-cert-file /etc/valkey-ca/ca.crt + tls-auth-clients yes + + # Enable cluster mode +{{- else }} + # Plaintext: serve on the standard port, no TLS. + port 6379 + +{{- end }} + cluster-enabled yes + cluster-config-file nodes.conf + cluster-node-timeout 5000 + appendonly yes + protected-mode no +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ $headless }} + namespace: {{ .Release.Namespace }} +spec: + clusterIP: None + selector: + app: valkey-cluster + ports: + - name: valkey + port: 6379 + targetPort: 6379 + - name: bus + port: 16379 + targetPort: 16379 +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ $sts }} + namespace: {{ .Release.Namespace }} +spec: + selector: + app: valkey-cluster + ports: + - name: valkey + port: 6379 + targetPort: 6379 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ $sts }} + namespace: {{ .Release.Namespace }} +spec: + serviceName: {{ $headless }} + replicas: {{ .Values.valkey.replicas }} + podManagementPolicy: Parallel + selector: + matchLabels: + app: valkey-cluster + template: + metadata: + labels: + app: valkey-cluster + spec: + containers: + - name: valkey + image: {{ .Values.images.valkey }} + command: ["valkey-server", "/etc/valkey/valkey.conf"] + ports: + - name: valkey + containerPort: 6379 + - name: bus + containerPort: 16379 + volumeMounts: + - name: config + mountPath: /etc/valkey +{{- if eq .Values.auth.mode "mtls" }} + - name: servicedns + mountPath: /run/servicedns.podcert.ate.dev + - name: valkey-ca-certs + mountPath: /etc/valkey-ca + readOnly: true +{{- end }} + - name: data + mountPath: /data + volumes: + - name: config + configMap: + name: {{ include "substrate.fullname" (list "valkey-config" .) }} +{{- if eq .Values.auth.mode "mtls" }} + - name: servicedns + projected: + sources: + - podCertificate: + signerName: servicedns.podcert.ate.dev/identity + keyType: ECDSAP256 + credentialBundlePath: credential-bundle.pem + - name: valkey-ca-certs + projected: + sources: + - secret: + name: valkey-ca-certs + items: + - key: ca.crt + path: ca.crt +{{- end }} + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: {{ .Values.valkey.storageSize }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "substrate.fullname" (list "valkey-cluster-init" .) }} + namespace: {{ .Release.Namespace }} +spec: + template: + metadata: + labels: + app: valkey-cluster-init + spec: + restartPolicy: OnFailure + containers: + - name: init + image: {{ .Values.images.valkey }} +{{- if eq .Values.auth.mode "mtls" }} + volumeMounts: + - name: servicedns + mountPath: /run/servicedns.podcert.ate.dev + - name: valkey-ca-certs + mountPath: /etc/valkey-ca + readOnly: true +{{- end }} + command: + - /bin/sh + - -c + - | + set -e + echo "Waiting for all Valkey pods to resolve..." + for i in 0 1 2 3 4 5; do + until getent hosts {{ $sts }}-${i}.{{ $headless }}.{{ $ns }}.svc >/dev/null 2>&1; do + echo "Waiting for {{ $sts }}-${i} DNS..." + sleep 2 + done + done + + echo "All pods resolved. Getting IPs..." + POD_IPS="" + for i in 0 1 2 3 4 5; do + ip=$(getent hosts {{ $sts }}-${i}.{{ $headless }}.{{ $ns }}.svc | awk '{print $1}') + POD_IPS="${POD_IPS} ${ip}:6379" + done + + echo "Checking if Valkey cluster is already initialized..." +{{- if eq .Values.auth.mode "mtls" }} + until valkey-cli --tls --cacert /etc/valkey-ca/ca.crt --cert /run/servicedns.podcert.ate.dev/credential-bundle.pem --key /run/servicedns.podcert.ate.dev/credential-bundle.pem -h {{ $sts }}-0.{{ $headless }}.{{ $ns }}.svc ping >/dev/null 2>&1; do + echo "Waiting for {{ $sts }}-0 to respond to ping..." + sleep 2 + done + + INIT_STATUS=$(valkey-cli --tls --cacert /etc/valkey-ca/ca.crt --cert /run/servicedns.podcert.ate.dev/credential-bundle.pem --key /run/servicedns.podcert.ate.dev/credential-bundle.pem -h {{ $sts }}-0.{{ $headless }}.{{ $ns }}.svc cluster info 2>/dev/null | grep cluster_state || true) + + if [ -z "${INIT_STATUS}" ] || ! echo "${INIT_STATUS}" | grep -q "cluster_state:ok"; then + echo "Initializing Valkey cluster..." + valkey-cli --tls \ + --cacert /etc/valkey-ca/ca.crt \ + --cert /run/servicedns.podcert.ate.dev/credential-bundle.pem \ + --key /run/servicedns.podcert.ate.dev/credential-bundle.pem \ + --cluster create ${POD_IPS} \ + --cluster-replicas 1 \ + --cluster-yes + echo "Cluster initialization complete!" + else + echo "Cluster already initialized." + fi +{{- else }} + until valkey-cli -h {{ $sts }}-0.{{ $headless }}.{{ $ns }}.svc -p 6379 ping >/dev/null 2>&1; do + echo "Waiting for {{ $sts }}-0 to respond to ping..." + sleep 2 + done + + INIT_STATUS=$(valkey-cli -h {{ $sts }}-0.{{ $headless }}.{{ $ns }}.svc -p 6379 cluster info 2>/dev/null | grep cluster_state || true) + + if [ -z "${INIT_STATUS}" ] || ! echo "${INIT_STATUS}" | grep -q "cluster_state:ok"; then + echo "Initializing Valkey cluster..." + valkey-cli \ + --cluster create ${POD_IPS} \ + --cluster-replicas 1 \ + --cluster-yes + echo "Cluster initialization complete!" + else + echo "Cluster already initialized." + fi +{{- end }} +{{- if eq .Values.auth.mode "mtls" }} + volumes: + - name: servicedns + projected: + sources: + - podCertificate: + signerName: servicedns.podcert.ate.dev/identity + keyType: ECDSAP256 + credentialBundlePath: credential-bundle.pem + - name: valkey-ca-certs + projected: + sources: + - secret: + name: valkey-ca-certs + items: + - key: ca.crt + path: ca.crt +{{- end }} +{{- end }} diff --git a/charts/substrate/values.yaml b/charts/substrate/values.yaml new file mode 100644 index 000000000..7d6ed8bd8 --- /dev/null +++ b/charts/substrate/values.yaml @@ -0,0 +1,126 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for the substrate chart. +# +# The chart supports two installation modes via `auth.mode`: +# +# - "jwt" (default): No PodCertificateRequest / ClusterTrustBundle usage. Server +# certs and session signing pools are generated by the chart by default, +# and can be disabled when you want to provide your own key material. +# Clients authenticate to ateapi with a projected Kubernetes ServiceAccount +# token. Valkey runs plaintext. +# +# - "mtls": Server certs are issued by the in-cluster podcertcontroller via +# PodCertificateRequest + projected into pods via the ClusterTrustBundle / +# podCertificate projection sources. Valkey runs with full TLS + +# client-cert verification. REQUIRES the off-by-default Kubernetes feature +# gates: +# ClusterTrustBundle, ClusterTrustBundleProjection, PodCertificateRequest +# and the v1beta1 certificates API. + +auth: + mode: jwt # jwt | mtls + + jwt: + # OIDC issuer URL the cluster uses to mint SA tokens. The default matches + # stock kind/kubeadm-style clusters. Override this for managed clusters + # whose service account issuer is provider-specific. Examples: + # GKE: https://container.googleapis.com/v1/projects//locations//clusters/ + # kind: https://kubernetes.default.svc.cluster.local + # EKS: https://oidc.eks..amazonaws.com/id/ + issuer: https://kubernetes.default.svc.cluster.local + + # Audience SA tokens are minted for, and that ateapi expects. + audience: api.ate-system.svc + + bootstrap: + # Generate JWT-mode TLS and session-signing key material with Helm. + # Existing generated resources are reused on upgrade via lookup. + enabled: true + serverCert: + enabled: true + sessionPools: + enabled: true + + # Name of a kubernetes.io/tls Secret in the release namespace, with keys + # tls.crt and tls.key. Created by the chart when + # auth.jwt.bootstrap.serverCert.enabled=true. + serverCertSecret: ateapi-tls + + # Name of a ConfigMap in the release namespace with key "ca.crt" holding + # the CA(s) that signed serverCertSecret. Clients mount it to verify the + # ateapi server certificate. Created by the chart when + # auth.jwt.bootstrap.serverCert.enabled=true. + caBundleConfigMap: ateapi-ca + +# Set to true to have the chart create the release namespace. +# Off by default — most helm workflows expect the namespace to already exist +# (helm install -n --create-namespace). Enable for the generated +# manifests/ate-install/ install path (kubectl apply). +createNamespace: false + +valkey: + enabled: true + replicas: 6 + storageSize: 1Gi + +rustfs: + enabled: true + storageSize: 1Gi + bucket: ate-snapshots + accessKey: rustfsadmin + secretKey: rustfsadmin + +# atelet daemonset overrides. Defaults use the in-cluster RustFS deployment for +# snapshots. Set rustfs.enabled=false and override these fields when using +# external storage. +# extraArgs / extraEnv are appended verbatim for installer-specific knobs +# (e.g. registry replacement for kind). +atelet: + gcpAuthForImagePulls: false + storageBackend: s3 + extraArgs: [] + extraEnv: [] + +redis: + # Override the cluster address. Empty -> derived from valkey.enabled + # (defaults to "valkey-cluster.ate-system.svc:6379"). + clusterAddress: "" + # Google IAM auth (for managed Memorystore / cloud Valkey). + useIAMAuth: false + # Override TLS server name for Redis hostname verification (mtls mode). + tlsServerName: "" + # File path for Redis client TLS credential bundle (mtls mode). + clientCert: "" + +# Name of a ConfigMap in the release namespace that supplies per-environment +# overrides for ate-api-server (ATE_API_REDIS_*, ATE_API_K8SJWT_ISSUER, ...). +# Mounted via envFrom with optional=true. Created by the chart from these values. +ateApiServerEnvVarsConfigMap: ate-api-server-envvars + +otel: + endpoint: "" + +image: + registry: ghcr.io/kagent-dev/substrate + tag: "" + +images: + valkey: valkey/valkey:8.0 + rustfs: rustfs/rustfs:1.0.0-beta.3@sha256:378642b05b7dcb4849fb77ebe6aca4ced1c3f66e7e504247df95a5c9018d3358 + awsCli: amazon/aws-cli:2.17.0@sha256:643507c10ada7964ca6157b3d799f030b90577643da9955d319a77399ed80d73 + agentgateway: cr.agentgateway.dev/agentgateway:v1.3.0-alpha.1 + coredns: coredns/coredns:1.11.1 + busybox: busybox:1.36 diff --git a/cmd/ateapi/internal/controlapi/workflow_suspend.go b/cmd/ateapi/internal/controlapi/workflow_suspend.go index d8210574b..6ce1ebfbf 100644 --- a/cmd/ateapi/internal/controlapi/workflow_suspend.go +++ b/cmd/ateapi/internal/controlapi/workflow_suspend.go @@ -141,29 +141,8 @@ func (s *CallAteletSuspendStep) Execute(ctx context.Context, input *SuspendInput ActorTemplateName: state.Actor.GetActorTemplateName(), ActorId: state.Actor.GetActorId(), Runsc: runscCfg, - Spec: &ateletpb.WorkloadSpec{ - PauseImage: state.ActorTemplate.Spec.PauseImage, - }, - SnapshotUriPrefix: state.Actor.GetInProgressSnapshot(), - } - for _, ctr := range state.ActorTemplate.Spec.Containers { - ateletCtr := &ateletpb.Container{ - Name: ctr.Name, - Image: ctr.Image, - Command: ctr.Command, - } - for _, env := range ctr.Env { - var val string - if env.Value != nil { - val = *env.Value - } - ateletEnv := &ateletpb.EnvEntry{ - Name: env.Name, - Value: val, - } - ateletCtr.Env = append(ateletCtr.Env, ateletEnv) - } - req.Spec.Containers = append(req.Spec.Containers, ateletCtr) + Spec: checkpointWorkloadSpecFromActorTemplate(state.ActorTemplate), + SnapshotUriPrefix: state.Actor.GetInProgressSnapshot(), } _, err = client.Checkpoint(ctx, req) if err != nil { diff --git a/cmd/ateapi/internal/controlapi/workload_spec.go b/cmd/ateapi/internal/controlapi/workload_spec.go index 018fb444f..feb0ed62d 100644 --- a/cmd/ateapi/internal/controlapi/workload_spec.go +++ b/cmd/ateapi/internal/controlapi/workload_spec.go @@ -21,6 +21,7 @@ import ( "time" "github.com/agent-substrate/substrate/internal/proto/ateletpb" + "github.com/agent-substrate/substrate/internal/proto/egresspb" atev1alpha1 "github.com/agent-substrate/substrate/pkg/api/v1alpha1" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" @@ -34,7 +35,8 @@ const envSecretCacheTTL = 30 * time.Second func workloadSpecFromActorTemplate(ctx context.Context, kubeClient kubernetes.Interface, secretCache *envSecretCache, actorTemplate *atev1alpha1.ActorTemplate) (*ateletpb.WorkloadSpec, error) { workloadSpec := &ateletpb.WorkloadSpec{ - PauseImage: actorTemplate.Spec.PauseImage, + PauseImage: actorTemplate.Spec.PauseImage, + EgressPolicy: buildAteletEgressPolicy(actorTemplate.Spec.EgressPolicy), } resolver := envResolver{ kubeClient: kubeClient, @@ -63,6 +65,123 @@ func workloadSpecFromActorTemplate(ctx context.Context, kubeClient kubernetes.In return workloadSpec, nil } +func checkpointWorkloadSpecFromActorTemplate(actorTemplate *atev1alpha1.ActorTemplate) *ateletpb.WorkloadSpec { + workloadSpec := &ateletpb.WorkloadSpec{ + PauseImage: actorTemplate.Spec.PauseImage, + EgressPolicy: buildAteletEgressPolicy(actorTemplate.Spec.EgressPolicy), + } + for _, ctr := range actorTemplate.Spec.Containers { + ateletCtr := &ateletpb.Container{ + Name: ctr.Name, + Image: ctr.Image, + Command: ctr.Command, + } + for _, env := range ctr.Env { + var val string + if env.Value != nil { + val = *env.Value + } + ateletCtr.Env = append(ateletCtr.Env, &ateletpb.EnvEntry{ + Name: env.Name, + Value: val, + }) + } + workloadSpec.Containers = append(workloadSpec.Containers, ateletCtr) + } + return workloadSpec +} + +func buildAteletEgressPolicy(policy *atev1alpha1.EgressPolicy) *egresspb.EgressPolicy { + if policy == nil { + return nil + } + return &egresspb.EgressPolicy{ + DefaultAction: string(policy.DefaultAction), + Allow: buildAteletEgressPolicyRules(policy.Allow), + Deny: buildAteletEgressPolicyRules(policy.Deny), + Audit: buildAteletEgressAuditPolicy(policy.Audit), + } +} + +func buildAteletEgressAuditPolicy(policy *atev1alpha1.EgressAuditPolicy) *egresspb.EgressAuditPolicy { + if policy == nil { + return nil + } + return &egresspb.EgressAuditPolicy{ + Logs: policy.Logs, + Traces: policy.Traces, + RedactHeaders: append([]string(nil), policy.RedactHeaders...), + } +} + +func buildAteletEgressPolicyRules(rules []atev1alpha1.EgressPolicyRule) []*egresspb.EgressPolicyRule { + out := make([]*egresspb.EgressPolicyRule, 0, len(rules)) + for _, rule := range rules { + outRule := &egresspb.EgressPolicyRule{} + for _, dest := range rule.To { + outDest := &egresspb.EgressPolicyDestination{Host: dest.Host} + if dest.IPBlock != nil { + outDest.Cidr = dest.IPBlock.CIDR + } + outRule.To = append(outRule.To, outDest) + } + for _, port := range rule.Ports { + outRule.Ports = append(outRule.Ports, &egresspb.EgressPort{ + Port: uint32(port.Port), + Protocol: string(port.Protocol), + }) + } + outRule.Tls = buildAteletEgressTLSPolicy(rule.TLS) + outRule.Credentials = buildAteletEgressCredentialPolicy(rule.Credentials) + out = append(out, outRule) + } + return out +} + +func buildAteletEgressTLSPolicy(policy *atev1alpha1.EgressTLSPolicy) *egresspb.EgressTLSPolicy { + if policy == nil { + return nil + } + out := &egresspb.EgressTLSPolicy{ + Mode: string(policy.Mode), + Required: policy.Required, + } + if policy.Intercept != nil { + out.Intercept = &egresspb.EgressTLSInterceptPolicy{ + ValidateUpstream: policy.Intercept.ValidateUpstream, + } + if policy.Intercept.IssuerSecretRef != nil { + out.Intercept.IssuerSecretRef = &egresspb.SecretReference{ + Name: policy.Intercept.IssuerSecretRef.Name, + Namespace: policy.Intercept.IssuerSecretRef.Namespace, + } + } + } + return out +} + +func buildAteletEgressCredentialPolicy(policy *atev1alpha1.EgressCredentialPolicy) *egresspb.EgressCredentialPolicy { + if policy == nil { + return nil + } + out := &egresspb.EgressCredentialPolicy{} + for _, injection := range policy.Inject { + outInjection := &egresspb.EgressCredentialInjection{ + Header: injection.Header, + } + if injection.ValueFrom.SecretKeyRef != nil { + outInjection.ValueFrom = &egresspb.EgressCredentialValueFrom{ + SecretKeyRef: &egresspb.SecretKeySelector{ + Name: injection.ValueFrom.SecretKeyRef.Name, + Key: injection.ValueFrom.SecretKeyRef.Key, + }, + } + } + out.Inject = append(out.Inject, outInjection) + } + return out +} + type envResolver struct { kubeClient kubernetes.Interface namespace string diff --git a/cmd/ateapi/internal/sessionidentity/sessionidentity.go b/cmd/ateapi/internal/sessionidentity/sessionidentity.go index 71fa2a6bc..c69fbbb48 100644 --- a/cmd/ateapi/internal/sessionidentity/sessionidentity.go +++ b/cmd/ateapi/internal/sessionidentity/sessionidentity.go @@ -21,6 +21,7 @@ import ( "crypto/x509/pkix" "fmt" "log/slog" + "net/http" "net/url" "os" "path" @@ -51,17 +52,19 @@ type Server struct { sessionIDCAPoolFile string workerCACerts string + httpClient *http.Client } var _ ateapipb.SessionIdentityServer = (*Server)(nil) -func New(clientJWTIssuer, clientJWTAudience, sessionIDJWTPoolFile, sessionIDCAPoolFile, workerCACerts string) *Server { +func New(clientJWTIssuer, clientJWTAudience, sessionIDJWTPoolFile, sessionIDCAPoolFile, workerCACerts string, httpClient *http.Client) *Server { return &Server{ clientJWTIssuer: clientJWTIssuer, clientJWTAudience: clientJWTAudience, sessionIDJWTPoolFile: sessionIDJWTPoolFile, sessionIDCAPoolFile: sessionIDCAPoolFile, workerCACerts: workerCACerts, + httpClient: httpClient, } } @@ -78,7 +81,7 @@ func (s *Server) MintJWT(ctx context.Context, req *ateapipb.MintJWTRequest) (*at clientJWT := strings.TrimPrefix(authorization[0], "Bearer ") - clientClaims, err := k8sjwt.Verify(ctx, clientJWT, s.clientJWTIssuer, s.clientJWTAudience, time.Now()) + clientClaims, err := k8sjwt.Verify(ctx, s.httpClient, clientJWT, s.clientJWTIssuer, s.clientJWTAudience, time.Now()) if err != nil { slog.ErrorContext(ctx, "Error while verifying client JWT", slog.Any("err", err)) return nil, status.Errorf(codes.Unauthenticated, "Unauthenticated") diff --git a/cmd/ateapi/main.go b/cmd/ateapi/main.go index 87d5a7433..76705db6e 100644 --- a/cmd/ateapi/main.go +++ b/cmd/ateapi/main.go @@ -21,12 +21,15 @@ import ( "fmt" "log/slog" "net" + "net/http" "os" + "strings" "time" "github.com/agent-substrate/substrate/cmd/ateapi/internal/controlapi" "github.com/agent-substrate/substrate/cmd/ateapi/internal/sessionidentity" "github.com/agent-substrate/substrate/cmd/ateapi/internal/store/ateredis" + "github.com/agent-substrate/substrate/internal/ateapiauth" "github.com/agent-substrate/substrate/internal/ateinterceptors" "github.com/agent-substrate/substrate/internal/credbundle" "github.com/agent-substrate/substrate/internal/serverboot" @@ -56,6 +59,7 @@ var ( redisUseIAMAuth = pflag.String("redis-use-iam-auth", "true", "Whether to use Google IAM authentication for Redis/Valkey.") redisTLSServerName = pflag.String("redis-tls-server-name", "", "The ServerName to use for Redis TLS hostname verification.") redisClientCert = pflag.String("redis-client-cert", "", "The file containing client TLS certificate/key credential bundle for Redis/Valkey.") + redisNoTLS = pflag.Bool("redis-no-tls", false, "If true, connect to Redis/Valkey in plaintext (no TLS). For development / installs that don't enable Valkey TLS.") clientJWTIssuer = pflag.String("client-jwt-issuer", "", "The expected issuer URL for client JWTs.") clientJWTAudience = pflag.String("client-jwt-audience", "", "The expected audience for client JWTs.") @@ -64,7 +68,9 @@ var ( sessionIDCAPoolFile = pflag.String("session-id-ca-pool", "", "The file that contains the CA pool for signing session JWTs") workerpoolCACerts = pflag.String("workerpool-ca-certs", "", "The file that contains the CA for verifying workerpool client certificates.") - showVersion = pflag.Bool("version", false, "Print version and exit.") + showVersion = pflag.Bool("version", false, "Print version and exit.") + authMode = pflag.String("auth-mode", "mtls", "Auth mode for incoming gRPC: mtls|jwt. 'mtls' (default) relies on transport-level mTLS for client identity. 'jwt' additionally requires a Kubernetes ServiceAccount Bearer token on every RPC.") + clientJWTCAFile = pflag.String("client-jwt-ca-cert", "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt", "CA cert file used to verify TLS when fetching the OIDC discovery document and JWKS for JWT authentication. Defaults to the in-cluster service account CA.") ) func main() { @@ -94,6 +100,11 @@ func main() { loadFlagsFromEnv() logFlagValues(ctx) + authModeParsed, err := ateapiauth.ParseMode(*authMode) + if err != nil { + serverboot.Fatal(ctx, "Invalid --auth-mode", err) + } + redisClient, err := connectRedis(ctx) if err != nil { serverboot.Fatal(ctx, "Failed to set up Redis/Valkey", err) @@ -133,7 +144,9 @@ func main() { dialer := controlapi.NewAteletDialer(workerPodInformer.GetIndexer(), ateletPodInformer.GetIndexer()) sm := controlapi.NewService(redisPersistence, actorTemplateLister, dialer, clientset) - sessionIdentitySrv := sessionidentity.New(*clientJWTIssuer, *clientJWTAudience, *sessionIDJWTPoolFile, *sessionIDCAPoolFile, *workerpoolCACerts) + jwtHTTPClient := buildJWTHTTPClient(ctx, *clientJWTCAFile) + + sessionIdentitySrv := sessionidentity.New(*clientJWTIssuer, *clientJWTAudience, *sessionIDJWTPoolFile, *sessionIDCAPoolFile, *workerpoolCACerts, jwtHTTPClient) lisCfg := &net.ListenConfig{} lis, err := lisCfg.Listen(ctx, "tcp", *listenAddr) @@ -141,10 +154,23 @@ func main() { serverboot.Fatal(ctx, "Failed to start listener", err) } + authCfg := ateapiauth.ServerConfig{ + Mode: authModeParsed, + Issuer: *clientJWTIssuer, + Audience: *clientJWTAudience, + HTTPClient: jwtHTTPClient, + } + mux := grpc.NewServer( grpc.Creds(serverCreds), grpc.StatsHandler(otelgrpc.NewServerHandler()), - grpc.UnaryInterceptor(ateinterceptors.ServerUnaryInterceptor), + grpc.ChainUnaryInterceptor( + ateapiauth.UnaryServerInterceptor(authCfg), + ateinterceptors.ServerUnaryInterceptor, + ), + grpc.ChainStreamInterceptor( + ateapiauth.StreamServerInterceptor(authCfg), + ), ) reflection.Register(mux) ateapipb.RegisterControlServer(mux, sm) @@ -191,25 +217,30 @@ func logFlagValues(ctx context.Context) { slog.String("redis-use-iam-auth", *redisUseIAMAuth), slog.String("redis-tls-server-name", *redisTLSServerName), slog.String("redis-client-cert", *redisClientCert), + slog.Bool("redis-no-tls", *redisNoTLS), slog.String("client-jwt-issuer", *clientJWTIssuer), slog.String("client-jwt-audience", *clientJWTAudience), slog.String("session-id-jwt-pool", *sessionIDJWTPoolFile), slog.String("session-id-ca-pool", *sessionIDCAPoolFile), slog.String("workerpool-ca-certs", *workerpoolCACerts), + slog.String("auth-mode", *authMode), ) } // connectRedis builds the Redis/Valkey TLS config, plumbs IAM auth if // requested, opens the cluster client, and pings with retries. func connectRedis(ctx context.Context) (*redis.ClusterClient, error) { - tlsConfig, err := buildRedisTLSConfig(ctx) - if err != nil { - return nil, err - } - clusterOpts := &redis.ClusterOptions{ - Addrs: []string{*redisClusterAddress}, - TLSConfig: tlsConfig, + Addrs: []string{*redisClusterAddress}, + } + if *redisNoTLS { + slog.InfoContext(ctx, "Connecting to Redis/Valkey without TLS (--redis-no-tls=true)") + } else { + tlsConfig, err := buildRedisTLSConfig(ctx) + if err != nil { + return nil, err + } + clusterOpts.TLSConfig = tlsConfig } if *redisUseIAMAuth != "false" { @@ -325,3 +356,48 @@ func buildServerCreds(ctx context.Context) (credentials.TransportCredentials, er ClientCAs: clientCAs, }), nil } + +const saTokenFile = "/var/run/secrets/kubernetes.io/serviceaccount/token" + +// buildJWTHTTPClient returns an *http.Client that trusts caFile for TLS +// verification and injects the pod's ServiceAccount Bearer token, used when +// fetching the OIDC discovery document and JWKS from the in-cluster Kubernetes +// API server. Returns nil (use http.DefaultClient) if caFile is empty or unreadable. +func buildJWTHTTPClient(ctx context.Context, caFile string) *http.Client { + if caFile == "" { + return nil + } + ca, err := os.ReadFile(caFile) + if err != nil { + slog.WarnContext(ctx, "Could not read JWT CA cert file; OIDC discovery will use system trust", slog.String("path", caFile), slog.Any("err", err)) + return nil + } + pool := x509.NewCertPool() + if !pool.AppendCertsFromPEM(ca) { + slog.WarnContext(ctx, "Could not parse JWT CA cert file; OIDC discovery will use system trust", slog.String("path", caFile)) + return nil + } + return &http.Client{ + Transport: &saTokenTransport{ + base: &http.Transport{ + TLSClientConfig: &tls.Config{RootCAs: pool}, + }, + }, + } +} + +// saTokenTransport injects the pod's ServiceAccount Bearer token on every +// request. Reads the token file fresh on each request so token rotation is +// handled automatically. +type saTokenTransport struct { + base http.RoundTripper +} + +func (t *saTokenTransport) RoundTrip(req *http.Request) (*http.Response, error) { + token, err := os.ReadFile(saTokenFile) + if err == nil && len(token) > 0 { + req = req.Clone(req.Context()) + req.Header.Set("Authorization", "Bearer "+strings.TrimSpace(string(token))) + } + return t.base.RoundTrip(req) +} diff --git a/cmd/atecontroller/main.go b/cmd/atecontroller/main.go index f7e922273..4db44cc02 100644 --- a/cmd/atecontroller/main.go +++ b/cmd/atecontroller/main.go @@ -14,15 +14,14 @@ package main import ( - "crypto/tls" "os" + "github.com/agent-substrate/substrate/internal/ateapiauth" "github.com/agent-substrate/substrate/internal/controllers" clientv1alpha1 "github.com/agent-substrate/substrate/pkg/api/v1alpha1" "github.com/agent-substrate/substrate/pkg/proto/ateapipb" "github.com/spf13/pflag" "google.golang.org/grpc" - "google.golang.org/grpc/credentials" "k8s.io/apimachinery/pkg/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime" clientgoscheme "k8s.io/client-go/kubernetes/scheme" @@ -39,6 +38,11 @@ var ( setupLog = ctrl.Log.WithName("setup") ateAPIConnSpec = pflag.String("ateapi-conn-spec", "dns:///api.ate-system.svc:443", "") + + ateapiAuthMode = pflag.String("ateapi-auth", "mtls", "Client auth to ateapi: mtls|jwt. 'mtls' (default) dials with insecure TLS and relies on pod-projected mTLS credentials for identity. 'jwt' verifies the server cert and sends a Bearer SA token.") + ateapiCAFile = pflag.String("ateapi-ca-file", "", "PEM file with CAs trusted to verify the ateapi server cert. Required for jwt.") + ateapiServerName = pflag.String("ateapi-server-name", "", "SNI / hostname expected on the ateapi server cert. Optional.") + ateapiTokenFile = pflag.String("ateapi-token-file", "", "Projected SA token file used as Bearer credential. Required for jwt.") ) func init() { @@ -47,15 +51,27 @@ func init() { } func main() { + pflag.Parse() ctrl.SetLogger(zap.New(zap.UseDevMode(true))) - // TODO: Verify server certificate, pass client certificate. - clientTLSConfig := &tls.Config{ - InsecureSkipVerify: true, // Temporarily bypass standard checks + mode, err := ateapiauth.ParseMode(*ateapiAuthMode) + if err != nil { + setupLog.Error(err, "invalid --ateapi-auth") + os.Exit(1) + } + + dialOpts, err := ateapiauth.DialOptions(ateapiauth.ClientConfig{ + Mode: mode, + CAFile: *ateapiCAFile, + ServerName: *ateapiServerName, + TokenFile: *ateapiTokenFile, + }) + if err != nil { + setupLog.Error(err, "building ateapi dial options") + os.Exit(1) } - clientCreds := credentials.NewTLS(clientTLSConfig) - ateapiConn, err := grpc.NewClient(*ateAPIConnSpec, grpc.WithTransportCredentials(clientCreds)) + ateapiConn, err := grpc.NewClient(*ateAPIConnSpec, dialOpts...) if err != nil { setupLog.Error(err, "Error creating grpc connection to ate api") os.Exit(1) diff --git a/cmd/atelet/main.go b/cmd/atelet/main.go index c4425bade..11f59d6d2 100644 --- a/cmd/atelet/main.go +++ b/cmd/atelet/main.go @@ -587,7 +587,9 @@ func (s *AteomHerder) dialAteom(ctx context.Context, targetAteomUid string) (ate // buildAteomWorkloadSpec projects the atelet-facing workload spec onto // the ateom-facing one — currently just the container names. func buildAteomWorkloadSpec(spec *ateletpb.WorkloadSpec) *ateompb.WorkloadSpec { - out := &ateompb.WorkloadSpec{} + out := &ateompb.WorkloadSpec{ + EgressPolicy: spec.GetEgressPolicy(), + } for _, ctr := range spec.GetContainers() { out.Containers = append(out.Containers, &ateompb.Container{Name: ctr.GetName()}) } diff --git a/cmd/atenet/internal/app/router/agentgateway.go b/cmd/atenet/internal/app/router/agentgateway.go new file mode 100644 index 000000000..af7fabe5a --- /dev/null +++ b/cmd/atenet/internal/app/router/agentgateway.go @@ -0,0 +1,151 @@ +// Copyright 2026 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package router + +import ( + "context" + "fmt" + "strings" + + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/intstr" +) + +type agentgatewayProvider struct { + cfg RouterConfig +} + +func (p agentgatewayProvider) Name() string { + return NetworkingModeAgentgateway +} + +func (p agentgatewayProvider) RequiresXDS() bool { + return false +} + +func (p agentgatewayProvider) ConfigMapData() map[string]string { + return map[string]string{"config.yaml": p.localConfig()} +} + +func (p agentgatewayProvider) Container() corev1.Container { + ports := []corev1.ContainerPort{ + {Name: "http", ContainerPort: int32(p.cfg.HttpPort)}, + {Name: "readiness", ContainerPort: 15021}, + {Name: "metrics", ContainerPort: 15020}, + } + if p.cfg.HttpsPort > 0 && tlsCertPath(p.cfg) != "" { + ports = append(ports, corev1.ContainerPort{Name: "https", ContainerPort: int32(p.cfg.HttpsPort)}) + } + + return corev1.Container{ + Name: "agentgateway", + Image: p.cfg.AgentgatewayImage, + Args: []string{"-f", "/etc/agentgateway/config.yaml"}, + Ports: ports, + VolumeMounts: []corev1.VolumeMount{ + {Name: "proxy-config", MountPath: "/etc/agentgateway"}, + }, + ReadinessProbe: &corev1.Probe{ + ProbeHandler: corev1.ProbeHandler{ + HTTPGet: &corev1.HTTPGetAction{ + Path: "/healthz/ready", + Port: intstr.FromInt32(15021), + }, + }, + PeriodSeconds: 10, + }, + } +} + +func (p agentgatewayProvider) ServicePorts() []corev1.ServicePort { + ports := []corev1.ServicePort{ + {Name: "http", Port: int32(p.cfg.HttpPort), TargetPort: intstr.FromString("http")}, + } + if p.cfg.HttpsPort > 0 && tlsCertPath(p.cfg) != "" { + ports = append(ports, corev1.ServicePort{Name: "https", Port: int32(p.cfg.HttpsPort), TargetPort: intstr.FromString("https")}) + } + return ports +} + +func (p agentgatewayProvider) CheckReady(ctx context.Context) (bool, string) { + return checkHTTPReady(ctx, "http://127.0.0.1:15021/healthz/ready", "") +} + +func (p agentgatewayProvider) localConfig() string { + httpRoute := p.routeBlock("substrate-http") + config := fmt.Sprintf(`# yaml-language-server: $schema=https://agentgateway.dev/schema/config +config: + adminAddr: "127.0.0.1:15000" + readinessAddr: "0.0.0.0:15021" + statsAddr: "0.0.0.0:15020" +binds: +- port: %d + listeners: + - name: http + protocol: HTTP + routes: +%s`, p.cfg.HttpPort, indent(httpRoute, 4)) + + if p.cfg.HttpsPort > 0 && tlsCertPath(p.cfg) != "" { + cert := tlsCertPath(p.cfg) + key := tlsKeyPath(p.cfg) + config += fmt.Sprintf(`- port: %d + listeners: + - name: https + protocol: HTTPS + tls: + cert: %q + key: %q + routes: +%s`, p.cfg.HttpsPort, cert, key, indent(p.routeBlock("substrate-https"), 4)) + } + + return config +} + +func (p agentgatewayProvider) routeBlock(name string) string { + extprocHost := fmt.Sprintf("%s:%d", p.cfg.ExtprocAddr, p.cfg.ExtprocPort) + // processingOptions limit ext_proc to request headers only; agentgateway defaults + // break WebSocket upgrades because this server only handles headers. + return fmt.Sprintf(`- name: %s + matches: + - path: + pathPrefix: / + policies: + extProc: + host: %q + failureMode: failClosed + processingOptions: + requestBodyMode: none + responseBodyMode: none + requestHeaderMode: send + responseHeaderMode: skip + requestTrailerMode: skip + responseTrailerMode: skip + backends: + - dynamic: {} +`, name, extprocHost) +} + +func indent(s string, spaces int) string { + prefix := strings.Repeat(" ", spaces) + lines := strings.Split(s, "\n") + for i, line := range lines { + if line != "" { + lines[i] = prefix + line + } + } + return strings.Join(lines, "\n") +} diff --git a/cmd/atenet/internal/app/router/controller.go b/cmd/atenet/internal/app/router/controller.go index 1b0a1ed18..d9a31d7eb 100644 --- a/cmd/atenet/internal/app/router/controller.go +++ b/cmd/atenet/internal/app/router/controller.go @@ -31,9 +31,10 @@ type Controller struct { cfg RouterConfig xdsSrv *XdsServer extprocSrv *ExtProcServer + provider proxyProvider atStore atStore - envoyRunner *envoyrunner + proxyRunner *proxyrunner } func NewController( @@ -42,8 +43,11 @@ func NewController( cfg RouterConfig, xdsSrv *XdsServer, extprocSrv *ExtProcServer, + provider proxyProvider, ) *Controller { - xdsSrv.SetConfig(cfg.HttpPort, cfg.ExtprocPort, cfg.ExtprocAddr) + if xdsSrv != nil { + xdsSrv.SetConfig(cfg.HttpPort, cfg.ExtprocPort, cfg.ExtprocAddr) + } var store atStore if cfg.TemplatesFile != "" { @@ -58,9 +62,10 @@ func NewController( cfg: cfg, xdsSrv: xdsSrv, extprocSrv: extprocSrv, + provider: provider, atStore: store, - envoyRunner: newEnvoyRunner(k8sClient, cfg), + proxyRunner: newProxyRunner(k8sClient, cfg, provider), } } @@ -92,16 +97,18 @@ func (c *Controller) reconcile(ctx context.Context) error { return err } - if err := c.xdsSrv.UpdateSnapshot(); err != nil { - slog.ErrorContext(ctx, "xDS Configuration generation problem", slog.String("err", err.Error())) - return err + if c.provider.RequiresXDS() { + if err := c.xdsSrv.UpdateSnapshot(); err != nil { + slog.ErrorContext(ctx, "xDS Configuration generation problem", slog.String("err", err.Error())) + return err + } } if !c.cfg.Standalone && c.cfg.TemplatesFile == "" { - // Reconcile Envoy router Deployment and Kubernetes cluster entities - err := c.envoyRunner.reconcile(ctx) + // Reconcile router proxy Deployment and Kubernetes cluster entities. + err := c.proxyRunner.reconcile(ctx) if err != nil { - slog.ErrorContext(ctx, "Error during Envoy router reconciliation", slog.String("err", err.Error())) + slog.ErrorContext(ctx, "Error during router proxy reconciliation", slog.String("err", err.Error())) return err } } diff --git a/cmd/atenet/internal/app/router/dashboard.html b/cmd/atenet/internal/app/router/dashboard.html index 41f3d93af..025ffa9dc 100644 --- a/cmd/atenet/internal/app/router/dashboard.html +++ b/cmd/atenet/internal/app/router/dashboard.html @@ -252,12 +252,16 @@

atenet Router Status

Namespace Context {{ .Namespace }} +
+ Networking Mode + {{ .NetworkingMode }} +
Component Network Allocation
- Workload Port (Http Envoy) + Workload HTTP Port {{ .HttpPort }}
@@ -278,8 +282,8 @@

atenet Router Status

System Component Health Checks
- Envoy Health - {{ if .Health.Envoy.Healthy }} + Proxy Health ({{ .Health.Provider }}) + {{ if .Health.Proxy.Healthy }} Healthy {{ else }} Degraded @@ -287,11 +291,11 @@

atenet Router Status

Message / Err: - {{ .Health.Envoy.Message }} + {{ .Health.Proxy.Message }}
- Ok: {{ .Health.Envoy.SuccessCount }} | Err: {{ .Health.Envoy.FailureCount }} - LKG: {{ if not .Health.Envoy.LastSuccess.IsZero }}{{ .Health.Envoy.LastSuccess.Format "15:04:05" }}{{ else }}N/A{{ end }} + Ok: {{ .Health.Proxy.SuccessCount }} | Err: {{ .Health.Proxy.FailureCount }} + LKG: {{ if not .Health.Proxy.LastSuccess.IsZero }}{{ .Health.Proxy.LastSuccess.Format "15:04:05" }}{{ else }}N/A{{ end }}
diff --git a/cmd/atenet/internal/app/router/envoy.go b/cmd/atenet/internal/app/router/envoy.go new file mode 100644 index 000000000..88ec95365 --- /dev/null +++ b/cmd/atenet/internal/app/router/envoy.go @@ -0,0 +1,118 @@ +// Copyright 2026 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package router + +import ( + "context" + "fmt" + + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/intstr" +) + +type envoyProvider struct { + cfg RouterConfig +} + +func (p envoyProvider) Name() string { + return NetworkingModeEnvoy +} + +func (p envoyProvider) RequiresXDS() bool { + return true +} + +func (p envoyProvider) ConfigMapData() map[string]string { + envoyYaml := fmt.Sprintf(`admin: + address: + socket_address: + address: 0.0.0.0 + port_value: 9901 + +node: + id: %s + cluster: substrate-router-cluster + +dynamic_resources: + lds_config: + resource_api_version: V3 + ads: {} + cds_config: + resource_api_version: V3 + ads: {} + ads_config: + api_type: GRPC + transport_api_version: V3 + grpc_services: + - envoy_grpc: + cluster_name: xds_cluster + +static_resources: + clusters: + - name: xds_cluster + connect_timeout: 0.25s + type: STRICT_DNS + lb_policy: ROUND_ROBIN + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions + explicit_http_config: + http2_protocol_options: {} + load_assignment: + cluster_name: xds_cluster + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: atenet-router + port_value: %d +`, NodeID, p.cfg.XdsPort) + + return map[string]string{"envoy.yaml": envoyYaml} +} + +func (p envoyProvider) Container() corev1.Container { + return corev1.Container{ + Name: "envoy", + Image: p.cfg.EnvoyImage, + Command: []string{ + "/usr/local/bin/envoy", + "-c", + "/etc/envoy/envoy.yaml", + "--component-log-level", + "upstream:debug,router:debug,ext_proc:debug", + }, + Ports: []corev1.ContainerPort{ + {Name: "http", ContainerPort: int32(p.cfg.HttpPort)}, + {Name: "https", ContainerPort: int32(p.cfg.HttpsPort)}, + {Name: "admin", ContainerPort: 9901}, + }, + VolumeMounts: []corev1.VolumeMount{ + {Name: "proxy-config", MountPath: "/etc/envoy"}, + }, + } +} + +func (p envoyProvider) ServicePorts() []corev1.ServicePort { + return []corev1.ServicePort{ + {Name: "http", Port: int32(p.cfg.HttpPort), TargetPort: intstr.FromString("http")}, + {Name: "https", Port: int32(p.cfg.HttpsPort), TargetPort: intstr.FromString("https")}, + } +} + +func (p envoyProvider) CheckReady(ctx context.Context) (bool, string) { + return checkHTTPReady(ctx, "http://127.0.0.1:9901/ready", "LIVE") +} diff --git a/cmd/atenet/internal/app/router/envoyrunner.go b/cmd/atenet/internal/app/router/envoyrunner.go deleted file mode 100644 index df8765c62..000000000 --- a/cmd/atenet/internal/app/router/envoyrunner.go +++ /dev/null @@ -1,258 +0,0 @@ -// Copyright 2026 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package router - -import ( - "context" - "fmt" - "log/slog" - - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - k8serrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" - "sigs.k8s.io/controller-runtime/pkg/client" -) - -const ( - EnvoyDeploymentName = "atenet-router-envoy" - EnvoyServiceName = "atenet-router-envoy" - EnvoyConfigMapName = "atenet-router-envoy-config" -) - -// envoyrunner manages the dynamic deployment and lifecycle of the underlying -// Envoy proxy instance running inside Kubernetes. -type envoyrunner struct { - k8sClient client.Client - cfg RouterConfig -} - -func newEnvoyRunner(k8sClient client.Client, cfg RouterConfig) *envoyrunner { - return &envoyrunner{ - k8sClient: k8sClient, - cfg: cfg, - } -} - -func (r *envoyrunner) reconcile(ctx context.Context) error { - if err := r.reconcileEnvoyConfigMap(ctx); err != nil { - return fmt.Errorf("failed configmap reconciliation: %w", err) - } - - if err := r.reconcileEnvoyDeployment(ctx); err != nil { - return fmt.Errorf("failed deployment reconciliation: %w", err) - } - - if err := r.reconcileEnvoyService(ctx); err != nil { - return fmt.Errorf("failed service reconciliation: %w", err) - } - - return nil -} - -func (r *envoyrunner) reconcileEnvoyConfigMap(ctx context.Context) error { - envoyYaml := fmt.Sprintf(`admin: - address: - socket_address: - address: 0.0.0.0 - port_value: 9901 - -node: - id: %s - cluster: substrate-router-cluster - -dynamic_resources: - lds_config: - resource_api_version: V3 - ads: {} - cds_config: - resource_api_version: V3 - ads: {} - ads_config: - api_type: GRPC - transport_api_version: V3 - grpc_services: - - envoy_grpc: - cluster_name: xds_cluster - -static_resources: - clusters: - - name: xds_cluster - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - typed_extension_protocol_options: - envoy.extensions.upstreams.http.v3.HttpProtocolOptions: - "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions - explicit_http_config: - http2_protocol_options: {} - load_assignment: - cluster_name: xds_cluster - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: atenet-router - port_value: %d -`, NodeID, r.cfg.XdsPort) - - cm := &corev1.ConfigMap{ - ObjectMeta: metav1.ObjectMeta{ - Name: EnvoyConfigMapName, - Namespace: r.cfg.Namespace, - }, - Data: map[string]string{ - "envoy.yaml": envoyYaml, - }, - } - - var existing corev1.ConfigMap - err := r.k8sClient.Get(ctx, client.ObjectKey{Namespace: r.cfg.Namespace, Name: EnvoyConfigMapName}, &existing) - if err != nil { - if k8serrors.IsNotFound(err) { - slog.InfoContext(ctx, "Creating Envoy bootstrap ConfigMap", - slog.String("namespace", r.cfg.Namespace), - slog.String("name", EnvoyConfigMapName)) - return r.k8sClient.Create(ctx, cm) - } - return err - } - - existing.Data = cm.Data - return r.k8sClient.Update(ctx, &existing) -} - -func (r *envoyrunner) reconcileEnvoyDeployment(ctx context.Context) error { - replicas := int32(1) - - dep := &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ - Name: EnvoyDeploymentName, - Namespace: r.cfg.Namespace, - Labels: map[string]string{ - "app": "atenet-router-envoy", - }, - }, - Spec: appsv1.DeploymentSpec{ - Replicas: &replicas, - Selector: &metav1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "atenet-router-envoy", - }, - }, - Template: corev1.PodTemplateSpec{ - ObjectMeta: metav1.ObjectMeta{ - Labels: map[string]string{ - "app": "atenet-router-envoy", - }, - }, - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - { - Name: "envoy", - Image: r.cfg.EnvoyImage, - Command: []string{ - "/usr/local/bin/envoy", - "-c", - "/etc/envoy/envoy.yaml", - "--component-log-level", - "upstream:debug,router:debug,ext_proc:debug", - }, - Ports: []corev1.ContainerPort{ - { - Name: "http", - ContainerPort: int32(r.cfg.HttpPort), - }, - { - Name: "admin", - ContainerPort: 9901, - }, - }, - VolumeMounts: []corev1.VolumeMount{ - { - Name: "envoy-config", - MountPath: "/etc/envoy", - }, - }, - }, - }, - Volumes: []corev1.Volume{ - { - Name: "envoy-config", - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - LocalObjectReference: corev1.LocalObjectReference{ - Name: EnvoyConfigMapName, - }, - }, - }, - }, - }, - }, - }, - }, - } - - var existing appsv1.Deployment - err := r.k8sClient.Get(ctx, client.ObjectKey{Namespace: r.cfg.Namespace, Name: EnvoyDeploymentName}, &existing) - if err != nil { - if k8serrors.IsNotFound(err) { - slog.InfoContext(ctx, "Creating managed Envoy router Deployment", slog.String("namespace", r.cfg.Namespace)) - return r.k8sClient.Create(ctx, dep) - } - return err - } - - existing.Spec = dep.Spec - return r.k8sClient.Update(ctx, &existing) -} - -func (r *envoyrunner) reconcileEnvoyService(ctx context.Context) error { - svc := &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ - Name: EnvoyServiceName, - Namespace: r.cfg.Namespace, - }, - Spec: corev1.ServiceSpec{ - Type: corev1.ServiceTypeClusterIP, - Selector: map[string]string{ - "app": "atenet-router-envoy", - }, - Ports: []corev1.ServicePort{ - { - Name: "http", - Port: int32(r.cfg.HttpPort), - TargetPort: intstr.FromString("http"), - }, - }, - }, - } - - var existing corev1.Service - err := r.k8sClient.Get(ctx, client.ObjectKey{Namespace: r.cfg.Namespace, Name: EnvoyServiceName}, &existing) - if err != nil { - if k8serrors.IsNotFound(err) { - slog.InfoContext(ctx, "Creating managed Envoy router ClusterIP service", slog.String("namespace", r.cfg.Namespace)) - return r.k8sClient.Create(ctx, svc) - } - return err - } - - existing.Spec.Ports = svc.Spec.Ports - existing.Spec.Selector = svc.Spec.Selector - return r.k8sClient.Update(ctx, &existing) -} diff --git a/cmd/atenet/internal/app/router/extproc.go b/cmd/atenet/internal/app/router/extproc.go index 7c8c184e2..1574edb7d 100644 --- a/cmd/atenet/internal/app/router/extproc.go +++ b/cmd/atenet/internal/app/router/extproc.go @@ -106,14 +106,7 @@ func (s *ExtProcServer) Process(stream extprocv3.ExternalProcessor_ProcessServer } default: - // No modification for other processing states, but log because this should - // not be called. - slog.Error("Unexpected request type", slog.Any("reqType", reqType)) - resp.Response = &extprocv3.ProcessingResponse_RequestHeaders{ - RequestHeaders: &extprocv3.HeadersResponse{ - Response: &extprocv3.CommonResponse{}, - }, - } + resp = continueExtProcResponse(req) } if err := stream.Send(resp); err != nil { @@ -174,6 +167,50 @@ func (s *ExtProcServer) handleRequestHeaders( }, metadata, targetAddr, tmplNs, tmplName, nil } +func continueExtProcResponse(req *extprocv3.ProcessingRequest) *extprocv3.ProcessingResponse { + common := &extprocv3.CommonResponse{ + Status: extprocv3.CommonResponse_CONTINUE, + } + switch req.Request.(type) { + case *extprocv3.ProcessingRequest_RequestBody: + return &extprocv3.ProcessingResponse{ + Response: &extprocv3.ProcessingResponse_RequestBody{ + RequestBody: &extprocv3.BodyResponse{Response: common}, + }, + } + case *extprocv3.ProcessingRequest_ResponseHeaders: + return &extprocv3.ProcessingResponse{ + Response: &extprocv3.ProcessingResponse_ResponseHeaders{ + ResponseHeaders: &extprocv3.HeadersResponse{Response: common}, + }, + } + case *extprocv3.ProcessingRequest_ResponseBody: + return &extprocv3.ProcessingResponse{ + Response: &extprocv3.ProcessingResponse_ResponseBody{ + ResponseBody: &extprocv3.BodyResponse{Response: common}, + }, + } + case *extprocv3.ProcessingRequest_RequestTrailers: + return &extprocv3.ProcessingResponse{ + Response: &extprocv3.ProcessingResponse_RequestTrailers{ + RequestTrailers: &extprocv3.TrailersResponse{}, + }, + } + case *extprocv3.ProcessingRequest_ResponseTrailers: + return &extprocv3.ProcessingResponse{ + Response: &extprocv3.ProcessingResponse_ResponseTrailers{ + ResponseTrailers: &extprocv3.TrailersResponse{}, + }, + } + default: + return &extprocv3.ProcessingResponse{ + Response: &extprocv3.ProcessingResponse_RequestHeaders{ + RequestHeaders: &extprocv3.HeadersResponse{Response: common}, + }, + } + } +} + func (s *ExtProcServer) recordRouteDuration(ctx context.Context, d time.Duration, tmplNs, tmplName, outcome string) { if s.routeDuration == nil { return diff --git a/cmd/atenet/internal/app/router/health.go b/cmd/atenet/internal/app/router/health.go index 62ae1ae02..e8904caea 100644 --- a/cmd/atenet/internal/app/router/health.go +++ b/cmd/atenet/internal/app/router/health.go @@ -17,10 +17,7 @@ package router import ( "context" "fmt" - "io" "log/slog" - "net/http" - "strings" "sync" "time" @@ -38,9 +35,10 @@ type ComponentHealth struct { } type RouterHealthReport struct { - Envoy ComponentHealth `json:"envoy"` - K8sAPI ComponentHealth `json:"k8s_api"` - AteAPI ComponentHealth `json:"ate_api"` + Proxy ComponentHealth `json:"proxy"` + Provider string `json:"provider"` + K8sAPI ComponentHealth `json:"k8s_api"` + AteAPI ComponentHealth `json:"ate_api"` } // routerHealth periodically checks the dependent services of router to track health @@ -54,9 +52,10 @@ type routerHealth struct { clientset kubernetes.Interface apiClient ateapipb.ControlClient cfg RouterConfig + provider proxyProvider } -func newRouterHealth(interval time.Duration, clientset kubernetes.Interface, apiClient ateapipb.ControlClient, cfg RouterConfig) *routerHealth { +func newRouterHealth(interval time.Duration, clientset kubernetes.Interface, apiClient ateapipb.ControlClient, cfg RouterConfig, provider proxyProvider) *routerHealth { if interval <= 0 { interval = time.Second } @@ -65,6 +64,7 @@ func newRouterHealth(interval time.Duration, clientset kubernetes.Interface, api clientset: clientset, apiClient: apiClient, cfg: cfg, + provider: provider, } } @@ -91,20 +91,25 @@ func (rh *routerHealth) check(ctx context.Context) { slog.InfoContext(ctx, "Checking health") - // 1. Check Envoy + // 1. Check configured proxy { - healthy, msg := rh.checkEnvoy(ctx) + providerName := "" + if rh.provider != nil { + providerName = rh.provider.Name() + rh.report.Provider = providerName + } + healthy, msg := rh.checkProxy(ctx) if healthy { - rh.report.Envoy.Healthy = true - rh.report.Envoy.Message = msg - rh.report.Envoy.LastSuccess = time.Now() - rh.report.Envoy.SuccessCount++ + rh.report.Proxy.Healthy = true + rh.report.Proxy.Message = msg + rh.report.Proxy.LastSuccess = time.Now() + rh.report.Proxy.SuccessCount++ } else { - rh.report.Envoy.Healthy = false - rh.report.Envoy.Message = msg - rh.report.Envoy.LastFailure = time.Now() - rh.report.Envoy.FailureCount++ - slog.ErrorContext(ctx, "Envoy health check failed", slog.String("msg", msg)) + rh.report.Proxy.Healthy = false + rh.report.Proxy.Message = msg + rh.report.Proxy.LastFailure = time.Now() + rh.report.Proxy.FailureCount++ + slog.ErrorContext(ctx, "Proxy health check failed", slog.String("provider", providerName), slog.String("msg", msg)) } } @@ -143,36 +148,11 @@ func (rh *routerHealth) check(ctx context.Context) { } } -func (rh *routerHealth) checkEnvoy(ctx context.Context) (bool, string) { - timeoutCtx, cancel := context.WithTimeout(ctx, 500*time.Millisecond) - defer cancel() - - req, err := http.NewRequestWithContext(timeoutCtx, "GET", "http://127.0.0.1:9901/ready", nil) - if err != nil { - return false, err.Error() - } - - resp, err := http.DefaultClient.Do(req) - if err != nil { - return false, err.Error() +func (rh *routerHealth) checkProxy(ctx context.Context) (bool, string) { + if rh.provider == nil { + return false, "No proxy provider" } - defer resp.Body.Close() - - if resp.StatusCode != http.StatusOK { - return false, fmt.Sprintf("unexpected status code %d", resp.StatusCode) - } - - bodyBytes, err := io.ReadAll(resp.Body) - if err != nil { - return false, err.Error() - } - - bodyStr := strings.TrimSpace(string(bodyBytes)) - if bodyStr != "LIVE" { - return false, fmt.Sprintf("expected LIVE but got %q", bodyStr) - } - - return true, "LIVE" + return rh.provider.CheckReady(ctx) } func (rh *routerHealth) checkK8s() (bool, string) { diff --git a/cmd/atenet/internal/app/router/provider.go b/cmd/atenet/internal/app/router/provider.go new file mode 100644 index 000000000..ecab5f8ae --- /dev/null +++ b/cmd/atenet/internal/app/router/provider.go @@ -0,0 +1,102 @@ +// Copyright 2026 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package router + +import ( + "context" + "fmt" + "io" + "net/http" + "strings" + "time" + + corev1 "k8s.io/api/core/v1" +) + +const ( + NetworkingModeEnvoy = "envoy" + NetworkingModeAgentgateway = "agentgateway" +) + +// proxyProvider owns proxy-specific configuration and runtime details. The +// Substrate router keeps actor lookup and ext_proc behavior shared above this +// provider boundary. +type proxyProvider interface { + Name() string + RequiresXDS() bool + ConfigMapData() map[string]string + Container() corev1.Container + ServicePorts() []corev1.ServicePort + CheckReady(ctx context.Context) (bool, string) +} + +func newProxyProvider(cfg RouterConfig) (proxyProvider, error) { + switch strings.ToLower(cfg.NetworkingMode) { + case "", NetworkingModeAgentgateway: + return agentgatewayProvider{cfg: cfg}, nil + case NetworkingModeEnvoy: + return envoyProvider{cfg: cfg}, nil + default: + return nil, fmt.Errorf("unsupported networking mode %q", cfg.NetworkingMode) + } +} + +func tlsCertPath(cfg RouterConfig) string { + return cfg.TLSCertPath +} + +func tlsKeyPath(cfg RouterConfig) string { + if cfg.TLSKeyPath != "" { + return cfg.TLSKeyPath + } + if cfg.TLSCertPath != "" { + return cfg.TLSCertPath + } + return "" +} + +func checkHTTPReady(ctx context.Context, url string, expectedBody string) (bool, string) { + timeoutCtx, cancel := context.WithTimeout(ctx, 500*time.Millisecond) + defer cancel() + + req, err := http.NewRequestWithContext(timeoutCtx, "GET", url, nil) + if err != nil { + return false, err.Error() + } + + resp, err := http.DefaultClient.Do(req) + if err != nil { + return false, err.Error() + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + return false, fmt.Sprintf("unexpected status code %d", resp.StatusCode) + } + + bodyBytes, err := io.ReadAll(resp.Body) + if err != nil { + return false, err.Error() + } + + bodyStr := strings.TrimSpace(string(bodyBytes)) + if expectedBody != "" && bodyStr != expectedBody { + return false, fmt.Sprintf("expected %s but got %q", expectedBody, bodyStr) + } + if bodyStr == "" { + return true, "ready" + } + return true, bodyStr +} diff --git a/cmd/atenet/internal/app/router/proxyrunner.go b/cmd/atenet/internal/app/router/proxyrunner.go new file mode 100644 index 000000000..d55913f1e --- /dev/null +++ b/cmd/atenet/internal/app/router/proxyrunner.go @@ -0,0 +1,183 @@ +// Copyright 2026 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package router + +import ( + "context" + "fmt" + "log/slog" + + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + k8serrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +const ( + ProxyDeploymentName = "atenet-router-proxy" + ProxyServiceName = "atenet-router-proxy" + ProxyConfigMapName = "atenet-router-proxy-config" +) + +// proxyrunner manages the dynamic deployment and lifecycle of the configured +// networking proxy instance running inside Kubernetes. +type proxyrunner struct { + k8sClient client.Client + cfg RouterConfig + provider proxyProvider +} + +func newProxyRunner(k8sClient client.Client, cfg RouterConfig, provider proxyProvider) *proxyrunner { + return &proxyrunner{ + k8sClient: k8sClient, + cfg: cfg, + provider: provider, + } +} + +func (r *proxyrunner) reconcile(ctx context.Context) error { + if err := r.reconcileProxyConfigMap(ctx); err != nil { + return fmt.Errorf("failed configmap reconciliation: %w", err) + } + + if err := r.reconcileProxyDeployment(ctx); err != nil { + return fmt.Errorf("failed deployment reconciliation: %w", err) + } + + if err := r.reconcileProxyService(ctx); err != nil { + return fmt.Errorf("failed service reconciliation: %w", err) + } + + return nil +} + +func (r *proxyrunner) reconcileProxyConfigMap(ctx context.Context) error { + cm := &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: ProxyConfigMapName, + Namespace: r.cfg.Namespace, + }, + Data: r.provider.ConfigMapData(), + } + + var existing corev1.ConfigMap + err := r.k8sClient.Get(ctx, client.ObjectKey{Namespace: r.cfg.Namespace, Name: ProxyConfigMapName}, &existing) + if err != nil { + if k8serrors.IsNotFound(err) { + slog.InfoContext(ctx, "Creating proxy ConfigMap", + slog.String("namespace", r.cfg.Namespace), + slog.String("name", ProxyConfigMapName), + slog.String("provider", r.provider.Name())) + return r.k8sClient.Create(ctx, cm) + } + return err + } + + existing.Data = cm.Data + return r.k8sClient.Update(ctx, &existing) +} + +func (r *proxyrunner) reconcileProxyDeployment(ctx context.Context) error { + replicas := int32(1) + labels := map[string]string{ + "app": "atenet-router-proxy", + "substrate.ate.dev/proxy": r.provider.Name(), + "substrate.ate.dev/router": "atenet-router", + } + + dep := &appsv1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: ProxyDeploymentName, + Namespace: r.cfg.Namespace, + Labels: labels, + }, + Spec: appsv1.DeploymentSpec{ + Replicas: &replicas, + Selector: &metav1.LabelSelector{ + MatchLabels: labels, + }, + Template: corev1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Labels: labels, + }, + Spec: corev1.PodSpec{ + Containers: []corev1.Container{r.provider.Container()}, + Volumes: []corev1.Volume{ + { + Name: "proxy-config", + VolumeSource: corev1.VolumeSource{ + ConfigMap: &corev1.ConfigMapVolumeSource{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: ProxyConfigMapName, + }, + }, + }, + }, + }, + }, + }, + }, + } + + var existing appsv1.Deployment + err := r.k8sClient.Get(ctx, client.ObjectKey{Namespace: r.cfg.Namespace, Name: ProxyDeploymentName}, &existing) + if err != nil { + if k8serrors.IsNotFound(err) { + slog.InfoContext(ctx, "Creating managed router proxy Deployment", + slog.String("namespace", r.cfg.Namespace), + slog.String("provider", r.provider.Name())) + return r.k8sClient.Create(ctx, dep) + } + return err + } + + existing.Spec = dep.Spec + return r.k8sClient.Update(ctx, &existing) +} + +func (r *proxyrunner) reconcileProxyService(ctx context.Context) error { + svc := &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Name: ProxyServiceName, + Namespace: r.cfg.Namespace, + }, + Spec: corev1.ServiceSpec{ + Type: corev1.ServiceTypeClusterIP, + Selector: map[string]string{ + "app": "atenet-router-proxy", + "substrate.ate.dev/proxy": r.provider.Name(), + "substrate.ate.dev/router": "atenet-router", + }, + Ports: r.provider.ServicePorts(), + }, + } + + var existing corev1.Service + err := r.k8sClient.Get(ctx, client.ObjectKey{Namespace: r.cfg.Namespace, Name: ProxyServiceName}, &existing) + if err != nil { + if k8serrors.IsNotFound(err) { + slog.InfoContext(ctx, "Creating managed router proxy ClusterIP service", + slog.String("namespace", r.cfg.Namespace), + slog.String("provider", r.provider.Name())) + return r.k8sClient.Create(ctx, svc) + } + return err + } + + existing.Spec.Ports = svc.Spec.Ports + existing.Spec.Selector = svc.Spec.Selector + return r.k8sClient.Update(ctx, &existing) +} diff --git a/cmd/atenet/internal/app/router/router.go b/cmd/atenet/internal/app/router/router.go index 93bf5c2ac..15c757078 100644 --- a/cmd/atenet/internal/app/router/router.go +++ b/cmd/atenet/internal/app/router/router.go @@ -18,7 +18,6 @@ import ( "context" "crypto/rand" "crypto/rsa" - "crypto/tls" "crypto/x509" "crypto/x509/pkix" "encoding/pem" @@ -37,7 +36,6 @@ import ( "github.com/spf13/cobra" "golang.org/x/sync/errgroup" "google.golang.org/grpc" - "google.golang.org/grpc/credentials" "k8s.io/apimachinery/pkg/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/client-go/kubernetes" @@ -46,6 +44,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/config" + "github.com/agent-substrate/substrate/internal/ateapiauth" "github.com/agent-substrate/substrate/internal/serverboot" v1alpha1 "github.com/agent-substrate/substrate/pkg/api/v1alpha1" "github.com/agent-substrate/substrate/pkg/proto/ateapipb" @@ -62,22 +61,30 @@ func init() { // RouterConfig holds deployment setup and endpoint options for the router node instance. type RouterConfig struct { - Standalone bool - Namespace string - Kubeconfig string - AteapiAddr string - HttpPort int - XdsPort int - ExtprocPort int - ExtprocAddr string - EnvoyImage string - TemplatesFile string - StatusPort int - HealthInterval time.Duration - HttpsPort int - EnvoyCertPath string - LogLevel string - MetricsAddr string + Standalone bool + Namespace string + Kubeconfig string + AteapiAddr string + HttpPort int + XdsPort int + ExtprocPort int + ExtprocAddr string + NetworkingMode string + EnvoyImage string + AgentgatewayImage string + TemplatesFile string + StatusPort int + HealthInterval time.Duration + HttpsPort int + TLSCertPath string + TLSKeyPath string + LogLevel string + MetricsAddr string + + AteapiAuthMode string + AteapiCAFile string + AteapiServerName string + AteapiTokenFile string } // RouterServer instantiates and coordinates runtime threads executing system modules. @@ -151,17 +158,29 @@ func NewCmd() *cobra.Command { cmd.Flags().IntVar(&cfg.XdsPort, "port-xds", 18000, "TCP port listening for the xDS dynamic Envoy connections") cmd.Flags().IntVar(&cfg.ExtprocPort, "port-extproc", 50051, "Listen port for the Envoy dynamic External Processing (ext_proc) server") cmd.Flags().StringVar(&cfg.ExtprocAddr, "extproc-address", "127.0.0.1", "Host IP or address of the Envoy External Processing (ext_proc) server") + cmd.Flags().StringVar(&cfg.NetworkingMode, "networking-mode", NetworkingModeAgentgateway, "Networking proxy mode: agentgateway or envoy") cmd.Flags().StringVar(&cfg.EnvoyImage, "envoy-image", "envoyproxy/envoy:v1.30-latest", "Image URI used for dynamically launched router instances") + cmd.Flags().StringVar(&cfg.AgentgatewayImage, "agentgateway-image", "cr.agentgateway.dev/agentgateway:v1.3.0-alpha.1", "Image URI used for Agentgateway router instances") cmd.Flags().StringVar(&cfg.TemplatesFile, "actor-templates-file", "", "Path to offline YAML configuration file listing ActorTemplates") cmd.Flags().IntVar(&cfg.StatusPort, "status-port", 4040, "Port to serve /statusz on (set <= 0 to disable serving status)") cmd.Flags().DurationVar(&cfg.HealthInterval, "health-interval", 1*time.Second, "Interval for checking health of dependent services") cmd.Flags().IntVar(&cfg.HttpsPort, "port-https", 8443, "TCP port for HTTPS workload traffic entering through the Envoy Router") - cmd.Flags().StringVar(&cfg.EnvoyCertPath, "envoy-cert-path", "", "Path to the Envoy certificate file (if empty, a self-signed cert will be generated for testing)") + cmd.Flags().StringVar(&cfg.TLSCertPath, "tls-cert-path", "", "Path to the proxy TLS certificate file") + cmd.Flags().StringVar(&cfg.TLSKeyPath, "tls-key-path", "", "Path to the proxy TLS private key file") + + cmd.Flags().StringVar(&cfg.AteapiAuthMode, "ateapi-auth", "mtls", "Client auth to ateapi: mtls|jwt. 'mtls' (default) dials with insecure TLS and relies on pod-projected mTLS credentials for identity. 'jwt' verifies the server cert and sends a Bearer SA token.") + cmd.Flags().StringVar(&cfg.AteapiCAFile, "ateapi-ca-file", "", "PEM file with CAs trusted to verify the ateapi server cert. Required for jwt.") + cmd.Flags().StringVar(&cfg.AteapiServerName, "ateapi-server-name", "", "SNI / hostname expected on the ateapi server cert. Optional.") + cmd.Flags().StringVar(&cfg.AteapiTokenFile, "ateapi-token-file", "", "Projected SA token file used as Bearer credential. Required for jwt.") return cmd } func NewRouterServer(cfg RouterConfig) (*RouterServer, error) { + if cfg.NetworkingMode == "" { + cfg.NetworkingMode = NetworkingModeAgentgateway + } + var k8sClient client.Client var clientset kubernetes.Interface var err error @@ -193,11 +212,24 @@ func NewRouterServer(cfg RouterConfig) (*RouterServer, error) { } } - conn, err := grpc.NewClient(cfg.AteapiAddr, grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{InsecureSkipVerify: true}))) + authMode, err := ateapiauth.ParseMode(cfg.AteapiAuthMode) + if err != nil { + return nil, fmt.Errorf("invalid --ateapi-auth: %w", err) + } + dialOpts, err := ateapiauth.DialOptions(ateapiauth.ClientConfig{ + Mode: authMode, + CAFile: cfg.AteapiCAFile, + ServerName: cfg.AteapiServerName, + TokenFile: cfg.AteapiTokenFile, + }) + if err != nil { + return nil, fmt.Errorf("building ateapi dial options: %w", err) + } + conn, err := grpc.NewClient(cfg.AteapiAddr, dialOpts...) if err != nil { return nil, fmt.Errorf("failed to establish grpc channel to ateapi client: %w", err) } - slog.Info("Connecting to ateapi", slog.String("address", cfg.AteapiAddr)) + slog.Info("Connecting to ateapi", slog.String("address", cfg.AteapiAddr), slog.String("auth", string(authMode))) apiClient := ateapipb.NewControlClient(conn) @@ -222,20 +254,24 @@ func (s *RouterServer) Run(ctx context.Context) error { g, ctx := errgroup.WithContext(ctx) + provider, err := newProxyProvider(s.cfg) + if err != nil { + return err + } + xdsSrv := NewXdsServer(s.cfg.XdsPort) xdsSrv.SetConfig(s.cfg.HttpPort, s.cfg.ExtprocPort, s.cfg.ExtprocAddr) var certContent, keyContent string - if s.cfg.EnvoyCertPath == "" { - slog.InfoContext(ctx, "No Envoy certificate path provided, generating self-signed certificate for testing") - var err error + if provider.RequiresXDS() && tlsCertPath(s.cfg) == "" { + slog.InfoContext(ctx, "No proxy TLS certificate path provided, generating self-signed certificate for testing") certContent, keyContent, err = generateSelfSignedCert() if err != nil { return fmt.Errorf("failed to generate self-signed cert: %w", err) } } - xdsSrv.SetTlsConfig(s.cfg.HttpsPort, s.cfg.EnvoyCertPath, certContent, keyContent) + xdsSrv.SetTlsConfig(s.cfg.HttpsPort, tlsCertPath(s.cfg), certContent, keyContent) if s.extprocSrv == nil { routeDuration, err := newRouteDurationHistogram() if err != nil { @@ -243,9 +279,9 @@ func (s *RouterServer) Run(ctx context.Context) error { } s.extprocSrv = NewExtProcServer(s.cfg.ExtprocPort, s.apiClient, routeDuration) } - ctrl := NewController(s.k8sClient, s.clientset, s.cfg, xdsSrv, s.extprocSrv) + ctrl := NewController(s.k8sClient, s.clientset, s.cfg, xdsSrv, s.extprocSrv, provider) - s.health = newRouterHealth(s.cfg.HealthInterval, s.clientset, s.apiClient, s.cfg) + s.health = newRouterHealth(s.cfg.HealthInterval, s.clientset, s.apiClient, s.cfg, provider) // Start Controller / Watcher g.Go(func() error { @@ -260,17 +296,19 @@ func (s *RouterServer) Run(ctx context.Context) error { return nil }) - // Start xDS Server - g.Go(func() error { - slog.InfoContext(ctx, "Starting Envoy xDS Server", slog.Int("port", s.cfg.XdsPort)) - lis, err := net.Listen("tcp", fmt.Sprintf(":%d", s.cfg.XdsPort)) - if err != nil { - return fmt.Errorf("failed to listen on port %d: %w", s.cfg.XdsPort, err) - } - defer lis.Close() + if provider.RequiresXDS() { + // Start xDS Server + g.Go(func() error { + slog.InfoContext(ctx, "Starting xDS Server", slog.Int("port", s.cfg.XdsPort), slog.String("provider", provider.Name())) + lis, err := net.Listen("tcp", fmt.Sprintf(":%d", s.cfg.XdsPort)) + if err != nil { + return fmt.Errorf("failed to listen on port %d: %w", s.cfg.XdsPort, err) + } + defer lis.Close() - return xdsSrv.Serve(ctx, lis) - }) + return xdsSrv.Serve(ctx, lis) + }) + } // Start ExtProc Server g.Go(func() error { diff --git a/cmd/atenet/internal/app/router/status.go b/cmd/atenet/internal/app/router/status.go index 377554298..9511fa68c 100644 --- a/cmd/atenet/internal/app/router/status.go +++ b/cmd/atenet/internal/app/router/status.go @@ -131,6 +131,7 @@ type DashboardContext struct { BuildTag string `json:"build_tag"` RouterClusterIP string `json:"router_cluster_ip"` Namespace string `json:"namespace"` + NetworkingMode string `json:"networking_mode"` HttpPort int `json:"port_http"` XdsPort int `json:"port_xds"` ExtprocPort int `json:"port_extproc"` @@ -238,6 +239,7 @@ func (s *RouterServer) handleStatusz(w http.ResponseWriter, req *http.Request) { BuildTag: buildInfo, RouterClusterIP: routerIP, Namespace: s.cfg.Namespace, + NetworkingMode: s.cfg.NetworkingMode, HttpPort: s.cfg.HttpPort, XdsPort: s.cfg.XdsPort, ExtprocPort: s.cfg.ExtprocPort, diff --git a/cmd/atenet/internal/app/router/xds.go b/cmd/atenet/internal/app/router/xds.go index 964fc5e92..6b248f53b 100644 --- a/cmd/atenet/internal/app/router/xds.go +++ b/cmd/atenet/internal/app/router/xds.go @@ -62,6 +62,7 @@ const ( IngressHTTPSListener = "ingress_https_listener" RouteName = "substrate_routes" ClusterName = "ate-cluster" + websocketUpgradeType = "websocket" ) // XdsServer implements an aggregated discovery service server for dynamic Envoy router nodes. @@ -287,6 +288,9 @@ func (x *XdsServer) buildRoutes() *routev3.RouteConfiguration { Cluster: "dynamic_forward_proxy_cluster", }, Timeout: durationpb.New(10 * time.Second), + UpgradeConfigs: []*routev3.RouteAction_UpgradeConfig{ + {UpgradeType: websocketUpgradeType}, + }, }, }, }, @@ -334,6 +338,10 @@ func (x *XdsServer) buildHcm(statPrefix string) *anypb.Any { hcm, _ := anypb.New(&hcmv3.HttpConnectionManager{ StatPrefix: statPrefix, GenerateRequestId: &wrapperspb.BoolValue{Value: true}, + UpgradeConfigs: []*hcmv3.HttpConnectionManager_UpgradeConfig{ + {UpgradeType: websocketUpgradeType}, + }, + StreamIdleTimeout: durationpb.New(0), AccessLog: []*accesslogv3.AccessLog{ { Name: "envoy.access_loggers.stdout", diff --git a/cmd/atenet/internal/app/router/xds_test.go b/cmd/atenet/internal/app/router/xds_test.go index 92e347648..f6548f41a 100644 --- a/cmd/atenet/internal/app/router/xds_test.go +++ b/cmd/atenet/internal/app/router/xds_test.go @@ -24,6 +24,7 @@ import ( clusterv3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" listenerv3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" routev3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + hcmv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" cachev3 "github.com/envoyproxy/go-control-plane/pkg/cache/v3" resourcev3 "github.com/envoyproxy/go-control-plane/pkg/resource/v3" ) @@ -116,6 +117,10 @@ func TestXdsServer_UpdateSnapshot(t *testing.T) { if fallbackRoute.GetMatch().GetPrefix() != "/" { t.Errorf("Expected path mapping prefix '/', got '%s'", fallbackRoute.GetMatch().GetPrefix()) } + routeAction := fallbackRoute.GetRoute() + if len(routeAction.GetUpgradeConfigs()) != 1 || routeAction.GetUpgradeConfigs()[0].GetUpgradeType() != websocketUpgradeType { + t.Errorf("Expected route websocket upgrade config, got %+v", routeAction.GetUpgradeConfigs()) + } } // Verify listeners generated @@ -135,6 +140,15 @@ func TestXdsServer_UpdateSnapshot(t *testing.T) { if sa.GetAddress() != "0.0.0.0" { t.Errorf("Expected address '0.0.0.0', got %s", sa.GetAddress()) } + + hcmAny := l.GetFilterChains()[0].GetFilters()[0].GetTypedConfig() + hcm := &hcmv3.HttpConnectionManager{} + if err := hcmAny.UnmarshalTo(hcm); err != nil { + t.Fatalf("Failed to unmarshal HCM: %v", err) + } + if len(hcm.GetUpgradeConfigs()) != 1 || hcm.GetUpgradeConfigs()[0].GetUpgradeType() != websocketUpgradeType { + t.Errorf("Expected HCM websocket upgrade config, got %+v", hcm.GetUpgradeConfigs()) + } } } diff --git a/cmd/ateom-gvisor/egress/agentgateway/agentgateway.go b/cmd/ateom-gvisor/egress/agentgateway/agentgateway.go new file mode 100644 index 000000000..4a8ba6ba6 --- /dev/null +++ b/cmd/ateom-gvisor/egress/agentgateway/agentgateway.go @@ -0,0 +1,652 @@ +//go:build linux + +// Copyright 2026 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package agentgateway + +import ( + "context" + "fmt" + "log/slog" + "os" + "os/exec" + "path/filepath" + "strings" + "sync" + + "github.com/agent-substrate/substrate/cmd/ateom-gvisor/egress" + "github.com/agent-substrate/substrate/internal/ateompath" + "github.com/agent-substrate/substrate/internal/proto/egresspb" + corev1 "k8s.io/api/core/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/rest" + "sigs.k8s.io/yaml" +) + +const ( + HTTPPort = 15001 + HTTPSPort = 15002 +) + +type Provider struct { + BinaryPath string + PodUID string + ReapLock *sync.RWMutex +} + +var _ egress.Provider = Provider{} + +func (p Provider) Name() string { + return "agentgateway" +} + +func (p Provider) CapturePorts() egress.CapturePorts { + return egress.CapturePorts{ + HTTP: HTTPPort, + HTTPS: HTTPSPort, + } +} + +func (p Provider) NeedsGateway(policy *egresspb.EgressPolicy) bool { + return PolicyNeedsAgentgateway(policy) +} + +func (p Provider) NewGateway(ctx context.Context) (egress.Gateway, error) { + return NewManager(ctx, p.BinaryPath, p.PodUID, p.ReapLock) +} + +type Manager struct { + lock sync.Mutex + reapLock *sync.RWMutex + binaryPath string + podUID string + configPath string + tlsDir string + secret secretResolver + cmd *exec.Cmd +} + +var _ egress.Gateway = (*Manager)(nil) + +type secretResolver interface { + SecretValue(ctx context.Context, namespace, name, key string) (string, error) + TLSSecret(ctx context.Context, namespace, name string) ([]byte, []byte, error) +} + +func NewManager(ctx context.Context, binaryPath, podUID string, reapLock *sync.RWMutex) (*Manager, error) { + manager := &Manager{ + binaryPath: binaryPath, + podUID: podUID, + reapLock: reapLock, + configPath: ateompath.EgressAgentgatewayConfigPath(podUID), + tlsDir: ateompath.EgressAgentgatewayTLSDir(podUID), + } + secret, err := newKubernetesEgressSecretResolver() + if err != nil { + slog.InfoContext(ctx, "Kubernetes secret resolver unavailable for egress agentgateway", slog.Any("err", err)) + } else { + manager.secret = secret + } + if err := manager.writeConfig(ctx, "", nil); err != nil { + return nil, err + } + return manager, nil +} + +func (m *Manager) ApplyPolicy(ctx context.Context, defaultNamespace string, policy *egresspb.EgressPolicy) error { + if m == nil { + return nil + } + m.lock.Lock() + defer m.lock.Unlock() + + if err := m.writeConfig(ctx, defaultNamespace, policy); err != nil { + return err + } + if !PolicyNeedsAgentgateway(policy) { + return m.stopLocked(ctx) + } + if m.cmd != nil && m.cmd.Process != nil { + return nil + } + + if m.reapLock != nil { + m.reapLock.RLock() + } + cmd := exec.Command(m.binaryPath, "-f", m.configPath) + cmd.Stdout = os.Stdout + cmd.Stderr = os.Stderr + if err := cmd.Start(); err != nil { + if m.reapLock != nil { + m.reapLock.RUnlock() + } + return fmt.Errorf("while starting egress agentgateway %q: %w", m.binaryPath, err) + } + if m.reapLock != nil { + m.reapLock.RUnlock() + } + + m.cmd = cmd + go func() { + err := cmd.Wait() + m.lock.Lock() + if m.cmd == cmd { + m.cmd = nil + } + m.lock.Unlock() + if err != nil { + slog.WarnContext(ctx, "Egress agentgateway exited", slog.Any("err", err)) + } + }() + slog.InfoContext(ctx, "Started egress agentgateway", slog.String("config", m.configPath)) + return nil +} + +func (m *Manager) Stop(ctx context.Context) { + m.lock.Lock() + defer m.lock.Unlock() + if err := m.stopLocked(ctx); err != nil { + slog.WarnContext(ctx, "Failed to stop egress agentgateway", slog.Any("err", err)) + } +} + +func (m *Manager) stopLocked(ctx context.Context) error { + if m.cmd == nil || m.cmd.Process == nil { + return nil + } + slog.InfoContext(ctx, "Stopping egress agentgateway") + if err := m.cmd.Process.Kill(); err != nil { + return fmt.Errorf("while killing egress agentgateway: %w", err) + } + m.cmd = nil + return nil +} + +func (m *Manager) writeConfig(ctx context.Context, defaultNamespace string, policy *egresspb.EgressPolicy) error { + if err := os.MkdirAll(filepath.Dir(m.configPath), 0o700); err != nil { + return fmt.Errorf("while creating egress agentgateway config directory: %w", err) + } + if err := os.MkdirAll(m.tlsDir, 0o700); err != nil { + return fmt.Errorf("while creating egress agentgateway tls directory: %w", err) + } + cfg, err := renderEgressAgentgatewayConfig(ctx, m.secret, defaultNamespace, m.tlsDir, policy) + if err != nil { + return err + } + if err := os.WriteFile(m.configPath, cfg, 0o600); err != nil { + return fmt.Errorf("while writing egress agentgateway config: %w", err) + } + return nil +} + +func PolicyNeedsAgentgateway(policy *egresspb.EgressPolicy) bool { + if policy == nil { + return false + } + for _, rule := range policy.GetAllow() { + if egressRuleHasTransparentHTTPRoute(rule) { + return true + } + if egressRuleHasTransparentTLSRoute(rule) { + return true + } + if len(rule.GetCredentials().GetInject()) > 0 { + return true + } + switch rule.GetTls().GetMode() { + case "Require", "Originate", "Intercept": + return true + } + if rule.GetTls().GetRequired() { + return true + } + } + return false +} + +func egressRuleHasTransparentTLSRoute(rule *egresspb.EgressPolicyRule) bool { + hasHost := false + for _, dest := range rule.GetTo() { + if dest.GetHost() != "" { + hasHost = true + break + } + } + if !hasHost || rule.GetTls().GetMode() == "Intercept" { + return false + } + for _, port := range effectiveEgressPorts(rule) { + if egressPortUsesTLSPassthrough(rule, port) { + return true + } + } + return false +} + +func egressRuleHasTransparentHTTPRoute(rule *egresspb.EgressPolicyRule) bool { + hasHost := false + for _, dest := range rule.GetTo() { + if dest.GetHost() != "" { + hasHost = true + break + } + } + if !hasHost || egressRuleRequiresBackendTLS(rule) { + return false + } + for _, port := range effectiveEgressPorts(rule) { + if isTCPEgressPort(port) && effectiveEgressPort(port) == 80 && !egressPortUsesTLSPassthrough(rule, port) { + return true + } + } + return false +} + +type localAgentgatewayConfig struct { + Schema string `json:"# yaml-language-server,omitempty"` + Config localAgentgatewaySettings `json:"config"` + Binds []localAgentgatewayBind `json:"binds"` +} + +type localAgentgatewaySettings struct { + AdminAddr string `json:"adminAddr"` + ReadinessAddr string `json:"readinessAddr"` + StatsAddr string `json:"statsAddr"` +} + +type localAgentgatewayBind struct { + Port int `json:"port"` + Listeners []localAgentgatewayListener `json:"listeners"` +} + +type localAgentgatewayListener struct { + Name string `json:"name"` + Protocol string `json:"protocol"` + TLS *localAgentgatewayFrontendTLS `json:"tls,omitempty"` + Routes []localAgentgatewayRoute `json:"routes,omitempty"` + TCPRoutes []localAgentgatewayTCPRoute `json:"tcpRoutes,omitempty"` +} + +type localAgentgatewayFrontendTLS struct { + Mode string `json:"mode,omitempty"` + Cert string `json:"cert"` + Key string `json:"key"` +} + +type localAgentgatewayRoute struct { + Name string `json:"name"` + Matches []localAgentgatewayMatch `json:"matches,omitempty"` + Policies *localAgentgatewayRoutePolicy `json:"policies,omitempty"` + Backends []localAgentgatewayRouteBackend `json:"backends,omitempty"` +} + +type localAgentgatewayMatch struct { + Headers []localAgentgatewayHeaderMatch `json:"headers,omitempty"` +} + +type localAgentgatewayHeaderMatch struct { + Name string `json:"name"` + Value localAgentgatewayStringMatchValue `json:"value"` +} + +type localAgentgatewayStringMatchValue struct { + Exact string `json:"exact"` +} + +type localAgentgatewayRoutePolicy struct { + RequestHeaderModifier *localAgentgatewayHeaderModifier `json:"requestHeaderModifier,omitempty"` + DirectResponse *localAgentgatewayDirectResponse `json:"directResponse,omitempty"` +} + +type localAgentgatewayHeaderModifier struct { + Set map[string]string `json:"set,omitempty"` +} + +type localAgentgatewayDirectResponse struct { + Status int `json:"status"` + Body string `json:"body"` +} + +type localAgentgatewayRouteBackend struct { + Host string `json:"host"` + Policies *localAgentgatewayBackendPolicies `json:"policies,omitempty"` +} + +type localAgentgatewayTCPRoute struct { + Name string `json:"name"` + Hostnames []string `json:"hostnames,omitempty"` + Backends []localAgentgatewayRouteBackend `json:"backends,omitempty"` +} + +type localAgentgatewayBackendPolicies struct { + BackendTLS map[string]any `json:"backendTLS,omitempty"` +} + +func renderEgressAgentgatewayConfig(ctx context.Context, secrets secretResolver, defaultNamespace, tlsDir string, policy *egresspb.EgressPolicy) ([]byte, error) { + cfg := localAgentgatewayConfig{ + Config: localAgentgatewaySettings{ + AdminAddr: "127.0.0.1:15000", + ReadinessAddr: "127.0.0.1:15021", + StatsAddr: "127.0.0.1:15020", + }, + Binds: []localAgentgatewayBind{ + { + Port: HTTPPort, + Listeners: []localAgentgatewayListener{{ + Name: "egress-http", + Protocol: "HTTP", + Routes: []localAgentgatewayRoute{denyEgressRoute()}, + }}, + }, + }, + } + + httpsListener := localAgentgatewayListener{ + Name: "egress-https", + Protocol: "TLS", + } + for _, rule := range policy.GetAllow() { + routes, err := routesForEgressRule(ctx, secrets, defaultNamespace, tlsDir, rule) + if err != nil { + return nil, err + } + for _, route := range routes { + if rule.GetTls().GetMode() == "Intercept" { + httpsListener.Protocol = "HTTPS" + if httpsListener.TLS == nil { + tls, err := frontendTLSForInterceptRule(ctx, secrets, defaultNamespace, tlsDir, rule) + if err != nil { + return nil, err + } + httpsListener.TLS = tls + } + httpsListener.Routes = append([]localAgentgatewayRoute{route}, httpsListener.Routes...) + continue + } + if egressRuleRequiresBackendTLS(rule) { + continue + } + cfg.Binds[0].Listeners[0].Routes = append([]localAgentgatewayRoute{route}, cfg.Binds[0].Listeners[0].Routes...) + } + if httpsListener.Protocol == "TLS" && egressRuleHasTransparentTLSRoute(rule) { + httpsListener.TCPRoutes = append(httpsListener.TCPRoutes, tcpRoutesForEgressRule(rule)...) + } + } + if httpsListener.TLS != nil || len(httpsListener.TCPRoutes) > 0 { + if httpsListener.TLS != nil && len(httpsListener.Routes) == 0 { + httpsListener.Routes = []localAgentgatewayRoute{denyEgressRoute()} + } + cfg.Binds = append(cfg.Binds, localAgentgatewayBind{ + Port: HTTPSPort, + Listeners: []localAgentgatewayListener{httpsListener}, + }) + } + + out, err := yaml.Marshal(cfg) + if err != nil { + return nil, fmt.Errorf("while rendering egress agentgateway config: %w", err) + } + return append([]byte("# yaml-language-server: $schema=https://agentgateway.dev/schema/config\n"), out...), nil +} + +func routesForEgressRule(ctx context.Context, secrets secretResolver, defaultNamespace, _ string, rule *egresspb.EgressPolicyRule) ([]localAgentgatewayRoute, error) { + var routes []localAgentgatewayRoute + for _, dest := range rule.GetTo() { + host := dest.GetHost() + if host == "" { + continue + } + for _, port := range effectiveEgressPorts(rule) { + if !isTCPEgressPort(port) || egressPortUsesTLSPassthrough(rule, port) { + continue + } + backend := localAgentgatewayRouteBackend{Host: fmt.Sprintf("%s:%d", host, effectiveEgressPort(port))} + if egressRuleRequiresBackendTLS(rule) { + backend.Policies = &localAgentgatewayBackendPolicies{BackendTLS: backendTLSForEgressRule(rule, host)} + } + // TODO: Extend route rendering here if the egress API grows L7 + // policy fields such as path matches, rate limits, or header + // handling. The current policy intentionally stays at + // host/port/default-action enforcement. + route := localAgentgatewayRoute{ + Name: localRouteName(host, port), + Matches: egressAuthorityMatches(host, effectiveEgressPort(port)), + Backends: []localAgentgatewayRouteBackend{backend}, + } + headers, err := egressInjectedHeaders(ctx, secrets, defaultNamespace, rule.GetCredentials()) + if err != nil { + return nil, err + } + if len(headers) > 0 { + route.Policies = &localAgentgatewayRoutePolicy{ + RequestHeaderModifier: &localAgentgatewayHeaderModifier{Set: headers}, + } + } + routes = append(routes, route) + } + } + return routes, nil +} + +func tcpRoutesForEgressRule(rule *egresspb.EgressPolicyRule) []localAgentgatewayTCPRoute { + var routes []localAgentgatewayTCPRoute + for _, dest := range rule.GetTo() { + host := dest.GetHost() + if host == "" { + continue + } + for _, port := range effectiveEgressPorts(rule) { + if !egressPortUsesTLSPassthrough(rule, port) { + continue + } + routes = append(routes, localAgentgatewayTCPRoute{ + Name: localRouteName(host, port), + Hostnames: []string{host}, + Backends: []localAgentgatewayRouteBackend{{ + Host: fmt.Sprintf("%s:%d", host, effectiveEgressPort(port)), + }}, + }) + } + } + return routes +} + +func egressAuthorityMatches(host string, port uint32) []localAgentgatewayMatch { + matches := []localAgentgatewayMatch{ + {Headers: []localAgentgatewayHeaderMatch{{ + Name: ":authority", + Value: localAgentgatewayStringMatchValue{Exact: host}, + }}}, + } + hostWithPort := fmt.Sprintf("%s:%d", host, port) + if hostWithPort != host { + matches = append(matches, localAgentgatewayMatch{Headers: []localAgentgatewayHeaderMatch{{ + Name: ":authority", + Value: localAgentgatewayStringMatchValue{Exact: hostWithPort}, + }}}) + } + return matches +} + +func egressInjectedHeaders(ctx context.Context, secrets secretResolver, defaultNamespace string, policy *egresspb.EgressCredentialPolicy) (map[string]string, error) { + if policy == nil || len(policy.GetInject()) == 0 { + return nil, nil + } + if secrets == nil { + return nil, fmt.Errorf("egress credential injection requires Kubernetes secret access") + } + headers := map[string]string{} + for _, injection := range policy.GetInject() { + header := strings.TrimSpace(injection.GetHeader()) + if header == "" { + return nil, fmt.Errorf("egress credential injection header is required") + } + ref := injection.GetValueFrom().GetSecretKeyRef() + if ref == nil { + return nil, fmt.Errorf("egress credential injection for header %q requires valueFrom.secretKeyRef", header) + } + value, err := secrets.SecretValue(ctx, defaultNamespace, ref.GetName(), ref.GetKey()) + if err != nil { + return nil, err + } + headers[header] = value + } + return headers, nil +} + +func backendTLSForEgressRule(rule *egresspb.EgressPolicyRule, host string) map[string]any { + backendTLS := map[string]any{ + "hostname": host, + } + if rule.GetTls().GetMode() == "Intercept" && !rule.GetTls().GetIntercept().GetValidateUpstream() { + backendTLS["insecure"] = true + } + return backendTLS +} + +func frontendTLSForInterceptRule(ctx context.Context, secrets secretResolver, defaultNamespace, tlsDir string, rule *egresspb.EgressPolicyRule) (*localAgentgatewayFrontendTLS, error) { + if secrets == nil { + return nil, fmt.Errorf("egress TLS intercept requires Kubernetes secret access") + } + ref := rule.GetTls().GetIntercept().GetIssuerSecretRef() + if ref == nil { + return nil, fmt.Errorf("egress TLS intercept requires tls.intercept.issuerSecretRef") + } + namespace := ref.GetNamespace() + if namespace == "" { + namespace = defaultNamespace + } + cert, key, err := secrets.TLSSecret(ctx, namespace, ref.GetName()) + if err != nil { + return nil, err + } + certPath := filepath.Join(tlsDir, "intercept-ca.crt") + keyPath := filepath.Join(tlsDir, "intercept-ca.key") + if err := os.WriteFile(certPath, cert, 0o600); err != nil { + return nil, fmt.Errorf("while writing egress intercept CA cert: %w", err) + } + if err := os.WriteFile(keyPath, key, 0o600); err != nil { + return nil, fmt.Errorf("while writing egress intercept CA key: %w", err) + } + return &localAgentgatewayFrontendTLS{Mode: "dynamicCa", Cert: certPath, Key: keyPath}, nil +} + +func denyEgressRoute() localAgentgatewayRoute { + return localAgentgatewayRoute{ + Name: "default-deny", + Policies: &localAgentgatewayRoutePolicy{ + DirectResponse: &localAgentgatewayDirectResponse{ + Status: 403, + Body: "egress denied", + }, + }, + } +} + +func egressRuleRequiresBackendTLS(rule *egresspb.EgressPolicyRule) bool { + tls := rule.GetTls() + return tls.GetRequired() || tls.GetMode() == "Require" || tls.GetMode() == "Originate" || tls.GetMode() == "Intercept" +} + +func egressPortUsesTLSPassthrough(rule *egresspb.EgressPolicyRule, port *egresspb.EgressPort) bool { + if !isTCPEgressPort(port) || effectiveEgressPort(port) != 443 { + return false + } + return rule.GetTls().GetMode() != "Intercept" +} + +func effectiveEgressPorts(rule *egresspb.EgressPolicyRule) []*egresspb.EgressPort { + ports := rule.GetPorts() + if len(ports) == 0 { + return []*egresspb.EgressPort{{Port: 443, Protocol: "TCP"}} + } + return ports +} + +func isTCPEgressPort(port *egresspb.EgressPort) bool { + return port.GetProtocol() == "" || strings.EqualFold(port.GetProtocol(), "TCP") +} + +func effectiveEgressPort(port *egresspb.EgressPort) uint32 { + if port.GetPort() == 0 { + return 443 + } + return port.GetPort() +} + +func localRouteName(host string, port *egresspb.EgressPort) string { + base := host + base = strings.NewReplacer(".", "-", "_", "-", ":", "-").Replace(base) + return fmt.Sprintf("allow-%s-%d", base, effectiveEgressPort(port)) +} + +type kubernetesEgressSecretResolver struct { + client kubernetes.Interface +} + +func newKubernetesEgressSecretResolver() (*kubernetesEgressSecretResolver, error) { + cfg, err := rest.InClusterConfig() + if err != nil { + return nil, err + } + client, err := kubernetes.NewForConfig(cfg) + if err != nil { + return nil, err + } + return &kubernetesEgressSecretResolver{client: client}, nil +} + +func (r *kubernetesEgressSecretResolver) SecretValue(ctx context.Context, defaultNamespace, name, key string) (string, error) { + if name == "" || key == "" { + return "", fmt.Errorf("egress credential secret name and key are required") + } + secret, err := r.client.CoreV1().Secrets(defaultNamespace).Get(ctx, name, metav1.GetOptions{}) + if err != nil { + return "", secretGetError(defaultNamespace, name, err) + } + value, ok := secret.Data[key] + if !ok { + return "", fmt.Errorf("secret %s/%s does not contain key %q", defaultNamespace, name, key) + } + return string(value), nil +} + +func (r *kubernetesEgressSecretResolver) TLSSecret(ctx context.Context, namespace, name string) ([]byte, []byte, error) { + if namespace == "" { + return nil, nil, fmt.Errorf("egress TLS intercept secret namespace is required") + } + if name == "" { + return nil, nil, fmt.Errorf("egress TLS intercept secret name is required") + } + secret, err := r.client.CoreV1().Secrets(namespace).Get(ctx, name, metav1.GetOptions{}) + if err != nil { + return nil, nil, secretGetError(namespace, name, err) + } + cert := secret.Data[corev1.TLSCertKey] + key := secret.Data[corev1.TLSPrivateKeyKey] + if len(cert) == 0 || len(key) == 0 { + return nil, nil, fmt.Errorf("secret %s/%s must contain %q and %q for egress TLS intercept", namespace, name, corev1.TLSCertKey, corev1.TLSPrivateKeyKey) + } + return cert, key, nil +} + +func secretGetError(namespace, name string, err error) error { + if apierrors.IsForbidden(err) { + return fmt.Errorf("ateom service account cannot read secret %s/%s for egress agentgateway config: %w", namespace, name, err) + } + return fmt.Errorf("while reading secret %s/%s for egress agentgateway config: %w", namespace, name, err) +} diff --git a/cmd/ateom-gvisor/egress/agentgateway/agentgateway_test.go b/cmd/ateom-gvisor/egress/agentgateway/agentgateway_test.go new file mode 100644 index 000000000..b42b08269 --- /dev/null +++ b/cmd/ateom-gvisor/egress/agentgateway/agentgateway_test.go @@ -0,0 +1,264 @@ +//go:build linux + +// Copyright 2026 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package agentgateway + +import ( + "context" + "strings" + "testing" + + "github.com/agent-substrate/substrate/internal/proto/egresspb" +) + +func TestRenderEgressAgentgatewayConfigAddsHTTPRouteAndHeaders(t *testing.T) { + secrets := fakeEgressSecretResolver{ + values: map[string]string{ + "dev-agents/openai-token/token": "Bearer test-token", + }, + } + policy := egressPolicyForTest() + policy.Allow[0].Ports[0].Port = 80 + policy.Allow[0].Tls = nil + cfg, err := renderEgressAgentgatewayConfig(context.Background(), secrets, "dev-agents", t.TempDir(), policy) + if err != nil { + t.Fatalf("renderEgressAgentgatewayConfig() error = %v", err) + } + got := string(cfg) + for _, want := range []string{ + "port: 15001", + "name: allow-api-openai-com-80", + "name: ':authority'", + "exact: api.openai.com", + "exact: api.openai.com:80", + "host: api.openai.com:80", + "Authorization: Bearer test-token", + "directResponse:", + "status: 403", + } { + if !strings.Contains(got, want) { + t.Fatalf("rendered config missing %q:\n%s", want, got) + } + } +} + +func TestRenderEgressAgentgatewayConfigDoesNotAddTLSRulesToHTTPListener(t *testing.T) { + policy := egressPolicyForTest() + policy.Allow[0].Credentials = nil + cfg, err := renderEgressAgentgatewayConfig(context.Background(), nil, "dev-agents", t.TempDir(), policy) + if err != nil { + t.Fatalf("renderEgressAgentgatewayConfig() error = %v", err) + } + got := string(cfg) + for _, notWant := range []string{ + "backendTLS: {}", + } { + if strings.Contains(got, notWant) { + t.Fatalf("rendered HTTP listener config should not contain TLS route %q:\n%s", notWant, got) + } + } +} + +func TestRenderEgressAgentgatewayConfigAddsTLSPassthroughTCPRoute(t *testing.T) { + policy := egressPolicyForTest() + policy.Allow[0].Credentials = nil + cfg, err := renderEgressAgentgatewayConfig(context.Background(), nil, "dev-agents", t.TempDir(), policy) + if err != nil { + t.Fatalf("renderEgressAgentgatewayConfig() error = %v", err) + } + got := string(cfg) + for _, want := range []string{ + "port: 15002", + "protocol: TLS", + "tcpRoutes:", + "name: allow-api-openai-com-443", + "hostnames:", + "- api.openai.com", + "host: api.openai.com:443", + } { + if !strings.Contains(got, want) { + t.Fatalf("rendered config missing %q:\n%s", want, got) + } + } +} + +func TestRenderEgressAgentgatewayConfigDefaultsPort443ToTLSPassthrough(t *testing.T) { + policy := &egresspb.EgressPolicy{ + DefaultAction: "Deny", + Allow: []*egresspb.EgressPolicyRule{{ + To: []*egresspb.EgressPolicyDestination{ + {Host: "example.com"}, + }, + Ports: []*egresspb.EgressPort{ + {Port: 80, Protocol: "TCP"}, + {Port: 443, Protocol: "TCP"}, + }, + }}, + } + cfg, err := renderEgressAgentgatewayConfig(context.Background(), nil, "dev-agents", t.TempDir(), policy) + if err != nil { + t.Fatalf("renderEgressAgentgatewayConfig() error = %v", err) + } + got := string(cfg) + for _, want := range []string{ + "port: 15001", + "name: allow-example-com-80", + "host: example.com:80", + "port: 15002", + "protocol: TLS", + "name: allow-example-com-443", + "hostnames:", + "- example.com", + "host: example.com:443", + } { + if !strings.Contains(got, want) { + t.Fatalf("rendered config missing %q:\n%s", want, got) + } + } +} + +func TestRenderEgressAgentgatewayConfigAddsInterceptHTTPSBind(t *testing.T) { + secrets := fakeEgressSecretResolver{ + values: map[string]string{ + "dev-agents/openai-token/token": "Bearer test-token", + }, + certs: map[string]fakeTLSSecret{ + "dev-agents/egress-ca": { + cert: []byte("cert"), + key: []byte("key"), + }, + }, + } + policy := egressPolicyForTest() + policy.Allow[0].Tls.Mode = "Intercept" + policy.Allow[0].Tls.Intercept = &egresspb.EgressTLSInterceptPolicy{ + IssuerSecretRef: &egresspb.SecretReference{ + Name: "egress-ca", + Namespace: "dev-agents", + }, + ValidateUpstream: true, + } + cfg, err := renderEgressAgentgatewayConfig(context.Background(), secrets, "dev-agents", t.TempDir(), policy) + if err != nil { + t.Fatalf("renderEgressAgentgatewayConfig() error = %v", err) + } + got := string(cfg) + for _, want := range []string{ + "port: 15002", + "protocol: HTTPS", + "tls:", + "mode: dynamicCa", + "cert:", + "intercept-ca.crt", + "key:", + "intercept-ca.key", + "host: api.openai.com:443", + "backendTLS:", + "hostname: api.openai.com", + "requestHeaderModifier:", + "Authorization: Bearer test-token", + } { + if !strings.Contains(got, want) { + t.Fatalf("rendered config missing %q:\n%s", want, got) + } + } +} + +func TestRenderEgressAgentgatewayConfigCanDisableInterceptUpstreamValidation(t *testing.T) { + secrets := fakeEgressSecretResolver{ + certs: map[string]fakeTLSSecret{ + "dev-agents/egress-ca": { + cert: []byte("cert"), + key: []byte("key"), + }, + }, + } + policy := egressPolicyForTest() + policy.Allow[0].Tls.Mode = "Intercept" + policy.Allow[0].Tls.Intercept = &egresspb.EgressTLSInterceptPolicy{ + IssuerSecretRef: &egresspb.SecretReference{ + Name: "egress-ca", + Namespace: "dev-agents", + }, + ValidateUpstream: false, + } + cfg, err := renderEgressAgentgatewayConfig(context.Background(), secrets, "dev-agents", t.TempDir(), policy) + if err != nil { + t.Fatalf("renderEgressAgentgatewayConfig() error = %v", err) + } + got := string(cfg) + for _, want := range []string{ + "mode: dynamicCa", + "backendTLS:", + "insecure: true", + } { + if !strings.Contains(got, want) { + t.Fatalf("rendered config missing %q:\n%s", want, got) + } + } +} + +func egressPolicyForTest() *egresspb.EgressPolicy { + return &egresspb.EgressPolicy{ + DefaultAction: "Deny", + Allow: []*egresspb.EgressPolicyRule{ + { + To: []*egresspb.EgressPolicyDestination{ + {Host: "api.openai.com"}, + }, + Ports: []*egresspb.EgressPort{ + {Port: 443, Protocol: "TCP"}, + }, + Tls: &egresspb.EgressTLSPolicy{ + Mode: "Require", + Required: true, + }, + Credentials: &egresspb.EgressCredentialPolicy{ + Inject: []*egresspb.EgressCredentialInjection{ + { + Header: "Authorization", + ValueFrom: &egresspb.EgressCredentialValueFrom{ + SecretKeyRef: &egresspb.SecretKeySelector{ + Name: "openai-token", + Key: "token", + }, + }, + }, + }, + }, + }, + }, + } +} + +type fakeEgressSecretResolver struct { + values map[string]string + certs map[string]fakeTLSSecret +} + +type fakeTLSSecret struct { + cert []byte + key []byte +} + +func (r fakeEgressSecretResolver) SecretValue(_ context.Context, namespace, name, key string) (string, error) { + return r.values[namespace+"/"+name+"/"+key], nil +} + +func (r fakeEgressSecretResolver) TLSSecret(_ context.Context, namespace, name string) ([]byte, []byte, error) { + secret := r.certs[namespace+"/"+name] + return secret.cert, secret.key, nil +} diff --git a/cmd/ateom-gvisor/egress/egress.go b/cmd/ateom-gvisor/egress/egress.go new file mode 100644 index 000000000..72bcd9005 --- /dev/null +++ b/cmd/ateom-gvisor/egress/egress.go @@ -0,0 +1,48 @@ +//go:build linux + +// Copyright 2026 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package egress + +import ( + "context" + + "github.com/agent-substrate/substrate/internal/proto/egresspb" +) + +// CapturePorts identifies the local listener ports used for transparent actor +// egress capture in the worker pod network namespace. +type CapturePorts struct { + HTTP uint16 + HTTPS uint16 +} + +// Gateway is a local egress gateway process that enforces an ActorTemplate +// egress policy for the currently active actor. +type Gateway interface { + ApplyPolicy(ctx context.Context, defaultNamespace string, policy *egresspb.EgressPolicy) error + Stop(ctx context.Context) +} + +// Provider owns proxy-specific policy support decisions and gateway creation. +// Implementations can render different local proxy configs, such as +// AgentGateway or Envoy, without leaking those details into ateom service +// lifecycle and network setup code. +type Provider interface { + Name() string + CapturePorts() CapturePorts + NeedsGateway(policy *egresspb.EgressPolicy) bool + NewGateway(ctx context.Context) (Gateway, error) +} diff --git a/cmd/ateom-gvisor/main.go b/cmd/ateom-gvisor/main.go index 365447fca..d63a28426 100644 --- a/cmd/ateom-gvisor/main.go +++ b/cmd/ateom-gvisor/main.go @@ -27,11 +27,14 @@ import ( "sync" "cloud.google.com/go/compute/metadata" + "github.com/agent-substrate/substrate/cmd/ateom-gvisor/egress" + agw "github.com/agent-substrate/substrate/cmd/ateom-gvisor/egress/agentgateway" "github.com/agent-substrate/substrate/cmd/ateom-gvisor/internal/ateom" "github.com/agent-substrate/substrate/internal/ateinterceptors" "github.com/agent-substrate/substrate/internal/ateompath" "github.com/agent-substrate/substrate/internal/contextlogging" "github.com/agent-substrate/substrate/internal/proto/ateompb" + "github.com/agent-substrate/substrate/internal/proto/egresspb" "github.com/agent-substrate/substrate/internal/serverboot" "github.com/agent-substrate/substrate/internal/version" "github.com/google/nftables" @@ -49,7 +52,8 @@ import ( ) var ( - podUID = pflag.String("pod-uid", "", "The UID of the current pod") + podUID = pflag.String("pod-uid", "", "The UID of the current pod") + egressAgentgatewayBinary = pflag.String("egress-agentgateway-binary", "/app/agentgateway", "Path to the agentgateway binary used for local egress policy enforcement.") showVersion = pflag.Bool("version", false, "Print version and exit.") @@ -135,7 +139,12 @@ func do(ctx context.Context) error { } actorLogger := ateom.NewActorLogger(syncedWriter, metadata.OnGCE()) - ateomService := NewService(interiorNetNS, actorLogger) + ateomService := NewService(interiorNetNS, actorLogger, agw.Provider{ + BinaryPath: *egressAgentgatewayBinary, + PodUID: *podUID, + ReapLock: &reapLock, + }) + defer ateomService.Stop(ctx) svr := grpc.NewServer( grpc.StatsHandler(otelgrpc.NewServerHandler()), @@ -162,19 +171,29 @@ type AteomService struct { interiorNetNS netns.NsHandle actorLogger *ateom.ActorLogger + + egressProvider egress.Provider + egressGateway egress.Gateway } var _ ateompb.AteomServer = (*AteomService)(nil) // NewService creates a new AteomService. -func NewService(interiorNetNS netns.NsHandle, actorLogger *ateom.ActorLogger) *AteomService { +func NewService(interiorNetNS netns.NsHandle, actorLogger *ateom.ActorLogger, egressProvider egress.Provider) *AteomService { svc := &AteomService{ - interiorNetNS: interiorNetNS, - actorLogger: actorLogger, + interiorNetNS: interiorNetNS, + actorLogger: actorLogger, + egressProvider: egressProvider, } return svc } +func (s *AteomService) Stop(ctx context.Context) { + if s.egressGateway != nil { + s.egressGateway.Stop(ctx) + } +} + func (s *AteomService) RunWorkload(ctx context.Context, req *ateompb.RunWorkloadRequest) (resp *ateompb.RunWorkloadResponse, retErr error) { s.lock.Lock() defer s.lock.Unlock() @@ -186,7 +205,11 @@ func (s *AteomService) RunWorkload(ctx context.Context, req *ateompb.RunWorkload // * Correct runsc version is downloaded and placed on disk. // * All OCI bundles are set up, including for "pause" container. - if err := s.setupActorNetwork(ctx); err != nil { + policy := req.GetSpec().GetEgressPolicy() + if err := s.applyEgressPolicy(ctx, req.GetActorTemplateNamespace(), policy); err != nil { + return nil, err + } + if err := s.setupActorNetwork(ctx, policy); err != nil { return nil, fmt.Errorf("while setting up actor network: %w", err) } defer func() { @@ -272,6 +295,9 @@ func (s *AteomService) CheckpointWorkload(ctx context.Context, req *ateompb.Chec } s.cleanupActorNetworkOrExit(ctx, "Failed to clean up actor network after checkpoint") + if err := s.applyEgressPolicy(ctx, req.GetActorTemplateNamespace(), nil); err != nil { + return nil, err + } s.actorLogger.EmitLifecycleLog("Actor checkpointed", req.GetActorId(), req.GetActorTemplateName(), req.GetActorTemplateNamespace()) @@ -316,7 +342,11 @@ func (s *AteomService) RestoreWorkload(ctx context.Context, req *ateompb.Restore // * All OCI bundles are set up, including for "pause" container. // * Checkpoint downloaded and placed on disk - if err := s.setupActorNetwork(ctx); err != nil { + policy := req.GetSpec().GetEgressPolicy() + if err := s.applyEgressPolicy(ctx, req.GetActorTemplateNamespace(), policy); err != nil { + return nil, err + } + if err := s.setupActorNetwork(ctx, policy); err != nil { return nil, fmt.Errorf("while setting up actor network: %w", err) } defer func() { @@ -363,7 +393,27 @@ func (s *AteomService) RestoreWorkload(ctx context.Context, req *ateompb.Restore return &ateompb.RestoreWorkloadResponse{}, nil } -func (s *AteomService) setupActorNetwork(ctx context.Context) (retErr error) { +func (s *AteomService) applyEgressPolicy(ctx context.Context, defaultNamespace string, policy *egresspb.EgressPolicy) error { + if s.egressProvider == nil { + return nil + } + if s.egressProvider.NeedsGateway(policy) && s.egressGateway == nil { + egressGateway, err := s.egressProvider.NewGateway(ctx) + if err != nil { + return fmt.Errorf("while initializing %s egress gateway: %w", s.egressProvider.Name(), err) + } + s.egressGateway = egressGateway + } + if s.egressGateway == nil { + return nil + } + if err := s.egressGateway.ApplyPolicy(ctx, defaultNamespace, policy); err != nil { + return fmt.Errorf("while configuring %s egress gateway: %w", s.egressProvider.Name(), err) + } + return nil +} + +func (s *AteomService) setupActorNetwork(ctx context.Context, egressPolicy *egresspb.EgressPolicy) (retErr error) { // Build a fresh point-to-point network between the worker pod netns and the // gVisor interior netns. The worker side keeps the pod's real eth0, creates // ateom0 as the gateway, and moves only the veth peer into the actor netns. @@ -431,7 +481,8 @@ func (s *AteomService) setupActorNetwork(ctx context.Context) (retErr error) { if err := enableIPv4Forwarding(); err != nil { return err } - if err := installActorNftablesRules(podIP); err != nil { + routeEgressToGateway := s.egressProvider != nil && s.egressProvider.NeedsGateway(egressPolicy) + if err := installActorNftablesRules(podIP, routeEgressToGateway, s.egressCapturePorts()); err != nil { return err } @@ -447,6 +498,13 @@ func (s *AteomService) setupActorNetwork(ctx context.Context) (retErr error) { return nil } +func (s *AteomService) egressCapturePorts() egress.CapturePorts { + if s.egressProvider == nil { + return egress.CapturePorts{} + } + return s.egressProvider.CapturePorts() +} + func configureActorVeth(ctx context.Context) error { // Run inside the gVisor interior netns after setupActorNetwork moves the // veth peer there. gVisor reads link names, addresses, and routes from this @@ -596,7 +654,7 @@ func enableIPv4Forwarding() error { return nil } -func installActorNftablesRules(podIP net.IP) error { +func installActorNftablesRules(podIP net.IP, routeEgressToGateway bool, capturePorts egress.CapturePorts) error { // Install a dedicated nftables table for the active actor. Keeping all // rules in an ateom-owned table makes cleanup simple and avoids mutating // Kubernetes or CNI-managed chains directly. @@ -605,7 +663,8 @@ func installActorNftablesRules(podIP net.IP) error { // networking supports dual-stack pods. The current compatibility path is // IPv4-only. // - // The temporary compatibility rules do three things: + // The temporary compatibility rules do three things when local egress + // gateway enforcement is not enabled: // // * postrouting: masquerade actor egress from 169.254.17.2 behind the worker // pod IP so replies route back to the pod. @@ -613,9 +672,16 @@ func installActorNftablesRules(podIP net.IP) error { // actor veth IP on TCP/80, preserving existing inbound behavior. // * forward: accept forwarded packets between the actor veth and pod eth0. // - // This is not the final egress policy path. The later AgentGateway phase - // should replace the broad masquerade path with transparent TCP capture and - // default-deny rules. + // When local egress gateway enforcement is enabled, actor HTTP/HTTPS egress + // is transparently redirected to the gateway's local listener ports in this + // worker netns. In that mode, the gateway opens upstream connections from the + // worker pod netns using the pod IP, so ateom does not masquerade actor + // egress. The forward chain only permits inbound actor traffic and replies. + // + // TODO: If AgentGateway exposes SO_MARK configuration for its upstream + // sockets, use that mark to make the AGW-owned OUTPUT traffic explicit in + // nftables policy instead of relying solely on local redirect plus FORWARD + // isolation. if err := removeActorNftablesRules(); err != nil { return err } @@ -634,6 +700,12 @@ func installActorNftablesRules(podIP net.IP) error { Hooknum: nftables.ChainHookPrerouting, Priority: nftables.ChainPriorityNATDest, }) + if routeEgressToGateway { + if capturePorts.HTTP == 0 || capturePorts.HTTPS == 0 { + return fmt.Errorf("local egress gateway capture ports must be set") + } + addTransparentHTTPEgressRedirect(c, table, prerouting, capturePorts) + } // TODO: Support inbound UDP DNAT for actors that expose UDP protocols such // as QUIC. // TODO: Replace the hard-coded HTTP port with the actor's configured @@ -661,35 +733,52 @@ func installActorNftablesRules(podIP net.IP) error { Exprs: preroutingExprs, }) - postrouting := c.AddChain(&nftables.Chain{ - Name: "postrouting", - Table: table, - Type: nftables.ChainTypeNAT, - Hooknum: nftables.ChainHookPostrouting, - Priority: nftables.ChainPriorityNATSource, - }) - c.AddRule(&nftables.Rule{ - Table: table, - Chain: postrouting, - Exprs: append(ipSourceEqual(actorVethIP), &expr.Masq{}), - }) - acceptPolicy := nftables.ChainPolicyAccept + forwardPolicy := &acceptPolicy + if routeEgressToGateway { + dropPolicy := nftables.ChainPolicyDrop + forwardPolicy = &dropPolicy + postrouting := c.AddChain(&nftables.Chain{ + Name: "postrouting", + Table: table, + Type: nftables.ChainTypeNAT, + Hooknum: nftables.ChainHookPostrouting, + Priority: nftables.ChainPriorityNATSource, + }) + addEgressGatewayDNSMasquerade(c, table, postrouting) + } else { + postrouting := c.AddChain(&nftables.Chain{ + Name: "postrouting", + Table: table, + Type: nftables.ChainTypeNAT, + Hooknum: nftables.ChainHookPostrouting, + Priority: nftables.ChainPriorityNATSource, + }) + c.AddRule(&nftables.Rule{ + Table: table, + Chain: postrouting, + Exprs: append(ipSourceEqual(actorVethIP), &expr.Masq{}), + }) + } forward := c.AddChain(&nftables.Chain{ Name: "forward", Table: table, Type: nftables.ChainTypeFilter, Hooknum: nftables.ChainHookForward, Priority: nftables.ChainPriorityFilter, - Policy: &acceptPolicy, - }) - c.AddRule(&nftables.Rule{ - Table: table, - Chain: forward, - Exprs: []expr.Any{ - &expr.Verdict{Kind: expr.VerdictAccept}, - }, + Policy: forwardPolicy, }) + if routeEgressToGateway { + addEgressGatewayForwardRules(c, table, forward) + } else { + c.AddRule(&nftables.Rule{ + Table: table, + Chain: forward, + Exprs: []expr.Any{ + &expr.Verdict{Kind: expr.VerdictAccept}, + }, + }) + } if err := c.Flush(); err != nil { return fmt.Errorf("while installing actor nftables rules: %w", err) @@ -719,6 +808,66 @@ func removeActorNftablesRules() error { return nil } +func addEgressGatewayForwardRules(c *nftables.Conn, table *nftables.Table, forward *nftables.Chain) { + c.AddRule(&nftables.Rule{ + Table: table, + Chain: forward, + Exprs: append(establishedOrRelated(), &expr.Verdict{Kind: expr.VerdictAccept}), + }) + + addEgressGatewayDNSForwardRules(c, table, forward) + + inboundExprs := append(ipDestinationEqual(actorVethIP), tcpDestinationPortEqual(80)...) + inboundExprs = append(inboundExprs, &expr.Verdict{Kind: expr.VerdictAccept}) + c.AddRule(&nftables.Rule{ + Table: table, + Chain: forward, + Exprs: inboundExprs, + }) +} + +func addEgressGatewayDNSForwardRules(c *nftables.Conn, table *nftables.Table, forward *nftables.Chain) { + for _, protocol := range []string{"UDP", "TCP"} { + exprs := append(ipSourceEqual(actorVethIP), destinationPortEqual(protocol, 53)...) + exprs = append(exprs, &expr.Verdict{Kind: expr.VerdictAccept}) + c.AddRule(&nftables.Rule{ + Table: table, + Chain: forward, + Exprs: exprs, + }) + } +} + +func addEgressGatewayDNSMasquerade(c *nftables.Conn, table *nftables.Table, postrouting *nftables.Chain) { + for _, protocol := range []string{"UDP", "TCP"} { + exprs := append(ipSourceEqual(actorVethIP), destinationPortEqual(protocol, 53)...) + exprs = append(exprs, &expr.Masq{}) + c.AddRule(&nftables.Rule{ + Table: table, + Chain: postrouting, + Exprs: exprs, + }) + } +} + +func establishedOrRelated() []expr.Any { + return []expr.Any{ + &expr.Ct{Register: 1, Key: expr.CtKeySTATE}, + &expr.Bitwise{ + SourceRegister: 1, + DestRegister: 1, + Len: 4, + Mask: binaryutil.NativeEndian.PutUint32(expr.CtStateBitESTABLISHED | expr.CtStateBitRELATED), + Xor: binaryutil.NativeEndian.PutUint32(0), + }, + &expr.Cmp{ + Op: expr.CmpOpNeq, + Register: 1, + Data: binaryutil.NativeEndian.PutUint32(0), + }, + } +} + func ipSourceEqual(ip string) []expr.Any { return ipPayloadEqual(12, ip) } @@ -744,12 +893,43 @@ func ipPayloadEqual(offset uint32, ip string) []expr.Any { } func tcpDestinationPortEqual(port uint16) []expr.Any { + return destinationPortEqual("TCP", port) +} + +func addTransparentHTTPEgressRedirect(c *nftables.Conn, table *nftables.Table, prerouting *nftables.Chain, capturePorts egress.CapturePorts) { + addTransparentEgressRedirect(c, table, prerouting, 80, capturePorts.HTTP) + addTransparentEgressRedirect(c, table, prerouting, 443, capturePorts.HTTPS) +} + +func addTransparentEgressRedirect(c *nftables.Conn, table *nftables.Table, prerouting *nftables.Chain, originalPort uint16, proxyPort uint16) { + exprs := append(ipSourceEqual(actorVethIP), tcpDestinationPortEqual(originalPort)...) + exprs = append(exprs, + &expr.Immediate{ + Register: 2, + Data: binaryutil.BigEndian.PutUint16(proxyPort), + }, + &expr.Redir{ + RegisterProtoMin: 2, + }, + ) + c.AddRule(&nftables.Rule{ + Table: table, + Chain: prerouting, + Exprs: exprs, + }) +} + +func destinationPortEqual(protocol string, port uint16) []expr.Any { + proto := byte(unix.IPPROTO_TCP) + if protocol == "UDP" { + proto = unix.IPPROTO_UDP + } return []expr.Any{ &expr.Meta{Key: expr.MetaKeyL4PROTO, Register: 1}, &expr.Cmp{ Op: expr.CmpOpEq, Register: 1, - Data: []byte{unix.IPPROTO_TCP}, + Data: []byte{proto}, }, &expr.Payload{ DestRegister: 1, diff --git a/demos/counter/counter.go b/demos/counter/counter.go index 6b99d5db2..740d824f0 100644 --- a/demos/counter/counter.go +++ b/demos/counter/counter.go @@ -20,6 +20,8 @@ import ( "context" "crypto/rand" "crypto/sha256" + "crypto/tls" + "crypto/x509" "encoding/base64" "fmt" "io" @@ -42,6 +44,7 @@ func main() { slog.SetDefault(slog.New(slog.NewJSONHandler(os.Stdout, nil))) defaultMux := http.NewServeMux() + defaultMux.HandleFunc("/egress", handleEgress) defaultMux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { ctx := r.Context() count := atomic.AddUint64(&requestCount, 1) @@ -94,6 +97,59 @@ func writeRandomFile() error { return nil } +func handleEgress(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + targetURL := r.URL.Query().Get("url") + if targetURL == "" { + targetURL = "http://example.com/" + } + + req, err := http.NewRequestWithContext(ctx, http.MethodGet, targetURL, nil) + if err != nil { + http.Error(w, err.Error(), http.StatusBadRequest) + return + } + + transport := http.DefaultTransport.(*http.Transport).Clone() + transport.Proxy = nil + if caPEM := os.Getenv("EGRESS_CA_CERT_PEM"); caPEM != "" { + roots, err := x509.SystemCertPool() + if err != nil { + http.Error(w, err.Error(), http.StatusBadGateway) + return + } + if roots == nil { + roots = x509.NewCertPool() + } + if !roots.AppendCertsFromPEM([]byte(caPEM)) { + http.Error(w, "EGRESS_CA_CERT_PEM does not contain a valid PEM certificate", http.StatusBadGateway) + return + } + transport.TLSClientConfig = &tls.Config{ + RootCAs: roots, + } + } + client := &http.Client{Transport: transport} + + resp, err := client.Do(req) + if err != nil { + slog.ErrorContext(ctx, "Egress request failed", slog.String("url", targetURL), slog.Any("err", err)) + http.Error(w, err.Error(), http.StatusBadGateway) + return + } + defer resp.Body.Close() + + body, err := io.ReadAll(io.LimitReader(resp.Body, 512)) + if err != nil { + http.Error(w, err.Error(), http.StatusBadGateway) + return + } + + slog.InfoContext(ctx, "Egress request completed", slog.String("url", targetURL), slog.Int("status", resp.StatusCode)) + w.WriteHeader(http.StatusOK) + fmt.Fprintf(w, "egress url: %s\nstatus: %d\nbody_prefix:\n%s\n", targetURL, resp.StatusCode, string(body)) +} + func hashRandomFile() string { rfBytes, err := os.ReadFile("/random-content-file") if err != nil { diff --git a/docs/dev/agentgateway-egress.md b/docs/dev/agentgateway-egress.md new file mode 100644 index 000000000..095d7dc4f --- /dev/null +++ b/docs/dev/agentgateway-egress.md @@ -0,0 +1,360 @@ +# agentgateway Egress + +This guide covers the local development path for running Substrate with +agentgateway bundled into the `ateom-gvisor` image for actor egress. + +## Setup + +1. Install Substrate with agentgateway egress bundling enabled: + + ```sh + export KO_DOCKER_REPO=localhost:5001 + + ./hack/install-ate-kind.sh --bundle-agentgateway-egress=enable --deploy-ate-system --router=agentgateway + ./hack/install-ate-kind.sh --bundle-agentgateway-egress=enable --deploy-demo-counter + ``` + +2. Install the `kubectl ate` plugin: + + ```sh + go install ./cmd/kubectl-ate + ``` + + If `kubectl ate` is still unavailable, make sure your Go bin directory is in + `PATH`, for example `export PATH="$(go env GOPATH)/bin:$PATH"`. + +The `--bundle-agentgateway-egress=enable` flag configures `ko` for this setup +run so `github.com/agent-substrate/substrate/cmd/ateom-gvisor` uses +`cr.agentgateway.dev/agentgateway:latest-dev` as its base image. Normal +installs without this flag continue to use the default `ko` image settings. + +Bundling selects agentgateway as the local egress gateway implementation by +making the `agentgateway` binary available in the `ateom-gvisor` image. +Per-actor enforcement is driven by `ActorTemplate.spec.egressPolicy`: when a +workload has an egress policy that requires local gateway handling, +`ateom-gvisor` starts and configures the bundled egress gateway for that +workload. + +The egress policy should describe traffic policy, not the proxy implementation. +For Helm-based installs, the default egress gateway implementation should be a +chart/install setting rather than an `ActorTemplate` field. + +To test a different agentgateway image while keeping the same setup path, pass +an explicit image: + +```sh +./hack/install-ate-kind.sh \ + --bundle-agentgateway-egress=enable \ + --agentgateway-egress-image=cr.agentgateway.dev/agentgateway: \ + --deploy-ate-system +``` + +## Smoke Test + +If you changed the demo counter locally, rerun +`./hack/install-ate-kind.sh --bundle-agentgateway-egress=enable +--deploy-demo-counter` before creating the actor so the WorkerPool image still +contains `agentgateway` and the actor snapshot uses the updated counter image. +Use a fresh actor name after changing the template, because existing actors keep +using their previous snapshot. + +Reapply the egress policy after every `--deploy-demo-counter` run. The demo +install reapplies the `ActorTemplate`, which clears local patches. + +Configure the demo `ActorTemplate` with an egress policy that allows +`example.com`, then denies other HTTP/HTTPS egress. DNS is allowed by default +for name resolution. + +```sh +export KO_DOCKER_REPO=localhost:5001 + +./hack/run-tool.sh ko apply -f - </tmp/example-mitm-openssl.cnf <<'EOF' +[req] +distinguished_name = dn +prompt = no +x509_extensions = v3_ca + +[dn] +CN = example-egress-ca + +[v3_ca] +basicConstraints = critical,CA:TRUE +keyUsage = critical,keyCertSign,cRLSign +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +EOF + +openssl req -x509 -newkey rsa:2048 -nodes \ + -keyout /tmp/example-mitm.key \ + -out /tmp/example-mitm.crt \ + -days 7 \ + -config /tmp/example-mitm-openssl.cnf + +kubectl -n ate-demo-counter create secret tls example-mitm \ + --cert=/tmp/example-mitm.crt \ + --key=/tmp/example-mitm.key \ + --dry-run=client -o yaml | kubectl apply -f - + +kubectl -n ate-demo-counter create role ateom-egress-secret-reader \ + --verb=get \ + --resource=secrets \ + --resource-name=example-mitm \ + --dry-run=client -o yaml | kubectl apply -f - + +kubectl -n ate-demo-counter create rolebinding ateom-egress-secret-reader \ + --role=ateom-egress-secret-reader \ + --serviceaccount=ate-demo-counter:default \ + --dry-run=client -o yaml | kubectl apply -f - + +kubectl -n ate-demo-counter create rolebinding ate-api-egress-secret-reader \ + --role=ateom-egress-secret-reader \ + --serviceaccount=ate-system:ate-api-server \ + --dry-run=client -o yaml | kubectl apply -f - +``` + +The worker pod service account needs this secret for `issuerSecretRef`. +`ate-api-server` also needs it in this example because it resolves the counter +container's `EGRESS_CA_CERT_PEM` `secretKeyRef` before resuming the actor. + +Apply the `ActorTemplate` with an intercept rule and pass the CA certificate +into the counter actor: + +```sh +export KO_DOCKER_REPO=localhost:5001 + +./hack/run-tool.sh ko apply -f - </dev/null || true fi # 2. Create kind configuration with containerdConfigPatches and feature gates -echo "Creating kind configuration for cluster '${KIND_CLUSTER_NAME}'..." +echo "Creating kind configuration for cluster '${KIND_CLUSTER_NAME}' (KIND_ENABLE_PODCERT=${KIND_ENABLE_PODCERT})..." cat < "${ROOT}/bin/kind-config.yaml" kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 nodes: - role: control-plane +EOF + +if [ "${KIND_ENABLE_PODCERT}" = "true" ]; then +cat <> "${ROOT}/bin/kind-config.yaml" # cmd/podcertcontroller depends on ClusterTrustBundle & PodCertificateRequest. # They are not enabled by default as of Kubernetes v1.36 # https://github.com/kubernetes/kubernetes/blob/master/test/compatibility_lifecycle/reference/versioned_feature_list.yaml @@ -59,6 +69,7 @@ featureGates: runtimeConfig: "certificates.k8s.io/v1beta1": "true" EOF +fi echo "Deleting existing kind cluster '${KIND_CLUSTER_NAME}' if it exists..." "${ROOT}"/hack/kind.sh delete cluster --name "${KIND_CLUSTER_NAME}" || true diff --git a/hack/gen-rbac.sh b/hack/gen-rbac.sh new file mode 100755 index 000000000..b8f9d9647 --- /dev/null +++ b/hack/gen-rbac.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash + +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Generate the controller ClusterRole into the Helm chart and templatize its +# name so multi-release installs do not collide on a cluster-scoped resource. +# +# controller-gen emits a YAML file with a fixed `roleName=` value. We post- +# process that file to swap the static name for the chart's fullname helper, +# matching the convention used by every other resource in charts/substrate/. +# +# Invoked via `go generate ./internal/controllers/...`. +set -o errexit -o nounset -o pipefail + +ROOT="$(cd "$(dirname "$0")/.." && pwd)" +OUT="${ROOT}/charts/substrate/templates/role.yaml" + +bash "${ROOT}/hack/run-tool.sh" controller-gen \ + "rbac:headerFile=${ROOT}/hack/boilerplate/sh.txt,roleName=ate-controller" \ + paths="${ROOT}/internal/controllers/..." \ + "output:rbac:artifacts:config=${ROOT}/charts/substrate/templates/" + +# Templatize the ClusterRole name. controller-gen emits ` name: ate-controller` +# at column 0; the substitution is exact-match to stay robust. +sed -i 's|^ name: ate-controller$| name: {{ include "substrate.fullname" (list "ate-controller" .) }}|' "${OUT}" diff --git a/hack/install-ate-kind-jwt.sh b/hack/install-ate-kind-jwt.sh new file mode 100755 index 000000000..a733aaf69 --- /dev/null +++ b/hack/install-ate-kind-jwt.sh @@ -0,0 +1,144 @@ +#!/usr/bin/env bash + +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Install Agent Substrate on a kind cluster in JWT auth mode. +# +# Unlike the mTLS install path (hack/install-ate-kind.sh), this works on a +# stock Kubernetes cluster — no ClusterTrustBundle / PodCertificateRequest +# feature gates required. Suitable for a kind cluster created with +# KIND_ENABLE_PODCERT=false hack/create-kind-cluster.sh. +# +# Steps: +# 1. Render the chart with auth.mode=jwt + kind-specific values, resolve +# ko:// image refs against a local registry, and apply. +# 2. Apply the kind-only OTel collector from manifests/ate-install/kind/. +set -o errexit -o nounset -o pipefail + +ROOT="$(cd "$(dirname "$0")/.." && pwd)" +NS="${NS:-ate-system}" +KIND_CLUSTER_NAME="${KIND_CLUSTER_NAME:-kind}" +KUBECTL_CONTEXT="${KUBECTL_CONTEXT:-}" +KO_DOCKER_REPO="${KO_DOCKER_REPO:-localhost:5001}" +KO_DEFAULTPLATFORMS="${KO_DEFAULTPLATFORMS:-linux/$(go env GOARCH)}" +reg_name="kind-registry" +reg_port="5001" + +export KO_DOCKER_REPO KO_DEFAULTPLATFORMS + +run_kubectl() { + kubectl ${KUBECTL_CONTEXT:+--context=${KUBECTL_CONTEXT}} "$@" +} + +run_helm() { + helm ${KUBECTL_CONTEXT:+--kube-context=${KUBECTL_CONTEXT}} "$@" +} + +log_step() { + echo -e "\033[1;36m[step]:\033[0m $1" +} + +ensure_namespace() { + log_step "ensure_namespace ${NS}" + run_kubectl create namespace "${NS}" --dry-run=client -o yaml | run_kubectl apply -f - +} + +ensure_kind_local_registry() { + log_step "ensure_kind_local_registry" + + if [ "$(docker inspect -f '{{.State.Running}}' "${reg_name}" 2>/dev/null || true)" == "true" ]; then + if ! docker port "${reg_name}" | grep -q "${reg_port}"; then + echo "Registry exists but is not mapped to port ${reg_port}. Recreating..." + docker rm -f "${reg_name}" + fi + fi + + if [ "$(docker inspect -f '{{.State.Running}}' "${reg_name}" 2>/dev/null || true)" != "true" ]; then + docker run \ + -d --restart=always \ + --label created-by=agent-substrate \ + -p "127.0.0.1:${reg_port}:5000" \ + -p "[::1]:${reg_port}:5000" \ + --network bridge --name "${reg_name}" \ + registry:3 + fi + + if [ "$(docker inspect -f='{{json .NetworkSettings.Networks.kind}}' "${reg_name}")" = "null" ]; then + docker network connect "kind" "${reg_name}" + fi + + local registry_dir="/etc/containerd/certs.d/localhost:${reg_port}" + local node + for node in $("${ROOT}"/hack/kind.sh get nodes --name "${KIND_CLUSTER_NAME}"); do + docker exec "${node}" mkdir -p "${registry_dir}" + cat <') + + # ko resolve replaces ko:// refs with built+pushed image refs. + echo "${rendered}" | bash "${ROOT}/hack/run-tool.sh" ko resolve -f - \ + | run_kubectl apply -f - +} + +apply_crds() { + log_step "apply_crds" + run_helm upgrade --install substrate-crds "${ROOT}/charts/substrate-crds" +} + +apply_kind_extras() { + log_step "apply_kind_extras (otel-collector)" + run_kubectl apply -f "${ROOT}/manifests/ate-install/kind/otel-collector.yaml" +} + +wait_rollouts() { + log_step "wait_rollouts" + run_kubectl -n "${NS}" rollout status deployment/ate-api-server-deployment --timeout=180s + run_kubectl -n "${NS}" rollout status deployment/ate-controller --timeout=180s + run_kubectl -n "${NS}" rollout status deployment/atenet-router --timeout=180s + run_kubectl -n "${NS}" rollout status daemonset/atelet --timeout=180s + run_kubectl -n "${NS}" rollout status statefulset/valkey-cluster --timeout=180s +} + +ensure_namespace +ensure_kind_local_registry +apply_crds +apply_chart +apply_kind_extras +wait_rollouts + +echo "Substrate (JWT mode) installed in namespace ${NS}." diff --git a/hack/install-ate.sh b/hack/install-ate.sh index 6c7f46056..062e93f2f 100755 --- a/hack/install-ate.sh +++ b/hack/install-ate.sh @@ -38,6 +38,20 @@ fi # ATE_DEMOS is an array that registers the prefix name of the demo functions. ATE_DEMOS=() +ATE_INSTALL_ATENET_ROUTER="${ATE_INSTALL_ATENET_ROUTER:-agentgateway}" +ATE_INSTALL_BUNDLE_AGENTGATEWAY_EGRESS="${ATE_INSTALL_BUNDLE_AGENTGATEWAY_EGRESS:-false}" +ATE_INSTALL_AGENTGATEWAY_EGRESS_IMAGE="${ATE_INSTALL_AGENTGATEWAY_EGRESS_IMAGE:-cr.agentgateway.dev/agentgateway:latest-dev}" +ATEOM_GVISOR_IMPORTPATH="github.com/agent-substrate/substrate/cmd/ateom-gvisor" +ATE_INSTALL_KO_CONFIG_PATH="" +ATE_INSTALL_KO_CONFIG_DIR="" + +cleanup_install_ko_config() { + if [[ -n "${ATE_INSTALL_KO_CONFIG_DIR}" ]]; then + rm -rf "${ATE_INSTALL_KO_CONFIG_DIR}" + fi +} +trap cleanup_install_ko_config EXIT + # Include demos. source "${ROOT}"/hack/install-demo-counter.sh source "${ROOT}"/hack/install-demo-sandbox.sh @@ -61,6 +75,9 @@ function usage() { echo "Overall infrastructure (all infrastructure components):" echo "" echo " --deploy-ate-system Deploy core system (CRDs, atelet, apiserver)" + echo " --router=agentgateway Select atenet-router implementation (default: agentgateway)" + echo " --bundle-agentgateway-egress=enable Build ateom-gvisor with agentgateway as the base image" + echo " --agentgateway-egress-image=IMAGE AgentGateway image for --bundle-agentgateway-egress" echo " --delete-ate-system Delete core system" echo " --delete-all Delete core system and all registered demos" echo "" @@ -116,6 +133,114 @@ run_ko() { esac } +set_atenet_router() { + case "$1" in + agentgateway) + ATE_INSTALL_ATENET_ROUTER="$1" + ;; + *) + echo "unsupported atenet router mode: $1 (only agentgateway is supported)" >&2 + exit 1 + ;; + esac +} + +set_bundle_agentgateway_egress() { + case "$1" in + enable) + ATE_INSTALL_BUNDLE_AGENTGATEWAY_EGRESS="true" + ;; + *) + echo "unsupported agentgateway egress bundle mode: $1 (only enable is supported)" >&2 + exit 1 + ;; + esac +} + +configure_ko_for_agentgateway_egress() { + if [[ "${ATE_INSTALL_BUNDLE_AGENTGATEWAY_EGRESS}" != "true" ]]; then + return + fi + + local ko_config_path="${KO_CONFIG_PATH:-${ROOT}/.ko.yaml}" + local temp_config="" + ATE_INSTALL_KO_CONFIG_DIR=$(mktemp -d "${TMPDIR:-/tmp}/ko-agentgateway-egress.XXXXXX") + temp_config="${ATE_INSTALL_KO_CONFIG_DIR}/.ko.yaml" + ATE_INSTALL_KO_CONFIG_PATH="${temp_config}" + + awk \ + -v key="${ATEOM_GVISOR_IMPORTPATH}" \ + -v value="${ATE_INSTALL_AGENTGATEWAY_EGRESS_IMAGE}" ' + BEGIN { + inserted = 0 + in_overrides = 0 + } + in_overrides && $0 !~ /^ / && $0 !~ /^$/ { + print " " key ": " value + inserted = 1 + in_overrides = 0 + } + { + if (in_overrides && $1 == key ":") { + print " " key ": " value + inserted = 1 + next + } + print + if ($0 == "baseImageOverrides:") { + in_overrides = 1 + } + } + END { + if (in_overrides && !inserted) { + print " " key ": " value + } else if (!in_overrides && !inserted) { + print "" + print "baseImageOverrides:" + print " " key ": " value + } + } + ' "${ko_config_path}" >"${temp_config}" + + export KO_CONFIG_PATH="${temp_config}" +} + +atenet_router_manifest() { + case "${ATE_INSTALL_ATENET_ROUTER}" in + agentgateway) + echo "manifests/ate-install/atenet-router.yaml" + ;; + *) + echo "unsupported atenet router mode: ${ATE_INSTALL_ATENET_ROUTER} (only agentgateway is supported)" >&2 + exit 1 + ;; + esac +} + +ate_install_kustomize_base_dir() { + case "${ATE_INSTALL_ATENET_ROUTER}" in + agentgateway) + echo "manifests/ate-install/base" + ;; + *) + echo "unsupported atenet router mode: ${ATE_INSTALL_ATENET_ROUTER} (only agentgateway is supported)" >&2 + exit 1 + ;; + esac +} + +ate_install_kustomize_dir() { + case "${ATE_INSTALL_ATENET_ROUTER}" in + agentgateway) + echo "manifests/ate-install/kind" + ;; + *) + echo "unsupported atenet router mode: ${ATE_INSTALL_ATENET_ROUTER} (only agentgateway is supported)" >&2 + exit 1 + ;; + esac +} + create_valkey_ca_certs_secret() { log_step "create_valkey_ca_certs_secret" local ca_certs="" @@ -212,6 +337,7 @@ ensure_crds() { deploy_crds() { log_step "deploy_crds" run_ko apply -f manifests/ate-install/generated + run_kubectl apply -f manifests/ate-install/role.yaml } deploy_ate_system() { @@ -219,7 +345,7 @@ deploy_ate_system() { ensure_crds # Ensure namespace exists - run_kubectl apply -f manifests/ate-install/ate-system-namespace.yaml \ + run_kubectl apply -f manifests/ate-install/namespace.yaml \ && run_kubectl wait --for=jsonpath='{.status.phase}'=Active namespace/ate-system --timeout=60s ensure_apiserver_prerequisites @@ -240,10 +366,10 @@ deploy_ate_system() { local manifests="" if [[ "${ATE_INSTALL_KIND:-false}" == "true" ]]; then # Build everything resolved with Kustomize for Kind - manifests=$(kubectl kustomize manifests/ate-install/kind --load-restrictor LoadRestrictionsNone | run_ko resolve -f -) + manifests=$(kubectl kustomize "$(ate_install_kustomize_dir)" --load-restrictor LoadRestrictionsNone | run_ko resolve -f -) else # Build everything resolved with base manifests for GKE - manifests=$(run_ko resolve -f manifests/ate-install) + manifests=$(kubectl kustomize "$(ate_install_kustomize_base_dir)" --load-restrictor LoadRestrictionsNone | run_ko resolve -f -) fi echo "${manifests}" | run_kubectl apply -f - @@ -276,7 +402,7 @@ deploy_ate_apiserver() { ensure_crds # Ensure namespace exists - run_kubectl apply -f manifests/ate-install/ate-system-namespace.yaml \ + run_kubectl apply -f manifests/ate-install/namespace.yaml \ && run_kubectl wait --for=jsonpath='{.status.phase}'=Active namespace/ate-system --timeout=60s ensure_apiserver_prerequisites @@ -290,7 +416,7 @@ deploy_atelet() { ensure_crds # Ensure namespace exists - run_kubectl apply -f manifests/ate-install/ate-system-namespace.yaml \ + run_kubectl apply -f manifests/ate-install/namespace.yaml \ && run_kubectl wait --for=jsonpath='{.status.phase}'=Active namespace/ate-system --timeout=60s local manifest="" @@ -310,10 +436,10 @@ deploy_atenet() { ensure_crds # Ensure namespace exists - run_kubectl apply -f manifests/ate-install/ate-system-namespace.yaml \ + run_kubectl apply -f manifests/ate-install/namespace.yaml \ && run_kubectl wait --for=jsonpath='{.status.phase}'=Active namespace/ate-system --timeout=60s - run_ko apply -f manifests/ate-install/atenet-router.yaml + run_ko apply -f "$(atenet_router_manifest)" run_ko apply -f manifests/ate-install/atenet-dns.yaml run_kubectl rollout status deployment/atenet-router -n ate-system --timeout=120s run_kubectl rollout status deployment/atenet-dns -n ate-system --timeout=120s @@ -332,7 +458,7 @@ delete_ate_system() { delete_atenet() { log_step "delete_atenet" - run_kubectl delete --ignore-not-found -f manifests/ate-install/atenet-router.yaml + run_kubectl delete --ignore-not-found -f "$(atenet_router_manifest)" } delete_all() { @@ -351,15 +477,37 @@ if [ "$#" -eq 0 ]; then fi # If -h or --help appears anywhere in the command line, print the usage and exit. -for arg in "$@"; do +preparse_args=("$@") +while [[ "${#preparse_args[@]}" -gt 0 ]]; do + arg="${preparse_args[0]}" case "$arg" in -h|--help) usage exit 0 ;; + --router=*) + set_atenet_router "${arg#--router=}" + ;; + --bundle-agentgateway-egress) + if [[ "${#preparse_args[@]}" -lt 2 ]]; then + echo "Error: --bundle-agentgateway-egress requires a value (enable)" >&2 + exit 1 + fi + set_bundle_agentgateway_egress "${preparse_args[1]}" + preparse_args=("${preparse_args[@]:1}") + ;; + --bundle-agentgateway-egress=*) + set_bundle_agentgateway_egress "${arg#--bundle-agentgateway-egress=}" + ;; + --agentgateway-egress-image=*) + ATE_INSTALL_AGENTGATEWAY_EGRESS_IMAGE="${arg#--agentgateway-egress-image=}" + ;; esac + preparse_args=("${preparse_args[@]:1}") done +configure_ko_for_agentgateway_egress + while [[ "$#" -gt 0 ]]; do # Run ${demo}_cmdline if it exists. If it returns 0, then we successfully # handled this argument and can continue. Otherwise, fallthrough to check @@ -375,6 +523,17 @@ while [[ "$#" -gt 0 ]]; do case $1 in --deploy-ate-system) deploy_ate_system ;; + --router=*) ;; + --bundle-agentgateway-egress) + if [[ "$#" -lt 2 ]]; then + echo "Error: --bundle-agentgateway-egress requires a value (enable)" >&2 + exit 1 + fi + set_bundle_agentgateway_egress "$2" + shift + ;; + --bundle-agentgateway-egress=*) ;; + --agentgateway-egress-image=*) ;; --delete-ate-system) delete_ate_system ;; --delete-all) delete_all ;; diff --git a/hack/render-manifests.sh b/hack/render-manifests.sh new file mode 100755 index 000000000..bbe50befb --- /dev/null +++ b/hack/render-manifests.sh @@ -0,0 +1,120 @@ +#!/usr/bin/env bash + +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Render the substrate Helm chart into manifests/ate-install/ (mTLS-mode +# install) — the canonical kubectl-apply install path. The chart at +# charts/substrate/ is the single source of truth; this script only renders. +# +# Usage: +# hack/render-manifests.sh # write into manifests/ate-install/ +# hack/render-manifests.sh --check # fail if rendered output differs +# +set -o errexit -o nounset -o pipefail + +ROOT="$(cd "$(dirname "$0")/.." && pwd)" +OUT_DIR="${ROOT}/manifests/ate-install" +CHART_DIR="${ROOT}/charts/substrate" +CHECK_MODE="false" + +if [ "${1:-}" = "--check" ]; then + CHECK_MODE="true" +fi + +if ! command -v helm >/dev/null 2>&1; then + echo "helm not found in PATH" >&2 + exit 1 +fi + +TMP_DIR="$(mktemp -d)" +trap 'rm -rf "$TMP_DIR"' EXIT + +helm template substrate "${CHART_DIR}" \ + --namespace ate-system \ + --set auth.mode=mtls \ + --set createNamespace=true \ + --set image.registry=ko://github.com/agent-substrate/substrate/cmd \ + --set image.tag="" \ + > "${TMP_DIR}/all.yaml" + +# Split into per-source files so the directory structure mirrors the chart +# templates, making diffs friendlier. +python3 - "${TMP_DIR}/all.yaml" "${TMP_DIR}/out" <<'PY' +import os, re, sys, yaml +in_path, out_dir = sys.argv[1], sys.argv[2] +os.makedirs(out_dir, exist_ok=True) + +with open(in_path) as f: + raw = f.read() + +# Helm prepends a "# Source: /templates/" comment to each doc. +docs_by_source = {} +for doc in raw.split('\n---\n'): + m = re.search(r'#\s*Source:\s*\S+/templates/(\S+)', doc) + src = m.group(1) if m else "misc.yaml" + # Drop the leading "# Source:" line from the written file. + cleaned = re.sub(r'^\s*#\s*Source:.*\n', '', doc, count=1, flags=re.MULTILINE) + if not cleaned.strip(): + continue + docs_by_source.setdefault(src, []).append(cleaned.strip()) + +for src, docs in docs_by_source.items(): + header = ( + "# Copyright 2026 Google LLC\n" + "#\n" + "# Licensed under the Apache License, Version 2.0 (the \"License\");\n" + "# you may not use this file except in compliance with the License.\n" + "# You may obtain a copy of the License at\n" + "#\n" + "# http://www.apache.org/licenses/LICENSE-2.0\n" + "#\n" + "# Unless required by applicable law or agreed to in writing, software\n" + "# distributed under the License is distributed on an \"AS IS\" BASIS,\n" + "# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n" + "# See the License for the specific language governing permissions and\n" + "# limitations under the License.\n" + "\n" + "# DO NOT EDIT — generated from charts/substrate by hack/render-manifests.sh.\n" + "# Run `make helm-template` to regenerate.\n" + "\n" + ) + with open(os.path.join(out_dir, src), "w") as out: + out.write(header) + out.write("\n---\n".join(docs)) + out.write("\n") +PY + +if [ "${CHECK_MODE}" = "true" ]; then + # Only compare top-level files; subdirs like generated/ and kind/ are not + # produced by the chart and live alongside it intentionally. + CHECK_TMP="$(mktemp -d)" + trap 'rm -rf "$TMP_DIR" "$CHECK_TMP"' EXIT + mkdir -p "${CHECK_TMP}/current" + find "${OUT_DIR}" -maxdepth 1 -type f -name '*.yaml' -exec cp {} "${CHECK_TMP}/current/" \; + if ! diff -ruN "${CHECK_TMP}/current" "${TMP_DIR}/out" >/dev/null 2>&1; then + echo "manifests/ate-install/ is out of date. Run: make helm-template" >&2 + diff -ruN "${CHECK_TMP}/current" "${TMP_DIR}/out" | head -60 >&2 || true + exit 1 + fi + echo "manifests/ate-install/ matches chart output." + exit 0 +fi + +# Replace contents (preserve kind/ and generated/ subdirs which are not chart output). +mkdir -p "${OUT_DIR}" +find "${OUT_DIR}" -maxdepth 1 -type f -name '*.yaml' -delete +cp "${TMP_DIR}/out/"*.yaml "${OUT_DIR}/" +rendered_count="$(find "${OUT_DIR}" -maxdepth 1 -type f -name '*.yaml' | wc -l | xargs)" +echo "Rendered ${rendered_count} manifest files into ${OUT_DIR}" diff --git a/hack/values-kind-jwt.yaml b/hack/values-kind-jwt.yaml new file mode 100644 index 000000000..bbe2e387a --- /dev/null +++ b/hack/values-kind-jwt.yaml @@ -0,0 +1,41 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Helm values for installing substrate on a kind cluster in JWT mode. +# Used by hack/install-ate-kind-jwt.sh — does NOT require the off-by-default +# certificate feature gates that the mTLS install path needs. + +auth: + mode: jwt + jwt: + # Kind's default API server issuer. + issuer: https://kubernetes.default.svc.cluster.local + audience: api.ate-system.svc + serverCertSecret: ateapi-tls + caBundleConfigMap: ateapi-ca + +createNamespace: false + +# In-cluster OTel collector deployed alongside via manifests/ate-install/kind/otel-collector.yaml +otel: + endpoint: http://opentelemetry-collector.otel-system.svc:4317 + +monitoring: + gkePodMonitoring: + enabled: false + +atelet: + gcpAuthForImagePulls: false + extraArgs: + - --localhost-registry-replacement=kind-registry:5000 diff --git a/hack/verify/crd-chart.sh b/hack/verify/crd-chart.sh new file mode 100755 index 000000000..0837a8473 --- /dev/null +++ b/hack/verify/crd-chart.sh @@ -0,0 +1,47 @@ +#!/usr/bin/env bash + +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -o errexit -o nounset -o pipefail + +ROOT="$(git rev-parse --show-toplevel)" +cd "${ROOT}" + +GENERATED_DIR="manifests/ate-install/generated" +CHART_TEMPLATES_DIR="charts/substrate-crds/templates" + +TMP_DIR="$(mktemp -d)" +trap 'rm -rf "${TMP_DIR}"' EXIT + +mkdir -p "${TMP_DIR}/generated" "${TMP_DIR}/chart" +cp "${GENERATED_DIR}/"*.yaml "${TMP_DIR}/generated/" +cp "${CHART_TEMPLATES_DIR}/"*.yaml "${TMP_DIR}/chart/" + +# The generated CRDs start with a leading document separator after the +# boilerplate header. In chart templates that separator renders as a +# comment-only YAML document, so the chart copies intentionally omit it. +for file in "${TMP_DIR}/generated/"*.yaml; do + awk 'BEGIN { removed = 0 } /^---$/ && removed == 0 { removed = 1; next } { print }' "${file}" > "${file}.tmp" + mv "${file}.tmp" "${file}" +done + +if ! diff -ruN "${TMP_DIR}/generated" "${TMP_DIR}/chart" >/dev/null 2>&1; then + echo "charts/substrate-crds/templates is out of sync with ${GENERATED_DIR}" >&2 + echo "Copy updated CRDs into charts/substrate-crds/templates." >&2 + diff -ruN "${TMP_DIR}/generated" "${TMP_DIR}/chart" | head -80 >&2 || true + exit 1 +fi + +echo "charts/substrate-crds/templates matches generated CRDs." diff --git a/internal/ateapiauth/client.go b/internal/ateapiauth/client.go new file mode 100644 index 000000000..db00807f7 --- /dev/null +++ b/internal/ateapiauth/client.go @@ -0,0 +1,110 @@ +// Copyright 2026 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package ateapiauth + +import ( + "context" + "crypto/tls" + "crypto/x509" + "fmt" + "os" + "strings" + + "google.golang.org/grpc" + "google.golang.org/grpc/credentials" +) + +// ClientConfig configures how to dial the ateapi gRPC server. +// +// - Mode=ModeMTLS: insecure TLS dial (InsecureSkipVerify=true). Client +// identity is expected to come from mTLS credentials projected into +// the pod (servicedns.podcert.ate.dev). No app-level credentials. +// - Mode=ModeJWT: validates the server cert against CAFile, sends a Bearer +// token from TokenFile as per-RPC credentials. +type ClientConfig struct { + Mode Mode + + // CAFile is a PEM file containing CA certs that sign the server cert. + // Required for ModeJWT. Ignored for ModeMTLS. + CAFile string + + // ServerName overrides SNI / hostname verification. Optional. + ServerName string + + // TokenFile is a path to a Kubernetes projected ServiceAccount token used + // as a Bearer credential. Required for ModeJWT. + TokenFile string +} + +// DialOptions returns the grpc.DialOption set described by cfg, suitable to +// pass to grpc.NewClient. +func DialOptions(cfg ClientConfig) ([]grpc.DialOption, error) { + switch cfg.Mode { + case "", ModeMTLS: + tlsCfg := &tls.Config{InsecureSkipVerify: true} //nolint:gosec // explicit opt-in + return []grpc.DialOption{ + grpc.WithTransportCredentials(credentials.NewTLS(tlsCfg)), + }, nil + + case ModeJWT: + if cfg.CAFile == "" { + return nil, fmt.Errorf("ateapiauth: jwt mode requires CAFile") + } + if cfg.TokenFile == "" { + return nil, fmt.Errorf("ateapiauth: jwt mode requires TokenFile") + } + caPEM, err := os.ReadFile(cfg.CAFile) + if err != nil { + return nil, fmt.Errorf("ateapiauth: reading CA file: %w", err) + } + pool := x509.NewCertPool() + if !pool.AppendCertsFromPEM(caPEM) { + return nil, fmt.Errorf("ateapiauth: no certificates found in CA file %q", cfg.CAFile) + } + tlsCfg := &tls.Config{ + MinVersion: tls.VersionTLS12, + RootCAs: pool, + ServerName: cfg.ServerName, + } + return []grpc.DialOption{ + grpc.WithTransportCredentials(credentials.NewTLS(tlsCfg)), + grpc.WithPerRPCCredentials(&fileTokenCreds{path: cfg.TokenFile}), + }, nil + + default: + return nil, fmt.Errorf("ateapiauth: unknown client mode %q", cfg.Mode) + } +} + +// fileTokenCreds reads a Kubernetes projected SA token from disk for every +// RPC. Kubernetes refreshes the file in place; reading it each time picks up +// rotations. +type fileTokenCreds struct { + path string +} + +func (c *fileTokenCreds) GetRequestMetadata(_ context.Context, _ ...string) (map[string]string, error) { + b, err := os.ReadFile(c.path) + if err != nil { + return nil, fmt.Errorf("ateapiauth: reading token file %q: %w", c.path, err) + } + tok := strings.TrimSpace(string(b)) + if tok == "" { + return nil, fmt.Errorf("ateapiauth: token file %q is empty", c.path) + } + return map[string]string{"authorization": "Bearer " + tok}, nil +} + +func (c *fileTokenCreds) RequireTransportSecurity() bool { return true } diff --git a/internal/ateapiauth/server.go b/internal/ateapiauth/server.go new file mode 100644 index 000000000..e924b0c79 --- /dev/null +++ b/internal/ateapiauth/server.go @@ -0,0 +1,158 @@ +// Copyright 2026 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package ateapiauth adds optional Kubernetes ServiceAccount JWT +// authentication on top of the ateapi gRPC server, and a matching client +// dial helper. It does not replace the existing TLS / mTLS path — the +// server's transport credentials still apply unchanged. Set Mode=ModeJWT +// on the server to require an `authorization: Bearer ` header +// on every RPC; Mode=ModeMTLS (the default) leaves identity to the +// transport-layer mTLS credentials. +package ateapiauth + +import ( + "context" + "fmt" + "net/http" + "strings" + "time" + + "github.com/agent-substrate/substrate/internal/k8sjwt" + "google.golang.org/grpc" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/metadata" + "google.golang.org/grpc/status" +) + +// Mode selects whether the JWT interceptor enforces a Bearer token. +type Mode string + +const ( + ModeMTLS Mode = "mtls" + ModeJWT Mode = "jwt" +) + +// ParseMode parses a flag value into a Mode, defaulting to ModeMTLS on empty. +// ModeMTLS means identity is established by the transport-layer mTLS +// credentials; the interceptor performs no app-level checks. ModeJWT +// additionally requires a Kubernetes SA Bearer token on every RPC. +func ParseMode(s string) (Mode, error) { + switch Mode(s) { + case "", ModeMTLS: + return ModeMTLS, nil + case ModeJWT: + return ModeJWT, nil + default: + return "", fmt.Errorf("unknown auth mode %q (want mtls|jwt)", s) + } +} + +// ServerConfig configures the server-side JWT interceptor. +type ServerConfig struct { + Mode Mode + Issuer string // OIDC issuer URL for JWT verification + Audience string // expected audience claim for JWT verification + + // HTTPClient is used for OIDC discovery and JWKS fetches. Nil uses http.DefaultClient. + // Set this to a client that trusts the cluster CA when verifying tokens issued by + // the in-cluster Kubernetes API server (https://kubernetes.default.svc.cluster.local). + HTTPClient *http.Client + + // Now returns the current time; nil uses time.Now. Exposed for tests. + Now func() time.Time +} + +type ctxKey struct{} + +// ClaimsFromContext returns the verified Kubernetes JWT claims that the +// interceptor attached to ctx, if any. +func ClaimsFromContext(ctx context.Context) (*k8sjwt.KubernetesClaims, bool) { + c, ok := ctx.Value(ctxKey{}).(*k8sjwt.KubernetesClaims) + return c, ok +} + +func contextWithClaims(ctx context.Context, c *k8sjwt.KubernetesClaims) context.Context { + return context.WithValue(ctx, ctxKey{}, c) +} + +// UnaryServerInterceptor returns a gRPC unary interceptor enforcing cfg. +func UnaryServerInterceptor(cfg ServerConfig) grpc.UnaryServerInterceptor { + return func(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) { + newCtx, err := authenticate(ctx, cfg) + if err != nil { + return nil, err + } + return handler(newCtx, req) + } +} + +// StreamServerInterceptor returns a gRPC stream interceptor enforcing cfg. +func StreamServerInterceptor(cfg ServerConfig) grpc.StreamServerInterceptor { + return func(srv any, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error { + newCtx, err := authenticate(ss.Context(), cfg) + if err != nil { + return err + } + return handler(srv, &wrappedStream{ServerStream: ss, ctx: newCtx}) + } +} + +type wrappedStream struct { + grpc.ServerStream + ctx context.Context +} + +func (w *wrappedStream) Context() context.Context { return w.ctx } + +func authenticate(ctx context.Context, cfg ServerConfig) (context.Context, error) { + if cfg.Mode == "" || cfg.Mode == ModeMTLS { + return ctx, nil + } + + now := time.Now + if cfg.Now != nil { + now = cfg.Now + } + + bearer, ok := bearerToken(ctx) + if !ok { + return nil, status.Error(codes.Unauthenticated, "missing bearer token") + } + claims, err := k8sjwt.Verify(ctx, cfg.HTTPClient, bearer, cfg.Issuer, cfg.Audience, now()) + if err != nil { + return nil, status.Errorf(codes.Unauthenticated, "invalid bearer token: %v", err) + } + return contextWithClaims(ctx, claims), nil +} + +func bearerToken(ctx context.Context) (string, bool) { + md, ok := metadata.FromIncomingContext(ctx) + if !ok { + return "", false + } + vals := md.Get("authorization") + if len(vals) == 0 { + return "", false + } + const prefix = "Bearer " + v := vals[0] + if !strings.HasPrefix(v, prefix) { + return "", false + } + tok := strings.TrimSpace(strings.TrimPrefix(v, prefix)) + if tok == "" { + return "", false + } + return tok, true +} diff --git a/internal/ateapiauth/server_test.go b/internal/ateapiauth/server_test.go new file mode 100644 index 000000000..a2dda17aa --- /dev/null +++ b/internal/ateapiauth/server_test.go @@ -0,0 +1,103 @@ +// Copyright 2026 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package ateapiauth + +import ( + "context" + "testing" + + "google.golang.org/grpc" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/metadata" + "google.golang.org/grpc/status" +) + +func TestParseMode(t *testing.T) { + cases := []struct { + in string + want Mode + wantErr bool + }{ + {"", ModeMTLS, false}, + {"mtls", ModeMTLS, false}, + {"jwt", ModeJWT, false}, + {"none", "", true}, + {"bogus", "", true}, + } + for _, tc := range cases { + got, err := ParseMode(tc.in) + if (err != nil) != tc.wantErr { + t.Errorf("ParseMode(%q) err=%v wantErr=%v", tc.in, err, tc.wantErr) + } + if !tc.wantErr && got != tc.want { + t.Errorf("ParseMode(%q)=%v want %v", tc.in, got, tc.want) + } + } +} + +func TestAuthenticate_MTLS_AllowsAnonymous(t *testing.T) { + _, err := authenticate(context.Background(), ServerConfig{Mode: ModeMTLS}) + if err != nil { + t.Fatalf("ModeMTLS should not error: %v", err) + } +} + +func TestAuthenticate_JWT_RequiresBearer(t *testing.T) { + cfg := ServerConfig{Mode: ModeJWT, Issuer: "https://example", Audience: "ateapi"} + + // Missing header -> Unauthenticated. + _, err := authenticate(context.Background(), cfg) + if code := status.Code(err); code != codes.Unauthenticated { + t.Fatalf("missing bearer: want Unauthenticated, got %v (err=%v)", code, err) + } + + // Garbage bearer -> Unauthenticated (k8sjwt.Verify will fail). + ctx := metadata.NewIncomingContext(context.Background(), metadata.Pairs("authorization", "Bearer not-a-jwt")) + _, err = authenticate(ctx, cfg) + if code := status.Code(err); code != codes.Unauthenticated { + t.Fatalf("bad bearer: want Unauthenticated, got %v (err=%v)", code, err) + } +} + +func TestBearerToken(t *testing.T) { + cases := []struct { + name string + hdr string + want string + found bool + }{ + {"missing", "", "", false}, + {"no prefix", "abc", "", false}, + {"prefix", "Bearer abc", "abc", true}, + {"prefix with spaces", "Bearer abc ", "abc", true}, + {"empty after prefix", "Bearer ", "", false}, + } + for _, tc := range cases { + t.Run(tc.name, func(t *testing.T) { + ctx := context.Background() + if tc.hdr != "" { + ctx = metadata.NewIncomingContext(ctx, metadata.Pairs("authorization", tc.hdr)) + } + got, ok := bearerToken(ctx) + if ok != tc.found || got != tc.want { + t.Errorf("bearerToken=(%q,%v) want (%q,%v)", got, ok, tc.want, tc.found) + } + }) + } +} + +// Build-time check. +var _ grpc.UnaryServerInterceptor = UnaryServerInterceptor(ServerConfig{}) +var _ grpc.StreamServerInterceptor = StreamServerInterceptor(ServerConfig{}) diff --git a/internal/ateclient/builder.go b/internal/ateclient/builder.go index 81ca867ec..430d8906a 100644 --- a/internal/ateclient/builder.go +++ b/internal/ateclient/builder.go @@ -21,6 +21,7 @@ import ( "io" "net/http" "os" + "strings" "sync" "github.com/agent-substrate/substrate/pkg/proto/ateapipb" @@ -33,6 +34,7 @@ import ( "google.golang.org/grpc" "google.golang.org/grpc/credentials" + authv1 "k8s.io/api/authentication/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/client-go/kubernetes" @@ -209,6 +211,12 @@ func dialPortForward(ctx context.Context, kubeconfigPath, k8sContext string, tra var opts []grpc.DialOption opts = append(opts, grpc.WithTransportCredentials(transportCreds)) opts = append(opts, grpc.WithStatsHandler(otelgrpc.NewClientHandler())) + jwtOpts, err := jwtDialOptions(ctx, clientset) + if err != nil { + close(stopCh) + return nil, err + } + opts = append(opts, jwtOpts...) if traceEnabled { opts = append(opts, grpc.WithUnaryInterceptor(newTraceInterceptor())) @@ -230,6 +238,62 @@ func dialPortForward(ctx context.Context, kubeconfigPath, k8sContext string, tra }, nil } +func jwtDialOptions(ctx context.Context, clientset *kubernetes.Clientset) ([]grpc.DialOption, error) { + jwtMode, err := isJWTMode(ctx, clientset) + if err != nil { + return nil, err + } + if !jwtMode { + return nil, nil + } + + expirationSeconds := int64(3600) + tokenRequest := &authv1.TokenRequest{ + Spec: authv1.TokenRequestSpec{ + Audiences: []string{"api.ate-system.svc"}, + ExpirationSeconds: &expirationSeconds, + }, + } + token, err := clientset.CoreV1().ServiceAccounts("ate-system").CreateToken(ctx, "ate-controller", tokenRequest, metav1.CreateOptions{}) + if err != nil { + return nil, fmt.Errorf("failed to request ateapi bearer token: %w", err) + } + if token.Status.Token == "" { + return nil, fmt.Errorf("failed to request ateapi bearer token: token response was empty") + } + return []grpc.DialOption{grpc.WithPerRPCCredentials(bearerTokenCreds(token.Status.Token))}, nil +} + +func isJWTMode(ctx context.Context, clientset *kubernetes.Clientset) (bool, error) { + deployment, err := clientset.AppsV1().Deployments("ate-system").Get(ctx, "ate-api-server-deployment", metav1.GetOptions{}) + if err != nil { + return false, fmt.Errorf("failed to get ate-api-server deployment: %w", err) + } + for _, container := range deployment.Spec.Template.Spec.Containers { + if container.Name != "ate-api-server" { + continue + } + for _, arg := range container.Args { + if arg == "--auth-mode=jwt" || strings.HasPrefix(arg, "--auth-mode=jwt ") { + return true, nil + } + } + return false, nil + } + return false, fmt.Errorf("failed to find ate-api-server container in deployment") +} + +type bearerTokenCreds string + +func (c bearerTokenCreds) GetRequestMetadata(_ context.Context, _ ...string) (map[string]string, error) { + if c == "" { + return nil, fmt.Errorf("bearer token is empty") + } + return map[string]string{"authorization": "Bearer " + string(c)}, nil +} + +func (c bearerTokenCreds) RequireTransportSecurity() bool { return true } + func initTracing(ctx context.Context, enabled bool) (*sdktrace.TracerProvider, error) { res, err := resource.New(ctx, resource.WithAttributes( diff --git a/internal/ateompath/ateompath.go b/internal/ateompath/ateompath.go index 304d53f5f..00ed0c710 100644 --- a/internal/ateompath/ateompath.go +++ b/internal/ateompath/ateompath.go @@ -42,6 +42,21 @@ func AteomPath(podUID string) string { ) } +func EgressAgentgatewayDir(podUID string) string { + return filepath.Join( + AteomPath(podUID), + "egress-agentgateway", + ) +} + +func EgressAgentgatewayConfigPath(podUID string) string { + return filepath.Join(EgressAgentgatewayDir(podUID), "config.yaml") +} + +func EgressAgentgatewayTLSDir(podUID string) string { + return filepath.Join(EgressAgentgatewayDir(podUID), "tls") +} + func AteomSocketPath(podUID string) string { return filepath.Join( AteomPath(podUID), diff --git a/internal/controllers/gen.go b/internal/controllers/gen.go index df7df00a8..7ac77eff7 100644 --- a/internal/controllers/gen.go +++ b/internal/controllers/gen.go @@ -14,4 +14,4 @@ package controllers -//go:generate bash ../../hack/run-tool.sh controller-gen rbac:headerFile=../../hack/boilerplate/sh.txt,roleName=ate-controller paths="./..." output:rbac:artifacts:config=../../manifests/ate-install/generated/ +//go:generate bash ../../hack/gen-rbac.sh diff --git a/internal/credbundle/credbundle.go b/internal/credbundle/credbundle.go index 58d86df76..281840adc 100644 --- a/internal/credbundle/credbundle.go +++ b/internal/credbundle/credbundle.go @@ -20,6 +20,7 @@ package credbundle import ( + "crypto" "crypto/tls" "crypto/x509" "encoding/pem" @@ -47,6 +48,7 @@ func Parse(bundlePath string) (*tls.Certificate, error) { } var leafKeyBytes []byte + var leafKeyBlockType string var chainBytes [][]byte for { @@ -59,8 +61,9 @@ func Parse(bundlePath string) (*tls.Certificate, error) { switch block.Type { case "CERTIFICATE": chainBytes = append(chainBytes, block.Bytes) - case "PRIVATE KEY": + case "PRIVATE KEY", "RSA PRIVATE KEY", "EC PRIVATE KEY": leafKeyBytes = block.Bytes + leafKeyBlockType = block.Type default: return nil, fmt.Errorf("unknown PEM block type %q", block.Type) } @@ -74,7 +77,7 @@ func Parse(bundlePath string) (*tls.Certificate, error) { return nil, fmt.Errorf("no CERTIFICATE blocks found") } - leafKey, err := x509.ParsePKCS8PrivateKey(leafKeyBytes) + leafKey, err := parsePrivateKey(leafKeyBlockType, leafKeyBytes) if err != nil { return nil, fmt.Errorf("while parsing private key: %w", err) } @@ -90,3 +93,16 @@ func Parse(bundlePath string) (*tls.Certificate, error) { PrivateKey: leafKey, }, nil } + +func parsePrivateKey(blockType string, keyBytes []byte) (crypto.PrivateKey, error) { + switch blockType { + case "PRIVATE KEY": + return x509.ParsePKCS8PrivateKey(keyBytes) + case "RSA PRIVATE KEY": + return x509.ParsePKCS1PrivateKey(keyBytes) + case "EC PRIVATE KEY": + return x509.ParseECPrivateKey(keyBytes) + default: + return nil, fmt.Errorf("unsupported private key block type %q", blockType) + } +} diff --git a/internal/credbundle/credbundle_test.go b/internal/credbundle/credbundle_test.go new file mode 100644 index 000000000..14d6ff4b1 --- /dev/null +++ b/internal/credbundle/credbundle_test.go @@ -0,0 +1,127 @@ +// Copyright 2026 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package credbundle + +import ( + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "math/big" + "os" + "testing" + "time" +) + +func TestParsePrivateKeyBlockTypes(t *testing.T) { + for _, tt := range []struct { + name string + blockType string + keyDER func(t *testing.T) []byte + }{ + { + name: "pkcs8", + blockType: "PRIVATE KEY", + keyDER: func(t *testing.T) []byte { + key := generateRSAKey(t) + der, err := x509.MarshalPKCS8PrivateKey(key) + if err != nil { + t.Fatalf("marshal PKCS8 key: %v", err) + } + return der + }, + }, + { + name: "rsa", + blockType: "RSA PRIVATE KEY", + keyDER: func(t *testing.T) []byte { + return x509.MarshalPKCS1PrivateKey(generateRSAKey(t)) + }, + }, + { + name: "ec", + blockType: "EC PRIVATE KEY", + keyDER: func(t *testing.T) []byte { + key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + t.Fatalf("generate EC key: %v", err) + } + der, err := x509.MarshalECPrivateKey(key) + if err != nil { + t.Fatalf("marshal EC key: %v", err) + } + return der + }, + }, + } { + t.Run(tt.name, func(t *testing.T) { + certDER := generateCertificate(t) + bundle := append(pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certDER}), pem.EncodeToMemory(&pem.Block{Type: tt.blockType, Bytes: tt.keyDER(t)})...) + + bundlePath := writeBundle(t, bundle) + cert, err := Parse(bundlePath) + if err != nil { + t.Fatalf("Parse() error = %v", err) + } + if len(cert.Certificate) != 1 { + t.Fatalf("Parse() certificate chain length = %d, want 1", len(cert.Certificate)) + } + if cert.PrivateKey == nil { + t.Fatalf("Parse() private key is nil") + } + if cert.Leaf == nil { + t.Fatalf("Parse() leaf certificate is nil") + } + }) + } +} + +func generateRSAKey(t *testing.T) *rsa.PrivateKey { + t.Helper() + key, err := rsa.GenerateKey(rand.Reader, 2048) + if err != nil { + t.Fatalf("generate RSA key: %v", err) + } + return key +} + +func generateCertificate(t *testing.T) []byte { + t.Helper() + template := &x509.Certificate{ + SerialNumber: big.NewInt(1), + Subject: pkix.Name{CommonName: "api.ate-system.svc"}, + NotBefore: time.Now().Add(-time.Hour), + NotAfter: time.Now().Add(time.Hour), + DNSNames: []string{"api.ate-system.svc"}, + } + key := generateRSAKey(t) + der, err := x509.CreateCertificate(rand.Reader, template, template, &key.PublicKey, key) + if err != nil { + t.Fatalf("create certificate: %v", err) + } + return der +} + +func writeBundle(t *testing.T, bundle []byte) string { + t.Helper() + path := t.TempDir() + "/bundle.pem" + if err := os.WriteFile(path, bundle, 0o600); err != nil { + t.Fatalf("write bundle: %v", err) + } + return path +} diff --git a/internal/k8sjwt/k8sjwt.go b/internal/k8sjwt/k8sjwt.go index e4403d0df..5b343ec4a 100644 --- a/internal/k8sjwt/k8sjwt.go +++ b/internal/k8sjwt/k8sjwt.go @@ -119,7 +119,9 @@ var permittedSkew = 5 * time.Minute // the object binding claims. If needed for your use case, you will need check the object bindings // by connecting to the cluster and seeing if the object(s) the bindings name still exist within the // cluster. -func Verify(ctx context.Context, jwt string, expectedIssuer, expectedAudience string, now time.Time) (*KubernetesClaims, error) { +// +// httpClient is used for OIDC discovery and JWKS fetches; nil uses http.DefaultClient. +func Verify(ctx context.Context, httpClient *http.Client, jwt string, expectedIssuer, expectedAudience string, now time.Time) (*KubernetesClaims, error) { segments := strings.Split(jwt, ".") if len(segments) != 3 { return nil, fmt.Errorf("malformed JWT") @@ -169,7 +171,7 @@ func Verify(ctx context.Context, jwt string, expectedIssuer, expectedAudience st } // TODO: Cache keys, and only fetch new keys if the JWT's key ID is not in the cache. - keys, err := discoverKeysForIssuer(ctx, rawClaims.Issuer) + keys, err := discoverKeysForIssuer(ctx, httpClient, rawClaims.Issuer) if err != nil { return nil, fmt.Errorf("while discovering keys from issuer: %w", err) } @@ -358,7 +360,7 @@ type jwkT struct { RSAE string `json:"e"` } -func discoverKeysForIssuer(ctx context.Context, issuer string) ([]*KeyAndID, error) { +func discoverKeysForIssuer(ctx context.Context, httpClient *http.Client, issuer string) ([]*KeyAndID, error) { var discoveryDocURL string if strings.HasSuffix(issuer, "/") { discoveryDocURL = issuer + ".well-known/openid-configuration" @@ -366,14 +368,14 @@ func discoverKeysForIssuer(ctx context.Context, issuer string) ([]*KeyAndID, err discoveryDocURL = issuer + "/.well-known/openid-configuration" } - oidcConfig, err := fetchJSON[oidcConfigT](discoveryDocURL) + oidcConfig, err := fetchJSON[oidcConfigT](httpClient, discoveryDocURL) if err != nil { return nil, fmt.Errorf("while fetching OIDC Discovery document: %w", err) } slog.InfoContext(ctx, "Fetched discovery doc", slog.Any("doc", oidcConfig)) - jwkSet, err := fetchJSON[jwkSetT](oidcConfig.JWKSURI) + jwkSet, err := fetchJSON[jwkSetT](httpClient, oidcConfig.JWKSURI) if err != nil { return nil, fmt.Errorf("while fetching JWKS: %w", err) } @@ -424,10 +426,12 @@ func discoverKeysForIssuer(ctx context.Context, issuer string) ([]*KeyAndID, err return ret, nil } -func fetchJSON[T any](url string) (T, error) { +func fetchJSON[T any](httpClient *http.Client, url string) (T, error) { var parsedBody T - - resp, err := http.Get(url) + if httpClient == nil { + httpClient = http.DefaultClient + } + resp, err := httpClient.Get(url) if err != nil { return parsedBody, fmt.Errorf("while making HTTP request: %w", err) } diff --git a/internal/localca/localca.go b/internal/localca/localca.go index eb8370905..3078435ed 100644 --- a/internal/localca/localca.go +++ b/internal/localca/localca.go @@ -22,6 +22,7 @@ import ( "crypto/rand" "crypto/x509" "encoding/json" + "encoding/pem" "fmt" "time" ) @@ -43,7 +44,9 @@ type serializedPool struct { type serializedCA struct { ID string SigningKeyPKCS8 []byte + SigningKeyPEM string RootCertificateDER []byte + RootCertificatePEM string IntermediateCertificatesDER [][]byte } @@ -92,12 +95,12 @@ func Unmarshal(wireBytes []byte) (*Pool, error) { ID: wireCA.ID, } - ca.SigningKey, err = x509.ParsePKCS8PrivateKey(wireCA.SigningKeyPKCS8) + ca.SigningKey, err = parsePrivateKey(wireCA.SigningKeyPKCS8, wireCA.SigningKeyPEM) if err != nil { return nil, fmt.Errorf("while parsing signing key: %w", err) } - ca.RootCertificate, err = x509.ParseCertificate(wireCA.RootCertificateDER) + ca.RootCertificate, err = parseCertificate(wireCA.RootCertificateDER, wireCA.RootCertificatePEM) if err != nil { return nil, fmt.Errorf("while parsing root certificate: %w", err) } @@ -116,6 +119,43 @@ func Unmarshal(wireBytes []byte) (*Pool, error) { return pool, nil } +func parsePrivateKey(pkcs8 []byte, pemData string) (crypto.PrivateKey, error) { + if len(pkcs8) != 0 { + return x509.ParsePKCS8PrivateKey(pkcs8) + } + + block, _ := pem.Decode([]byte(pemData)) + if block == nil { + return nil, fmt.Errorf("missing PEM block") + } + + if key, err := x509.ParsePKCS8PrivateKey(block.Bytes); err == nil { + return key, nil + } + if key, err := x509.ParseECPrivateKey(block.Bytes); err == nil { + return key, nil + } + if key, err := x509.ParsePKCS1PrivateKey(block.Bytes); err == nil { + return key, nil + } + return nil, fmt.Errorf("unsupported private key PEM type %q", block.Type) +} + +func parseCertificate(der []byte, pemData string) (*x509.Certificate, error) { + if len(der) != 0 { + return x509.ParseCertificate(der) + } + + block, _ := pem.Decode([]byte(pemData)) + if block == nil { + return nil, fmt.Errorf("missing PEM block") + } + if block.Type != "CERTIFICATE" { + return nil, fmt.Errorf("unsupported certificate PEM type %q", block.Type) + } + return x509.ParseCertificate(block.Bytes) +} + func GenerateED25519CA(id string) (*CA, error) { rootPubKey, rootPrivKey, err := ed25519.GenerateKey(rand.Reader) if err != nil { diff --git a/internal/localca/localca_test.go b/internal/localca/localca_test.go index 9b5d6247f..c470a4d48 100644 --- a/internal/localca/localca_test.go +++ b/internal/localca/localca_test.go @@ -18,8 +18,12 @@ import ( "bytes" "crypto/ed25519" "crypto/rand" + "crypto/rsa" "crypto/x509" + "crypto/x509/pkix" "encoding/json" + "encoding/pem" + "math/big" "strings" "testing" "time" @@ -198,6 +202,53 @@ func TestMarshalUnmarshalWithIntermediates(t *testing.T) { } } +func TestUnmarshalPEMPool(t *testing.T) { + key, err := rsa.GenerateKey(rand.Reader, 2048) + if err != nil { + t.Fatalf("GenerateKey(): %v", err) + } + template := &x509.Certificate{ + SerialNumber: big.NewInt(1), + Subject: pkix.Name{CommonName: "session-id-ca"}, + NotBefore: time.Now(), + NotAfter: time.Now().Add(24 * time.Hour), + IsCA: true, + BasicConstraintsValid: true, + KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, + } + certDER, err := x509.CreateCertificate(rand.Reader, template, template, &key.PublicKey, key) + if err != nil { + t.Fatalf("CreateCertificate(): %v", err) + } + keyPEM := string(pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)})) + certPEM := string(pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certDER})) + + data, err := json.Marshal(&serializedPool{ + CAs: []*serializedCA{{ + ID: "1", + SigningKeyPEM: keyPEM, + RootCertificatePEM: certPEM, + }}, + }) + if err != nil { + t.Fatalf("Marshal(): %v", err) + } + + pool, err := Unmarshal(data) + if err != nil { + t.Fatalf("Unmarshal(): %v", err) + } + if len(pool.CAs) != 1 { + t.Fatalf("CAs length = %d, want 1", len(pool.CAs)) + } + if _, ok := pool.CAs[0].SigningKey.(*rsa.PrivateKey); !ok { + t.Fatalf("SigningKey type = %T, want *rsa.PrivateKey", pool.CAs[0].SigningKey) + } + if pool.CAs[0].RootCertificate.Subject.CommonName != "session-id-ca" { + t.Fatalf("RootCertificate CN = %q, want session-id-ca", pool.CAs[0].RootCertificate.Subject.CommonName) + } +} + func TestUnmarshalErrors(t *testing.T) { ca, err := GenerateED25519CA("err-test") if err != nil { diff --git a/internal/localjwtauthority/localjwtauthority.go b/internal/localjwtauthority/localjwtauthority.go index 62f647b55..97021fb2d 100644 --- a/internal/localjwtauthority/localjwtauthority.go +++ b/internal/localjwtauthority/localjwtauthority.go @@ -22,6 +22,7 @@ import ( "crypto/rand" "crypto/x509" "encoding/json" + "encoding/pem" "fmt" ) @@ -43,6 +44,7 @@ type serializedAuthority struct { ID string Algorithm string SigningKeyPKCS8 []byte + SigningKeyPEM string } // Marshal serializes a Pool to JSON. @@ -86,7 +88,7 @@ func Unmarshal(wireBytes []byte) (*Pool, error) { Algorithm: wireAuthority.Algorithm, } - signingKey, err := x509.ParsePKCS8PrivateKey(wireAuthority.SigningKeyPKCS8) + signingKey, err := parsePrivateKey(wireAuthority.SigningKeyPKCS8, wireAuthority.SigningKeyPEM) if err != nil { return nil, fmt.Errorf("while parsing signing key: %w", err) } @@ -98,6 +100,28 @@ func Unmarshal(wireBytes []byte) (*Pool, error) { return pool, nil } +func parsePrivateKey(pkcs8 []byte, pemData string) (crypto.PrivateKey, error) { + if len(pkcs8) != 0 { + return x509.ParsePKCS8PrivateKey(pkcs8) + } + + block, _ := pem.Decode([]byte(pemData)) + if block == nil { + return nil, fmt.Errorf("missing PEM block") + } + + if key, err := x509.ParsePKCS8PrivateKey(block.Bytes); err == nil { + return key, nil + } + if key, err := x509.ParseECPrivateKey(block.Bytes); err == nil { + return key, nil + } + if key, err := x509.ParsePKCS1PrivateKey(block.Bytes); err == nil { + return key, nil + } + return nil, fmt.Errorf("unsupported private key PEM type %q", block.Type) +} + // GenerateECDSAP256Authority generates an ECDSA P256 JWT signing key. func GenerateECDSAP256Authority(id string) (*Authority, error) { privKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) diff --git a/internal/localjwtauthority/localjwtauthority_test.go b/internal/localjwtauthority/localjwtauthority_test.go new file mode 100644 index 000000000..7f25a72ea --- /dev/null +++ b/internal/localjwtauthority/localjwtauthority_test.go @@ -0,0 +1,62 @@ +// Copyright 2026 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package localjwtauthority + +import ( + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/x509" + "encoding/json" + "encoding/pem" + "testing" +) + +func TestUnmarshalPEMSigningKey(t *testing.T) { + key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + t.Fatalf("GenerateKey(): %v", err) + } + keyDER, err := x509.MarshalECPrivateKey(key) + if err != nil { + t.Fatalf("MarshalECPrivateKey(): %v", err) + } + keyPEM := string(pem.EncodeToMemory(&pem.Block{Type: "EC PRIVATE KEY", Bytes: keyDER})) + + data, err := json.Marshal(&serializedPool{ + Authorities: []*serializedAuthority{{ + ID: "1", + Algorithm: "ES256", + SigningKeyPEM: keyPEM, + }}, + }) + if err != nil { + t.Fatalf("Marshal(): %v", err) + } + + pool, err := Unmarshal(data) + if err != nil { + t.Fatalf("Unmarshal(): %v", err) + } + if len(pool.Authorities) != 1 { + t.Fatalf("Authorities length = %d, want 1", len(pool.Authorities)) + } + if pool.Authorities[0].Algorithm != "ES256" { + t.Fatalf("Algorithm = %q, want ES256", pool.Authorities[0].Algorithm) + } + if _, ok := pool.Authorities[0].SigningKey.(*ecdsa.PrivateKey); !ok { + t.Fatalf("SigningKey type = %T, want *ecdsa.PrivateKey", pool.Authorities[0].SigningKey) + } +} diff --git a/internal/proto/ateletpb/atelet.pb.go b/internal/proto/ateletpb/atelet.pb.go index e3a55dd50..b15a66960 100644 --- a/internal/proto/ateletpb/atelet.pb.go +++ b/internal/proto/ateletpb/atelet.pb.go @@ -16,11 +16,12 @@ // versions: // protoc-gen-go v1.36.11-devel // protoc v4.25.3 -// source: atelet.proto +// source: internal/proto/ateletpb/atelet.proto package ateletpb import ( + egresspb "github.com/agent-substrate/substrate/internal/proto/egresspb" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" @@ -49,7 +50,7 @@ type RunRequest struct { func (x *RunRequest) Reset() { *x = RunRequest{} - mi := &file_atelet_proto_msgTypes[0] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[0] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -61,7 +62,7 @@ func (x *RunRequest) String() string { func (*RunRequest) ProtoMessage() {} func (x *RunRequest) ProtoReflect() protoreflect.Message { - mi := &file_atelet_proto_msgTypes[0] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[0] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -74,7 +75,7 @@ func (x *RunRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use RunRequest.ProtoReflect.Descriptor instead. func (*RunRequest) Descriptor() ([]byte, []int) { - return file_atelet_proto_rawDescGZIP(), []int{0} + return file_internal_proto_ateletpb_atelet_proto_rawDescGZIP(), []int{0} } func (x *RunRequest) GetTargetAteomUid() string { @@ -128,7 +129,7 @@ type GCPAuthenticationConfig struct { func (x *GCPAuthenticationConfig) Reset() { *x = GCPAuthenticationConfig{} - mi := &file_atelet_proto_msgTypes[1] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[1] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -140,7 +141,7 @@ func (x *GCPAuthenticationConfig) String() string { func (*GCPAuthenticationConfig) ProtoMessage() {} func (x *GCPAuthenticationConfig) ProtoReflect() protoreflect.Message { - mi := &file_atelet_proto_msgTypes[1] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[1] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -153,7 +154,7 @@ func (x *GCPAuthenticationConfig) ProtoReflect() protoreflect.Message { // Deprecated: Use GCPAuthenticationConfig.ProtoReflect.Descriptor instead. func (*GCPAuthenticationConfig) Descriptor() ([]byte, []int) { - return file_atelet_proto_rawDescGZIP(), []int{1} + return file_internal_proto_ateletpb_atelet_proto_rawDescGZIP(), []int{1} } func (x *GCPAuthenticationConfig) GetUse() bool { @@ -172,7 +173,7 @@ type AuthenticationConfig struct { func (x *AuthenticationConfig) Reset() { *x = AuthenticationConfig{} - mi := &file_atelet_proto_msgTypes[2] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -184,7 +185,7 @@ func (x *AuthenticationConfig) String() string { func (*AuthenticationConfig) ProtoMessage() {} func (x *AuthenticationConfig) ProtoReflect() protoreflect.Message { - mi := &file_atelet_proto_msgTypes[2] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[2] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -197,7 +198,7 @@ func (x *AuthenticationConfig) ProtoReflect() protoreflect.Message { // Deprecated: Use AuthenticationConfig.ProtoReflect.Descriptor instead. func (*AuthenticationConfig) Descriptor() ([]byte, []int) { - return file_atelet_proto_rawDescGZIP(), []int{2} + return file_internal_proto_ateletpb_atelet_proto_rawDescGZIP(), []int{2} } func (x *AuthenticationConfig) GetGcp() *GCPAuthenticationConfig { @@ -220,7 +221,7 @@ type RunscPlatformConfig struct { func (x *RunscPlatformConfig) Reset() { *x = RunscPlatformConfig{} - mi := &file_atelet_proto_msgTypes[3] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -232,7 +233,7 @@ func (x *RunscPlatformConfig) String() string { func (*RunscPlatformConfig) ProtoMessage() {} func (x *RunscPlatformConfig) ProtoReflect() protoreflect.Message { - mi := &file_atelet_proto_msgTypes[3] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[3] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -245,7 +246,7 @@ func (x *RunscPlatformConfig) ProtoReflect() protoreflect.Message { // Deprecated: Use RunscPlatformConfig.ProtoReflect.Descriptor instead. func (*RunscPlatformConfig) Descriptor() ([]byte, []int) { - return file_atelet_proto_rawDescGZIP(), []int{3} + return file_internal_proto_ateletpb_atelet_proto_rawDescGZIP(), []int{3} } func (x *RunscPlatformConfig) GetSha256Hash() string { @@ -274,7 +275,7 @@ type RunscConfig struct { func (x *RunscConfig) Reset() { *x = RunscConfig{} - mi := &file_atelet_proto_msgTypes[4] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -286,7 +287,7 @@ func (x *RunscConfig) String() string { func (*RunscConfig) ProtoMessage() {} func (x *RunscConfig) ProtoReflect() protoreflect.Message { - mi := &file_atelet_proto_msgTypes[4] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[4] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -299,7 +300,7 @@ func (x *RunscConfig) ProtoReflect() protoreflect.Message { // Deprecated: Use RunscConfig.ProtoReflect.Descriptor instead. func (*RunscConfig) Descriptor() ([]byte, []int) { - return file_atelet_proto_rawDescGZIP(), []int{4} + return file_internal_proto_ateletpb_atelet_proto_rawDescGZIP(), []int{4} } func (x *RunscConfig) GetAmd64() *RunscPlatformConfig { @@ -328,13 +329,14 @@ type WorkloadSpec struct { state protoimpl.MessageState `protogen:"open.v1"` Containers []*Container `protobuf:"bytes,1,rep,name=containers,proto3" json:"containers,omitempty"` PauseImage string `protobuf:"bytes,2,opt,name=pause_image,json=pauseImage,proto3" json:"pause_image,omitempty"` + EgressPolicy *egresspb.EgressPolicy `protobuf:"bytes,3,opt,name=egress_policy,json=egressPolicy,proto3" json:"egress_policy,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *WorkloadSpec) Reset() { *x = WorkloadSpec{} - mi := &file_atelet_proto_msgTypes[5] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -346,7 +348,7 @@ func (x *WorkloadSpec) String() string { func (*WorkloadSpec) ProtoMessage() {} func (x *WorkloadSpec) ProtoReflect() protoreflect.Message { - mi := &file_atelet_proto_msgTypes[5] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[5] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -359,7 +361,7 @@ func (x *WorkloadSpec) ProtoReflect() protoreflect.Message { // Deprecated: Use WorkloadSpec.ProtoReflect.Descriptor instead. func (*WorkloadSpec) Descriptor() ([]byte, []int) { - return file_atelet_proto_rawDescGZIP(), []int{5} + return file_internal_proto_ateletpb_atelet_proto_rawDescGZIP(), []int{5} } func (x *WorkloadSpec) GetContainers() []*Container { @@ -376,6 +378,13 @@ func (x *WorkloadSpec) GetPauseImage() string { return "" } +func (x *WorkloadSpec) GetEgressPolicy() *egresspb.EgressPolicy { + if x != nil { + return x.EgressPolicy + } + return nil +} + type Container struct { state protoimpl.MessageState `protogen:"open.v1"` Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` @@ -388,7 +397,7 @@ type Container struct { func (x *Container) Reset() { *x = Container{} - mi := &file_atelet_proto_msgTypes[6] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -400,7 +409,7 @@ func (x *Container) String() string { func (*Container) ProtoMessage() {} func (x *Container) ProtoReflect() protoreflect.Message { - mi := &file_atelet_proto_msgTypes[6] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[6] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -413,7 +422,7 @@ func (x *Container) ProtoReflect() protoreflect.Message { // Deprecated: Use Container.ProtoReflect.Descriptor instead. func (*Container) Descriptor() ([]byte, []int) { - return file_atelet_proto_rawDescGZIP(), []int{6} + return file_internal_proto_ateletpb_atelet_proto_rawDescGZIP(), []int{6} } func (x *Container) GetName() string { @@ -454,7 +463,7 @@ type EnvEntry struct { func (x *EnvEntry) Reset() { *x = EnvEntry{} - mi := &file_atelet_proto_msgTypes[7] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[7] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -466,7 +475,7 @@ func (x *EnvEntry) String() string { func (*EnvEntry) ProtoMessage() {} func (x *EnvEntry) ProtoReflect() protoreflect.Message { - mi := &file_atelet_proto_msgTypes[7] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[7] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -479,7 +488,7 @@ func (x *EnvEntry) ProtoReflect() protoreflect.Message { // Deprecated: Use EnvEntry.ProtoReflect.Descriptor instead. func (*EnvEntry) Descriptor() ([]byte, []int) { - return file_atelet_proto_rawDescGZIP(), []int{7} + return file_internal_proto_ateletpb_atelet_proto_rawDescGZIP(), []int{7} } func (x *EnvEntry) GetName() string { @@ -504,7 +513,7 @@ type RunResponse struct { func (x *RunResponse) Reset() { *x = RunResponse{} - mi := &file_atelet_proto_msgTypes[8] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[8] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -516,7 +525,7 @@ func (x *RunResponse) String() string { func (*RunResponse) ProtoMessage() {} func (x *RunResponse) ProtoReflect() protoreflect.Message { - mi := &file_atelet_proto_msgTypes[8] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[8] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -529,7 +538,7 @@ func (x *RunResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use RunResponse.ProtoReflect.Descriptor instead. func (*RunResponse) Descriptor() ([]byte, []int) { - return file_atelet_proto_rawDescGZIP(), []int{8} + return file_internal_proto_ateletpb_atelet_proto_rawDescGZIP(), []int{8} } type CheckpointRequest struct { @@ -557,7 +566,7 @@ type CheckpointRequest struct { func (x *CheckpointRequest) Reset() { *x = CheckpointRequest{} - mi := &file_atelet_proto_msgTypes[9] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[9] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -569,7 +578,7 @@ func (x *CheckpointRequest) String() string { func (*CheckpointRequest) ProtoMessage() {} func (x *CheckpointRequest) ProtoReflect() protoreflect.Message { - mi := &file_atelet_proto_msgTypes[9] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[9] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -582,7 +591,7 @@ func (x *CheckpointRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use CheckpointRequest.ProtoReflect.Descriptor instead. func (*CheckpointRequest) Descriptor() ([]byte, []int) { - return file_atelet_proto_rawDescGZIP(), []int{9} + return file_internal_proto_ateletpb_atelet_proto_rawDescGZIP(), []int{9} } func (x *CheckpointRequest) GetTargetAteomUid() string { @@ -642,7 +651,7 @@ type CheckpointResponse struct { func (x *CheckpointResponse) Reset() { *x = CheckpointResponse{} - mi := &file_atelet_proto_msgTypes[10] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[10] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -654,7 +663,7 @@ func (x *CheckpointResponse) String() string { func (*CheckpointResponse) ProtoMessage() {} func (x *CheckpointResponse) ProtoReflect() protoreflect.Message { - mi := &file_atelet_proto_msgTypes[10] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[10] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -667,7 +676,7 @@ func (x *CheckpointResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use CheckpointResponse.ProtoReflect.Descriptor instead. func (*CheckpointResponse) Descriptor() ([]byte, []int) { - return file_atelet_proto_rawDescGZIP(), []int{10} + return file_internal_proto_ateletpb_atelet_proto_rawDescGZIP(), []int{10} } type RestoreRequest struct { @@ -686,7 +695,7 @@ type RestoreRequest struct { func (x *RestoreRequest) Reset() { *x = RestoreRequest{} - mi := &file_atelet_proto_msgTypes[11] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[11] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -698,7 +707,7 @@ func (x *RestoreRequest) String() string { func (*RestoreRequest) ProtoMessage() {} func (x *RestoreRequest) ProtoReflect() protoreflect.Message { - mi := &file_atelet_proto_msgTypes[11] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[11] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -711,7 +720,7 @@ func (x *RestoreRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use RestoreRequest.ProtoReflect.Descriptor instead. func (*RestoreRequest) Descriptor() ([]byte, []int) { - return file_atelet_proto_rawDescGZIP(), []int{11} + return file_internal_proto_ateletpb_atelet_proto_rawDescGZIP(), []int{11} } func (x *RestoreRequest) GetTargetAteomUid() string { @@ -771,7 +780,7 @@ type RestoreResponse struct { func (x *RestoreResponse) Reset() { *x = RestoreResponse{} - mi := &file_atelet_proto_msgTypes[12] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[12] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -783,7 +792,7 @@ func (x *RestoreResponse) String() string { func (*RestoreResponse) ProtoMessage() {} func (x *RestoreResponse) ProtoReflect() protoreflect.Message { - mi := &file_atelet_proto_msgTypes[12] + mi := &file_internal_proto_ateletpb_atelet_proto_msgTypes[12] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -796,14 +805,14 @@ func (x *RestoreResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use RestoreResponse.ProtoReflect.Descriptor instead. func (*RestoreResponse) Descriptor() ([]byte, []int) { - return file_atelet_proto_rawDescGZIP(), []int{12} + return file_internal_proto_ateletpb_atelet_proto_rawDescGZIP(), []int{12} } -var File_atelet_proto protoreflect.FileDescriptor +var File_internal_proto_ateletpb_atelet_proto protoreflect.FileDescriptor -const file_atelet_proto_rawDesc = "" + +const file_internal_proto_ateletpb_atelet_proto_rawDesc = "" + "\n" + - "\fatelet.proto\x12\x06atelet\"\x90\x02\n" + + "$internal/proto/ateletpb/atelet.proto\x12\x06atelet\x1a$internal/proto/egresspb/egress.proto\"\x90\x02\n" + "\n" + "RunRequest\x12(\n" + "\x10target_ateom_uid\x18\x01 \x01(\tR\x0etargetAteomUid\x128\n" + @@ -823,13 +832,14 @@ const file_atelet_proto_rawDesc = "" + "\vRunscConfig\x121\n" + "\x05amd64\x18\x01 \x01(\v2\x1b.atelet.RunscPlatformConfigR\x05amd64\x121\n" + "\x05arm64\x18\x02 \x01(\v2\x1b.atelet.RunscPlatformConfigR\x05arm64\x12D\n" + - "\x0eauthentication\x18\x03 \x01(\v2\x1c.atelet.AuthenticationConfigR\x0eauthentication\"b\n" + + "\x0eauthentication\x18\x03 \x01(\v2\x1c.atelet.AuthenticationConfigR\x0eauthentication\"\x9d\x01\n" + "\fWorkloadSpec\x121\n" + "\n" + "containers\x18\x01 \x03(\v2\x11.atelet.ContainerR\n" + "containers\x12\x1f\n" + "\vpause_image\x18\x02 \x01(\tR\n" + - "pauseImage\"s\n" + + "pauseImage\x129\n" + + "\regress_policy\x18\x03 \x01(\v2\x14.egress.EgressPolicyR\fegressPolicy\"s\n" + "\tContainer\x12\x12\n" + "\x04name\x18\x01 \x01(\tR\x04name\x12\x14\n" + "\x05image\x18\x02 \x01(\tR\x05image\x12\x18\n" + @@ -864,19 +874,19 @@ const file_atelet_proto_rawDesc = "" + "\aRestore\x12\x16.atelet.RestoreRequest\x1a\x17.atelet.RestoreResponse\"\x00B>Z atelet.RunscConfig 5, // 1: atelet.RunRequest.spec:type_name -> atelet.WorkloadSpec 1, // 2: atelet.AuthenticationConfig.gcp:type_name -> atelet.GCPAuthenticationConfig @@ -899,44 +910,45 @@ var file_atelet_proto_depIdxs = []int32{ 3, // 4: atelet.RunscConfig.arm64:type_name -> atelet.RunscPlatformConfig 2, // 5: atelet.RunscConfig.authentication:type_name -> atelet.AuthenticationConfig 6, // 6: atelet.WorkloadSpec.containers:type_name -> atelet.Container - 7, // 7: atelet.Container.env:type_name -> atelet.EnvEntry - 4, // 8: atelet.CheckpointRequest.runsc:type_name -> atelet.RunscConfig - 5, // 9: atelet.CheckpointRequest.spec:type_name -> atelet.WorkloadSpec - 4, // 10: atelet.RestoreRequest.runsc:type_name -> atelet.RunscConfig - 5, // 11: atelet.RestoreRequest.spec:type_name -> atelet.WorkloadSpec - 0, // 12: atelet.AteomHerder.Run:input_type -> atelet.RunRequest - 9, // 13: atelet.AteomHerder.Checkpoint:input_type -> atelet.CheckpointRequest - 11, // 14: atelet.AteomHerder.Restore:input_type -> atelet.RestoreRequest - 8, // 15: atelet.AteomHerder.Run:output_type -> atelet.RunResponse - 10, // 16: atelet.AteomHerder.Checkpoint:output_type -> atelet.CheckpointResponse - 12, // 17: atelet.AteomHerder.Restore:output_type -> atelet.RestoreResponse - 15, // [15:18] is the sub-list for method output_type - 12, // [12:15] is the sub-list for method input_type - 12, // [12:12] is the sub-list for extension type_name - 12, // [12:12] is the sub-list for extension extendee - 0, // [0:12] is the sub-list for field type_name -} - -func init() { file_atelet_proto_init() } -func file_atelet_proto_init() { - if File_atelet_proto != nil { + 13, // 7: atelet.WorkloadSpec.egress_policy:type_name -> egress.EgressPolicy + 7, // 8: atelet.Container.env:type_name -> atelet.EnvEntry + 4, // 9: atelet.CheckpointRequest.runsc:type_name -> atelet.RunscConfig + 5, // 10: atelet.CheckpointRequest.spec:type_name -> atelet.WorkloadSpec + 4, // 11: atelet.RestoreRequest.runsc:type_name -> atelet.RunscConfig + 5, // 12: atelet.RestoreRequest.spec:type_name -> atelet.WorkloadSpec + 0, // 13: atelet.AteomHerder.Run:input_type -> atelet.RunRequest + 9, // 14: atelet.AteomHerder.Checkpoint:input_type -> atelet.CheckpointRequest + 11, // 15: atelet.AteomHerder.Restore:input_type -> atelet.RestoreRequest + 8, // 16: atelet.AteomHerder.Run:output_type -> atelet.RunResponse + 10, // 17: atelet.AteomHerder.Checkpoint:output_type -> atelet.CheckpointResponse + 12, // 18: atelet.AteomHerder.Restore:output_type -> atelet.RestoreResponse + 16, // [16:19] is the sub-list for method output_type + 13, // [13:16] is the sub-list for method input_type + 13, // [13:13] is the sub-list for extension type_name + 13, // [13:13] is the sub-list for extension extendee + 0, // [0:13] is the sub-list for field type_name +} + +func init() { file_internal_proto_ateletpb_atelet_proto_init() } +func file_internal_proto_ateletpb_atelet_proto_init() { + if File_internal_proto_ateletpb_atelet_proto != nil { return } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: unsafe.Slice(unsafe.StringData(file_atelet_proto_rawDesc), len(file_atelet_proto_rawDesc)), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_internal_proto_ateletpb_atelet_proto_rawDesc), len(file_internal_proto_ateletpb_atelet_proto_rawDesc)), NumEnums: 0, NumMessages: 13, NumExtensions: 0, NumServices: 1, }, - GoTypes: file_atelet_proto_goTypes, - DependencyIndexes: file_atelet_proto_depIdxs, - MessageInfos: file_atelet_proto_msgTypes, + GoTypes: file_internal_proto_ateletpb_atelet_proto_goTypes, + DependencyIndexes: file_internal_proto_ateletpb_atelet_proto_depIdxs, + MessageInfos: file_internal_proto_ateletpb_atelet_proto_msgTypes, }.Build() - File_atelet_proto = out.File - file_atelet_proto_goTypes = nil - file_atelet_proto_depIdxs = nil + File_internal_proto_ateletpb_atelet_proto = out.File + file_internal_proto_ateletpb_atelet_proto_goTypes = nil + file_internal_proto_ateletpb_atelet_proto_depIdxs = nil } diff --git a/internal/proto/ateletpb/atelet.proto b/internal/proto/ateletpb/atelet.proto index 792cffc98..ea12733f7 100644 --- a/internal/proto/ateletpb/atelet.proto +++ b/internal/proto/ateletpb/atelet.proto @@ -16,6 +16,8 @@ syntax = "proto3"; package atelet; +import "internal/proto/egresspb/egress.proto"; + option go_package = "github.com/agent-substrate/substrate/internal/proto/ateletpb"; service AteomHerder { @@ -71,8 +73,9 @@ message RunscConfig { // WorkloadSpec parallels Pod, but with far fewer configurable fields. message WorkloadSpec { - repeated Container containers = 1; - string pause_image = 2; + repeated Container containers = 1; + string pause_image = 2; + egress.EgressPolicy egress_policy = 3; } message Container { diff --git a/internal/proto/ateletpb/atelet_grpc.pb.go b/internal/proto/ateletpb/atelet_grpc.pb.go index 4f05a878d..145777a2e 100644 --- a/internal/proto/ateletpb/atelet_grpc.pb.go +++ b/internal/proto/ateletpb/atelet_grpc.pb.go @@ -16,7 +16,7 @@ // versions: // - protoc-gen-go-grpc v1.6.1 // - protoc v4.25.3 -// source: atelet.proto +// source: internal/proto/ateletpb/atelet.proto package ateletpb @@ -219,5 +219,5 @@ var AteomHerder_ServiceDesc = grpc.ServiceDesc{ }, }, Streams: []grpc.StreamDesc{}, - Metadata: "atelet.proto", + Metadata: "internal/proto/ateletpb/atelet.proto", } diff --git a/internal/proto/ateletpb/gen.go b/internal/proto/ateletpb/gen.go index b73c10dac..27e63c502 100644 --- a/internal/proto/ateletpb/gen.go +++ b/internal/proto/ateletpb/gen.go @@ -14,4 +14,4 @@ package ateletpb -//go:generate bash -c "../../../hack/protoc.sh --plugin=protoc-gen-go=$(bash ../../../hack/run-tool.sh --print-bin-path protoc-gen-go) --plugin=protoc-gen-go-grpc=$(bash ../../../hack/run-tool.sh --print-bin-path protoc-gen-go-grpc) --go_out=paths=source_relative:. --go-grpc_out=paths=source_relative:. atelet.proto" +//go:generate bash -c "../../../hack/protoc.sh -I ../../.. --plugin=protoc-gen-go=$(bash ../../../hack/run-tool.sh --print-bin-path protoc-gen-go) --plugin=protoc-gen-go-grpc=$(bash ../../../hack/run-tool.sh --print-bin-path protoc-gen-go-grpc) --go_out=paths=source_relative:../../.. --go-grpc_out=paths=source_relative:../../.. internal/proto/ateletpb/atelet.proto" diff --git a/internal/proto/ateompb/ateom.pb.go b/internal/proto/ateompb/ateom.pb.go index 9114a309b..5cbad12a8 100644 --- a/internal/proto/ateompb/ateom.pb.go +++ b/internal/proto/ateompb/ateom.pb.go @@ -16,11 +16,12 @@ // versions: // protoc-gen-go v1.36.11-devel // protoc v4.25.3 -// source: ateom.proto +// source: internal/proto/ateompb/ateom.proto package ateompb import ( + egresspb "github.com/agent-substrate/substrate/internal/proto/egresspb" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" @@ -48,7 +49,7 @@ type RunWorkloadRequest struct { func (x *RunWorkloadRequest) Reset() { *x = RunWorkloadRequest{} - mi := &file_ateom_proto_msgTypes[0] + mi := &file_internal_proto_ateompb_ateom_proto_msgTypes[0] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -60,7 +61,7 @@ func (x *RunWorkloadRequest) String() string { func (*RunWorkloadRequest) ProtoMessage() {} func (x *RunWorkloadRequest) ProtoReflect() protoreflect.Message { - mi := &file_ateom_proto_msgTypes[0] + mi := &file_internal_proto_ateompb_ateom_proto_msgTypes[0] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -73,7 +74,7 @@ func (x *RunWorkloadRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use RunWorkloadRequest.ProtoReflect.Descriptor instead. func (*RunWorkloadRequest) Descriptor() ([]byte, []int) { - return file_ateom_proto_rawDescGZIP(), []int{0} + return file_internal_proto_ateompb_ateom_proto_rawDescGZIP(), []int{0} } func (x *RunWorkloadRequest) GetActorTemplateNamespace() string { @@ -115,13 +116,14 @@ func (x *RunWorkloadRequest) GetSpec() *WorkloadSpec { type WorkloadSpec struct { state protoimpl.MessageState `protogen:"open.v1"` Containers []*Container `protobuf:"bytes,1,rep,name=containers,proto3" json:"containers,omitempty"` + EgressPolicy *egresspb.EgressPolicy `protobuf:"bytes,2,opt,name=egress_policy,json=egressPolicy,proto3" json:"egress_policy,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *WorkloadSpec) Reset() { *x = WorkloadSpec{} - mi := &file_ateom_proto_msgTypes[1] + mi := &file_internal_proto_ateompb_ateom_proto_msgTypes[1] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -133,7 +135,7 @@ func (x *WorkloadSpec) String() string { func (*WorkloadSpec) ProtoMessage() {} func (x *WorkloadSpec) ProtoReflect() protoreflect.Message { - mi := &file_ateom_proto_msgTypes[1] + mi := &file_internal_proto_ateompb_ateom_proto_msgTypes[1] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -146,7 +148,7 @@ func (x *WorkloadSpec) ProtoReflect() protoreflect.Message { // Deprecated: Use WorkloadSpec.ProtoReflect.Descriptor instead. func (*WorkloadSpec) Descriptor() ([]byte, []int) { - return file_ateom_proto_rawDescGZIP(), []int{1} + return file_internal_proto_ateompb_ateom_proto_rawDescGZIP(), []int{1} } func (x *WorkloadSpec) GetContainers() []*Container { @@ -156,6 +158,13 @@ func (x *WorkloadSpec) GetContainers() []*Container { return nil } +func (x *WorkloadSpec) GetEgressPolicy() *egresspb.EgressPolicy { + if x != nil { + return x.EgressPolicy + } + return nil +} + type Container struct { state protoimpl.MessageState `protogen:"open.v1"` Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` @@ -165,7 +174,7 @@ type Container struct { func (x *Container) Reset() { *x = Container{} - mi := &file_ateom_proto_msgTypes[2] + mi := &file_internal_proto_ateompb_ateom_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -177,7 +186,7 @@ func (x *Container) String() string { func (*Container) ProtoMessage() {} func (x *Container) ProtoReflect() protoreflect.Message { - mi := &file_ateom_proto_msgTypes[2] + mi := &file_internal_proto_ateompb_ateom_proto_msgTypes[2] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -190,7 +199,7 @@ func (x *Container) ProtoReflect() protoreflect.Message { // Deprecated: Use Container.ProtoReflect.Descriptor instead. func (*Container) Descriptor() ([]byte, []int) { - return file_ateom_proto_rawDescGZIP(), []int{2} + return file_internal_proto_ateompb_ateom_proto_rawDescGZIP(), []int{2} } func (x *Container) GetName() string { @@ -208,7 +217,7 @@ type RunWorkloadResponse struct { func (x *RunWorkloadResponse) Reset() { *x = RunWorkloadResponse{} - mi := &file_ateom_proto_msgTypes[3] + mi := &file_internal_proto_ateompb_ateom_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -220,7 +229,7 @@ func (x *RunWorkloadResponse) String() string { func (*RunWorkloadResponse) ProtoMessage() {} func (x *RunWorkloadResponse) ProtoReflect() protoreflect.Message { - mi := &file_ateom_proto_msgTypes[3] + mi := &file_internal_proto_ateompb_ateom_proto_msgTypes[3] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -233,7 +242,7 @@ func (x *RunWorkloadResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use RunWorkloadResponse.ProtoReflect.Descriptor instead. func (*RunWorkloadResponse) Descriptor() ([]byte, []int) { - return file_ateom_proto_rawDescGZIP(), []int{3} + return file_internal_proto_ateompb_ateom_proto_rawDescGZIP(), []int{3} } type CheckpointWorkloadRequest struct { @@ -258,7 +267,7 @@ type CheckpointWorkloadRequest struct { func (x *CheckpointWorkloadRequest) Reset() { *x = CheckpointWorkloadRequest{} - mi := &file_ateom_proto_msgTypes[4] + mi := &file_internal_proto_ateompb_ateom_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -270,7 +279,7 @@ func (x *CheckpointWorkloadRequest) String() string { func (*CheckpointWorkloadRequest) ProtoMessage() {} func (x *CheckpointWorkloadRequest) ProtoReflect() protoreflect.Message { - mi := &file_ateom_proto_msgTypes[4] + mi := &file_internal_proto_ateompb_ateom_proto_msgTypes[4] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -283,7 +292,7 @@ func (x *CheckpointWorkloadRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use CheckpointWorkloadRequest.ProtoReflect.Descriptor instead. func (*CheckpointWorkloadRequest) Descriptor() ([]byte, []int) { - return file_ateom_proto_rawDescGZIP(), []int{4} + return file_internal_proto_ateompb_ateom_proto_rawDescGZIP(), []int{4} } func (x *CheckpointWorkloadRequest) GetActorTemplateNamespace() string { @@ -336,7 +345,7 @@ type CheckpointWorkloadResponse struct { func (x *CheckpointWorkloadResponse) Reset() { *x = CheckpointWorkloadResponse{} - mi := &file_ateom_proto_msgTypes[5] + mi := &file_internal_proto_ateompb_ateom_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -348,7 +357,7 @@ func (x *CheckpointWorkloadResponse) String() string { func (*CheckpointWorkloadResponse) ProtoMessage() {} func (x *CheckpointWorkloadResponse) ProtoReflect() protoreflect.Message { - mi := &file_ateom_proto_msgTypes[5] + mi := &file_internal_proto_ateompb_ateom_proto_msgTypes[5] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -361,7 +370,7 @@ func (x *CheckpointWorkloadResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use CheckpointWorkloadResponse.ProtoReflect.Descriptor instead. func (*CheckpointWorkloadResponse) Descriptor() ([]byte, []int) { - return file_ateom_proto_rawDescGZIP(), []int{5} + return file_internal_proto_ateompb_ateom_proto_rawDescGZIP(), []int{5} } type RestoreWorkloadRequest struct { @@ -379,7 +388,7 @@ type RestoreWorkloadRequest struct { func (x *RestoreWorkloadRequest) Reset() { *x = RestoreWorkloadRequest{} - mi := &file_ateom_proto_msgTypes[6] + mi := &file_internal_proto_ateompb_ateom_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -391,7 +400,7 @@ func (x *RestoreWorkloadRequest) String() string { func (*RestoreWorkloadRequest) ProtoMessage() {} func (x *RestoreWorkloadRequest) ProtoReflect() protoreflect.Message { - mi := &file_ateom_proto_msgTypes[6] + mi := &file_internal_proto_ateompb_ateom_proto_msgTypes[6] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -404,7 +413,7 @@ func (x *RestoreWorkloadRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use RestoreWorkloadRequest.ProtoReflect.Descriptor instead. func (*RestoreWorkloadRequest) Descriptor() ([]byte, []int) { - return file_ateom_proto_rawDescGZIP(), []int{6} + return file_internal_proto_ateompb_ateom_proto_rawDescGZIP(), []int{6} } func (x *RestoreWorkloadRequest) GetActorTemplateNamespace() string { @@ -457,7 +466,7 @@ type RestoreWorkloadResponse struct { func (x *RestoreWorkloadResponse) Reset() { *x = RestoreWorkloadResponse{} - mi := &file_ateom_proto_msgTypes[7] + mi := &file_internal_proto_ateompb_ateom_proto_msgTypes[7] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -469,7 +478,7 @@ func (x *RestoreWorkloadResponse) String() string { func (*RestoreWorkloadResponse) ProtoMessage() {} func (x *RestoreWorkloadResponse) ProtoReflect() protoreflect.Message { - mi := &file_ateom_proto_msgTypes[7] + mi := &file_internal_proto_ateompb_ateom_proto_msgTypes[7] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -482,25 +491,26 @@ func (x *RestoreWorkloadResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use RestoreWorkloadResponse.ProtoReflect.Descriptor instead. func (*RestoreWorkloadResponse) Descriptor() ([]byte, []int) { - return file_ateom_proto_rawDescGZIP(), []int{7} + return file_internal_proto_ateompb_ateom_proto_rawDescGZIP(), []int{7} } -var File_ateom_proto protoreflect.FileDescriptor +var File_internal_proto_ateompb_ateom_proto protoreflect.FileDescriptor -const file_ateom_proto_rawDesc = "" + +const file_internal_proto_ateompb_ateom_proto_rawDesc = "" + "\n" + - "\vateom.proto\x12\x05ateom\"\xe1\x01\n" + + "\"internal/proto/ateompb/ateom.proto\x12\x05ateom\x1a$internal/proto/egresspb/egress.proto\"\xe1\x01\n" + "\x12RunWorkloadRequest\x128\n" + "\x18actor_template_namespace\x18\x01 \x01(\tR\x16actorTemplateNamespace\x12.\n" + "\x13actor_template_name\x18\x02 \x01(\tR\x11actorTemplateName\x12\x19\n" + "\bactor_id\x18\x03 \x01(\tR\aactorId\x12\x1d\n" + "\n" + "runsc_path\x18\x04 \x01(\tR\trunscPath\x12'\n" + - "\x04spec\x18\x05 \x01(\v2\x13.ateom.WorkloadSpecR\x04spec\"@\n" + + "\x04spec\x18\x05 \x01(\v2\x13.ateom.WorkloadSpecR\x04spec\"{\n" + "\fWorkloadSpec\x120\n" + "\n" + "containers\x18\x01 \x03(\v2\x10.ateom.ContainerR\n" + - "containers\"\x1f\n" + + "containers\x129\n" + + "\regress_policy\x18\x02 \x01(\v2\x14.egress.EgressPolicyR\fegressPolicy\"\x1f\n" + "\tContainer\x12\x12\n" + "\x04name\x18\x01 \x01(\tR\x04name\"\x15\n" + "\x13RunWorkloadResponse\"\x98\x02\n" + @@ -528,19 +538,19 @@ const file_ateom_proto_rawDesc = "" + "\x0fRestoreWorkload\x12\x1d.ateom.RestoreWorkloadRequest\x1a\x1e.ateom.RestoreWorkloadResponse\"\x00B=Z;github.com/agent-substrate/substrate/internal/proto/ateompbb\x06proto3" var ( - file_ateom_proto_rawDescOnce sync.Once - file_ateom_proto_rawDescData []byte + file_internal_proto_ateompb_ateom_proto_rawDescOnce sync.Once + file_internal_proto_ateompb_ateom_proto_rawDescData []byte ) -func file_ateom_proto_rawDescGZIP() []byte { - file_ateom_proto_rawDescOnce.Do(func() { - file_ateom_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_ateom_proto_rawDesc), len(file_ateom_proto_rawDesc))) +func file_internal_proto_ateompb_ateom_proto_rawDescGZIP() []byte { + file_internal_proto_ateompb_ateom_proto_rawDescOnce.Do(func() { + file_internal_proto_ateompb_ateom_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_internal_proto_ateompb_ateom_proto_rawDesc), len(file_internal_proto_ateompb_ateom_proto_rawDesc))) }) - return file_ateom_proto_rawDescData + return file_internal_proto_ateompb_ateom_proto_rawDescData } -var file_ateom_proto_msgTypes = make([]protoimpl.MessageInfo, 8) -var file_ateom_proto_goTypes = []any{ +var file_internal_proto_ateompb_ateom_proto_msgTypes = make([]protoimpl.MessageInfo, 8) +var file_internal_proto_ateompb_ateom_proto_goTypes = []any{ (*RunWorkloadRequest)(nil), // 0: ateom.RunWorkloadRequest (*WorkloadSpec)(nil), // 1: ateom.WorkloadSpec (*Container)(nil), // 2: ateom.Container @@ -549,45 +559,47 @@ var file_ateom_proto_goTypes = []any{ (*CheckpointWorkloadResponse)(nil), // 5: ateom.CheckpointWorkloadResponse (*RestoreWorkloadRequest)(nil), // 6: ateom.RestoreWorkloadRequest (*RestoreWorkloadResponse)(nil), // 7: ateom.RestoreWorkloadResponse + (*egresspb.EgressPolicy)(nil), // 8: egress.EgressPolicy } -var file_ateom_proto_depIdxs = []int32{ +var file_internal_proto_ateompb_ateom_proto_depIdxs = []int32{ 1, // 0: ateom.RunWorkloadRequest.spec:type_name -> ateom.WorkloadSpec 2, // 1: ateom.WorkloadSpec.containers:type_name -> ateom.Container - 1, // 2: ateom.CheckpointWorkloadRequest.spec:type_name -> ateom.WorkloadSpec - 1, // 3: ateom.RestoreWorkloadRequest.spec:type_name -> ateom.WorkloadSpec - 0, // 4: ateom.Ateom.RunWorkload:input_type -> ateom.RunWorkloadRequest - 4, // 5: ateom.Ateom.CheckpointWorkload:input_type -> ateom.CheckpointWorkloadRequest - 6, // 6: ateom.Ateom.RestoreWorkload:input_type -> ateom.RestoreWorkloadRequest - 3, // 7: ateom.Ateom.RunWorkload:output_type -> ateom.RunWorkloadResponse - 5, // 8: ateom.Ateom.CheckpointWorkload:output_type -> ateom.CheckpointWorkloadResponse - 7, // 9: ateom.Ateom.RestoreWorkload:output_type -> ateom.RestoreWorkloadResponse - 7, // [7:10] is the sub-list for method output_type - 4, // [4:7] is the sub-list for method input_type - 4, // [4:4] is the sub-list for extension type_name - 4, // [4:4] is the sub-list for extension extendee - 0, // [0:4] is the sub-list for field type_name -} - -func init() { file_ateom_proto_init() } -func file_ateom_proto_init() { - if File_ateom_proto != nil { + 8, // 2: ateom.WorkloadSpec.egress_policy:type_name -> egress.EgressPolicy + 1, // 3: ateom.CheckpointWorkloadRequest.spec:type_name -> ateom.WorkloadSpec + 1, // 4: ateom.RestoreWorkloadRequest.spec:type_name -> ateom.WorkloadSpec + 0, // 5: ateom.Ateom.RunWorkload:input_type -> ateom.RunWorkloadRequest + 4, // 6: ateom.Ateom.CheckpointWorkload:input_type -> ateom.CheckpointWorkloadRequest + 6, // 7: ateom.Ateom.RestoreWorkload:input_type -> ateom.RestoreWorkloadRequest + 3, // 8: ateom.Ateom.RunWorkload:output_type -> ateom.RunWorkloadResponse + 5, // 9: ateom.Ateom.CheckpointWorkload:output_type -> ateom.CheckpointWorkloadResponse + 7, // 10: ateom.Ateom.RestoreWorkload:output_type -> ateom.RestoreWorkloadResponse + 8, // [8:11] is the sub-list for method output_type + 5, // [5:8] is the sub-list for method input_type + 5, // [5:5] is the sub-list for extension type_name + 5, // [5:5] is the sub-list for extension extendee + 0, // [0:5] is the sub-list for field type_name +} + +func init() { file_internal_proto_ateompb_ateom_proto_init() } +func file_internal_proto_ateompb_ateom_proto_init() { + if File_internal_proto_ateompb_ateom_proto != nil { return } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: unsafe.Slice(unsafe.StringData(file_ateom_proto_rawDesc), len(file_ateom_proto_rawDesc)), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_internal_proto_ateompb_ateom_proto_rawDesc), len(file_internal_proto_ateompb_ateom_proto_rawDesc)), NumEnums: 0, NumMessages: 8, NumExtensions: 0, NumServices: 1, }, - GoTypes: file_ateom_proto_goTypes, - DependencyIndexes: file_ateom_proto_depIdxs, - MessageInfos: file_ateom_proto_msgTypes, + GoTypes: file_internal_proto_ateompb_ateom_proto_goTypes, + DependencyIndexes: file_internal_proto_ateompb_ateom_proto_depIdxs, + MessageInfos: file_internal_proto_ateompb_ateom_proto_msgTypes, }.Build() - File_ateom_proto = out.File - file_ateom_proto_goTypes = nil - file_ateom_proto_depIdxs = nil + File_internal_proto_ateompb_ateom_proto = out.File + file_internal_proto_ateompb_ateom_proto_goTypes = nil + file_internal_proto_ateompb_ateom_proto_depIdxs = nil } diff --git a/internal/proto/ateompb/ateom.proto b/internal/proto/ateompb/ateom.proto index 1da19e5a3..03f98d8a7 100644 --- a/internal/proto/ateompb/ateom.proto +++ b/internal/proto/ateompb/ateom.proto @@ -16,6 +16,8 @@ syntax = "proto3"; package ateom; +import "internal/proto/egresspb/egress.proto"; + option go_package = "github.com/agent-substrate/substrate/internal/proto/ateompb"; // Ateom is the interface to control a single gVisor (or, in the future microVM) @@ -59,7 +61,8 @@ message RunWorkloadRequest { // WorkloadSpec parallels Pod, but with far fewer configurable fields. message WorkloadSpec { - repeated Container containers = 1; + repeated Container containers = 1; + egress.EgressPolicy egress_policy = 2; } message Container { diff --git a/internal/proto/ateompb/ateom_grpc.pb.go b/internal/proto/ateompb/ateom_grpc.pb.go index 68d5bd57a..428f7875a 100644 --- a/internal/proto/ateompb/ateom_grpc.pb.go +++ b/internal/proto/ateompb/ateom_grpc.pb.go @@ -16,7 +16,7 @@ // versions: // - protoc-gen-go-grpc v1.6.1 // - protoc v4.25.3 -// source: ateom.proto +// source: internal/proto/ateompb/ateom.proto package ateompb @@ -251,5 +251,5 @@ var Ateom_ServiceDesc = grpc.ServiceDesc{ }, }, Streams: []grpc.StreamDesc{}, - Metadata: "ateom.proto", + Metadata: "internal/proto/ateompb/ateom.proto", } diff --git a/internal/proto/ateompb/gen.go b/internal/proto/ateompb/gen.go index 97a9a566e..4eed4192e 100644 --- a/internal/proto/ateompb/gen.go +++ b/internal/proto/ateompb/gen.go @@ -14,4 +14,4 @@ package ateompb -//go:generate bash -c "../../../hack/protoc.sh --plugin=protoc-gen-go=$(bash ../../../hack/run-tool.sh --print-bin-path protoc-gen-go) --plugin=protoc-gen-go-grpc=$(bash ../../../hack/run-tool.sh --print-bin-path protoc-gen-go-grpc) --go_out=paths=source_relative:. --go-grpc_out=paths=source_relative:. ateom.proto" +//go:generate bash -c "../../../hack/protoc.sh -I ../../.. --plugin=protoc-gen-go=$(bash ../../../hack/run-tool.sh --print-bin-path protoc-gen-go) --plugin=protoc-gen-go-grpc=$(bash ../../../hack/run-tool.sh --print-bin-path protoc-gen-go-grpc) --go_out=paths=source_relative:../../.. --go-grpc_out=paths=source_relative:../../.. internal/proto/ateompb/ateom.proto" diff --git a/internal/proto/egresspb/egress.pb.go b/internal/proto/egresspb/egress.pb.go new file mode 100644 index 000000000..37001646d --- /dev/null +++ b/internal/proto/egresspb/egress.pb.go @@ -0,0 +1,811 @@ +// Copyright 2026 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.36.11-devel +// protoc v4.25.3 +// source: internal/proto/egresspb/egress.proto + +package egresspb + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" + unsafe "unsafe" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type EgressPolicy struct { + state protoimpl.MessageState `protogen:"open.v1"` + DefaultAction string `protobuf:"bytes,1,opt,name=default_action,json=defaultAction,proto3" json:"default_action,omitempty"` + Allow []*EgressPolicyRule `protobuf:"bytes,2,rep,name=allow,proto3" json:"allow,omitempty"` + Deny []*EgressPolicyRule `protobuf:"bytes,3,rep,name=deny,proto3" json:"deny,omitempty"` + Audit *EgressAuditPolicy `protobuf:"bytes,4,opt,name=audit,proto3" json:"audit,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *EgressPolicy) Reset() { + *x = EgressPolicy{} + mi := &file_internal_proto_egresspb_egress_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EgressPolicy) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EgressPolicy) ProtoMessage() {} + +func (x *EgressPolicy) ProtoReflect() protoreflect.Message { + mi := &file_internal_proto_egresspb_egress_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EgressPolicy.ProtoReflect.Descriptor instead. +func (*EgressPolicy) Descriptor() ([]byte, []int) { + return file_internal_proto_egresspb_egress_proto_rawDescGZIP(), []int{0} +} + +func (x *EgressPolicy) GetDefaultAction() string { + if x != nil { + return x.DefaultAction + } + return "" +} + +func (x *EgressPolicy) GetAllow() []*EgressPolicyRule { + if x != nil { + return x.Allow + } + return nil +} + +func (x *EgressPolicy) GetDeny() []*EgressPolicyRule { + if x != nil { + return x.Deny + } + return nil +} + +func (x *EgressPolicy) GetAudit() *EgressAuditPolicy { + if x != nil { + return x.Audit + } + return nil +} + +type EgressPolicyRule struct { + state protoimpl.MessageState `protogen:"open.v1"` + To []*EgressPolicyDestination `protobuf:"bytes,1,rep,name=to,proto3" json:"to,omitempty"` + Ports []*EgressPort `protobuf:"bytes,2,rep,name=ports,proto3" json:"ports,omitempty"` + Tls *EgressTLSPolicy `protobuf:"bytes,3,opt,name=tls,proto3" json:"tls,omitempty"` + Credentials *EgressCredentialPolicy `protobuf:"bytes,4,opt,name=credentials,proto3" json:"credentials,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *EgressPolicyRule) Reset() { + *x = EgressPolicyRule{} + mi := &file_internal_proto_egresspb_egress_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EgressPolicyRule) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EgressPolicyRule) ProtoMessage() {} + +func (x *EgressPolicyRule) ProtoReflect() protoreflect.Message { + mi := &file_internal_proto_egresspb_egress_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EgressPolicyRule.ProtoReflect.Descriptor instead. +func (*EgressPolicyRule) Descriptor() ([]byte, []int) { + return file_internal_proto_egresspb_egress_proto_rawDescGZIP(), []int{1} +} + +func (x *EgressPolicyRule) GetTo() []*EgressPolicyDestination { + if x != nil { + return x.To + } + return nil +} + +func (x *EgressPolicyRule) GetPorts() []*EgressPort { + if x != nil { + return x.Ports + } + return nil +} + +func (x *EgressPolicyRule) GetTls() *EgressTLSPolicy { + if x != nil { + return x.Tls + } + return nil +} + +func (x *EgressPolicyRule) GetCredentials() *EgressCredentialPolicy { + if x != nil { + return x.Credentials + } + return nil +} + +type EgressPolicyDestination struct { + state protoimpl.MessageState `protogen:"open.v1"` + Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"` + Cidr string `protobuf:"bytes,2,opt,name=cidr,proto3" json:"cidr,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *EgressPolicyDestination) Reset() { + *x = EgressPolicyDestination{} + mi := &file_internal_proto_egresspb_egress_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EgressPolicyDestination) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EgressPolicyDestination) ProtoMessage() {} + +func (x *EgressPolicyDestination) ProtoReflect() protoreflect.Message { + mi := &file_internal_proto_egresspb_egress_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EgressPolicyDestination.ProtoReflect.Descriptor instead. +func (*EgressPolicyDestination) Descriptor() ([]byte, []int) { + return file_internal_proto_egresspb_egress_proto_rawDescGZIP(), []int{2} +} + +func (x *EgressPolicyDestination) GetHost() string { + if x != nil { + return x.Host + } + return "" +} + +func (x *EgressPolicyDestination) GetCidr() string { + if x != nil { + return x.Cidr + } + return "" +} + +type EgressPort struct { + state protoimpl.MessageState `protogen:"open.v1"` + Port uint32 `protobuf:"varint,1,opt,name=port,proto3" json:"port,omitempty"` + Protocol string `protobuf:"bytes,2,opt,name=protocol,proto3" json:"protocol,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *EgressPort) Reset() { + *x = EgressPort{} + mi := &file_internal_proto_egresspb_egress_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EgressPort) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EgressPort) ProtoMessage() {} + +func (x *EgressPort) ProtoReflect() protoreflect.Message { + mi := &file_internal_proto_egresspb_egress_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EgressPort.ProtoReflect.Descriptor instead. +func (*EgressPort) Descriptor() ([]byte, []int) { + return file_internal_proto_egresspb_egress_proto_rawDescGZIP(), []int{3} +} + +func (x *EgressPort) GetPort() uint32 { + if x != nil { + return x.Port + } + return 0 +} + +func (x *EgressPort) GetProtocol() string { + if x != nil { + return x.Protocol + } + return "" +} + +type EgressTLSPolicy struct { + state protoimpl.MessageState `protogen:"open.v1"` + Mode string `protobuf:"bytes,1,opt,name=mode,proto3" json:"mode,omitempty"` + Required bool `protobuf:"varint,2,opt,name=required,proto3" json:"required,omitempty"` + Intercept *EgressTLSInterceptPolicy `protobuf:"bytes,3,opt,name=intercept,proto3" json:"intercept,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *EgressTLSPolicy) Reset() { + *x = EgressTLSPolicy{} + mi := &file_internal_proto_egresspb_egress_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EgressTLSPolicy) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EgressTLSPolicy) ProtoMessage() {} + +func (x *EgressTLSPolicy) ProtoReflect() protoreflect.Message { + mi := &file_internal_proto_egresspb_egress_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EgressTLSPolicy.ProtoReflect.Descriptor instead. +func (*EgressTLSPolicy) Descriptor() ([]byte, []int) { + return file_internal_proto_egresspb_egress_proto_rawDescGZIP(), []int{4} +} + +func (x *EgressTLSPolicy) GetMode() string { + if x != nil { + return x.Mode + } + return "" +} + +func (x *EgressTLSPolicy) GetRequired() bool { + if x != nil { + return x.Required + } + return false +} + +func (x *EgressTLSPolicy) GetIntercept() *EgressTLSInterceptPolicy { + if x != nil { + return x.Intercept + } + return nil +} + +type EgressTLSInterceptPolicy struct { + state protoimpl.MessageState `protogen:"open.v1"` + IssuerSecretRef *SecretReference `protobuf:"bytes,1,opt,name=issuer_secret_ref,json=issuerSecretRef,proto3" json:"issuer_secret_ref,omitempty"` + ValidateUpstream bool `protobuf:"varint,2,opt,name=validate_upstream,json=validateUpstream,proto3" json:"validate_upstream,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *EgressTLSInterceptPolicy) Reset() { + *x = EgressTLSInterceptPolicy{} + mi := &file_internal_proto_egresspb_egress_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EgressTLSInterceptPolicy) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EgressTLSInterceptPolicy) ProtoMessage() {} + +func (x *EgressTLSInterceptPolicy) ProtoReflect() protoreflect.Message { + mi := &file_internal_proto_egresspb_egress_proto_msgTypes[5] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EgressTLSInterceptPolicy.ProtoReflect.Descriptor instead. +func (*EgressTLSInterceptPolicy) Descriptor() ([]byte, []int) { + return file_internal_proto_egresspb_egress_proto_rawDescGZIP(), []int{5} +} + +func (x *EgressTLSInterceptPolicy) GetIssuerSecretRef() *SecretReference { + if x != nil { + return x.IssuerSecretRef + } + return nil +} + +func (x *EgressTLSInterceptPolicy) GetValidateUpstream() bool { + if x != nil { + return x.ValidateUpstream + } + return false +} + +type EgressCredentialPolicy struct { + state protoimpl.MessageState `protogen:"open.v1"` + Inject []*EgressCredentialInjection `protobuf:"bytes,1,rep,name=inject,proto3" json:"inject,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *EgressCredentialPolicy) Reset() { + *x = EgressCredentialPolicy{} + mi := &file_internal_proto_egresspb_egress_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EgressCredentialPolicy) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EgressCredentialPolicy) ProtoMessage() {} + +func (x *EgressCredentialPolicy) ProtoReflect() protoreflect.Message { + mi := &file_internal_proto_egresspb_egress_proto_msgTypes[6] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EgressCredentialPolicy.ProtoReflect.Descriptor instead. +func (*EgressCredentialPolicy) Descriptor() ([]byte, []int) { + return file_internal_proto_egresspb_egress_proto_rawDescGZIP(), []int{6} +} + +func (x *EgressCredentialPolicy) GetInject() []*EgressCredentialInjection { + if x != nil { + return x.Inject + } + return nil +} + +type EgressCredentialInjection struct { + state protoimpl.MessageState `protogen:"open.v1"` + Header string `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"` + ValueFrom *EgressCredentialValueFrom `protobuf:"bytes,2,opt,name=value_from,json=valueFrom,proto3" json:"value_from,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *EgressCredentialInjection) Reset() { + *x = EgressCredentialInjection{} + mi := &file_internal_proto_egresspb_egress_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EgressCredentialInjection) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EgressCredentialInjection) ProtoMessage() {} + +func (x *EgressCredentialInjection) ProtoReflect() protoreflect.Message { + mi := &file_internal_proto_egresspb_egress_proto_msgTypes[7] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EgressCredentialInjection.ProtoReflect.Descriptor instead. +func (*EgressCredentialInjection) Descriptor() ([]byte, []int) { + return file_internal_proto_egresspb_egress_proto_rawDescGZIP(), []int{7} +} + +func (x *EgressCredentialInjection) GetHeader() string { + if x != nil { + return x.Header + } + return "" +} + +func (x *EgressCredentialInjection) GetValueFrom() *EgressCredentialValueFrom { + if x != nil { + return x.ValueFrom + } + return nil +} + +type EgressCredentialValueFrom struct { + state protoimpl.MessageState `protogen:"open.v1"` + SecretKeyRef *SecretKeySelector `protobuf:"bytes,1,opt,name=secret_key_ref,json=secretKeyRef,proto3" json:"secret_key_ref,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *EgressCredentialValueFrom) Reset() { + *x = EgressCredentialValueFrom{} + mi := &file_internal_proto_egresspb_egress_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EgressCredentialValueFrom) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EgressCredentialValueFrom) ProtoMessage() {} + +func (x *EgressCredentialValueFrom) ProtoReflect() protoreflect.Message { + mi := &file_internal_proto_egresspb_egress_proto_msgTypes[8] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EgressCredentialValueFrom.ProtoReflect.Descriptor instead. +func (*EgressCredentialValueFrom) Descriptor() ([]byte, []int) { + return file_internal_proto_egresspb_egress_proto_rawDescGZIP(), []int{8} +} + +func (x *EgressCredentialValueFrom) GetSecretKeyRef() *SecretKeySelector { + if x != nil { + return x.SecretKeyRef + } + return nil +} + +type EgressAuditPolicy struct { + state protoimpl.MessageState `protogen:"open.v1"` + Logs bool `protobuf:"varint,1,opt,name=logs,proto3" json:"logs,omitempty"` + Traces bool `protobuf:"varint,2,opt,name=traces,proto3" json:"traces,omitempty"` + RedactHeaders []string `protobuf:"bytes,3,rep,name=redact_headers,json=redactHeaders,proto3" json:"redact_headers,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *EgressAuditPolicy) Reset() { + *x = EgressAuditPolicy{} + mi := &file_internal_proto_egresspb_egress_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EgressAuditPolicy) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EgressAuditPolicy) ProtoMessage() {} + +func (x *EgressAuditPolicy) ProtoReflect() protoreflect.Message { + mi := &file_internal_proto_egresspb_egress_proto_msgTypes[9] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EgressAuditPolicy.ProtoReflect.Descriptor instead. +func (*EgressAuditPolicy) Descriptor() ([]byte, []int) { + return file_internal_proto_egresspb_egress_proto_rawDescGZIP(), []int{9} +} + +func (x *EgressAuditPolicy) GetLogs() bool { + if x != nil { + return x.Logs + } + return false +} + +func (x *EgressAuditPolicy) GetTraces() bool { + if x != nil { + return x.Traces + } + return false +} + +func (x *EgressAuditPolicy) GetRedactHeaders() []string { + if x != nil { + return x.RedactHeaders + } + return nil +} + +type SecretReference struct { + state protoimpl.MessageState `protogen:"open.v1"` + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + Namespace string `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *SecretReference) Reset() { + *x = SecretReference{} + mi := &file_internal_proto_egresspb_egress_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *SecretReference) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SecretReference) ProtoMessage() {} + +func (x *SecretReference) ProtoReflect() protoreflect.Message { + mi := &file_internal_proto_egresspb_egress_proto_msgTypes[10] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SecretReference.ProtoReflect.Descriptor instead. +func (*SecretReference) Descriptor() ([]byte, []int) { + return file_internal_proto_egresspb_egress_proto_rawDescGZIP(), []int{10} +} + +func (x *SecretReference) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *SecretReference) GetNamespace() string { + if x != nil { + return x.Namespace + } + return "" +} + +type SecretKeySelector struct { + state protoimpl.MessageState `protogen:"open.v1"` + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + Key string `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *SecretKeySelector) Reset() { + *x = SecretKeySelector{} + mi := &file_internal_proto_egresspb_egress_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *SecretKeySelector) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SecretKeySelector) ProtoMessage() {} + +func (x *SecretKeySelector) ProtoReflect() protoreflect.Message { + mi := &file_internal_proto_egresspb_egress_proto_msgTypes[11] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SecretKeySelector.ProtoReflect.Descriptor instead. +func (*SecretKeySelector) Descriptor() ([]byte, []int) { + return file_internal_proto_egresspb_egress_proto_rawDescGZIP(), []int{11} +} + +func (x *SecretKeySelector) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *SecretKeySelector) GetKey() string { + if x != nil { + return x.Key + } + return "" +} + +var File_internal_proto_egresspb_egress_proto protoreflect.FileDescriptor + +const file_internal_proto_egresspb_egress_proto_rawDesc = "" + + "\n" + + "$internal/proto/egresspb/egress.proto\x12\x06egress\"\xc4\x01\n" + + "\fEgressPolicy\x12%\n" + + "\x0edefault_action\x18\x01 \x01(\tR\rdefaultAction\x12.\n" + + "\x05allow\x18\x02 \x03(\v2\x18.egress.EgressPolicyRuleR\x05allow\x12,\n" + + "\x04deny\x18\x03 \x03(\v2\x18.egress.EgressPolicyRuleR\x04deny\x12/\n" + + "\x05audit\x18\x04 \x01(\v2\x19.egress.EgressAuditPolicyR\x05audit\"\xda\x01\n" + + "\x10EgressPolicyRule\x12/\n" + + "\x02to\x18\x01 \x03(\v2\x1f.egress.EgressPolicyDestinationR\x02to\x12(\n" + + "\x05ports\x18\x02 \x03(\v2\x12.egress.EgressPortR\x05ports\x12)\n" + + "\x03tls\x18\x03 \x01(\v2\x17.egress.EgressTLSPolicyR\x03tls\x12@\n" + + "\vcredentials\x18\x04 \x01(\v2\x1e.egress.EgressCredentialPolicyR\vcredentials\"A\n" + + "\x17EgressPolicyDestination\x12\x12\n" + + "\x04host\x18\x01 \x01(\tR\x04host\x12\x12\n" + + "\x04cidr\x18\x02 \x01(\tR\x04cidr\"<\n" + + "\n" + + "EgressPort\x12\x12\n" + + "\x04port\x18\x01 \x01(\rR\x04port\x12\x1a\n" + + "\bprotocol\x18\x02 \x01(\tR\bprotocol\"\x81\x01\n" + + "\x0fEgressTLSPolicy\x12\x12\n" + + "\x04mode\x18\x01 \x01(\tR\x04mode\x12\x1a\n" + + "\brequired\x18\x02 \x01(\bR\brequired\x12>\n" + + "\tintercept\x18\x03 \x01(\v2 .egress.EgressTLSInterceptPolicyR\tintercept\"\x8c\x01\n" + + "\x18EgressTLSInterceptPolicy\x12C\n" + + "\x11issuer_secret_ref\x18\x01 \x01(\v2\x17.egress.SecretReferenceR\x0fissuerSecretRef\x12+\n" + + "\x11validate_upstream\x18\x02 \x01(\bR\x10validateUpstream\"S\n" + + "\x16EgressCredentialPolicy\x129\n" + + "\x06inject\x18\x01 \x03(\v2!.egress.EgressCredentialInjectionR\x06inject\"u\n" + + "\x19EgressCredentialInjection\x12\x16\n" + + "\x06header\x18\x01 \x01(\tR\x06header\x12@\n" + + "\n" + + "value_from\x18\x02 \x01(\v2!.egress.EgressCredentialValueFromR\tvalueFrom\"\\\n" + + "\x19EgressCredentialValueFrom\x12?\n" + + "\x0esecret_key_ref\x18\x01 \x01(\v2\x19.egress.SecretKeySelectorR\fsecretKeyRef\"f\n" + + "\x11EgressAuditPolicy\x12\x12\n" + + "\x04logs\x18\x01 \x01(\bR\x04logs\x12\x16\n" + + "\x06traces\x18\x02 \x01(\bR\x06traces\x12%\n" + + "\x0eredact_headers\x18\x03 \x03(\tR\rredactHeaders\"C\n" + + "\x0fSecretReference\x12\x12\n" + + "\x04name\x18\x01 \x01(\tR\x04name\x12\x1c\n" + + "\tnamespace\x18\x02 \x01(\tR\tnamespace\"9\n" + + "\x11SecretKeySelector\x12\x12\n" + + "\x04name\x18\x01 \x01(\tR\x04name\x12\x10\n" + + "\x03key\x18\x02 \x01(\tR\x03keyB>Z egress.EgressPolicyRule + 1, // 1: egress.EgressPolicy.deny:type_name -> egress.EgressPolicyRule + 9, // 2: egress.EgressPolicy.audit:type_name -> egress.EgressAuditPolicy + 2, // 3: egress.EgressPolicyRule.to:type_name -> egress.EgressPolicyDestination + 3, // 4: egress.EgressPolicyRule.ports:type_name -> egress.EgressPort + 4, // 5: egress.EgressPolicyRule.tls:type_name -> egress.EgressTLSPolicy + 6, // 6: egress.EgressPolicyRule.credentials:type_name -> egress.EgressCredentialPolicy + 5, // 7: egress.EgressTLSPolicy.intercept:type_name -> egress.EgressTLSInterceptPolicy + 10, // 8: egress.EgressTLSInterceptPolicy.issuer_secret_ref:type_name -> egress.SecretReference + 7, // 9: egress.EgressCredentialPolicy.inject:type_name -> egress.EgressCredentialInjection + 8, // 10: egress.EgressCredentialInjection.value_from:type_name -> egress.EgressCredentialValueFrom + 11, // 11: egress.EgressCredentialValueFrom.secret_key_ref:type_name -> egress.SecretKeySelector + 12, // [12:12] is the sub-list for method output_type + 12, // [12:12] is the sub-list for method input_type + 12, // [12:12] is the sub-list for extension type_name + 12, // [12:12] is the sub-list for extension extendee + 0, // [0:12] is the sub-list for field type_name +} + +func init() { file_internal_proto_egresspb_egress_proto_init() } +func file_internal_proto_egresspb_egress_proto_init() { + if File_internal_proto_egresspb_egress_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_internal_proto_egresspb_egress_proto_rawDesc), len(file_internal_proto_egresspb_egress_proto_rawDesc)), + NumEnums: 0, + NumMessages: 12, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_internal_proto_egresspb_egress_proto_goTypes, + DependencyIndexes: file_internal_proto_egresspb_egress_proto_depIdxs, + MessageInfos: file_internal_proto_egresspb_egress_proto_msgTypes, + }.Build() + File_internal_proto_egresspb_egress_proto = out.File + file_internal_proto_egresspb_egress_proto_goTypes = nil + file_internal_proto_egresspb_egress_proto_depIdxs = nil +} diff --git a/internal/proto/egresspb/egress.proto b/internal/proto/egresspb/egress.proto new file mode 100644 index 000000000..b90f71bc2 --- /dev/null +++ b/internal/proto/egresspb/egress.proto @@ -0,0 +1,83 @@ +// Copyright 2026 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package egress; + +option go_package = "github.com/agent-substrate/substrate/internal/proto/egresspb"; + +message EgressPolicy { + string default_action = 1; + repeated EgressPolicyRule allow = 2; + repeated EgressPolicyRule deny = 3; + EgressAuditPolicy audit = 4; +} + +message EgressPolicyRule { + repeated EgressPolicyDestination to = 1; + repeated EgressPort ports = 2; + EgressTLSPolicy tls = 3; + EgressCredentialPolicy credentials = 4; +} + +message EgressPolicyDestination { + string host = 1; + string cidr = 2; +} + +message EgressPort { + uint32 port = 1; + string protocol = 2; +} + +message EgressTLSPolicy { + string mode = 1; + bool required = 2; + EgressTLSInterceptPolicy intercept = 3; +} + +message EgressTLSInterceptPolicy { + SecretReference issuer_secret_ref = 1; + bool validate_upstream = 2; +} + +message EgressCredentialPolicy { + repeated EgressCredentialInjection inject = 1; +} + +message EgressCredentialInjection { + string header = 1; + EgressCredentialValueFrom value_from = 2; +} + +message EgressCredentialValueFrom { + SecretKeySelector secret_key_ref = 1; +} + +message EgressAuditPolicy { + bool logs = 1; + bool traces = 2; + repeated string redact_headers = 3; +} + +message SecretReference { + string name = 1; + string namespace = 2; +} + +message SecretKeySelector { + string name = 1; + string key = 2; +} diff --git a/internal/proto/egresspb/gen.go b/internal/proto/egresspb/gen.go new file mode 100644 index 000000000..22ea39d37 --- /dev/null +++ b/internal/proto/egresspb/gen.go @@ -0,0 +1,17 @@ +// Copyright 2026 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package egresspb + +//go:generate bash -c "../../../hack/protoc.sh -I ../../.. --plugin=protoc-gen-go=$(bash ../../../hack/run-tool.sh --print-bin-path protoc-gen-go) --go_out=paths=source_relative:../../.. internal/proto/egresspb/egress.proto" diff --git a/manifests/ate-install/ate-api-server-envvars.yaml b/manifests/ate-install/ate-api-server-envvars.yaml new file mode 100644 index 000000000..f0df64a0f --- /dev/null +++ b/manifests/ate-install/ate-api-server-envvars.yaml @@ -0,0 +1,28 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# DO NOT EDIT — generated from charts/substrate by hack/render-manifests.sh. +# Run `make helm-template` to regenerate. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: ate-api-server-envvars + namespace: ate-system +data: + ATE_API_REDIS_ADDRESS: "valkey-cluster.ate-system.svc:6379" + ATE_API_REDIS_USE_IAM_AUTH: "false" + ATE_API_REDIS_TLS_SERVER_NAME: "" + ATE_API_REDIS_CLIENT_CERT: "" + ATE_API_K8SJWT_ISSUER: "" diff --git a/manifests/ate-install/ate-api-server.yaml b/manifests/ate-install/ate-api-server.yaml index 8d3c17086..46b5daf4a 100644 --- a/manifests/ate-install/ate-api-server.yaml +++ b/manifests/ate-install/ate-api-server.yaml @@ -1,19 +1,26 @@ -# Copyright 2026 Google LLC +# Copyright 2026 Google LLC # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# DO NOT EDIT — generated from charts/substrate by hack/render-manifests.sh. +# Run `make helm-template` to regenerate. -# Define Permissions (Read-Only for Pods) +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ate-api-server + namespace: ate-system +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -31,14 +38,6 @@ rules: # ActorTemplates (e.g. via a namespace-scoped Role + RoleBinding using # resourceNames). --- -# Create Service Account for Workload Identity -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ate-api-server - namespace: ate-system ---- -# 4. Bind Identity to Permissions apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -52,7 +51,21 @@ roleRef: name: ate-api-server-role apiGroup: rbac.authorization.k8s.io --- -# 5. Deploy the API Server +apiVersion: v1 +kind: Service +metadata: + name: api + namespace: ate-system +spec: + type: ClusterIP + selector: + app: ate-api-server + ports: + - name: grpc + protocol: TCP + port: 443 + targetPort: 443 +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -76,18 +89,18 @@ spec: - name: ate-api-server image: ko://github.com/agent-substrate/substrate/cmd/ateapi args: - - "--grpc-listen-addr=0.0.0.0:443" - - "--grpc-server-cred-bundle=/run/servicedns.podcert.ate.dev/credential-bundle.pem" - - --redis-cluster-address=@env - - --redis-ca-certs=/etc/valkey-ca/ca.crt - - --redis-use-iam-auth=@env - - --redis-tls-server-name=@env - - --redis-client-cert=@env - - --client-jwt-issuer=@env - - --client-jwt-audience=api.ate-system.svc - - --session-id-jwt-pool=/run/session-id-jwt-pool/pool.json - - --session-id-ca-pool=/run/session-id-ca-pool/pool.json - - --workerpool-ca-certs=/run/workerpool-ca-certs/trust-bundle.pem + - "--grpc-listen-addr=0.0.0.0:443" + - "--grpc-server-cred-bundle=/run/servicedns.podcert.ate.dev/credential-bundle.pem" + - "--redis-cluster-address=@env" + - "--redis-ca-certs=/etc/valkey-ca/ca.crt" + - "--redis-use-iam-auth=@env" + - "--redis-tls-server-name=@env" + - "--redis-client-cert=@env" + - "--client-jwt-issuer=@env" + - "--client-jwt-audience=api.ate-system.svc" + - "--session-id-jwt-pool=/run/session-id-jwt-pool/pool.json" + - "--session-id-ca-pool=/run/session-id-ca-pool/pool.json" + - "--workerpool-ca-certs=/run/workerpool-ca-certs/trust-bundle.pem" env: - name: POD_NAME valueFrom: @@ -103,31 +116,16 @@ spec: fieldPath: metadata.uid - name: OTEL_RESOURCE_ATTRIBUTES value: k8s.namespace.name=$(POD_NAMESPACE),k8s.pod.name=$(POD_NAME),k8s.pod.uid=$(POD_UID),service.instance.id=$(POD_UID) - - name: OTEL_EXPORTER_OTLP_ENDPOINT - value: http://opentelemetry-collector.gke-managed-otel.svc.cluster.local:4317 - # Inject env vars from a ConfigMap created by each developer. This lets - # each developer customize their own redis address, etc, without having - # to edit this manifest, which can remain constant across all - # developers. envFrom: - configMapRef: name: ate-api-server-envvars optional: true volumeMounts: - - name: "servicedns" - mountPath: "/run/servicedns.podcert.ate.dev" - - name: "session-id-jwt-pool" - mountPath: "/run/session-id-jwt-pool" - # Note: See README.md for how to generate this secret. - - name: "valkey-ca-certs" - mountPath: "/etc/valkey-ca" - readOnly: true - - name: "session-id-ca-pool" - mountPath: "/run/session-id-ca-pool" - readOnly: true - - name: "workerpool-ca-certs" - mountPath: "/run/workerpool-ca-certs" - readOnly: true + - { name: servicedns, mountPath: /run/servicedns.podcert.ate.dev } + - { name: session-id-jwt-pool, mountPath: /run/session-id-jwt-pool } + - { name: valkey-ca-certs, mountPath: /etc/valkey-ca, readOnly: true } + - { name: session-id-ca-pool, mountPath: /run/session-id-ca-pool, readOnly: true } + - { name: workerpool-ca-certs, mountPath: /run/workerpool-ca-certs, readOnly: true } ports: - containerPort: 443 - name: prometheus @@ -139,38 +137,35 @@ spec: initialDelaySeconds: 5 periodSeconds: 2 volumes: - - name: "servicedns" + - name: servicedns projected: sources: - podCertificate: signerName: servicedns.podcert.ate.dev/identity keyType: ECDSAP256 credentialBundlePath: credential-bundle.pem - - name: "session-id-jwt-pool" + - name: session-id-jwt-pool projected: sources: - secret: - name: "session-id-jwt-pool" + name: session-id-jwt-pool items: - - key: "pool" - path: "pool.json" - - name: "valkey-ca-certs" + - { key: pool, path: pool.json } + - name: valkey-ca-certs projected: sources: - secret: - name: "valkey-ca-certs" + name: valkey-ca-certs items: - - key: "ca.crt" - path: "ca.crt" - - name: "session-id-ca-pool" + - { key: ca.crt, path: ca.crt } + - name: session-id-ca-pool projected: sources: - secret: - name: "session-id-ca-pool" + name: session-id-ca-pool items: - - key: "pool" - path: "pool.json" - - name: "workerpool-ca-certs" + - { key: pool, path: pool.json } + - name: workerpool-ca-certs projected: sources: - clusterTrustBundle: @@ -179,19 +174,3 @@ spec: matchLabels: podcert.ate.dev/canarying: live path: trust-bundle.pem ---- -# 6. Expose the Session Assigner -apiVersion: v1 -kind: Service -metadata: - name: api - namespace: ate-system -spec: - type: ClusterIP - selector: - app: ate-api-server - ports: - - name: grpc - protocol: TCP - port: 443 - targetPort: 443 diff --git a/manifests/ate-install/ate-controller.yaml b/manifests/ate-install/ate-controller.yaml index 1f2756a27..2cfbeecb4 100644 --- a/manifests/ate-install/ate-controller.yaml +++ b/manifests/ate-install/ate-controller.yaml @@ -1,23 +1,20 @@ -# Copyright 2026 Google LLC +# Copyright 2026 Google LLC # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. -kind: Namespace -apiVersion: v1 -metadata: - name: ate-system +# DO NOT EDIT — generated from charts/substrate by hack/render-manifests.sh. +# Run `make helm-template` to regenerate. ---- apiVersion: v1 kind: ServiceAccount metadata: @@ -25,7 +22,6 @@ metadata: namespace: ate-system labels: apps: ate-controller - --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -39,9 +35,7 @@ roleRef: kind: ClusterRole name: ate-controller apiGroup: rbac.authorization.k8s.io - --- - kind: Service apiVersion: v1 metadata: @@ -57,9 +51,7 @@ spec: port: 8080 targetPort: metrics protocol: TCP - --- - kind: Deployment apiVersion: apps/v1 metadata: diff --git a/manifests/ate-install/atelet.yaml b/manifests/ate-install/atelet.yaml index c9564c40d..e43ae9ab0 100644 --- a/manifests/ate-install/atelet.yaml +++ b/manifests/ate-install/atelet.yaml @@ -1,25 +1,27 @@ -# Copyright 2026 Google LLC +# Copyright 2026 Google LLC # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. -# 1. Create Service Account +# DO NOT EDIT — generated from charts/substrate by hack/render-manifests.sh. +# Run `make helm-template` to regenerate. + +# atelet — identical across auth modes (does not dial ateapi). apiVersion: v1 kind: ServiceAccount metadata: name: atelet namespace: ate-system --- -# 2. Define Permissions apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -29,7 +31,6 @@ rules: resources: ["pods"] verbs: ["get", "watch", "list"] --- -# 3. Bind Identity to Permissions apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -43,7 +44,6 @@ roleRef: name: atelet-role apiGroup: rbac.authorization.k8s.io --- -# 4. Create DaemonSet apiVersion: apps/v1 kind: DaemonSet metadata: @@ -68,7 +68,7 @@ spec: - name: atelet image: ko://github.com/agent-substrate/substrate/cmd/atelet args: - - --gcp-auth-for-image-pulls=true + - --gcp-auth-for-image-pulls=false securityContext: privileged: true env: @@ -76,22 +76,6 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_UID - valueFrom: - fieldRef: - fieldPath: metadata.uid - - name: OTEL_RESOURCE_ATTRIBUTES - value: k8s.namespace.name=$(POD_NAMESPACE),k8s.pod.name=$(POD_NAME),k8s.pod.uid=$(POD_UID),service.instance.id=$(POD_UID) - - name: OTEL_EXPORTER_OTLP_ENDPOINT - value: http://opentelemetry-collector.gke-managed-otel.svc.cluster.local:4317 - name: ATE_STORAGE_BACKEND value: "gcs" ports: diff --git a/manifests/ate-install/atenet-dns.yaml b/manifests/ate-install/atenet-dns.yaml index 46968a386..c925ada82 100644 --- a/manifests/ate-install/atenet-dns.yaml +++ b/manifests/ate-install/atenet-dns.yaml @@ -1,17 +1,21 @@ -# Copyright 2026 Google LLC +# Copyright 2026 Google LLC # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# DO NOT EDIT — generated from charts/substrate by hack/render-manifests.sh. +# Run `make helm-template` to regenerate. + +# atenet-dns — identical across auth modes (does not dial ateapi). apiVersion: v1 kind: ServiceAccount metadata: @@ -34,6 +38,16 @@ rules: verbs: ["get", "list", "watch", "create", "update", "patch"] --- apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: atenet-dns + namespace: kube-system +rules: +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch", "create", "update", "patch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: atenet-dns @@ -48,16 +62,6 @@ roleRef: apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: atenet-dns - namespace: kube-system -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: atenet-dns @@ -71,6 +75,25 @@ roleRef: name: atenet-dns apiGroup: rbac.authorization.k8s.io --- +apiVersion: v1 +kind: Service +metadata: + name: dns + namespace: ate-system + labels: + app: dns +spec: + selector: + app: dns + type: ClusterIP + ports: + - name: dns + port: 53 + protocol: UDP + - name: dns-tcp + port: 53 + protocol: TCP +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -94,8 +117,6 @@ spec: - name: init-dns image: busybox:1.36 command: ["sh", "-c"] - # Initial core file is sufficient to start CoreDNS but does not contain - # any additional configuration. The controller will update the Corefile. args: - | cat <<'EOF' > /etc/coredns/Corefile @@ -155,22 +176,3 @@ spec: volumes: - name: dns-config-volume emptyDir: {} ---- -apiVersion: v1 -kind: Service -metadata: - name: dns - namespace: ate-system - labels: - app: dns -spec: - selector: - app: dns - type: ClusterIP - ports: - - name: dns - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP \ No newline at end of file diff --git a/manifests/ate-install/atenet-router-monitoring.yaml b/manifests/ate-install/atenet-router-monitoring.yaml deleted file mode 100644 index 6a42ac904..000000000 --- a/manifests/ate-install/atenet-router-monitoring.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Copyright 2026 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Scrape the Envoy sidecar's admin /stats/prometheus endpoint so its end-to-end -# request-latency histogram (envoy_http_downstream_rq_time, milliseconds) reaches -# Google Managed Prometheus. This is E2E *context* for the per-stage latency -# dashboard, not an SLI we own (the SLI is the OTLP atenet.router.route.duration -# histogram). Envoy only speaks Prometheus, so it needs an explicit scrape; the -# admin port (9901) is already exposed by the envoy container above. -apiVersion: monitoring.googleapis.com/v1 -kind: PodMonitoring -metadata: - name: atenet-router-envoy - namespace: ate-system - labels: - app: atenet-router -spec: - selector: - matchLabels: - app: atenet-router - endpoints: - - port: admin - path: /stats/prometheus - interval: 30s diff --git a/manifests/ate-install/atenet-router.yaml b/manifests/ate-install/atenet-router.yaml index 43f69ab5e..54eb77e05 100644 --- a/manifests/ate-install/atenet-router.yaml +++ b/manifests/ate-install/atenet-router.yaml @@ -1,16 +1,19 @@ -# Copyright 2026 Google LLC +# Copyright 2026 Google LLC # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# DO NOT EDIT — generated from charts/substrate by hack/render-manifests.sh. +# Run `make helm-template` to regenerate. apiVersion: v1 kind: ServiceAccount @@ -20,6 +23,69 @@ metadata: labels: app: atenet-router --- +apiVersion: v1 +kind: ConfigMap +metadata: + name: atenet-router-agentgateway-config + namespace: ate-system +data: + config.yaml: | + # yaml-language-server: $schema=https://agentgateway.dev/schema/config + config: + adminAddr: "127.0.0.1:15000" + readinessAddr: "0.0.0.0:15021" + statsAddr: "0.0.0.0:15020" + binds: + - port: 8080 + listeners: + - name: http + protocol: HTTP + routes: + - name: substrate-http + matches: + - path: + pathPrefix: / + policies: + extProc: + host: "127.0.0.1:50051" + failureMode: failClosed + processingOptions: + requestBodyMode: none + responseBodyMode: none + requestHeaderMode: send + responseHeaderMode: skip + requestTrailerMode: skip + responseTrailerMode: skip + backends: + - dynamic: {} + - port: 8443 + listeners: + - name: https + protocol: HTTPS + tls: + + cert: "/run/servicedns.podcert.ate.dev/cert.pem" + key: "/run/servicedns.podcert.ate.dev/key.pem" + + routes: + - name: substrate-https + matches: + - path: + pathPrefix: / + policies: + extProc: + host: "127.0.0.1:50051" + failureMode: failClosed + processingOptions: + requestBodyMode: none + responseBodyMode: none + requestHeaderMode: send + responseHeaderMode: skip + requestTrailerMode: skip + responseTrailerMode: skip + backends: + - dynamic: {} +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -48,56 +114,23 @@ roleRef: apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 -kind: ConfigMap +kind: Service metadata: - name: atenet-router-envoy-config + name: atenet-router namespace: ate-system -data: - envoy.yaml: | - admin: - address: - socket_address: - address: 0.0.0.0 - port_value: 9901 - - node: - id: substrate-envoy-node - cluster: substrate-router-cluster - - dynamic_resources: - lds_config: - resource_api_version: V3 - ads: {} - cds_config: - resource_api_version: V3 - ads: {} - ads_config: - api_type: GRPC - transport_api_version: V3 - grpc_services: - - envoy_grpc: - cluster_name: xds_cluster - - static_resources: - clusters: - - name: xds_cluster - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - typed_extension_protocol_options: - envoy.extensions.upstreams.http.v3.HttpProtocolOptions: - "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions - explicit_http_config: - http2_protocol_options: {} - load_assignment: - cluster_name: xds_cluster - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: 127.0.0.1 - port_value: 18000 +spec: + type: ClusterIP + selector: + app: atenet-router + ports: + - name: http + port: 80 + targetPort: 8080 + protocol: TCP + - name: https + port: 443 + targetPort: 8443 + protocol: TCP --- apiVersion: apps/v1 kind: Deployment @@ -126,15 +159,14 @@ spec: args: - "router" - "--standalone" + - "--networking-mode=agentgateway" - "--namespace=ate-system" - "--port-http=8080" - - "--port-xds=18000" - "--port-extproc=50051" - "--extproc-address=127.0.0.1" - "--ateapi-address=api.ate-system.svc:443" - "--status-port=4040" - "--port-https=8443" - - "--envoy-cert-path=/run/servicedns.podcert.ate.dev/credential-bundle.pem" env: - name: POD_NAME valueFrom: @@ -150,64 +182,46 @@ spec: fieldPath: metadata.uid - name: OTEL_RESOURCE_ATTRIBUTES value: k8s.namespace.name=$(POD_NAMESPACE),k8s.pod.name=$(POD_NAME),k8s.pod.uid=$(POD_UID),service.instance.id=$(POD_UID) - - name: OTEL_EXPORTER_OTLP_ENDPOINT - value: http://opentelemetry-collector.gke-managed-otel.svc.cluster.local:4317 ports: - - name: xds - containerPort: 18000 - name: extproc containerPort: 50051 - name: status containerPort: 4040 - name: metrics containerPort: 9090 - - name: envoy - image: envoyproxy/envoy:v1.30-latest - command: - - "/usr/local/bin/envoy" - - "-c" - - "/etc/envoy/envoy.yaml" - - "--component-log-level" - - "upstream:debug,router:debug,ext_proc:debug" + - name: agentgateway + image: cr.agentgateway.dev/agentgateway:v1.3.0-alpha.1 + args: + - "-f" + - "/etc/agentgateway/config.yaml" ports: - name: http containerPort: 8080 - name: https containerPort: 8443 - - name: admin - containerPort: 9901 + - name: readiness + containerPort: 15021 + - name: gw-metrics + containerPort: 15020 volumeMounts: - - name: envoy-config - mountPath: /etc/envoy + - name: agentgateway-config + mountPath: /etc/agentgateway - name: "servicedns" mountPath: "/run/servicedns.podcert.ate.dev" + readinessProbe: + httpGet: + path: /healthz/ready + port: readiness + periodSeconds: 10 volumes: - - name: envoy-config + - name: agentgateway-config configMap: - name: atenet-router-envoy-config + name: atenet-router-agentgateway-config - name: "servicedns" projected: sources: - podCertificate: signerName: servicedns.podcert.ate.dev/identity keyType: ECDSAP256 - credentialBundlePath: credential-bundle.pem ---- -apiVersion: v1 -kind: Service -metadata: - name: atenet-router - namespace: ate-system -spec: - type: ClusterIP - selector: - app: atenet-router - ports: - - name: http - port: 80 - targetPort: 8080 - protocol: TCP - - name: https - port: 443 - targetPort: 8443 - protocol: TCP + certificateChainPath: cert.pem + keyPath: key.pem diff --git a/manifests/ate-install/base-agentgateway/kustomization.yaml b/manifests/ate-install/base-agentgateway/kustomization.yaml new file mode 100644 index 000000000..61cde5ace --- /dev/null +++ b/manifests/ate-install/base-agentgateway/kustomization.yaml @@ -0,0 +1,25 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../ate-api-server.yaml + - ../ate-controller.yaml + - ../atelet.yaml + - ../atenet-dns.yaml + - ../atenet-router.yaml + - ../valkey.yaml + - ../pod-certificate-controller.yaml diff --git a/manifests/ate-install/base/kustomization.yaml b/manifests/ate-install/base/kustomization.yaml new file mode 100644 index 000000000..61cde5ace --- /dev/null +++ b/manifests/ate-install/base/kustomization.yaml @@ -0,0 +1,25 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../ate-api-server.yaml + - ../ate-controller.yaml + - ../atelet.yaml + - ../atenet-dns.yaml + - ../atenet-router.yaml + - ../valkey.yaml + - ../pod-certificate-controller.yaml diff --git a/manifests/ate-install/generated/ate.dev_actortemplates.yaml b/manifests/ate-install/generated/ate.dev_actortemplates.yaml index 5f8bd893d..81fc9ad5d 100644 --- a/manifests/ate-install/generated/ate.dev_actortemplates.yaml +++ b/manifests/ate-install/generated/ate.dev_actortemplates.yaml @@ -153,6 +153,329 @@ spec: type: object maxItems: 10 type: array + egressPolicy: + description: |- + EgressPolicy defines the default outbound network policy for actors + created from this template. + properties: + allow: + description: Allow contains destination rules actors created from + this template may reach. + items: + properties: + credentials: + description: |- + Credentials configures explicit egress gateway credential injection for + matching outbound requests. + properties: + inject: + description: |- + Inject configures credentials that the egress gateway injects into + matching outbound requests. Values are referenced from Kubernetes Secrets; + the policy does not contain credential material. + items: + properties: + header: + description: Header is the outbound HTTP header + name to set. + type: string + valueFrom: + description: ValueFrom selects the source of the + injected credential value. + properties: + secretKeyRef: + description: SecretKeyRef selects a key in + a Kubernetes Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - header + - valueFrom + type: object + type: array + type: object + name: + description: Name is an optional human-readable identifier + for this rule. + type: string + ports: + description: |- + Ports is the list of destination ports matched by this rule. + If empty, the rule applies to all destination ports. + items: + properties: + port: + description: Port is the destination port number. + format: int32 + type: integer + protocol: + description: Protocol is the transport protocol for + this port. + type: string + required: + - port + type: object + type: array + tls: + description: TLS defines transport security requirements + for this destination. + properties: + intercept: + description: Intercept configures explicit TLS interception + for matching egress traffic. + properties: + issuerSecretRef: + description: |- + IssuerSecretRef references the CA material used by the egress gateway to + issue certificates for intercepted TLS traffic. + properties: + name: + description: name is unique within a namespace + to reference a secret resource. + type: string + namespace: + description: namespace defines the space within + which the secret name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + validateUpstream: + description: |- + ValidateUpstream controls whether the egress gateway validates the + upstream service certificate before proxying intercepted traffic. + type: boolean + type: object + mode: + description: Mode controls how TLS is handled for matching + egress traffic. + enum: + - Require + - Originate + - Intercept + - Disable + type: string + required: + description: Required controls whether matching egress + traffic must use TLS. + type: boolean + type: object + to: + description: To lists the destinations matched by this rule. + items: + properties: + host: + description: Host is the DNS name to match for egress + traffic. + type: string + ipBlock: + description: IPBlock is the IP range to match for + egress traffic. + properties: + cidr: + description: CIDR is an IP address range in CIDR + notation. + type: string + required: + - cidr + type: object + type: object + type: array + type: object + type: array + audit: + description: Audit configures egress logging and tracing for actors + created from this template. + properties: + logs: + description: Logs enables egress access logs for actors created + from this template. + type: boolean + redactHeaders: + description: RedactHeaders is the list of headers that must + be redacted from audit output. + items: + type: string + type: array + traces: + description: Traces enables egress tracing for actors created + from this template. + type: boolean + type: object + defaultAction: + description: DefaultAction is applied when no allow rule matches. + enum: + - Allow + - Deny + type: string + deny: + description: Deny contains destination rules actors created from + this template may not reach. + items: + properties: + credentials: + description: |- + Credentials configures explicit egress gateway credential injection for + matching outbound requests. + properties: + inject: + description: |- + Inject configures credentials that the egress gateway injects into + matching outbound requests. Values are referenced from Kubernetes Secrets; + the policy does not contain credential material. + items: + properties: + header: + description: Header is the outbound HTTP header + name to set. + type: string + valueFrom: + description: ValueFrom selects the source of the + injected credential value. + properties: + secretKeyRef: + description: SecretKeyRef selects a key in + a Kubernetes Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - header + - valueFrom + type: object + type: array + type: object + name: + description: Name is an optional human-readable identifier + for this rule. + type: string + ports: + description: |- + Ports is the list of destination ports matched by this rule. + If empty, the rule applies to all destination ports. + items: + properties: + port: + description: Port is the destination port number. + format: int32 + type: integer + protocol: + description: Protocol is the transport protocol for + this port. + type: string + required: + - port + type: object + type: array + tls: + description: TLS defines transport security requirements + for this destination. + properties: + intercept: + description: Intercept configures explicit TLS interception + for matching egress traffic. + properties: + issuerSecretRef: + description: |- + IssuerSecretRef references the CA material used by the egress gateway to + issue certificates for intercepted TLS traffic. + properties: + name: + description: name is unique within a namespace + to reference a secret resource. + type: string + namespace: + description: namespace defines the space within + which the secret name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + validateUpstream: + description: |- + ValidateUpstream controls whether the egress gateway validates the + upstream service certificate before proxying intercepted traffic. + type: boolean + type: object + mode: + description: Mode controls how TLS is handled for matching + egress traffic. + enum: + - Require + - Originate + - Intercept + - Disable + type: string + required: + description: Required controls whether matching egress + traffic must use TLS. + type: boolean + type: object + to: + description: To lists the destinations matched by this rule. + items: + properties: + host: + description: Host is the DNS name to match for egress + traffic. + type: string + ipBlock: + description: IPBlock is the IP range to match for + egress traffic. + properties: + cidr: + description: CIDR is an IP address range in CIDR + notation. + type: string + required: + - cidr + type: object + type: object + type: array + type: object + type: array + type: object pauseImage: description: |- PauseImage is the container to use as the root sandbox container. diff --git a/manifests/ate-install/kind-agentgateway/kustomization.yaml b/manifests/ate-install/kind-agentgateway/kustomization.yaml new file mode 100644 index 000000000..b3f849937 --- /dev/null +++ b/manifests/ate-install/kind-agentgateway/kustomization.yaml @@ -0,0 +1,43 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../ate-api-server.yaml + - ../ate-controller.yaml + - ../kind/atelet + - ../atenet-dns.yaml + - ../atenet-router.yaml + - ../valkey.yaml + - ../pod-certificate-controller.yaml + - ../kind/rustfs.yaml + - ../kind/otel-collector.yaml + +patches: + - patch: |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: ate-api-server-deployment + namespace: ate-system + spec: + template: + spec: + containers: + - name: ate-api-server + env: + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://opentelemetry-collector.otel-system.svc:4317 diff --git a/manifests/ate-install/kind/kustomization.yaml b/manifests/ate-install/kind/kustomization.yaml index 43683e075..26d5d170f 100644 --- a/manifests/ate-install/kind/kustomization.yaml +++ b/manifests/ate-install/kind/kustomization.yaml @@ -23,6 +23,7 @@ resources: - ../atenet-router.yaml - ../valkey.yaml - ../pod-certificate-controller.yaml + - ../role.yaml - rustfs.yaml - ./otel-collector.yaml - ./prometheus.yaml diff --git a/manifests/ate-install/namespace.yaml b/manifests/ate-install/namespace.yaml new file mode 100644 index 000000000..9b6e06c5a --- /dev/null +++ b/manifests/ate-install/namespace.yaml @@ -0,0 +1,22 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# DO NOT EDIT — generated from charts/substrate by hack/render-manifests.sh. +# Run `make helm-template` to regenerate. + +--- +apiVersion: v1 +kind: Namespace +metadata: + name: ate-system diff --git a/manifests/ate-install/pod-certificate-controller.yaml b/manifests/ate-install/pod-certificate-controller.yaml index 17c7b6fd2..987c1974b 100644 --- a/manifests/ate-install/pod-certificate-controller.yaml +++ b/manifests/ate-install/pod-certificate-controller.yaml @@ -1,16 +1,19 @@ -# Copyright 2026 Google LLC +# Copyright 2026 Google LLC # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# DO NOT EDIT — generated from charts/substrate by hack/render-manifests.sh. +# Run `make helm-template` to regenerate. apiVersion: v1 kind: Namespace diff --git a/manifests/ate-install/role.yaml b/manifests/ate-install/role.yaml new file mode 100644 index 000000000..6a3558617 --- /dev/null +++ b/manifests/ate-install/role.yaml @@ -0,0 +1,98 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# DO NOT EDIT — generated from charts/substrate by hack/render-manifests.sh. +# Run `make helm-template` to regenerate. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ate-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ate.dev + resources: + - actortemplates + - workerpools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ate.dev + resources: + - actortemplates/finalizers + - workerpools/finalizers + verbs: + - update +- apiGroups: + - ate.dev + resources: + - actortemplates/status + - workerpools/status + verbs: + - get + - patch + - update +--- +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. diff --git a/manifests/ate-install/valkey.yaml b/manifests/ate-install/valkey.yaml index ac649a555..f36724382 100644 --- a/manifests/ate-install/valkey.yaml +++ b/manifests/ate-install/valkey.yaml @@ -1,16 +1,19 @@ -# Copyright 2026 Google LLC +# Copyright 2026 Google LLC # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# DO NOT EDIT — generated from charts/substrate by hack/render-manifests.sh. +# Run `make helm-template` to regenerate. apiVersion: v1 kind: ConfigMap @@ -210,4 +213,3 @@ spec: items: - key: ca.crt path: ca.crt - diff --git a/pkg/api/v1alpha1/actortemplate_types.go b/pkg/api/v1alpha1/actortemplate_types.go index 7c1272ca9..78ccafff5 100644 --- a/pkg/api/v1alpha1/actortemplate_types.go +++ b/pkg/api/v1alpha1/actortemplate_types.go @@ -134,6 +134,161 @@ type SnapshotsConfig struct { Location string `json:"location"` } +type EgressPolicyAction string + +const ( + EgressPolicyActionAllow EgressPolicyAction = "Allow" + EgressPolicyActionDeny EgressPolicyAction = "Deny" +) + +type EgressTLSMode string + +const ( + EgressTLSModeRequire EgressTLSMode = "Require" + EgressTLSModeOriginate EgressTLSMode = "Originate" + EgressTLSModeIntercept EgressTLSMode = "Intercept" + EgressTLSModeDisable EgressTLSMode = "Disable" +) + +type EgressTLSPolicy struct { + // Mode controls how TLS is handled for matching egress traffic. + // + // +kubebuilder:validation:Enum=Require;Originate;Intercept;Disable + // +optional + Mode EgressTLSMode `json:"mode,omitempty"` + + // Required controls whether matching egress traffic must use TLS. + // +optional + Required bool `json:"required,omitempty"` + + // Intercept configures explicit TLS interception for matching egress traffic. + // +optional + Intercept *EgressTLSInterceptPolicy `json:"intercept,omitempty"` +} + +type EgressTLSInterceptPolicy struct { + // IssuerSecretRef references the CA material used by the egress gateway to + // issue certificates for intercepted TLS traffic. + // +optional + IssuerSecretRef *corev1.SecretReference `json:"issuerSecretRef,omitempty"` + + // ValidateUpstream controls whether the egress gateway validates the + // upstream service certificate before proxying intercepted traffic. + // +optional + ValidateUpstream bool `json:"validateUpstream,omitempty"` +} + +type EgressIPBlock struct { + // CIDR is an IP address range in CIDR notation. + // +required + CIDR string `json:"cidr"` +} + +type EgressPolicyDestination struct { + // Host is the DNS name to match for egress traffic. + // +optional + Host string `json:"host,omitempty"` + + // IPBlock is the IP range to match for egress traffic. + // +optional + IPBlock *EgressIPBlock `json:"ipBlock,omitempty"` +} + +type EgressPort struct { + // Port is the destination port number. + // +required + Port int32 `json:"port"` + + // Protocol is the transport protocol for this port. + // +optional + Protocol corev1.Protocol `json:"protocol,omitempty"` +} + +type EgressCredentialPolicy struct { + // Inject configures credentials that the egress gateway injects into + // matching outbound requests. Values are referenced from Kubernetes Secrets; + // the policy does not contain credential material. + // +optional + Inject []EgressCredentialInjection `json:"inject,omitempty"` +} + +type EgressCredentialInjection struct { + // Header is the outbound HTTP header name to set. + // +required + Header string `json:"header"` + + // ValueFrom selects the source of the injected credential value. + // +required + ValueFrom EgressCredentialValueFrom `json:"valueFrom"` +} + +type EgressCredentialValueFrom struct { + // SecretKeyRef selects a key in a Kubernetes Secret. + // +optional + SecretKeyRef *corev1.SecretKeySelector `json:"secretKeyRef,omitempty"` +} + +type EgressPolicyRule struct { + // Name is an optional human-readable identifier for this rule. + // +optional + Name string `json:"name,omitempty"` + + // To lists the destinations matched by this rule. + // +optional + To []EgressPolicyDestination `json:"to,omitempty"` + + // Ports is the list of destination ports matched by this rule. + // If empty, the rule applies to all destination ports. + // +optional + Ports []EgressPort `json:"ports,omitempty"` + + // TLS defines transport security requirements for this destination. + // +optional + TLS *EgressTLSPolicy `json:"tls,omitempty"` + + // Credentials configures explicit egress gateway credential injection for + // matching outbound requests. + // +optional + Credentials *EgressCredentialPolicy `json:"credentials,omitempty"` + + // TODO: Add L7 policy fields here when they are needed, such as path + // matches, rate limits, or header handling. +} + +type EgressAuditPolicy struct { + // Logs enables egress access logs for actors created from this template. + // +optional + Logs bool `json:"logs,omitempty"` + + // Traces enables egress tracing for actors created from this template. + // +optional + Traces bool `json:"traces,omitempty"` + + // RedactHeaders is the list of headers that must be redacted from audit output. + // +optional + RedactHeaders []string `json:"redactHeaders,omitempty"` +} + +type EgressPolicy struct { + // DefaultAction is applied when no allow rule matches. + // + // +kubebuilder:validation:Enum=Allow;Deny + // +optional + DefaultAction EgressPolicyAction `json:"defaultAction,omitempty"` + + // Allow contains destination rules actors created from this template may reach. + // +optional + Allow []EgressPolicyRule `json:"allow,omitempty"` + + // Deny contains destination rules actors created from this template may not reach. + // +optional + Deny []EgressPolicyRule `json:"deny,omitempty"` + + // Audit configures egress logging and tracing for actors created from this template. + // +optional + Audit *EgressAuditPolicy `json:"audit,omitempty"` +} + // ActorTemplateSpec defined desired spec of an actor. type ActorTemplateSpec struct { // PauseImage is the container to use as the root sandbox container. @@ -168,6 +323,11 @@ type ActorTemplateSpec struct { // // +required Runsc RunscConfig `json:"runsc,omitempty"` + + // EgressPolicy defines the default outbound network policy for actors + // created from this template. + // +optional + EgressPolicy *EgressPolicy `json:"egressPolicy,omitempty"` } type GCPAuthenticationConfig struct { diff --git a/pkg/api/v1alpha1/zz_generated.deepcopy.go b/pkg/api/v1alpha1/zz_generated.deepcopy.go index 4bbfe02b6..1385b115d 100644 --- a/pkg/api/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/api/v1alpha1/zz_generated.deepcopy.go @@ -19,7 +19,8 @@ package v1alpha1 import ( - "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) @@ -95,6 +96,11 @@ func (in *ActorTemplateSpec) DeepCopyInto(out *ActorTemplateSpec) { out.SnapshotsConfig = in.SnapshotsConfig out.WorkerPoolRef = in.WorkerPoolRef in.Runsc.DeepCopyInto(&out.Runsc) + if in.EgressPolicy != nil { + in, out := &in.EgressPolicy, &out.EgressPolicy + *out = new(EgressPolicy) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ActorTemplateSpec. @@ -113,7 +119,7 @@ func (in *ActorTemplateStatus) DeepCopyInto(out *ActorTemplateStatus) { in.TakeGoldenSnapshotAt.DeepCopyInto(&out.TakeGoldenSnapshotAt) if in.Conditions != nil { in, out := &in.Conditions, &out.Conditions - *out = make([]v1.Condition, len(*in)) + *out = make([]metav1.Condition, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -177,6 +183,245 @@ func (in *Container) DeepCopy() *Container { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EgressAuditPolicy) DeepCopyInto(out *EgressAuditPolicy) { + *out = *in + if in.RedactHeaders != nil { + in, out := &in.RedactHeaders, &out.RedactHeaders + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressAuditPolicy. +func (in *EgressAuditPolicy) DeepCopy() *EgressAuditPolicy { + if in == nil { + return nil + } + out := new(EgressAuditPolicy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EgressCredentialInjection) DeepCopyInto(out *EgressCredentialInjection) { + *out = *in + in.ValueFrom.DeepCopyInto(&out.ValueFrom) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressCredentialInjection. +func (in *EgressCredentialInjection) DeepCopy() *EgressCredentialInjection { + if in == nil { + return nil + } + out := new(EgressCredentialInjection) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EgressCredentialPolicy) DeepCopyInto(out *EgressCredentialPolicy) { + *out = *in + if in.Inject != nil { + in, out := &in.Inject, &out.Inject + *out = make([]EgressCredentialInjection, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressCredentialPolicy. +func (in *EgressCredentialPolicy) DeepCopy() *EgressCredentialPolicy { + if in == nil { + return nil + } + out := new(EgressCredentialPolicy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EgressCredentialValueFrom) DeepCopyInto(out *EgressCredentialValueFrom) { + *out = *in + if in.SecretKeyRef != nil { + in, out := &in.SecretKeyRef, &out.SecretKeyRef + *out = new(v1.SecretKeySelector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressCredentialValueFrom. +func (in *EgressCredentialValueFrom) DeepCopy() *EgressCredentialValueFrom { + if in == nil { + return nil + } + out := new(EgressCredentialValueFrom) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EgressIPBlock) DeepCopyInto(out *EgressIPBlock) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressIPBlock. +func (in *EgressIPBlock) DeepCopy() *EgressIPBlock { + if in == nil { + return nil + } + out := new(EgressIPBlock) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EgressPolicy) DeepCopyInto(out *EgressPolicy) { + *out = *in + if in.Allow != nil { + in, out := &in.Allow, &out.Allow + *out = make([]EgressPolicyRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Deny != nil { + in, out := &in.Deny, &out.Deny + *out = make([]EgressPolicyRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Audit != nil { + in, out := &in.Audit, &out.Audit + *out = new(EgressAuditPolicy) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressPolicy. +func (in *EgressPolicy) DeepCopy() *EgressPolicy { + if in == nil { + return nil + } + out := new(EgressPolicy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EgressPolicyDestination) DeepCopyInto(out *EgressPolicyDestination) { + *out = *in + if in.IPBlock != nil { + in, out := &in.IPBlock, &out.IPBlock + *out = new(EgressIPBlock) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressPolicyDestination. +func (in *EgressPolicyDestination) DeepCopy() *EgressPolicyDestination { + if in == nil { + return nil + } + out := new(EgressPolicyDestination) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EgressPolicyRule) DeepCopyInto(out *EgressPolicyRule) { + *out = *in + if in.To != nil { + in, out := &in.To, &out.To + *out = make([]EgressPolicyDestination, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Ports != nil { + in, out := &in.Ports, &out.Ports + *out = make([]EgressPort, len(*in)) + copy(*out, *in) + } + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(EgressTLSPolicy) + (*in).DeepCopyInto(*out) + } + if in.Credentials != nil { + in, out := &in.Credentials, &out.Credentials + *out = new(EgressCredentialPolicy) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressPolicyRule. +func (in *EgressPolicyRule) DeepCopy() *EgressPolicyRule { + if in == nil { + return nil + } + out := new(EgressPolicyRule) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EgressPort) DeepCopyInto(out *EgressPort) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressPort. +func (in *EgressPort) DeepCopy() *EgressPort { + if in == nil { + return nil + } + out := new(EgressPort) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EgressTLSInterceptPolicy) DeepCopyInto(out *EgressTLSInterceptPolicy) { + *out = *in + if in.IssuerSecretRef != nil { + in, out := &in.IssuerSecretRef, &out.IssuerSecretRef + *out = new(v1.SecretReference) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressTLSInterceptPolicy. +func (in *EgressTLSInterceptPolicy) DeepCopy() *EgressTLSInterceptPolicy { + if in == nil { + return nil + } + out := new(EgressTLSInterceptPolicy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EgressTLSPolicy) DeepCopyInto(out *EgressTLSPolicy) { + *out = *in + if in.Intercept != nil { + in, out := &in.Intercept, &out.Intercept + *out = new(EgressTLSInterceptPolicy) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressTLSPolicy. +func (in *EgressTLSPolicy) DeepCopy() *EgressTLSPolicy { + if in == nil { + return nil + } + out := new(EgressTLSPolicy) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *EnvVar) DeepCopyInto(out *EnvVar) { *out = *in