configs: Update configs v2 -> v3

CONTRIBUTING.md

@@ -69,7 +69,7 @@ versioning guidelines:
   cause a configuration load failure, unless the feature in question is
   explicitly overridden in
   [runtime](https://www.envoyproxy.io/docs/envoy/latest/configuration/operations/runtime#using-runtime-overrides-for-deprecated-features)
-  config ([example](configs/using_deprecated_config.v2.yaml)). Finally, following the deprecation
+  config ([example](configs/using_deprecated_config.yaml)). Finally, following the deprecation
   of the API major version where the field was first
   marked deprecated, the entire implementation code will be removed from the Envoy implementation.
 * This policy means that organizations deploying master should have some time to get ready for

ci/Dockerfile-envoy

@@ -28,7 +28,7 @@ RUN mkdir -p /etc/envoy
 
 ARG ENVOY_BINARY_SUFFIX=_stripped
 ADD ${TARGETPLATFORM}/build_release${ENVOY_BINARY_SUFFIX}/* /usr/local/bin/
-ADD configs/google_com_proxy.v2.yaml /etc/envoy/envoy.yaml
+ADD configs/google_com_proxy.yaml /etc/envoy/envoy.yaml
 
 EXPOSE 10000
 

ci/Dockerfile-envoy-alpine

@@ -1,7 +1,7 @@
 FROM frolvlad/alpine-glibc:alpine-3.12_glibc-2.31
 RUN mkdir -p /etc/envoy
 
-ADD configs/google_com_proxy.v2.yaml /etc/envoy/envoy.yaml
+ADD configs/google_com_proxy.yaml /etc/envoy/envoy.yaml
 RUN apk add --no-cache shadow su-exec \
         && addgroup -S envoy && adduser --no-create-home -S envoy -G envoy
 

ci/Dockerfile-envoy-windows

@@ -8,7 +8,7 @@ RUN setx path "%path%;c:\Program Files\envoy"
 ADD ["windows/amd64/envoy.exe", "C:/Program Files/envoy/"]
 
 RUN mkdir "C:\\ProgramData\\envoy"
-ADD ["configs/google_com_proxy.v2.yaml", "C:/ProgramData/envoy/envoy.yaml"]
+ADD ["configs/google_com_proxy.yaml", "C:/ProgramData/envoy/envoy.yaml"]
 # Replace temp path with Windows temp path
 RUN powershell -Command "(cat C:\ProgramData\envoy\envoy.yaml -raw) -replace '/tmp/','C:\Windows\Temp\' | Set-Content -Encoding Ascii C:\ProgramData\envoy\envoy.yaml"
 

configs/Dockerfile

@@ -3,5 +3,5 @@
 
 FROM envoyproxy/envoy-dev:latest
 RUN apt-get update
-COPY google_com_proxy.v2.yaml /etc/envoy.yaml
+COPY google_com_proxy.yaml /etc/envoy.yaml
 CMD /usr/local/bin/envoy -c /etc/envoy.yaml

configs/access_log_format_helper.template.yaml

@@ -0,0 +1,15 @@
+{% macro ingress_sampled_log() -%}
+  log_format: {text_format: "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH):256% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\"\n"}
+{% endmacro %}
+
+{% macro ingress_full() -%}
+  log_format: {text_format: "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\"\n"}
+{% endmacro %}
+
+{% macro egress_error_log() -%}
+  log_format: {text_format: "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH):256% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%UPSTREAM_HOST%\"\n"}
+{% endmacro %}
+
+{% macro egress_error_amazon_service() -%}
+  log_format: {text_format: "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH):256% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%UPSTREAM_HOST%\" \"%RESP(X-AMZN-RequestId)%\"\n"}
+{% endmacro %}

configs/configgen.py

@@ -111,16 +111,16 @@ def generate_config(template_path, template, output_file, **context):
 # Generate a demo config for the main front proxy. This sets up both HTTP and HTTPS listeners,
 # as well as a listener for the double proxy to connect to via SSL client authentication.
 generate_config(SCRIPT_DIR,
-                'envoy_front_proxy_v2.template.yaml',
-                '{}/envoy_front_proxy.v2.yaml'.format(OUT_DIR),
+                'envoy_front_proxy.template.yaml',
+                '{}/envoy_front_proxy.yaml'.format(OUT_DIR),
                 clusters=front_envoy_clusters,
                 tracing=tracing_enabled)
 
 # Generate a demo config for the double proxy. This sets up both an HTTP and HTTPS listeners,
 # and backhauls the traffic to the main front proxy.
 generate_config(SCRIPT_DIR,
-                'envoy_double_proxy_v2.template.yaml',
-                '{}/envoy_double_proxy.v2.yaml'.format(OUT_DIR),
+                'envoy_double_proxy.template.yaml',
+                '{}/envoy_double_proxy.yaml'.format(OUT_DIR),
                 tracing=tracing_enabled)
 
 # Generate a demo config for the service to service (local) proxy. This sets up several different
@@ -132,14 +132,12 @@ def generate_config(template_path, template, output_file, **context):
 #                                  that Envoy proxies to listens on its own port.
 # optional mongo ports: built from mongos_servers above.
 generate_config(SCRIPT_DIR,
-                'envoy_service_to_service_v2.template.yaml',
+                'envoy_service_to_service.template.yaml',
                 '{}/envoy_service_to_service.yaml'.format(OUT_DIR),
                 internal_virtual_hosts=service_to_service_envoy_clusters,
                 external_virtual_hosts=external_virtual_hosts,
                 mongos_servers=mongos_servers)
 
-for google_ext in ['v2.yaml']:
-  shutil.copy(os.path.join(SCRIPT_DIR, 'google_com_proxy.%s' % google_ext), OUT_DIR)
-
-shutil.copy(os.path.join(SCRIPT_DIR, 'encapsulate_in_connect.v3.yaml'), OUT_DIR)
-shutil.copy(os.path.join(SCRIPT_DIR, 'terminate_connect.v3.yaml'), OUT_DIR)
+shutil.copy(os.path.join(SCRIPT_DIR, 'google_com_proxy.yaml'), OUT_DIR)
+shutil.copy(os.path.join(SCRIPT_DIR, 'encapsulate_in_connect.yaml'), OUT_DIR)
+shutil.copy(os.path.join(SCRIPT_DIR, 'terminate_connect.yaml'), OUT_DIR)

configs/envoy_double_proxy_v2.template.yaml → configs/envoy_double_proxy.template.yaml

@@ -11,7 +11,7 @@
     transport_socket:
       name: envoy.transport_sockets.tls
       typed_config:
-        "@type": type.googleapis.com/envoy.api.v2.auth.DownstreamTlsContext
+        "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
         common_tls_context:
           tls_certificates:
           - certificate_chain:
@@ -29,7 +29,7 @@
     filters:
     - name: envoy.filters.network.http_connection_manager
       typed_config:
-        "@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
+        "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
         codec_type: AUTO
         stat_prefix: router
         route_config:
@@ -47,24 +47,23 @@
         http_filters:
         - name: envoy.filters.http.health_check
           typed_config:
-            "@type": type.googleapis.com/envoy.config.filter.http.health_check.v2.HealthCheck
+            "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck
             pass_through_mode: false
             headers:
               - exact_match: /healthcheck
                 name: :path
         - name: envoy.filters.http.buffer
           typed_config:
-            "@type": type.googleapis.com/envoy.config.filter.http.buffer.v2.Buffer
+            "@type": type.googleapis.com/envoy.extensions.filters.http.buffer.v3.Buffer
             max_request_bytes: 5242880
         - name: envoy.filters.http.router
           typed_config: {}
         {% if tracing %}
         tracing:
-          operation_name: INGRESS
           provider:
             name: envoy.tracers.lightstep
             typed_config:
-              "@type": type.googleapis.com/envoy.config.trace.v2.LightstepConfig
+              "@type": type.googleapis.com/envoy.config.trace.v3.LightstepConfig
               access_token_file: "/etc/envoy/lightstep_access_token"
               collector_cluster: lightstep_saas
         {% endif %}
@@ -89,9 +88,10 @@
                         runtime_key: access_log.access_error.duration
                 - traceable_filter: {}
           typed_config:
-            "@type": type.googleapis.com/envoy.config.accesslog.v2.FileAccessLog
+            "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
             path: /var/log/envoy/access_error.log
-            format: "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%REQ(X-LYFT-USER-ID)%\" \"%RESP(GRPC-STATUS)%\"\n"
+            log_format:
+              text_format: "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%REQ(X-LYFT-USER-ID)%\" \"%RESP(GRPC-STATUS)%\"\n"
         {% if proxy_proto %}
         use_remote_address: true
         {%endif -%}
@@ -141,7 +141,7 @@ static_resources:
     transport_socket:
       name: envoy.transport_sockets.tls
       typed_config:
-        "@type": type.googleapis.com/envoy.api.v2.auth.UpstreamTlsContext
+        "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
         common_tls_context:
           tls_certificates:
           - certificate_chain:
@@ -151,7 +151,7 @@ static_resources:
           validation_context:
             trusted_ca:
               filename: certs/cacert.pem
-            match_subject_alt_names: 
+            match_subject_alt_names:
               exact: "front-proxy.yourcompany.net"
     http2_protocol_options: {}
   - name: lightstep_saas
@@ -172,18 +172,18 @@ static_resources:
     transport_socket:
       name: envoy.transport_sockets.tls
       typed_config:
-        "@type": type.googleapis.com/envoy.api.v2.auth.UpstreamTlsContext
+        "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
         common_tls_context:
           validation_context:
             trusted_ca:
               filename: certs/cacert.pem
-            match_subject_alt_names: 
+            match_subject_alt_names:
               exact: "collector-grpc.lightstep.com"
 flags_path: "/etc/envoy/flags"
 stats_sinks:
 - name: envoy.stat_sinks.statsd
   typed_config:
-    "@type": type.googleapis.com/envoy.config.metrics.v2.StatsdSink
+    "@type": type.googleapis.com/envoy.config.metrics.v3.StatsdSink
     tcp_cluster_name: statsd
 layered_runtime:
   layers:

configs/envoy_front_proxy_v2.template.yaml → configs/envoy_front_proxy.template.yaml

@@ -1,4 +1,4 @@
-{% import 'routing_helper_v2.template.yaml' as helper -%}
+{% import 'routing_helper.template.yaml' as helper -%}
 {% macro router_file_content() -%}{% include kwargs['router_file'] -%}{% endmacro -%}
 {% macro listener(protocol, address, port_value, proxy_proto, tls, tracing) -%}
   name: not_required_for_static_listeners
@@ -12,7 +12,7 @@
   - transport_socket:
       name: envoy.transport_sockets.tls
       typed_config:
-        "@type": type.googleapis.com/envoy.api.v2.auth.DownstreamTlsContext
+        "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
         common_tls_context:
           alpn_protocols: h2,http/1.1
           tls_certificates:
@@ -35,26 +35,26 @@
     filters:
     - name: envoy.filters.network.http_connection_manager
       typed_config:
-        "@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
+        "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
         codec_type: AUTO
         stat_prefix: router
         {% if proxy_proto -%}
         use_remote_address: true
         {%endif-%}
         stat_prefix: ingress_http
         route_config:
-          {{ router_file_content(router_file='envoy_router_v2.template.yaml')|indent(10) }}
+          {{ router_file_content(router_file='envoy_router.template.yaml')|indent(10) }}
         http_filters:
         - name: envoy.filters.http.health_check
           typed_config:
-            "@type": type.googleapis.com/envoy.config.filter.http.health_check.v2.HealthCheck
+            "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck
             pass_through_mode: false
             headers:
               - name: ":path"
                 exact_match: "/healthcheck"
         - name: envoy.filters.http.buffer
           typed_config:
-            "@type": type.googleapis.com/envoy.config.filter.http.buffer.v2.Buffer
+            "@type": type.googleapis.com/envoy.extensions.filters.http.buffer.v3.Buffer
             max_request_bytes: 5242880
         - name: envoy.filters.http.ratelimit
           typed_config:
@@ -70,11 +70,10 @@
         add_user_agent: true
         {% if tracing %}
         tracing:
-          operation_name: INGRESS
           provider:
             name: envoy.tracers.lightstep
             typed_config:
-              "@type": type.googleapis.com/envoy.config.trace.v2.LightstepConfig
+              "@type": type.googleapis.com/envoy.config.trace.v3.LightstepConfig
               collector_cluster: lightstep_saas
               access_token_file: "/etc/envoy/lightstep_access_token"
         {% endif %}
@@ -99,9 +98,10 @@
                         runtime_key: access_log.access_error.duration
                 - traceable_filter: {}
           typed_config:
-            "@type": type.googleapis.com/envoy.config.accesslog.v2.FileAccessLog      
+            "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
             path: "/var/log/envoy/access_error.log"
-            format: "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%REQ(X-LYFT-USER-ID)%\" \"%RESP(GRPC-STATUS)%\"\n"
+            log_format:
+              text_format: "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%REQ(X-LYFT-USER-ID)%\" \"%RESP(GRPC-STATUS)%\"\n"
 {% endmacro -%}
 static_resources:
   listeners:

configs/envoy_router_v2.template.yaml → configs/envoy_router.template.yaml

@@ -1,4 +1,4 @@
-{% import 'routing_helper_v2.template.yaml' as helper with context -%}
+{% import 'routing_helper.template.yaml' as helper with context -%}
 name: local_route
 virtual_hosts:
 - name: www