airlock
diff --git a/‎.github/workflows/dashboard-attach-action.yaml
Lines changed: 34 additions & 0 deletions b/‎.github/workflows/dashboard-attach-action.yaml
Lines changed: 34 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 14 additions & 14 deletions b/‎README.md
Lines changed: 14 additions & 14 deletions
diff --git a/‎deploy/bundles/airlock-microgateway/bundle.Dockerfile
Lines changed: 2 additions & 2 deletions b/‎deploy/bundles/airlock-microgateway/bundle.Dockerfile
Lines changed: 2 additions & 2 deletions
diff --git a/‎deploy/bundles/airlock-microgateway/manifests/airlock-microgateway-dashboard-accessctrllogs_v1_configmap.yaml
Lines changed: 110 additions & 12 deletions b/‎deploy/bundles/airlock-microgateway/manifests/airlock-microgateway-dashboard-accessctrllogs_v1_configmap.yaml
Lines changed: 110 additions & 12 deletions
@@ -0,0 +1,34 @@
+name: Attach Grafana Dashboard Release Artifact
+run-name: Attach Grafana Dashboards to Release ${{ github.event.release.tag_name }}
+on:
+  release:
+    types:
+      - created
+
+permissions:
+  contents: write
+
+jobs:
+  attach-dashboard-zip:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.release.tag_name }}
+
+      - name: Create ZIP file
+        run: |
+          mkdir -p artifacts
+          zip -j artifacts/dashboards.zip deploy/charts/airlock-microgateway/dashboards/*.json
+
+      - name: Upload release artifact
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ github.event.release.upload_url }}
+          asset_path: artifacts/dashboards.zip
+          asset_name: dashboards-${{ github.event.release.tag_name }}.zip
+          asset_content_type: application/zip
@@ -24,9 +24,9 @@ Modern application security is embedded in the development workflow and follows
 
 For a list of all features, view the **[comparison of the community and premium edition](https://docs.airlock.com/microgateway/latest/?topic=MGW-00000056)**.
 ## Labs
-We offer a growing number of [Airlock Microgateway labs](https://play.instruqt.com/airlock/invite/hyi9fy4b4jzc?icp_referrer=github.com) that are designed to be easy-to-follow tutorials. All labs are fully guided and cover aspects of Airlock Microgateway from installation to configuration in a preconfigured cloud-based Kubernetes environment.
+We offer a growing number of [Airlock Microgateway labs](https://airlock.instruqt.com/pages/airlock-microgateway-labs) that are designed to be easy-to-follow tutorials. All labs are fully guided and cover aspects of Airlock Microgateway from installation to configuration in a preconfigured cloud-based Kubernetes environment.
 
-[![Airlock Microgateway labs](https://raw.githubusercontent.com/airlock/microgateway/main/media/airlock-microgateway-instruqt-tracks.gif)](https://play.instruqt.com/airlock/invite/hyi9fy4b4jzc?icp_referrer=github.com)
+[![Airlock Microgateway labs](https://raw.githubusercontent.com/airlock/microgateway/main/media/airlock-microgateway-instruqt-tracks.gif)](https://airlock.instruqt.com/pages/airlock-microgateway-labs)
 
 Learn the basics and expand existing knowledge without any administration effort in a secure environment.
 
@@ -61,7 +61,7 @@ For an easy start in non-production environments, you may deploy the same cert-m
 ### Deploy cert-manager
 ```console
 helm repo add jetstack https://charts.jetstack.io
-helm install cert-manager jetstack/cert-manager --version 'v1.16.3' -n cert-manager --create-namespace --set crds.enabled=true --wait
+helm install cert-manager jetstack/cert-manager --version 'v1.17.2' -n cert-manager --create-namespace --set crds.enabled=true --wait
 ```
 
 ## (Recommended) Deploy Airlock Microgateway CNI
@@ -72,33 +72,33 @@ helm install cert-manager jetstack/cert-manager --version 'v1.16.3' -n cert-mana
    > **Note**: Certain environments such as OpenShift or GKE require non-default configurations when installing the CNI plugin. For the most common setups, values files are provided in the [chart folder](/deploy/charts/airlock-microgateway-cni).
    ```console
    # Standard setup
-   helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.5.3'
+   helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.6.0'
    kubectl -n kube-system rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni
    ```
    ```console
    # GKE setup
-   helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.5.3' -f https://raw.githubusercontent.com/airlock/microgateway/4.5.3/deploy/charts/airlock-microgateway-cni/gke-values.yaml
+   helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.6.0' -f https://raw.githubusercontent.com/airlock/microgateway/4.6.0/deploy/charts/airlock-microgateway-cni/gke-values.yaml
    kubectl -n kube-system rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni
    ```
    ```console
    # OpenShift setup
-   helm install airlock-microgateway-cni -n openshift-operators oci://quay.io/airlockcharts/microgateway-cni --version '4.5.3' -f https://raw.githubusercontent.com/airlock/microgateway/4.5.3/deploy/charts/airlock-microgateway-cni/openshift-values.yaml
+   helm install airlock-microgateway-cni -n openshift-operators oci://quay.io/airlockcharts/microgateway-cni --version '4.6.0' -f https://raw.githubusercontent.com/airlock/microgateway/4.6.0/deploy/charts/airlock-microgateway-cni/openshift-values.yaml
    kubectl -n openshift-operators rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni
    ```
    > **Important:** On OpenShift, all pods which should be protected by Airlock Microgateway must explicitly reference the Airlock Microgateway CNI NetworkAttachmentDefinition via the annotation `k8s.v1.cni.cncf.io/networks` (see [documentation](https://docs.airlock.com/microgateway/latest/?topic=MGW-00000140) for details).
 
 2. (Recommended) You can verify the correctness of the installation with `helm test`.
    ```console
    # Standard and GKE setup
-   helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.5.3'
+   helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.6.0'
    helm test airlock-microgateway-cni -n kube-system --logs
-   helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.5.3'
+   helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.6.0'
    ```
    ```console
    # OpenShift setup
-   helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.5.3'
+   helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.6.0'
    helm test airlock-microgateway-cni -n openshift-operators --logs
-   helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.5.3'
+   helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.6.0'
    ```
 
    Consult our [documentation](https://docs.airlock.com/microgateway/latest/?topic=MGW-00000139) in case of any installation error.
@@ -116,22 +116,22 @@ helm install cert-manager jetstack/cert-manager --version 'v1.16.3' -n cert-mana
    kubectl -n airlock-microgateway-system create secret generic airlock-microgateway-license --from-file=microgateway-license.txt
 
    # Install Operator (CRDs are included via the standard Helm 3 mechanism, i.e. Helm will handle initial installation but not upgrades)
-   helm install airlock-microgateway -n airlock-microgateway-system oci://quay.io/airlockcharts/microgateway --version '4.5.3' --wait
+   helm install airlock-microgateway -n airlock-microgateway-system oci://quay.io/airlockcharts/microgateway --version '4.6.0' --wait
    ```
 
 2. (Recommended) You can verify the correctness of the installation with `helm test`.
    ```console
-   helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.5.3'
+   helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.6.0'
    helm test airlock-microgateway -n airlock-microgateway-system --logs
-   helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.5.3'
+   helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.6.0'
    ```
 
 ### Upgrading CRDs
 
 The `helm install/upgrade` command currently does not support upgrading CRDs that already exist in the cluster.
 CRDs should instead be manually upgraded before upgrading the Operator itself via the following command:
 ```console
-kubectl apply -k https://github.com/airlock/microgateway/deploy/charts/airlock-microgateway/crds/?ref=4.5.3 --server-side --force-conflicts
+kubectl apply -k https://github.com/airlock/microgateway/deploy/charts/airlock-microgateway/crds/?ref=4.6.0 --server-side --force-conflicts
 ```
 
 **Note**: Certain GitOps solutions such as e.g. Argo CD or Flux CD have their own mechanisms for automatically upgrading CRDs included with Helm charts.
 
@@ -5,8 +5,8 @@ LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
 LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
 LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
 LABEL operators.operatorframework.io.bundle.package.v1=airlock-microgateway
-LABEL operators.operatorframework.io.bundle.channels.v1="4.5,stable"
-LABEL operators.operatorframework.io.bundle.channel.default.v1="4.5"
+LABEL operators.operatorframework.io.bundle.channels.v1="4.6,stable"
+LABEL operators.operatorframework.io.bundle.channel.default.v1="4.6"
 LABEL operators.operatorframework.io.metrics.builder=operator-sdk-unknown
 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
 LABEL operators.operatorframework.io.metrics.project_layout=unknown
 
@@ -10,6 +10,14 @@ data:
           "type": "datasource",
           "pluginId": "loki",
           "pluginName": "Loki"
+        },
+        {
+          "name": "DS_PROMETHEUS",
+          "label": "Prometheus",
+          "description": "",
+          "type": "datasource",
+          "pluginId": "prometheus",
+          "pluginName": "Prometheus"
         }
       ],
       "__elements": {},
@@ -302,7 +310,7 @@ data:
                 "uid": "${DS_LOKI}"
               },
               "editorMode": "code",
-              "expr": "{container=\"airlock-microgateway-engine\"}  |= \"access_control\" |= \"envoy.access\"  | json http_method=\"http.request.method\", url=\"url.path\", domain=\"url.domain\", request_size=\"http.request.bytes\", client_ip=\"network.forwarded_ip\", request_id=\"http.request.id\", user_id=\"airlock.access_control.user_id\",  details=\"airlock.access_control.details\", policy=\"airlock.access_control.policy\", status=\"airlock.access_control.status\", authenticated=\"airlock.access_control.authenticated\", response_code=\"http.response.status_code\", authorized=\"airlock.access_control.authorized\", log_type=\"event.dataset\" | log_type = `envoy.access`",
+              "expr": "{container=\"airlock-microgateway-engine\", pod=~\"${gateway_pod:regex}\"}  |= \"access_control\" |= \"envoy.access\"  | json http_method=\"http.request.method\", url=\"url.path\", domain=\"url.domain\", request_size=\"http.request.bytes\", client_ip=\"network.forwarded_ip\", request_id=\"http.request.id\", user_id=\"airlock.access_control.user_id\",  details=\"airlock.access_control.details\", policy=\"airlock.access_control.policy\", status=\"airlock.access_control.status\", authenticated=\"airlock.access_control.authenticated\", response_code=\"http.response.status_code\", authorized=\"airlock.access_control.authorized\", log_type=\"event.dataset\" | log_type = `envoy.access`",
               "hide": false,
               "queryType": "range",
               "refId": "Access Control Logs"
@@ -412,39 +420,129 @@ data:
             "type": "datasource"
           },
           {
-            "allValue": ".*",
+            "current": {},
+            "hide": 2,
+            "includeAll": false,
+            "label": "DS_PROMETHEUS",
+            "name": "DS_PROMETHEUS",
+            "options": [],
+            "query": "prometheus",
+            "refresh": 1,
+            "regex": "",
+            "type": "datasource"
+          },
+          {
+            "current": {},
+            "datasource": {
+              "type": "prometheus",
+              "uid": "${DS_PROMETHEUS}"
+            },
+            "definition": "label_values(microgateway_build_info,gateway_kind)",
+            "description": "Allows filtering on the gateway kind.",
+            "includeAll": true,
+            "label": "Gateway Kind",
+            "name": "gateway_kind",
+            "options": [],
+            "query": {
+              "qryType": 1,
+              "query": "label_values(microgateway_build_info,gateway_kind)",
+              "refId": "PrometheusVariableQueryEditor-VariableQuery"
+            },
+            "refresh": 1,
+            "regex": "",
+            "type": "query"
+          },
+          {
+            "allValue": ".+",
+            "description" : "Allows filtering on the managing operator instance.",
             "current": {},
             "datasource": {
               "type": "prometheus",
               "uid": "${DS_PROMETHEUS}"
             },
-            "definition": "label_values(microgateway_license_http_rq_total,namespace)",
+            "definition": "label_values(microgateway_build_info,managed_by)",
+            "includeAll": true,
+            "label": "Microgateway Operator",
+            "multi": true,
+            "name": "operator",
+            "options": [],
+            "query": {
+              "qryType": 1,
+              "query": "label_values(microgateway_build_info,managed_by)",
+              "refId": "PrometheusVariableQueryEditor-VariableQuery"
+            },
+            "refresh": 2,
+            "regex": ".*",
+            "type": "query"
+          },
+          {
+            "allValue": ".+",
+            "current": {},
+            "description" : "Allows filtering on the namespaces in which gateways are deployed.",
+            "datasource": {
+              "type": "prometheus",
+              "uid": "${DS_PROMETHEUS}"
+            },
+            "definition": "label_values(microgateway_build_info{managed_by=~\"$operator\"},namespace)",
             "includeAll": true,
             "label": "Gateway Namespace",
             "multi": true,
             "name": "namespace",
             "options": [],
             "query": {
               "qryType": 1,
-              "query": "label_values(microgateway_license_http_rq_total,namespace)",
+              "query": "label_values(microgateway_build_info{managed_by=~\"$operator\"},namespace)",
               "refId": "PrometheusVariableQueryEditor-VariableQuery"
             },
             "refresh": 2,
             "regex": "",
-            "sort": 5,
             "type": "query"
           },
           {
             "current": {},
+            "datasource": {
+              "type": "prometheus",
+              "uid": "${DS_PROMETHEUS}"
+            },
+            "description" : "Allows filtering on specific gateway instance names within the selected namespaces.",
+            "definition": "label_values(microgateway_build_info{managed_by=~\"$operator\", namespace=~\"$namespace\", gateway_kind=~\"$gateway_kind\"},gateway)",
+            "includeAll": true,
+            "label": "Gateway Name",
+            "multi": true,
+            "name": "gateway_name",
+            "options": [],
+            "query": {
+              "qryType": 1,
+              "query": "label_values(microgateway_build_info{managed_by=~\"$operator\", namespace=~\"$namespace\", gateway_kind=~\"$gateway_kind\"},gateway)",
+              "refId": "PrometheusVariableQueryEditor-VariableQuery"
+            },
+            "refresh": 2,
+            "regex": "",
+            "sort": 1,
+            "type": "query"
+          },
+          {
+            "allowCustomValue": false,
+            "current": {},
+            "datasource": {
+              "type": "prometheus",
+              "uid": "${DS_PROMETHEUS}"
+            },
+            "definition": "label_values(microgateway_build_info{managed_by=~\"$operator\", namespace=~\"$namespace\", gateway_kind=~\"$gateway_kind\", gateway=~\"$gateway_name\"},pod)",
             "hide": 2,
-            "includeAll": false,
-            "label": "DS_PROMETHEUS",
-            "name": "DS_PROMETHEUS",
+            "includeAll": true,
+            "label": "Gateway Pod",
+            "multi": true,
+            "name": "gateway_pod",
             "options": [],
-            "query": "prometheus",
-            "refresh": 1,
+            "query": {
+              "qryType": 1,
+              "query": "label_values(microgateway_build_info{managed_by=~\"$operator\", namespace=~\"$namespace\", gateway_kind=~\"$gateway_kind\", gateway=~\"$gateway_name\"},pod)",
+              "refId": "PrometheusVariableQueryEditor-VariableQuery"
+            },
+            "refresh": 2,
             "regex": "",
-            "type": "datasource"
+            "type": "query"
           }
         ]
       },
@@ -468,6 +566,6 @@ metadata:
     app.kubernetes.io/instance: airlock-microgateway
     app.kubernetes.io/name: microgateway-operator
     app.kubernetes.io/part-of: microgateway
-    app.kubernetes.io/version: 4.5.3
+    app.kubernetes.io/version: 4.6.0
     grafana_dashboard: "1"
   name: airlock-microgateway-dashboard-accessctrllogs