Skip to content

Commit

Permalink
Merge branch 'main' into authorization-impl
Browse files Browse the repository at this point in the history 
Signed-off-by: Huabing Zhao <[email protected]>
  • Loading branch information
@zhaohuabing
zhaohuabing authored May 29, 2024
2 parents 71e1f14 + dd35514 commit 4ea40d2
Show file tree
Hide file tree
Showing 85 changed files with 3,029 additions and 304 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/build_and_test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ jobs:
needs: [build]
strategy:
matrix:
version: [ v1.26.14, v1.27.11, v1.28.7, v1.29.2 ]
version: [ v1.27.13, v1.28.9, v1.29.4, v1.30.0 ]
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- uses: ./tools/github-actions/setup-deps
Expand Down Expand Up @@ -112,7 +112,7 @@ jobs:
needs: [build]
strategy:
matrix:
version: [ v1.26.14, v1.27.11, v1.28.7, v1.29.2 ]
version: [ v1.27.13, v1.28.9, v1.29.4, v1.30.0 ]
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- uses: ./tools/github-actions/setup-deps
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/codeql.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,14 +36,14 @@ jobs:
- uses: ./tools/github-actions/setup-deps

- name: Initialize CodeQL
uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
with:
languages: ${{ matrix.language }}

- name: Autobuild
uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
uses: github/codeql-action/autobuild@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
with:
category: "/language:${{matrix.language}}"
2 changes: 1 addition & 1 deletion .github/workflows/experimental_conformance.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
version: [ v1.26.14, v1.27.11, v1.28.7, v1.29.2 ]
version: [ v1.27.13, v1.28.9, v1.29.4, v1.30.0 ]
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- uses: ./tools/github-actions/setup-deps
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/scorecard.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,6 @@ jobs:
retention-days: 5

- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
with:
sarif_file: results.sarif
2 changes: 1 addition & 1 deletion .github/workflows/trivy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
IMAGE=envoy-proxy/gateway-dev TAG=${{ github.sha }} make image
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # v0.20.0
uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2 # v0.21.0
with:
image-ref: envoy-proxy/gateway-dev:${{ github.sha }}
exit-code: '1'
6 changes: 3 additions & 3 deletions api/v1alpha1/accesslogging_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,19 +158,19 @@ type FileEnvoyProxyAccessLog struct {
// +kubebuilder:validation:XValidation:message="host or backendRefs needs to be set",rule="has(self.host) || self.backendRefs.size() > 0"
type OpenTelemetryEnvoyProxyAccessLog struct {
// Host define the extension service hostname.
// Deprecated: Use BackendRef instead.
// Deprecated: Use BackendRefs instead.
//
// +optional
Host *string `json:"host,omitempty"`
// Port defines the port the extension service is exposed on.
// Deprecated: Use BackendRef instead.
// Deprecated: Use BackendRefs instead.
//
// +optional
// +kubebuilder:validation:Minimum=0
// +kubebuilder:default=4317
Port int32 `json:"port,omitempty"`
// BackendRefs references a Kubernetes object that represents the
// backend server to which the accesslog will be sent.
// backend server to which the access log will be sent.
// Only service Kind is supported for now.
//
// +optional
Expand Down
4 changes: 2 additions & 2 deletions api/v1alpha1/envoyproxy_metric_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,12 +56,12 @@ type ProxyMetricSink struct {
// +kubebuilder:validation:XValidation:message="host or backendRefs needs to be set",rule="has(self.host) || self.backendRefs.size() > 0"
type ProxyOpenTelemetrySink struct {
// Host define the service hostname.
// Deprecated: Use BackendRef instead.
// Deprecated: Use BackendRefs instead.
//
// +optional
Host *string `json:"host,omitempty"`
// Port defines the port the service is exposed on.
// Deprecated: Use BackendRef instead.
// Deprecated: Use BackendRefs instead.
//
// +optional
// +kubebuilder:validation:Minimum=0
Expand Down
1 change: 1 addition & 0 deletions api/v1alpha1/envoyproxy_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,7 @@ type BackendTLSConfig struct {
// ClientCertificateRef defines the reference to a Kubernetes Secret that contains
// the client certificate and private key for Envoy to use when connecting to
// backend services and external services, such as ExtAuth, ALS, OpenTelemetry, etc.
// This secret should be located within the same namespace as the Envoy proxy resource that references it.
// +optional
ClientCertificateRef *gwapiv1.SecretObjectReference `json:"clientCertificateRef,omitempty"`
TLSSettings `json:",inline"`
Expand Down
1 change: 0 additions & 1 deletion api/v1alpha1/loadbalancer_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,6 @@ type ConsistentHash struct {
// +kubebuilder:validation:Maximum=5000011
// +kubebuilder:default=65537
// +optional
// +notImplementedHide
TableSize *uint64 `json:"tableSize,omitempty"`
}

Expand Down
6 changes: 3 additions & 3 deletions api/v1alpha1/tracing_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,19 +38,19 @@ type TracingProvider struct {
// +kubebuilder:default=OpenTelemetry
Type TracingProviderType `json:"type"`
// Host define the provider service hostname.
// Deprecated: Use BackendRef instead.
// Deprecated: Use BackendRefs instead.
//
// +optional
Host *string `json:"host,omitempty"`
// Port defines the port the provider service is exposed on.
// Deprecated: Use BackendRef instead.
// Deprecated: Use BackendRefs instead.
//
// +optional
// +kubebuilder:validation:Minimum=0
// +kubebuilder:default=4317
Port int32 `json:"port,omitempty"`
// BackendRefs references a Kubernetes object that represents the
// backend server to which the accesslog will be sent.
// backend server to which the trace will be sent.
// Only service Kind is supported for now.
//
// +optional
Expand Down
79 changes: 43 additions & 36 deletions charts/gateway-helm/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,10 @@ The Helm chart for Envoy Gateway

## Maintainers

| Name | Email | Url |
| -------------------------------- | ----- | --------------------------------------------------------------- |
| envoy-gateway-steering-committee | | <https://github.com/envoyproxy/gateway/blob/main/GOVERNANCE.md> |
| envoy-gateway-maintainers | | <https://github.com/envoyproxy/gateway/blob/main/CODEOWNERS> |
| Name | Email | Url |
| ---- | ------ | --- |
| envoy-gateway-steering-committee | | <https://github.com/envoyproxy/gateway/blob/main/GOVERNANCE.md> |
| envoy-gateway-maintainers | | <https://github.com/envoyproxy/gateway/blob/main/CODEOWNERS> |

## Source Code

Expand Down Expand Up @@ -57,35 +57,42 @@ To uninstall the chart:

## Values

| Key | Type | Default | Description |
|----------------------------------------------------| ------ |---------------------------------------------------| ----------- |
| config.envoyGateway.gateway.controllerName | string | `"gateway.envoyproxy.io/gatewayclass-controller"` | |
| config.envoyGateway.provider.type | string | `"Kubernetes"` | |
| deployment.envoyGateway.image.repository | string | `"docker.io/envoyproxy/gateway-dev"` | |
| deployment.envoyGateway.image.tag | string | `"latest"` | |
| deployment.envoyGateway.imagePullPolicy | string | `"Always"` | |
| deployment.envoyGateway.resources.limits.cpu | string | `"500m"` | |
| deployment.envoyGateway.resources.limits.memory | string | `"128Mi"` | |
| deployment.envoyGateway.resources.requests.cpu | string | `"10m"` | |
| deployment.envoyGateway.resources.requests.memory | string | `"64Mi"` | |
| deployment.kubeRbacProxy.image.repository | string | `"gcr.io/kubebuilder/kube-rbac-proxy"` | |
| deployment.kubeRbacProxy.image.tag | string | `"v0.11.0"` | |
| deployment.kubeRbacProxy.imagePullPolicy | string | `"IfNotPresent"` | |
| deployment.kubeRbacProxy.resources.limits.cpu | string | `"500m"` | |
| deployment.kubeRbacProxy.resources.limits.memory | string | `"128Mi"` | |
| deployment.kubeRbacProxy.resources.requests.cpu | string | `"5m"` | |
| deployment.kubeRbacProxy.resources.requests.memory | string | `"64Mi"` | |
| deployment.ports[0].name | string | `"grpc"` | |
| deployment.ports[0].port | int | `18000` | |
| deployment.ports[0].targetPort | int | `18000` | |
| deployment.ports[1].name | string | `"ratelimit"` | |
| deployment.ports[1].port | int | `18001` | |
| deployment.ports[1].targetPort | int | `18001` | |
| deployment.replicas | int | `1` | |
| deployment.pod.annotations | object | `{}` | |
| deployment.pod.labels | object | `{}` | |
| envoyGatewayMetricsService.ports[0].name | string | `"https"` | |
| envoyGatewayMetricsService.ports[0].port | int | `8443` | |
| envoyGatewayMetricsService.ports[0].protocol | string | `"TCP"` | |
| envoyGatewayMetricsService.ports[0].targetPort | string | `"https"` | |
| kubernetesClusterDomain | string | `"cluster.local"` | |
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| certgen.job.annotations | object | `{}` | |
| certgen.job.resources | object | `{}` | |
| certgen.job.ttlSecondsAfterFinished | int | `30` | |
| certgen.rbac.annotations | object | `{}` | |
| certgen.rbac.labels | object | `{}` | |
| config.envoyGateway.gateway.controllerName | string | `"gateway.envoyproxy.io/gatewayclass-controller"` | |
| config.envoyGateway.logging.level.default | string | `"info"` | |
| config.envoyGateway.provider.type | string | `"Kubernetes"` | |
| createNamespace | bool | `false` | |
| deployment.envoyGateway.image.repository | string | `""` | |
| deployment.envoyGateway.image.tag | string | `""` | |
| deployment.envoyGateway.imagePullPolicy | string | `""` | |
| deployment.envoyGateway.imagePullSecrets | list | `[]` | |
| deployment.envoyGateway.resources.limits.cpu | string | `"500m"` | |
| deployment.envoyGateway.resources.limits.memory | string | `"1024Mi"` | |
| deployment.envoyGateway.resources.requests.cpu | string | `"100m"` | |
| deployment.envoyGateway.resources.requests.memory | string | `"256Mi"` | |
| deployment.pod.affinity | object | `{}` | |
| deployment.pod.annotations."prometheus.io/port" | string | `"19001"` | |
| deployment.pod.annotations."prometheus.io/scrape" | string | `"true"` | |
| deployment.pod.labels | object | `{}` | |
| deployment.ports[0].name | string | `"grpc"` | |
| deployment.ports[0].port | int | `18000` | |
| deployment.ports[0].targetPort | int | `18000` | |
| deployment.ports[1].name | string | `"ratelimit"` | |
| deployment.ports[1].port | int | `18001` | |
| deployment.ports[1].targetPort | int | `18001` | |
| deployment.ports[2].name | string | `"metrics"` | |
| deployment.ports[2].port | int | `19001` | |
| deployment.ports[2].targetPort | int | `19001` | |
| deployment.replicas | int | `1` | |
| global.images.envoyGateway.image | string | `nil` | |
| global.images.envoyGateway.imagePullSecrets | list | `[]` | |
| global.images.envoyGateway.pullPolicy | string | `nil` | |
| global.images.ratelimit.image | string | `"docker.io/envoyproxy/ratelimit:master"` | |
| kubernetesClusterDomain | string | `"cluster.local"` | |

17 changes: 9 additions & 8 deletions charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ spec:
ClientCertificateRef defines the reference to a Kubernetes Secret that contains
the client certificate and private key for Envoy to use when connecting to
backend services and external services, such as ExtAuth, ALS, OpenTelemetry, etc.
This secret should be located within the same namespace as the Envoy proxy resource that references it.
properties:
group:
default: ""
Expand Down Expand Up @@ -10404,7 +10405,7 @@ spec:
backendRefs:
description: |-
BackendRefs references a Kubernetes object that represents the
backend server to which the accesslog will be sent.
backend server to which the access log will be sent.
Only service Kind is supported for now.
items:
description: BackendRef defines how an ObjectReference
Expand Down Expand Up @@ -10492,13 +10493,13 @@ spec:
host:
description: |-
Host define the extension service hostname.
Deprecated: Use BackendRef instead.
Deprecated: Use BackendRefs instead.
type: string
port:
default: 4317
description: |-
Port defines the port the extension service is exposed on.
Deprecated: Use BackendRef instead.
Deprecated: Use BackendRefs instead.
format: int32
minimum: 0
type: integer
Expand Down Expand Up @@ -10718,13 +10719,13 @@ spec:
host:
description: |-
Host define the service hostname.
Deprecated: Use BackendRef instead.
Deprecated: Use BackendRefs instead.
type: string
port:
default: 4317
description: |-
Port defines the port the service is exposed on.
Deprecated: Use BackendRef instead.
Deprecated: Use BackendRefs instead.
format: int32
maximum: 65535
minimum: 0
Expand Down Expand Up @@ -10827,7 +10828,7 @@ spec:
backendRefs:
description: |-
BackendRefs references a Kubernetes object that represents the
backend server to which the accesslog will be sent.
backend server to which the trace will be sent.
Only service Kind is supported for now.
items:
description: BackendRef defines how an ObjectReference
Expand Down Expand Up @@ -10914,13 +10915,13 @@ spec:
host:
description: |-
Host define the provider service hostname.
Deprecated: Use BackendRef instead.
Deprecated: Use BackendRefs instead.
type: string
port:
default: 4317
description: |-
Port defines the port the provider service is exposed on.
Deprecated: Use BackendRef instead.
Deprecated: Use BackendRefs instead.
format: int32
minimum: 0
type: integer
Expand Down
Loading

0 comments on commit 4ea40d2

Please sign in to comment.