Merge branch 'main' into feat/http3-support

.github/workflows/docs.yaml

@@ -4,21 +4,21 @@ on:
     branches:
     - "main"
     - "release/v*"
-    paths-ignore:
-    - "**/*.png"
-  pull_request:
-    branches:
-    - "main"
-    - "release/v*"
-    paths-ignore:
-    - "**/*.png"
+    paths:
+    - 'site/**'
+  pull_request_target:
+    types: [opened, synchronize, reopened]
+    paths:
+    - 'site/**'
 
 jobs:
   docs-lint:
     runs-on: ubuntu-22.04
     steps:
     - name: Check out code
       uses: actions/checkout@v4
+      with:
+        ref: ${{ github.event.pull_request.head.sha }}
 
     - name: Run markdown linter
       uses: nosborn/[email protected]
@@ -36,6 +36,7 @@ jobs:
       uses: actions/checkout@v4
       with:
         submodules: true
+        ref: ${{ github.event.pull_request.head.sha }}
 
     - name: Setup Hugo
       uses: peaceiris/actions-hugo@v2
@@ -60,6 +61,44 @@ jobs:
         # Duration after which artifact will expire in days.
         # retention-days: # optional, default is 1
 
+  docs-preview:
+    if: "github.event_name == 'pull_request_target'"
+    needs: docs-build
+    runs-on: ubuntu-22.04
+    steps:
+    - name: Git checkout
+      uses: actions/checkout@v4
+      with:
+        ref: ${{ github.event.pull_request.head.sha }}
+    - name: Setup Hugo
+      uses: peaceiris/actions-hugo@v2
+      with:
+        hugo-version: 'latest'
+        extended: true
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: '18'
+    - name: Install Site Dependencies and Build Site
+      run: make docs
+    - name: Deploy to Netlify
+      uses: nwtgck/[email protected]
+      with:
+        publish-dir: 'site/public'
+        production-deploy: false
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        deploy-message: "Deploy from GitHub Actions"
+        alias: "${{ github.event.repository.name }}-pr-${{ github.event.pull_request.number }}-preview"
+        # these all default to 'true'
+        enable-pull-request-comment: true
+        enable-commit-comment: false
+        enable-commit-status: true
+        overwrites-pull-request-comment: true
+      env:
+        NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
+        NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
+      timeout-minutes: 1
+
   # This workflow contains a single job called "build"
   docs-publish:
     if: github.event_name == 'push'
@@ -80,4 +119,4 @@ jobs:
     steps:
     - name: Deploy to GitHub Pages
       id: deployment
-      uses: actions/deploy-pages@v2.0.4
+      uses: actions/deploy-pages@v3.0.1

.github/workflows/retest.yaml

@@ -22,6 +22,6 @@ jobs:
       pull-requests: write
       actions: write
     steps:
-    - uses: envoyproxy/toolshed/gh-actions/retest@actions-v0.1.65
+    - uses: envoyproxy/toolshed/gh-actions/retest@actions-v0.2.17
       with:
         token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/stale.yml

@@ -15,7 +15,7 @@ jobs:
 
     steps:
     - name: Prune Stale
-      uses: actions/stale@v8
+      uses: actions/stale@v9
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         # Different amounts of days for issues/PRs are not currently supported but there is a PR

.github/workflows/welcome.yaml

@@ -0,0 +1,40 @@
+name: Welcome
+
+on:
+  pull_request_target:
+    types: [opened]
+
+jobs:
+  comment:
+    permissions:
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Comment
+        uses: peter-evans/create-or-update-comment@v3
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          body: |
+            🚀 Thank you for contributing to the [Envoy Gateway](https://gateway.envoyproxy.io/) project! 🚀
+
+            Before merging, please ensure to follow the process below:
+
+            1. Requesting Reviews:
+            - cc @envoyproxy/gateway-reviewers team for an initial review.
+            - After the initial review, reviewers should request the @envoyproxy/gateway-maintainers team for further review.
+            2. Review Approval:
+            - Your PR needs to receive at least two approvals.
+            - At least one approval must come from a member of the gateway-maintainers team.
+
+            **NOTE**: Once your PR is under review, ***please do not rebase and force push it***. Otherwise, it will force your reviewers to review the PR from scratch rather than simply look at your latest changes.
+
+            <details>
+            <summary> What's more, you can help expedite the processing of your PR by </summary>
+            <br>
+
+            - Ensuring you have self-reviewed your work according to the project's [Contribution Guidelines](https://gateway.envoyproxy.io/latest/contributions/develop).
+            - If your PR addresses a specific issue, make sure to mention it in the PR description.
+            - Respond promptly if there are any test failures or suggestions for improvements that we comment on.
+
+            </details>
+          reactions: 'heart'

OWNERS

@@ -14,13 +14,13 @@ maintainers:
 - Xunzhuo
 - zirain
 - qicz
+- zhaohuabing
 
 reviewers:
 
 - chauhanshubham
 - kflynn
 - LanceEa
-- zhaohuabing
 - tmsnan
 - tanujd11
 - cnvergence

api/v1alpha1/cors_types.go

@@ -21,4 +21,7 @@ type CORS struct {
 	ExposeHeaders []string `json:"exposeHeaders,omitempty" yaml:"exposeHeaders,omitempty"`
 	// MaxAge defines how long the results of a preflight request can be cached.
 	MaxAge *metav1.Duration `json:"maxAge,omitempty" yaml:"maxAge,omitempty"`
+	// AllowCredentials indicates whether a request can include user credentials
+	// like cookies, authentication headers, or TLS client certificates.
+	AllowCredentials *bool `json:"allowCredentials,omitempty" yaml:"allowCredentials,omitempty"`
 }

api/v1alpha1/envoyproxy_helpers.go

@@ -9,6 +9,10 @@ import (
 	"fmt"
 	"sort"
 	"strings"
+
+	autoscalingv2 "k8s.io/api/autoscaling/v2"
+	v1 "k8s.io/api/core/v1"
+	"k8s.io/utils/ptr"
 )
 
 // DefaultEnvoyProxyProvider returns a new EnvoyProxyProvider with default settings.
@@ -37,6 +41,21 @@ func DefaultEnvoyProxyKubeProvider() *EnvoyProxyKubernetesProvider {
 	}
 }
 
+func DefaultEnvoyProxyHpaMetrics() []autoscalingv2.MetricSpec {
+	return []autoscalingv2.MetricSpec{
+		{
+			Resource: &autoscalingv2.ResourceMetricSource{
+				Name: v1.ResourceCPU,
+				Target: autoscalingv2.MetricTarget{
+					Type:               autoscalingv2.UtilizationMetricType,
+					AverageUtilization: ptr.To[int32](80),
+				},
+			},
+			Type: autoscalingv2.ResourceMetricSourceType,
+		},
+	}
+}
+
 // GetEnvoyProxyKubeProvider returns the EnvoyProxyKubernetesProvider of EnvoyProxyProvider or
 // a default EnvoyProxyKubernetesProvider if unspecified. If EnvoyProxyProvider is not of
 // type "Kubernetes", a nil EnvoyProxyKubernetesProvider is returned.
@@ -64,6 +83,10 @@ func (r *EnvoyProxyProvider) GetEnvoyProxyKubeProvider() *EnvoyProxyKubernetesPr
 		r.Kubernetes.EnvoyService.Type = GetKubernetesServiceType(ServiceTypeLoadBalancer)
 	}
 
+	if r.Kubernetes.EnvoyHpa != nil {
+		r.Kubernetes.EnvoyHpa.setDefault()
+	}
+
 	return r.Kubernetes
 }
 

api/v1alpha1/envoyproxy_types.go

@@ -127,6 +127,15 @@ type EnvoyProxyKubernetesProvider struct {
 	// +kubebuilder:validation:XValidation:message="loadBalancerIP can only be set for LoadBalancer type",rule="!has(self.loadBalancerIP) || self.type == 'LoadBalancer'"
 	// +kubebuilder:validation:XValidation:message="loadBalancerIP must be a valid IPv4 address",rule="!has(self.loadBalancerIP) || self.loadBalancerIP.matches(r\"^(((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4})\")"
 	EnvoyService *KubernetesServiceSpec `json:"envoyService,omitempty"`
+
+	// EnvoyHpa defines the Horizontal Pod Autoscaler settings for Envoy Proxy Deployment.
+	// Once the HPA is being set, Replicas field from EnvoyDeployment will be ignored.
+	//
+	// +optional
+	// +kubebuilder:validation:XValidation:message="minReplicas must be greater than 0",rule="!has(self.minReplicas) || self.minReplicas > 0"
+	// +kubebuilder:validation:XValidation:message="maxReplicas must be greater than 0",rule="!has(self.maxReplicas) || self.maxReplicas > 0"
+	// +kubebuilder:validation:XValidation:message="maxReplicas cannot be less than or equal to minReplicas",rule="!has(self.minReplicas) || self.maxReplicas > self.minReplicas"
+	EnvoyHpa *KubernetesHorizontalPodAutoscalerSpec `json:"envoyHpa,omitempty"`
 }
 
 // ProxyLogging defines logging parameters for managed proxies.

api/v1alpha1/kubernetes_helpers.go

@@ -9,7 +9,7 @@ import (
 	appv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
-	"k8s.io/utils/pointer"
+	"k8s.io/utils/ptr"
 )
 
 // DefaultKubernetesDeploymentReplicas returns the default replica settings.
@@ -27,7 +27,7 @@ func DefaultKubernetesDeploymentStrategy() *appv1.DeploymentStrategy {
 
 // DefaultKubernetesContainerImage returns the default envoyproxy image.
 func DefaultKubernetesContainerImage(image string) *string {
-	return pointer.String(image)
+	return ptr.To(image)
 }
 
 // DefaultKubernetesDeployment returns a new KubernetesDeploymentSpec with default settings.
@@ -106,3 +106,9 @@ func (deployment *KubernetesDeploymentSpec) defaultKubernetesDeploymentSpec(imag
 		deployment.Container.Image = DefaultKubernetesContainerImage(image)
 	}
 }
+
+func (hpa *KubernetesHorizontalPodAutoscalerSpec) setDefault() {
+	if len(hpa.Metrics) == 0 {
+		hpa.Metrics = DefaultEnvoyProxyHpaMetrics()
+	}
+}

api/v1alpha1/shared_types.go

@@ -7,6 +7,7 @@ package v1alpha1
 
 import (
 	appv1 "k8s.io/api/apps/v1"
+	autoscalingv2 "k8s.io/api/autoscaling/v2"
 	corev1 "k8s.io/api/core/v1"
 )
 
@@ -112,6 +113,10 @@ type KubernetesPodSpec struct {
 	//
 	// +optional
 	Volumes []corev1.Volume `json:"volumes,omitempty"`
+
+	// HostNetwork, If this is set to true, the pod will use host's network namespace.
+	// +optional
+	HostNetwork bool `json:"hostNetwork,omitempty"`
 }
 
 // KubernetesContainerSpec defines the desired state of the Kubernetes container resource.
@@ -275,3 +280,34 @@ const (
 	// https://github.com/google/re2/wiki/Syntax.
 	StringMatchRegularExpression StringMatchType = "RegularExpression"
 )
+
+// KubernetesHorizontalPodAutoscalerSpec defines Kubernetes Horizontal Pod Autoscaler settings of Envoy Proxy Deployment.
+// See k8s.io.autoscaling.v2.HorizontalPodAutoScalerSpec.
+type KubernetesHorizontalPodAutoscalerSpec struct {
+	// minReplicas is the lower limit for the number of replicas to which the autoscaler
+	// can scale down. It defaults to 1 replica.
+	//
+	// +optional
+	MinReplicas *int32 `json:"minReplicas,omitempty"`
+
+	// maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up.
+	// It cannot be less that minReplicas.
+	//
+	MaxReplicas *int32 `json:"maxReplicas"`
+
+	// metrics contains the specifications for which to use to calculate the
+	// desired replica count (the maximum replica count across all metrics will
+	// be used).
+	// If left empty, it defaults to being based on CPU utilization with average on 80% usage.
+	//
+	// +optional
+	Metrics []autoscalingv2.MetricSpec `json:"metrics,omitempty"`
+
+	// behavior configures the scaling behavior of the target
+	// in both Up and Down directions (scaleUp and scaleDown fields respectively).
+	// If not set, the default HPAScalingRules for scale up and scale down are used.
+	// See k8s.io.autoscaling.v2.HorizontalPodAutoScalerBehavior.
+	//
+	// +optional
+	Behavior *autoscalingv2.HorizontalPodAutoscalerBehavior `json:"behavior,omitempty"`
+}

api/v1alpha1/validation/envoyproxy_validate_test.go

@@ -15,10 +15,9 @@ import (
 	"github.com/stretchr/testify/require"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/utils/pointer"
+	"k8s.io/utils/ptr"
 
 	egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
-	"github.com/envoyproxy/gateway/internal/utils/ptr"
 )
 
 var (
@@ -301,7 +300,7 @@ func TestValidateEnvoyProxy(t *testing.T) {
 				},
 				Spec: egv1a1.EnvoyProxySpec{
 					Bootstrap: &egv1a1.ProxyBootstrap{
-						Type:  (*egv1a1.BootstrapType)(pointer.String(string(egv1a1.BootstrapTypeMerge))),
+						Type:  ptr.To(egv1a1.BootstrapTypeMerge),
 						Value: mergeUserBootstrap,
 					},
 				},
@@ -390,7 +389,7 @@ func TestValidateEnvoyProxy(t *testing.T) {
 								{
 									Format: egv1a1.ProxyAccessLogFormat{
 										Type: egv1a1.ProxyAccessLogFormatTypeText,
-										Text: pointer.String("[%START_TIME%]"),
+										Text: ptr.To("[%START_TIME%]"),
 									},
 									Sinks: []egv1a1.ProxyAccessLogSink{
 										{