From d60b4f7f8e8fbf81ac647e2f945aecaff5e571c2 Mon Sep 17 00:00:00 2001 From: zirain Date: Thu, 30 Nov 2023 13:49:34 +0800 Subject: [PATCH 01/31] chore: update otel collector chart version (#2254) Signed-off-by: zirain --- tools/make/kube.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/make/kube.mk b/tools/make/kube.mk index a27e1edb40fd..354e4730edda 100644 --- a/tools/make/kube.mk +++ b/tools/make/kube.mk @@ -9,7 +9,7 @@ GATEWAY_RELEASE_URL ?= https://github.com/kubernetes-sigs/gateway-api/releases/d WAIT_TIMEOUT ?= 15m FLUENT_BIT_CHART_VERSION ?= 0.30.4 -OTEL_COLLECTOR_CHART_VERSION ?= 0.60.0 +OTEL_COLLECTOR_CHART_VERSION ?= 0.73.1 TEMPO_CHART_VERSION ?= 1.3.1 # Set Kubernetes Resources Directory Path From 415e2687ae02ca57d9aa14afaf25ce6504778309 Mon Sep 17 00:00:00 2001 From: Huabing Zhao Date: Thu, 30 Nov 2023 19:00:38 +0800 Subject: [PATCH 02/31] fix flaky test (#2253) user docs for basic auth (#2246) docs for basic auth Signed-off-by: huabing zhao --- test/e2e/testdata/basic-auth.yaml | 12 ++++++------ test/e2e/tests/basic-auth.go | 25 ++++++++++++++----------- 2 files changed, 20 insertions(+), 17 deletions(-) diff --git a/test/e2e/testdata/basic-auth.yaml b/test/e2e/testdata/basic-auth.yaml index 8af775e17bc7..036bb788eaa9 100644 --- a/test/e2e/testdata/basic-auth.yaml +++ b/test/e2e/testdata/basic-auth.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: namespace: gateway-conformance-infra - name: basic-auth-users-secret + name: basic-auth-users-secret-1 data: .htpasswd: "dXNlcjE6e1NIQX10RVNzQm1FL3lOWTNsYjZhMEw2dlZRRVpOcXc9CnVzZXIyOntTSEF9RUo5TFBGRFhzTjl5blNtYnh2anA3NUJtbHg4PQo=" --- @@ -18,7 +18,7 @@ data: apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: - name: http-with-basic-auth + name: http-with-basic-auth-1 namespace: gateway-conformance-infra spec: parentRefs: @@ -27,7 +27,7 @@ spec: - matches: - path: type: Exact - value: /basic-auth + value: /basic-auth-1 backendRefs: - name: infra-backend-v1 port: 8080 @@ -52,17 +52,17 @@ spec: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: SecurityPolicy metadata: - name: basic-auth + name: basic-auth-1 namespace: gateway-conformance-infra spec: targetRef: group: gateway.networking.k8s.io kind: HTTPRoute - name: http-with-basic-auth + name: http-with-basic-auth-1 namespace: gateway-conformance-infra basicAuth: users: - name: "basic-auth-users-secret" + name: "basic-auth-users-secret-1" --- apiVersion: gateway.envoyproxy.io/v1alpha1 kind: SecurityPolicy diff --git a/test/e2e/tests/basic-auth.go b/test/e2e/tests/basic-auth.go index e6701988de43..a5a584d226be 100644 --- a/test/e2e/tests/basic-auth.go +++ b/test/e2e/tests/basic-auth.go @@ -38,14 +38,14 @@ var BasicAuthTest = suite.ConformanceTest{ Test: func(t *testing.T, suite *suite.ConformanceTestSuite) { t.Run("valid username password", func(t *testing.T) { ns := "gateway-conformance-infra" - routeNN := types.NamespacedName{Name: "http-with-basic-auth", Namespace: ns} + routeNN := types.NamespacedName{Name: "http-with-basic-auth-1", Namespace: ns} gwNN := types.NamespacedName{Name: "same-namespace", Namespace: ns} gwAddr := kubernetes.GatewayAndHTTPRoutesMustBeAccepted(t, suite.Client, suite.TimeoutConfig, suite.ControllerName, kubernetes.NewGatewayRef(gwNN), routeNN) - SecurityPolicyMustBeAccepted(t, suite.Client, types.NamespacedName{Name: "basic-auth", Namespace: ns}) - SecurityPolicyMustBeAccepted(t, suite.Client, types.NamespacedName{Name: "basic-auth-2", Namespace: ns}) + SecurityPolicyMustBeAccepted(t, suite.Client, types.NamespacedName{Name: "basic-auth-1", Namespace: ns}) + // TODO: We should wait for the `programmed` condition to be true before sending traffic. expectedResponse := http.ExpectedResponse{ Request: http.Request{ - Path: "/basic-auth", + Path: "/basic-auth-1", Headers: map[string]string{ "Authorization": "Basic dXNlcjE6dGVzdDE=", // user1:test1 }, @@ -69,13 +69,14 @@ var BasicAuthTest = suite.ConformanceTest{ t.Run("without Authorization header", func(t *testing.T) { ns := "gateway-conformance-infra" - routeNN := types.NamespacedName{Name: "http-with-basic-auth", Namespace: ns} + routeNN := types.NamespacedName{Name: "http-with-basic-auth-1", Namespace: ns} gwNN := types.NamespacedName{Name: "same-namespace", Namespace: ns} gwAddr := kubernetes.GatewayAndHTTPRoutesMustBeAccepted(t, suite.Client, suite.TimeoutConfig, suite.ControllerName, kubernetes.NewGatewayRef(gwNN), routeNN) - + SecurityPolicyMustBeAccepted(t, suite.Client, types.NamespacedName{Name: "basic-auth-1", Namespace: ns}) + // TODO: We should wait for the `programmed` condition to be true before sending traffic. expectedResponse := http.ExpectedResponse{ Request: http.Request{ - Path: "/basic-auth", + Path: "/basic-auth-1", }, Response: http.Response{ StatusCode: 401, @@ -96,13 +97,14 @@ var BasicAuthTest = suite.ConformanceTest{ t.Run("invalid username password", func(t *testing.T) { ns := "gateway-conformance-infra" - routeNN := types.NamespacedName{Name: "http-with-basic-auth", Namespace: ns} + routeNN := types.NamespacedName{Name: "http-with-basic-auth-1", Namespace: ns} gwNN := types.NamespacedName{Name: "same-namespace", Namespace: ns} gwAddr := kubernetes.GatewayAndHTTPRoutesMustBeAccepted(t, suite.Client, suite.TimeoutConfig, suite.ControllerName, kubernetes.NewGatewayRef(gwNN), routeNN) - + SecurityPolicyMustBeAccepted(t, suite.Client, types.NamespacedName{Name: "basic-auth-1", Namespace: ns}) + // TODO: We should wait for the `programmed` condition to be true before sending traffic. expectedResponse := http.ExpectedResponse{ Request: http.Request{ - Path: "/basic-auth", + Path: "/basic-auth-1", Headers: map[string]string{ "Authorization": "Basic dXNlcjE6dGVzdDI=", // user1:test2 }, @@ -129,7 +131,8 @@ var BasicAuthTest = suite.ConformanceTest{ routeNN := types.NamespacedName{Name: "http-with-basic-auth-2", Namespace: ns} gwNN := types.NamespacedName{Name: "same-namespace", Namespace: ns} gwAddr := kubernetes.GatewayAndHTTPRoutesMustBeAccepted(t, suite.Client, suite.TimeoutConfig, suite.ControllerName, kubernetes.NewGatewayRef(gwNN), routeNN) - + SecurityPolicyMustBeAccepted(t, suite.Client, types.NamespacedName{Name: "basic-auth-2", Namespace: ns}) + // TODO: We should wait for the `programmed` condition to be true before sending traffic. expectedResponse := http.ExpectedResponse{ Request: http.Request{ Path: "/basic-auth-2", From f3e4e932d0749f38af339a92ec68cebbf29645ef Mon Sep 17 00:00:00 2001 From: Huabing Zhao Date: Fri, 1 Dec 2023 10:51:00 +0800 Subject: [PATCH 03/31] user doc for oidc (#2256) * user doc for oidc Signed-off-by: huabing zhao * Update site/content/en/latest/user/oidc.md Co-authored-by: sh2 Signed-off-by: Huabing Zhao * Update site/content/en/latest/user/oidc.md Co-authored-by: sh2 Signed-off-by: Huabing Zhao * Update site/content/en/latest/user/oidc.md Co-authored-by: sh2 Signed-off-by: Huabing Zhao --------- Signed-off-by: huabing zhao Signed-off-by: Huabing Zhao Co-authored-by: sh2 --- site/content/en/latest/user/oidc.md | 124 ++++++++++++++++++++++++++++ 1 file changed, 124 insertions(+) create mode 100644 site/content/en/latest/user/oidc.md diff --git a/site/content/en/latest/user/oidc.md b/site/content/en/latest/user/oidc.md new file mode 100644 index 000000000000..3983d1530fa7 --- /dev/null +++ b/site/content/en/latest/user/oidc.md @@ -0,0 +1,124 @@ +--- +title: "OIDC Authentication" +--- + +This guide provides instructions for configuring [OpenID Connect (OIDC)][oidc] authentication. +OpenID Connect (OIDC) is an authentication standard built on top of OAuth 2.0. +It enables client applications to rely on authentication that is performed by an OpenID Connect Provider (OP) +to verify the identity of a user. + +Envoy Gateway introduces a new CRD called [SecurityPolicy][SecurityPolicy] that allows the user to configure OIDC +authentication. +This instantiated resource can be linked to a [Gateway][Gateway] and [HTTPRoute][HTTPRoute] resource. + +## Prerequisites + +Follow the steps from the [Quickstart](../quickstart) guide to install Envoy Gateway and the example manifest. +Before proceeding, you should be able to query the example backend using HTTP. + +OIDC authentication requires the redirect URL to be HTTPS. Follow the [Secure Gateways](../secure-gateways) guide + to generate the TLS certificates and update the Gateway configuration to add an HTTPS listener. + +Verify the Gateway status: + +```shell +kubectl get gateway/teg -o yaml +``` + +## Configuration + +This guide uses Google as the OIDC provider to demonstrate the configuration of OIDC. However, EG works with any OIDC +providers, including Auth0, Azure AD, Keycloak, Okta, OneLogin, Salesforce, UAA, etc. + +### Register an OIDC application + +Follow the steps in the [Google OIDC documentation][google-oidc] to register an OIDC application. Please use +`https://www.example.com/oauth2/callback` as the redirect URL when registering the application. `oauth2/callback` is the +default callback path used by Envoy Gateway. + +After registering the application, you should have the following information: +* Client ID: The client ID of the OIDC application. +* Client Secret: The client secret of the OIDC application. + +### Create a kubernetes secret + +Next, create a kubernetes secret with the Client Secret created in the previous step. The secret is an Opaque secret, +and the Client Secret must be stored in the key "client-secret". + +Note: please replace the ${CLIENT_SECRET} with the actual Client Secret that you got from the previous step. + +```shell +$ kubectl create secret generic my-app-client-secret --from-literal=client-secret=${CLIENT_SECRET} +secret "my-app-client-secret" created +``` + +### Create a SecurityPolicy + +Note: please replace the ${CLIENT_ID} with the actual Client ID that you got from the previous step. + +```shell +cat < Date: Tue, 5 Dec 2023 11:11:20 +0800 Subject: [PATCH 04/31] build(deps): bump actions/deploy-pages from 2.0.4 to 2.0.5 (#2263) Bumps [actions/deploy-pages](https://github.com/actions/deploy-pages) from 2.0.4 to 2.0.5. - [Release notes](https://github.com/actions/deploy-pages/releases) - [Commits](https://github.com/actions/deploy-pages/compare/v2.0.4...v2.0.5) --- updated-dependencies: - dependency-name: actions/deploy-pages dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/docs.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index 0c8e82b2a580..7bda29e66a01 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -80,4 +80,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v2.0.4 + uses: actions/deploy-pages@v2.0.5 From 2295ebc9f6e1ba79e2ad329d5b0128ebcac4d49c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Dec 2023 14:57:40 +0800 Subject: [PATCH 05/31] build(deps): bump envoyproxy/toolshed from actions-v0.1.65 to 0.1.82 (#2264) Bumps [envoyproxy/toolshed](https://github.com/envoyproxy/toolshed) from actions-v0.1.65 to 0.1.82. This release includes the previously tagged commit. - [Release notes](https://github.com/envoyproxy/toolshed/releases) - [Commits](https://github.com/envoyproxy/toolshed/compare/actions-v0.1.65...actions-v0.1.82) --- updated-dependencies: - dependency-name: envoyproxy/toolshed dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Xunzhuo --- .github/workflows/retest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/retest.yaml b/.github/workflows/retest.yaml index 3e205e961e4b..cb722b6392d1 100644 --- a/.github/workflows/retest.yaml +++ b/.github/workflows/retest.yaml @@ -22,6 +22,6 @@ jobs: pull-requests: write actions: write steps: - - uses: envoyproxy/toolshed/gh-actions/retest@actions-v0.1.65 + - uses: envoyproxy/toolshed/gh-actions/retest@actions-v0.1.82 with: token: ${{ secrets.GITHUB_TOKEN }} From df8b70c4efb2f4f621a5f5d9cd040f5eab975251 Mon Sep 17 00:00:00 2001 From: Karol Szwaj Date: Wed, 6 Dec 2023 00:44:33 +0100 Subject: [PATCH 06/31] docs: add ClientTrafficPolicy user guide (#2223) * docs: add ClientTrafficPolicy user guide Signed-off-by: Karol Szwaj * add keepalive example Signed-off-by: Karol Szwaj * btp reference Signed-off-by: Karol Szwaj * review comments Signed-off-by: Karol Szwaj * reorg Signed-off-by: Karol Szwaj * add ctp keepalive example Signed-off-by: Karol Szwaj * md lint Signed-off-by: Karol Szwaj * add proxy protocol example Signed-off-by: Karol Szwaj * update docs Signed-off-by: Karol Szwaj --------- Signed-off-by: Karol Szwaj --- .../en/latest/user/client-traffic-policy.md | 289 ++++++++++++++++++ 1 file changed, 289 insertions(+) create mode 100644 site/content/en/latest/user/client-traffic-policy.md diff --git a/site/content/en/latest/user/client-traffic-policy.md b/site/content/en/latest/user/client-traffic-policy.md new file mode 100644 index 000000000000..9d89a0eb816b --- /dev/null +++ b/site/content/en/latest/user/client-traffic-policy.md @@ -0,0 +1,289 @@ +--- +title: "Client Traffic Policy" +--- + +This guide explains the usage of the [ClientTrafficPolicy][] API. + + +## Introduction + +The [ClientTrafficPolicy][] API allows system administrators to configure +the behavior for how the Envoy Proxy server behaves with downstream clients. + +## Motivation + +This API was added as a new policy attachment resource that can be applied to Gateway resources and it is meant to hold settings for configuring behavior of the connection between the downstream client and Envoy Proxy listener. It is the counterpart to the [BackendTrafficPolicy][] API resource. + +## Quickstart + +### Prerequisites + +* Follow the steps from the [Quickstart](../quickstart) guide to install Envoy Gateway and the example manifest. +Before proceeding, you should be able to query the example backend using HTTP. + +### Support TCP keepalive for downstream client + +```shell +cat < GET /get HTTP/1.1 +> Host: www.example.com +> User-Agent: curl/8.1.2 +> Accept: */* +> +< HTTP/1.1 200 OK +< content-type: application/json +< x-content-type-options: nosniff +< date: Fri, 01 Dec 2023 10:17:04 GMT +< content-length: 507 +< x-envoy-upstream-service-time: 0 +< server: envoy +< +{ + "path": "/get", + "host": "www.example.com", + "method": "GET", + "proto": "HTTP/1.1", + "headers": { + "Accept": [ + "*/*" + ], + "User-Agent": [ + "curl/8.1.2" + ], + "X-Envoy-Expected-Rq-Timeout-Ms": [ + "15000" + ], + "X-Envoy-Internal": [ + "true" + ], + "X-Forwarded-For": [ + "172.18.0.2" + ], + "X-Forwarded-Proto": [ + "http" + ], + "X-Request-Id": [ + "4d0d33e8-d611-41f0-9da0-6458eec20fa5" + ] + }, + "namespace": "default", + "ingress": "", + "service": "", + "pod": "backend-58d58f745-2zwvn" +* Connection #0 to host 172.18.255.202 left intact +}* Found bundle for host: 0x7fb9f5204ea0 [serially] +* Can not multiplex, even if we wanted to +* Re-using existing connection #0 with host 172.18.255.202 +> GET /headers HTTP/1.1 +> Host: www.example.com +> User-Agent: curl/8.1.2 +> Accept: */* +> +< HTTP/1.1 200 OK +< content-type: application/json +< x-content-type-options: nosniff +< date: Fri, 01 Dec 2023 10:17:04 GMT +< content-length: 511 +< x-envoy-upstream-service-time: 0 +< server: envoy +< +{ + "path": "/headers", + "host": "www.example.com", + "method": "GET", + "proto": "HTTP/1.1", + "headers": { + "Accept": [ + "*/*" + ], + "User-Agent": [ + "curl/8.1.2" + ], + "X-Envoy-Expected-Rq-Timeout-Ms": [ + "15000" + ], + "X-Envoy-Internal": [ + "true" + ], + "X-Forwarded-For": [ + "172.18.0.2" + ], + "X-Forwarded-Proto": [ + "http" + ], + "X-Request-Id": [ + "9a8874c0-c117-481c-9b04-933571732ca5" + ] + }, + "namespace": "default", + "ingress": "", + "service": "", + "pod": "backend-58d58f745-2zwvn" +* Connection #0 to host 172.18.255.202 left intact +} +``` + +You can see keepalive connection marked by the output in: + +```shell +* Connection #0 to host 172.18.255.202 left intact +* Re-using existing connection #0 with host 172.18.255.202 +``` + +### Enable Proxy Protocol for downstream client + +This example configures Proxy Protocol for downstream clients. + +```shell +cat < GET /get HTTP/1.1 +> Host: www.example.com +> User-Agent: curl/8.1.2 +> Accept: */* +> +* Recv failure: Connection reset by peer +* Closing connection 0 +curl: (56) Recv failure: Connection reset by peer +``` + +Curl the example app through Envoy proxy once again, now sending HAProxy PROXY protocol header at the beginning of the connection with --haproxy-protocol flag: + +```shell +curl --verbose --haproxy-protocol --header "Host: www.example.com" http://$GATEWAY_HOST/get +``` + +You should now expect 200 response status and also see that source IP was preserved in the X-Forwarded-For header. + +```shell +* Trying 172.18.255.202:80... +* Connected to 172.18.255.202 (172.18.255.202) port 80 (#0) +> GET /get HTTP/1.1 +> Host: www.example.com +> User-Agent: curl/8.1.2 +> Accept: */* +> +< HTTP/1.1 200 OK +< content-type: application/json +< x-content-type-options: nosniff +< date: Mon, 04 Dec 2023 21:11:43 GMT +< content-length: 510 +< x-envoy-upstream-service-time: 0 +< server: envoy +< +{ + "path": "/get", + "host": "www.example.com", + "method": "GET", + "proto": "HTTP/1.1", + "headers": { + "Accept": [ + "*/*" + ], + "User-Agent": [ + "curl/8.1.2" + ], + "X-Envoy-Expected-Rq-Timeout-Ms": [ + "15000" + ], + "X-Envoy-Internal": [ + "true" + ], + "X-Forwarded-For": [ + "192.168.255.6" + ], + "X-Forwarded-Proto": [ + "http" + ], + "X-Request-Id": [ + "290e4b61-44b7-4e5c-a39c-0ec76784e897" + ] + }, + "namespace": "default", + "ingress": "", + "service": "", + "pod": "backend-58d58f745-2zwvn" +* Connection #0 to host 172.18.255.202 left intact +} +``` + +[ClientTrafficPolicy]: ../../api/extension_types#clienttrafficpolicy +[BackendTrafficPolicy]: ../../api/extension_types#backendtrafficpolicy From 532709c0bdd8edb70f287b1898255c227afbe99e Mon Sep 17 00:00:00 2001 From: sh2 Date: Wed, 6 Dec 2023 07:53:45 +0800 Subject: [PATCH 07/31] e2e: fix retry logic for e2e udp route (#2267) fix retry logic for dns exchange Signed-off-by: sh2 --- test/e2e/tests/udproute.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/test/e2e/tests/udproute.go b/test/e2e/tests/udproute.go index 31b0dbf44c46..3961727fb56d 100644 --- a/test/e2e/tests/udproute.go +++ b/test/e2e/tests/udproute.go @@ -54,7 +54,8 @@ var UDPRouteTest = suite.ConformanceTest{ t.Logf("performing DNS query %s on %s", domain, gwAddr) _, err = dns.Exchange(msg, gwAddr) if err != nil { - return false, err + t.Logf("failed to perform a UDP query: %v", err) + return false, nil } return true, nil }); err != nil { @@ -64,7 +65,7 @@ var UDPRouteTest = suite.ConformanceTest{ }, } -// GatewayRef is a tiny type for specifying an UDP Route ParentRef without +// GatewayRef is a tiny type for specifying a UDP Route ParentRef without // relying on a specific api version. type GatewayRef struct { types.NamespacedName From ebc18d8b43e2bd97ccffa6de0b9d8d95e73ae8b6 Mon Sep 17 00:00:00 2001 From: tmsnan Date: Wed, 6 Dec 2023 14:33:49 +0800 Subject: [PATCH 08/31] doc: update user and design documentation due to removal of AuthenticationFilter and RateLimitFilter CRD resource. (#2198) * doc: update jwt example Signed-off-by: zhaonan * doc: update desigin doc for ratelimit Signed-off-by: zhaonan * doc: update rate-limit in backend-traffic-policy Signed-off-by: zhaonan * update v0.6.0 doc Signed-off-by: zhaonan --------- Signed-off-by: zhaonan Co-authored-by: Xunzhuo --- .../latest/design/backend-traffic-policy.md | 1 + site/content/en/latest/design/rate-limit.md | 181 +++++++++-------- site/content/en/latest/user/rate-limit.md | 33 ++-- .../v0.6.0/design/backend-traffic-policy.md | 1 + site/content/en/v0.6.0/design/rate-limit.md | 182 ++++++++++-------- site/content/en/v0.6.0/user/rate-limit.md | 33 ++-- 6 files changed, 242 insertions(+), 189 deletions(-) diff --git a/site/content/en/latest/design/backend-traffic-policy.md b/site/content/en/latest/design/backend-traffic-policy.md index 3dceec44409a..9411ef209781 100644 --- a/site/content/en/latest/design/backend-traffic-policy.md +++ b/site/content/en/latest/design/backend-traffic-policy.md @@ -131,6 +131,7 @@ Here is a list of some features that can be included in this API. Note that this - Keep alive probes - Health checking - Load balancing +- Rate limit ## Design Decisions diff --git a/site/content/en/latest/design/rate-limit.md b/site/content/en/latest/design/rate-limit.md index 315f9b7138ea..8dfda7680e84 100644 --- a/site/content/en/latest/design/rate-limit.md +++ b/site/content/en/latest/design/rate-limit.md @@ -34,20 +34,25 @@ by matching on a custom `x-user-id` header with a value set to `one` ```yaml apiVersion: gateway.envoyproxy.io/v1alpha1 -kind: RateLimitFilter +kind: BackendTrafficPolicy metadata: name: ratelimit-specific-user spec: - type: Global - global: - rules: - - clientSelectors: - - headers: - - name: x-user-id - value: one - limit: - requests: 10 - unit: Hour + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: example + rateLimit: + type: Global + global: + rules: + - clientSelectors: + - headers: + - name: x-user-id + value: one + limit: + requests: 10 + unit: Hour --- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute @@ -82,16 +87,21 @@ is specified, and the rate limit is applied to all traffic flows accepted by thi ```yaml apiVersion: gateway.envoyproxy.io/v1alpha1 -kind: RateLimitFilter +kind: BackendTrafficPolicy metadata: name: ratelimit-all-requests spec: - type: Global - global: - rules: - - limit: - requests: 1000 - unit: Second + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: example + rateLimit: + type: Global + global: + rules: + - limit: + requests: 1000 + unit: Second --- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute @@ -127,20 +137,25 @@ by matching on a custom `x-user-id` header. Here, user A (recognised from the tr ```yaml apiVersion: gateway.envoyproxy.io/v1alpha1 -kind: RateLimitFilter +kind: BackendTrafficPolicy metadata: name: ratelimit-per-user spec: - type: Global - global: - rules: - - clientSelectors: - - headers: - - type: Distinct - name: x-user-id - limit: - requests: 10 - unit: Hour + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: example + rateLimit: + type: Global + global: + rules: + - clientSelectors: + - headers: + - type: Distinct + name: x-user-id + limit: + requests: 10 + unit: Hour --- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute @@ -174,18 +189,23 @@ to a specific route by matching on source IP. In this case, requests from `x.x.x ```yaml apiVersion: gateway.envoyproxy.io/v1alpha1 -kind: RateLimitFilter +kind: BackendTrafficPolicy metadata: name: ratelimit-per-ip spec: - type: Global - global: - rules: - - clientSelectors: - - sourceIP: x.x.x.x/32 - limit: - requests: 10 - unit: Hour + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: example + rateLimit: + type: Global + global: + rules: + - clientSelectors: + - sourceIP: x.x.x.x/32 + limit: + requests: 10 + unit: Hour --- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute @@ -227,31 +247,36 @@ spec: targetRef: group: gateway.networking.k8s.io kind: HTTPRoute - name: eg + name: example jwt: providers: - name: example remoteJWKS: uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json claimToHeaders: - - claim: name - header: custom-request-header + - claim: name + header: custom-request-header --- apiVersion: gateway.envoyproxy.io/v1alpha1 -kind: RateLimitFilter +kind: BackendTrafficPolicy metadata: name: ratelimit-specific-user spec: - type: Global - global: - rules: - - clientSelectors: - - headers: - - name: custom-request-header - value: John Doe - limit: - requests: 10 - unit: Hour + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: example + rateLimit: + type: Global + global: + rules: + - clientSelectors: + - headers: + - name: custom-request-header + value: John Doe + limit: + requests: 10 + unit: Hour --- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute @@ -269,12 +294,6 @@ spec: name: backend port: 3000 weight: 1 - filters: - - type: ExtensionRef - extensionRef: - group: gateway.envoyproxy.io - kind: RateLimitFilter - name: ratelimit-specific-user matches: - path: type: PathPrefix @@ -291,32 +310,42 @@ Here's an example highlighting this - ```yaml apiVersion: gateway.envoyproxy.io/v1alpha1 -kind: RateLimitFilter +kind: BackendTrafficPolicy metadata: name: ratelimit-all-safeguard-app spec: - type: Global - global: - rules: - - limit: - requests: 100 - unit: Second + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: example + rateLimit: + type: Global + global: + rules: + - limit: + requests: 100 + unit: Hour --- apiVersion: gateway.envoyproxy.io/v1alpha1 -kind: RateLimitFilter +kind: BackendTrafficPolicy metadata: name: ratelimit-per-user spec: - type: Global - global: - rules: - - clientSelectors: - - headers: - - type: Distinct - name: x-user-id - limit: - requests: 1000 - unit: Hour + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: example + rateLimit: + type: Global + global: + rules: + - clientSelectors: + - headers: + - type: Distinct + name: x-user-id + limit: + requests: 100 + unit: Hour --- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute diff --git a/site/content/en/latest/user/rate-limit.md b/site/content/en/latest/user/rate-limit.md index ee671039fef6..f74fbc4f6a22 100644 --- a/site/content/en/latest/user/rate-limit.md +++ b/site/content/en/latest/user/rate-limit.md @@ -599,18 +599,22 @@ Here is an example of a rate limit implemented by the application developer to l ```shell cat < Date: Wed, 6 Dec 2023 14:53:09 +0800 Subject: [PATCH 09/31] feat: support FQDN address type for EndpointSlice (#2138) * initial implementation of supporting FQDN address type for EndpointSlice Signed-off-by: sh2 * add support to endpointslice fqdn address type with simple approach Signed-off-by: sh2 * fix ci unit test Signed-off-by: sh2 * resolve comments Signed-off-by: sh2 * add addrtype check and refactor condition message Signed-off-by: sh2 --------- Signed-off-by: sh2 Co-authored-by: zirain --- internal/gatewayapi/resource.go | 2 +- internal/gatewayapi/route.go | 101 ++++++++++--- ...ndtrafficpolicy-with-loadbalancer.out.yaml | 9 +- ...dtrafficpolicy-with-proxyprotocol.out.yaml | 6 +- ...ckendtrafficpolicy-with-ratelimit.out.yaml | 6 +- ...route-with-valid-extension-filter.out.yaml | 3 +- ...-namespace-with-allowed-httproute.out.yaml | 3 +- ...her-namespace-allowed-by-refgrant.out.yaml | 3 +- ...ith-tls-terminate-and-passthrough.out.yaml | 6 +- ...ith-same-algorithm-different-fqdn.out.yaml | 3 +- ...-valid-multiple-tls-configuration.out.yaml | 3 +- ...ener-with-valid-tls-configuration.out.yaml | 3 +- ...with-preexisting-status-condition.out.yaml | 3 +- ...-listener-with-multiple-tcproutes.out.yaml | 3 +- ...-listener-with-multiple-udproutes.out.yaml | 3 +- ...teway-with-stale-status-condition.out.yaml | 3 +- ...listeners-on-same-tcp-or-tls-port.out.yaml | 3 +- ...th-two-listeners-on-same-udp-port.out.yaml | 3 +- ...isteners-with-multiple-httproutes.out.yaml | 12 +- ...-with-same-port-http-tcp-protocol.out.yaml | 6 +- ...-with-same-port-http-udp-protocol.out.yaml | 6 +- ...s-with-tcproutes-with-sectionname.out.yaml | 6 +- ...ith-tcproutes-without-sectionname.out.yaml | 6 +- ...s-with-udproutes-with-sectionname.out.yaml | 6 +- ...ith-udproutes-without-sectionname.out.yaml | 6 +- .../grpcroute-with-header-match.out.yaml | 3 +- ...ute-with-method-and-service-match.out.yaml | 6 +- .../grpcroute-with-method-match.out.yaml | 6 +- ...oute-with-request-header-modifier.out.yaml | 3 +- .../grpcroute-with-service-match.out.yaml | 6 +- ...way-with-more-different-listeners.out.yaml | 24 ++-- ...ng-to-gateway-with-more-listeners.out.yaml | 24 ++-- ...wo-listeners-with-different-ports.out.yaml | 6 +- ...ing-to-gateway-with-two-listeners.out.yaml | 6 +- .../httproute-attaching-to-gateway.out.yaml | 3 +- ...taching-to-listener-matching-port.out.yaml | 3 +- ...ner-on-gateway-with-two-listeners.out.yaml | 3 +- ...port-backendrefs-diff-address-type.in.yaml | 99 +++++++++++++ ...ort-backendrefs-diff-address-type.out.yaml | 136 ++++++++++++++++++ ...port-backendrefs-same-address-type.in.yaml | 99 +++++++++++++ ...ort-backendrefs-same-address-type.out.yaml | 136 ++++++++++++++++++ ...mport-backendref-fqdn-address-type.in.yaml | 66 +++++++++ ...port-backendref-fqdn-address-type.out.yaml | 126 ++++++++++++++++ ...port-backendref-mixed-address-type.in.yaml | 83 +++++++++++ ...ort-backendref-mixed-address-type.out.yaml | 128 +++++++++++++++++ ...ner-with-serviceimport-backendref.out.yaml | 3 +- .../httproute-attaching-to-listener.out.yaml | 3 +- ...httproute-backend-request-timeout.out.yaml | 3 +- .../httproute-request-timeout.out.yaml | 3 +- ...-multiple-backends-and-no-weights.out.yaml | 9 +- ...ith-multiple-backends-and-weights.out.yaml | 9 +- ...her-namespace-allowed-by-refgrant.out.yaml | 3 +- ...her-namespace-allowed-by-refgrant.out.yaml | 3 +- .../httproute-with-empty-matches.out.yaml | 3 +- ...er-duplicate-add-multiple-filters.out.yaml | 3 +- ...with-header-filter-duplicate-adds.out.yaml | 3 +- ...duplicate-remove-multiple-filters.out.yaml | 3 +- ...h-header-filter-duplicate-removes.out.yaml | 3 +- ...header-filter-empty-header-values.out.yaml | 3 +- ...ute-with-header-filter-no-headers.out.yaml | 3 +- ...tproute-with-header-filter-remove.out.yaml | 3 +- ...ute-with-mirror-filter-duplicates.out.yaml | 9 +- ...route-with-mirror-filter-multiple.out.yaml | 9 +- ...ith-mirror-filter-service-no-port.out.yaml | 3 +- ...h-mirror-filter-service-not-found.out.yaml | 3 +- .../httproute-with-mirror-filter.out.yaml | 6 +- ...-with-response-header-filter-adds.out.yaml | 3 +- ...er-duplicate-add-multiple-filters.out.yaml | 3 +- ...onse-header-filter-duplicate-adds.out.yaml | 3 +- ...duplicate-remove-multiple-filters.out.yaml | 3 +- ...e-header-filter-duplicate-removes.out.yaml | 3 +- ...header-filter-empty-header-values.out.yaml | 3 +- ...response-header-filter-no-headers.out.yaml | 3 +- ...ith-response-header-filter-remove.out.yaml | 3 +- ...single-rule-with-exact-path-match.out.yaml | 3 +- ...ingle-rule-with-http-method-match.out.yaml | 3 +- ...h-single-rule-with-multiple-rules.out.yaml | 9 +- ...h-prefix-and-exact-header-matches.out.yaml | 3 +- ...e-invalid-backend-refs-no-service.out.yaml | 3 +- ...to-gateway-with-wildcard-hostname.out.yaml | 3 +- ...to-gateway-with-wildcard-hostname.out.yaml | 6 +- ...ite-filter-full-path-replace-http.out.yaml | 3 +- ...te-filter-hostname-prefix-replace.out.yaml | 3 +- ...e-with-urlrewrite-filter-hostname.out.yaml | 3 +- ...ewrite-filter-invalid-filter-type.out.yaml | 3 +- ...ewrite-filter-prefix-replace-http.out.yaml | 3 +- ...ng-to-gateway-with-unset-hostname.out.yaml | 3 +- .../httproutes-with-multiple-matches.out.yaml | 21 ++- ...multiple-gateways-multiple-routes.out.yaml | 6 +- .../securitypolicy-with-basic-auth.out.yaml | 3 +- .../securitypolicy-with-cors.out.yaml | 6 +- ...ypolicy-with-jwt-and-invalid-oidc.out.yaml | 6 +- ...cy-with-jwt-with-custom-extractor.out.yaml | 6 +- .../testdata/securitypolicy-with-jwt.out.yaml | 6 +- .../securitypolicy-with-oidc.out.yaml | 9 +- ...teway-with-listener-tls-terminate.out.yaml | 3 +- .../tlsroute-attaching-to-gateway.out.yaml | 3 +- .../testdata/tlsroute-multiple.out.yaml | 6 +- ...her-namespace-allowed-by-refgrant.out.yaml | 3 +- .../tlsroute-with-empty-hostname.out.yaml | 3 +- ...oute-with-empty-listener-hostname.out.yaml | 3 +- internal/ir/xds.go | 28 +++- internal/ir/xds_test.go | 38 ++++- internal/ir/zz_generated.deepcopy.go | 5 + .../in/xds-ir/http-route-dns-cluster.yaml | 23 +++ .../http-route-dns-cluster.clusters.yaml | 30 ++++ .../http-route-dns-cluster.endpoints.yaml | 1 + .../http-route-dns-cluster.listeners.yaml | 33 +++++ .../xds-ir/http-route-dns-cluster.routes.yaml | 16 +++ internal/xds/translator/translator.go | 38 +++-- internal/xds/translator/translator_test.go | 3 + 111 files changed, 1451 insertions(+), 190 deletions(-) create mode 100644 internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-diff-address-type.in.yaml create mode 100644 internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-diff-address-type.out.yaml create mode 100644 internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-same-address-type.in.yaml create mode 100644 internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-same-address-type.out.yaml create mode 100644 internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-fqdn-address-type.in.yaml create mode 100644 internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-fqdn-address-type.out.yaml create mode 100644 internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-mixed-address-type.in.yaml create mode 100644 internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-mixed-address-type.out.yaml create mode 100644 internal/xds/translator/testdata/in/xds-ir/http-route-dns-cluster.yaml create mode 100644 internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.clusters.yaml create mode 100644 internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.endpoints.yaml create mode 100644 internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.listeners.yaml create mode 100644 internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.routes.yaml diff --git a/internal/gatewayapi/resource.go b/internal/gatewayapi/resource.go index 2251d3466749..6dc630ddc72a 100644 --- a/internal/gatewayapi/resource.go +++ b/internal/gatewayapi/resource.go @@ -108,7 +108,7 @@ func (r *Resources) GetSecret(namespace, name string) *v1.Secret { } func (r *Resources) GetEndpointSlicesForBackend(svcNamespace, svcName string, backendKind string) []*discoveryv1.EndpointSlice { - endpointSlices := []*discoveryv1.EndpointSlice{} + var endpointSlices []*discoveryv1.EndpointSlice for _, endpointSlice := range r.EndpointSlices { var backendSelectorLabel string switch backendKind { diff --git a/internal/gatewayapi/route.go b/internal/gatewayapi/route.go index fc79ddb790ce..b2795e08e2e4 100644 --- a/internal/gatewayapi/route.go +++ b/internal/gatewayapi/route.go @@ -149,8 +149,14 @@ func (t *Translator) processHTTPRouteRules(httpRoute *HTTPRouteContext, parentRe // a unique Xds IR HTTPRoute per match. var ruleRoutes = t.processHTTPRouteRule(httpRoute, ruleIdx, httpFiltersContext, rule) + dstAddrTypeMap := make(map[ir.DestinationAddressType]int) + for _, backendRef := range rule.BackendRefs { ds, backendWeight := t.processDestination(backendRef.BackendRef, parentRef, httpRoute, resources) + if !t.EndpointRoutingDisabled && ds != nil && len(ds.Endpoints) > 0 && ds.AddressType != nil { + dstAddrTypeMap[*ds.AddressType]++ + } + for _, route := range ruleRoutes { // If the route already has a direct response or redirect configured, then it was from a filter so skip // processing any destinations for this route. @@ -163,7 +169,6 @@ func (t *Translator) processHTTPRouteRules(httpRoute *HTTPRouteContext, parentRe } route.Destination.Settings = append(route.Destination.Settings, ds) route.BackendWeights.Valid += backendWeight - } else { route.BackendWeights.Invalid += backendWeight } @@ -171,6 +176,15 @@ func (t *Translator) processHTTPRouteRules(httpRoute *HTTPRouteContext, parentRe } } + // TODO: support mixed endpointslice address type between backendRefs + if !t.EndpointRoutingDisabled && len(dstAddrTypeMap) > 1 { + parentRef.SetCondition(httpRoute, + gwapiv1.RouteConditionResolvedRefs, + metav1.ConditionFalse, + gwapiv1a1.RouteReasonResolvedRefs, + "Mixed endpointslice address type between backendRefs is not supported") + } + // If the route has no valid backends then just use a direct response and don't fuss with weighted responses for _, ruleRoute := range ruleRoutes { if ruleRoute.BackendWeights.Invalid > 0 && ruleRoute.Destination == nil { @@ -980,7 +994,10 @@ func (t *Translator) processDestination(backendRef gwapiv1.BackendRef, return nil, weight } - var endpoints []*ir.DestinationEndpoint + var ( + endpoints []*ir.DestinationEndpoint + addrType *ir.DestinationAddressType + ) protocol := inspectAppProtocolByRouteKind(routeType) switch KindDerefOr(backendRef.Kind, KindService) { case KindServiceImport: @@ -992,9 +1009,10 @@ func (t *Translator) processDestination(backendRef gwapiv1.BackendRef, break } } + if !t.EndpointRoutingDisabled { endpointSlices := resources.GetEndpointSlicesForBackend(backendNamespace, string(backendRef.Name), KindDerefOr(backendRef.Kind, KindService)) - endpoints = getIREndpointsFromEndpointSlice(endpointSlices, servicePort.Name, servicePort.Protocol) + endpoints, addrType = getIREndpointsFromEndpointSlices(endpointSlices, servicePort.Name, servicePort.Protocol) } else { backendIps := resources.GetServiceImport(backendNamespace, string(backendRef.Name)).Spec.IPs for _, ip := range backendIps { @@ -1023,7 +1041,7 @@ func (t *Translator) processDestination(backendRef gwapiv1.BackendRef, // Route to endpoints by default if !t.EndpointRoutingDisabled { endpointSlices := resources.GetEndpointSlicesForBackend(backendNamespace, string(backendRef.Name), KindDerefOr(backendRef.Kind, KindService)) - endpoints = getIREndpointsFromEndpointSlice(endpointSlices, servicePort.Name, servicePort.Protocol) + endpoints, addrType = getIREndpointsFromEndpointSlices(endpointSlices, servicePort.Name, servicePort.Protocol) } else { // Fall back to Service ClusterIP routing ep := ir.NewDestEndpoint( @@ -1033,10 +1051,20 @@ func (t *Translator) processDestination(backendRef gwapiv1.BackendRef, } } + // TODO: support mixed endpointslice address type for the same backendRef + if !t.EndpointRoutingDisabled && addrType != nil && *addrType == ir.MIXED { + parentRef.SetCondition(route, + gwapiv1.RouteConditionResolvedRefs, + metav1.ConditionFalse, + gwapiv1a1.RouteReasonResolvedRefs, + "Mixed endpointslice address type for the same backendRef is not supported") + } + ds = &ir.DestinationSetting{ - Weight: &weight, - Protocol: protocol, - Endpoints: endpoints, + Weight: &weight, + Protocol: protocol, + Endpoints: endpoints, + AddressType: addrType, } return ds, weight } @@ -1137,22 +1165,51 @@ func (t *Translator) processAllowedListenersForParentRefs(routeContext RouteCont return relevantRoute } -func getIREndpointsFromEndpointSlice(endpointSlices []*discoveryv1.EndpointSlice, portName string, portProtocol corev1.Protocol) []*ir.DestinationEndpoint { - endpoints := []*ir.DestinationEndpoint{} +func getIREndpointsFromEndpointSlices(endpointSlices []*discoveryv1.EndpointSlice, portName string, portProtocol corev1.Protocol) ([]*ir.DestinationEndpoint, *ir.DestinationAddressType) { + var ( + dstEndpoints []*ir.DestinationEndpoint + dstAddrType *ir.DestinationAddressType + ) + + addrTypeMap := make(map[ir.DestinationAddressType]int) for _, endpointSlice := range endpointSlices { - for _, endpoint := range endpointSlice.Endpoints { - for _, endpointPort := range endpointSlice.Ports { - // Check if the endpoint port matches the service port - // and if endpoint is Ready - if *endpointPort.Name == portName && - *endpointPort.Protocol == portProtocol && - *endpoint.Conditions.Ready { - for _, address := range endpoint.Addresses { - ep := ir.NewDestEndpoint( - address, - uint32(*endpointPort.Port)) - endpoints = append(endpoints, ep) - } + if endpointSlice.AddressType == discoveryv1.AddressTypeFQDN { + addrTypeMap[ir.FQDN]++ + } else { + addrTypeMap[ir.IP]++ + } + endpoints := getIREndpointsFromEndpointSlice(endpointSlice, portName, portProtocol) + dstEndpoints = append(dstEndpoints, endpoints...) + } + + for addrTypeState, addrTypeCounts := range addrTypeMap { + if addrTypeCounts == len(endpointSlices) { + dstAddrType = ptr.To(addrTypeState) + break + } + } + + if len(addrTypeMap) > 0 && dstAddrType == nil { + dstAddrType = ptr.To(ir.MIXED) + } + + return dstEndpoints, dstAddrType +} + +func getIREndpointsFromEndpointSlice(endpointSlice *discoveryv1.EndpointSlice, portName string, portProtocol corev1.Protocol) []*ir.DestinationEndpoint { + var endpoints []*ir.DestinationEndpoint + for _, endpoint := range endpointSlice.Endpoints { + for _, endpointPort := range endpointSlice.Ports { + // Check if the endpoint port matches the service port + // and if endpoint is Ready + if *endpointPort.Name == portName && + *endpointPort.Protocol == portProtocol && + *endpoint.Conditions.Ready { + for _, address := range endpoint.Addresses { + ep := ir.NewDestEndpoint( + address, + uint32(*endpointPort.Port)) + endpoints = append(endpoints, ep) } } } diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml index d43e7ad33ddf..1d680b3123ae 100755 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml @@ -329,7 +329,8 @@ xdsIR: destination: name: grpcroute/default/grpcroute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: GRPC @@ -356,7 +357,8 @@ xdsIR: destination: name: httproute/default/httproute-2/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -377,7 +379,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-proxyprotocol.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-proxyprotocol.out.yaml index 42bd4da620c3..7fcde2d8d790 100755 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-proxyprotocol.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-proxyprotocol.out.yaml @@ -243,7 +243,8 @@ xdsIR: destination: name: grpcroute/default/grpcroute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: GRPC @@ -270,7 +271,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml index 0e4723e95a94..9a4bacb0e021 100755 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml @@ -263,7 +263,8 @@ xdsIR: destination: name: grpcroute/default/grpcroute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: GRPC @@ -300,7 +301,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/extensions/httproute-with-valid-extension-filter.out.yaml b/internal/gatewayapi/testdata/extensions/httproute-with-valid-extension-filter.out.yaml index e8dac2910d80..08c8a7db6c30 100644 --- a/internal/gatewayapi/testdata/extensions/httproute-with-valid-extension-filter.out.yaml +++ b/internal/gatewayapi/testdata/extensions/httproute-with-valid-extension-filter.out.yaml @@ -119,7 +119,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml index c039814f78ac..31f8b24bd782 100644 --- a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml +++ b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml @@ -108,7 +108,8 @@ xdsIR: destination: name: httproute/envoy-gateway/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml index 8af7e3a482e7..16ddceed2d2a 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml @@ -115,7 +115,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml index 3c16278e7d37..8be3e07c12d9 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml @@ -181,7 +181,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -201,7 +202,8 @@ xdsIR: destination: name: tlsroute/default/tlsroute-1/rule/-1 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTPS diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml index d4a11d1f1178..9334f4bdedf0 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml @@ -117,7 +117,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml index 7fd1fa8d757d..6fa274702120 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml @@ -117,7 +117,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml index 256f5fa5750b..fb67c97d0837 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml @@ -114,7 +114,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/gateway-with-preexisting-status-condition.out.yaml b/internal/gatewayapi/testdata/gateway-with-preexisting-status-condition.out.yaml index d5a4ceb48950..debddc26ef1d 100644 --- a/internal/gatewayapi/testdata/gateway-with-preexisting-status-condition.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-preexisting-status-condition.out.yaml @@ -108,7 +108,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-tcproutes.out.yaml b/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-tcproutes.out.yaml index 58a4352f7251..05834897096f 100644 --- a/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-tcproutes.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-tcproutes.out.yaml @@ -125,7 +125,8 @@ xdsIR: destination: name: tcproute/default/tcproute-1/rule/-1 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8163 protocol: TCP diff --git a/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-udproutes.out.yaml b/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-udproutes.out.yaml index e82622c8665d..6960c6dd1c91 100644 --- a/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-udproutes.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-udproutes.out.yaml @@ -125,7 +125,8 @@ xdsIR: destination: name: udproute/default/udproute-1/rule/-1 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8162 protocol: UDP diff --git a/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml b/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml index 7d8d30b12c1f..3a2252557e19 100644 --- a/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml @@ -114,7 +114,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-tcp-or-tls-port.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-tcp-or-tls-port.out.yaml index 3937ab6d28a1..0d516c4f69c3 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-tcp-or-tls-port.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-tcp-or-tls-port.out.yaml @@ -123,7 +123,8 @@ xdsIR: destination: name: tcproute/default/tcproute-1/rule/-1 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8163 protocol: TCP diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-udp-port.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-udp-port.out.yaml index 39cdeb84c4d0..374211cbfe6c 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-udp-port.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-udp-port.out.yaml @@ -121,7 +121,8 @@ xdsIR: destination: name: udproute/default/udproute-1/rule/-1 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8162 protocol: UDP diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-multiple-httproutes.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-multiple-httproutes.out.yaml index 5da2538be94d..d189fd835043 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-multiple-httproutes.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-multiple-httproutes.out.yaml @@ -177,7 +177,8 @@ xdsIR: destination: name: httproute/default/httproute-2/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -194,7 +195,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -218,7 +220,8 @@ xdsIR: destination: name: httproute/default/httproute-2/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -235,7 +238,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-tcp-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-tcp-protocol.out.yaml index 79634a364826..548a88854f78 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-tcp-protocol.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-tcp-protocol.out.yaml @@ -172,7 +172,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -188,7 +189,8 @@ xdsIR: destination: name: tcproute/default/tcproute-1/rule/-1 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8163 protocol: TCP diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-udp-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-udp-protocol.out.yaml index 7805c70ac384..b13db8d577ad 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-udp-protocol.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-udp-protocol.out.yaml @@ -172,7 +172,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -188,7 +189,8 @@ xdsIR: destination: name: udproute/default/udproute-1/rule/-1 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8162 protocol: UDP diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-with-sectionname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-with-sectionname.out.yaml index df1b7a0ae3d2..8ac3af7eec48 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-with-sectionname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-with-sectionname.out.yaml @@ -160,7 +160,8 @@ xdsIR: destination: name: tcproute/default/tcproute-1/rule/-1 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8163 protocol: TCP @@ -172,7 +173,8 @@ xdsIR: destination: name: tcproute/default/tcproute-2/rule/-1 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8163 protocol: TCP diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-without-sectionname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-without-sectionname.out.yaml index c31ac5dc002b..2d7dee34f08e 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-without-sectionname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-without-sectionname.out.yaml @@ -156,7 +156,8 @@ xdsIR: destination: name: tcproute/default/tcproute-1/rule/-1 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8163 protocol: TCP @@ -168,7 +169,8 @@ xdsIR: destination: name: tcproute/default/tcproute-1/rule/-1 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8163 protocol: TCP diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-with-sectionname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-with-sectionname.out.yaml index a0cdded06baf..903811f84533 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-with-sectionname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-with-sectionname.out.yaml @@ -160,7 +160,8 @@ xdsIR: destination: name: udproute/default/udproute-1/rule/-1 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8162 protocol: UDP @@ -171,7 +172,8 @@ xdsIR: destination: name: udproute/default/udproute-2/rule/-1 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8162 protocol: UDP diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-without-sectionname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-without-sectionname.out.yaml index cd65d8df5839..07d09bb77451 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-without-sectionname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-without-sectionname.out.yaml @@ -156,7 +156,8 @@ xdsIR: destination: name: udproute/default/udproute-1/rule/-1 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8162 protocol: UDP @@ -167,7 +168,8 @@ xdsIR: destination: name: udproute/default/udproute-1/rule/-1 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8162 protocol: UDP diff --git a/internal/gatewayapi/testdata/grpcroute-with-header-match.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-header-match.out.yaml index f0068b645d88..1d159ce0a3d0 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-header-match.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-header-match.out.yaml @@ -112,7 +112,8 @@ xdsIR: destination: name: grpcroute/default/grpcroute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: GRPC diff --git a/internal/gatewayapi/testdata/grpcroute-with-method-and-service-match.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-method-and-service-match.out.yaml index 1da89fcadb99..c7967051d4f5 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-method-and-service-match.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-method-and-service-match.out.yaml @@ -116,7 +116,8 @@ xdsIR: destination: name: grpcroute/default/grpcroute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: GRPC @@ -133,7 +134,8 @@ xdsIR: destination: name: grpcroute/default/grpcroute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: GRPC diff --git a/internal/gatewayapi/testdata/grpcroute-with-method-match.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-method-match.out.yaml index 5177fb3c8fc4..68fa394e1088 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-method-match.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-method-match.out.yaml @@ -114,7 +114,8 @@ xdsIR: destination: name: grpcroute/default/grpcroute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: GRPC @@ -131,7 +132,8 @@ xdsIR: destination: name: grpcroute/default/grpcroute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: GRPC diff --git a/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml index e11ecaa5f723..7e38ea0d9bc7 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml @@ -117,7 +117,8 @@ xdsIR: destination: name: grpcroute/default/grpcroute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: GRPC diff --git a/internal/gatewayapi/testdata/grpcroute-with-service-match.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-service-match.out.yaml index 3cdb86680dff..498488b8af93 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-service-match.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-service-match.out.yaml @@ -114,7 +114,8 @@ xdsIR: destination: name: grpcroute/default/grpcroute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: GRPC @@ -131,7 +132,8 @@ xdsIR: destination: name: grpcroute/default/grpcroute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: GRPC diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-different-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-different-listeners.out.yaml index d355e36099d1..c439cfe5eed0 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-different-listeners.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-different-listeners.out.yaml @@ -347,7 +347,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -371,7 +372,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -395,7 +397,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -419,7 +422,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -443,7 +447,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -467,7 +472,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -491,7 +497,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -515,7 +522,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-listeners.out.yaml index 6022df48ce92..10becd272495 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-listeners.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-listeners.out.yaml @@ -319,7 +319,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -343,7 +344,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -367,7 +369,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -391,7 +394,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -415,7 +419,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -439,7 +444,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -463,7 +469,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -487,7 +494,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml index bf3911172f2e..a8361009bfea 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml @@ -147,7 +147,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -171,7 +172,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml index bb65228cd753..f90af488f5b8 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml @@ -139,7 +139,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -163,7 +164,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml index 7f7a8f3e1d21..51638092e372 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml @@ -108,7 +108,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-matching-port.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-matching-port.out.yaml index 6b4b54e66525..15c5d61deff6 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-matching-port.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-matching-port.out.yaml @@ -112,7 +112,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml index c80b1d0fc47e..a5578a823ebe 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml @@ -147,7 +147,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-diff-address-type.in.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-diff-address-type.in.yaml new file mode 100644 index 000000000000..0c00de607f16 --- /dev/null +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-diff-address-type.in.yaml @@ -0,0 +1,99 @@ +gateways: + - apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + namespace: envoy-gateway + name: gateway-1 + spec: + gatewayClassName: envoy-gateway-class + listeners: + - name: http + protocol: HTTP + port: 80 + allowedRoutes: + namespaces: + from: All +httpRoutes: + - apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + namespace: default + name: httproute-1 + spec: + parentRefs: + - namespace: envoy-gateway + name: gateway-1 + sectionName: http + rules: + - matches: + - path: + value: "/" + backendRefs: + - group: multicluster.x-k8s.io + kind: ServiceImport + name: service-import-1 + port: 8080 + - group: multicluster.x-k8s.io + kind: ServiceImport + name: service-import-2 + port: 8081 +serviceImports: + - apiVersion: multicluster.x-k8s.io/v1alpha1 + kind: ServiceImport + metadata: + namespace: default + name: service-import-1 + spec: + ips: + - 7.7.7.7 + ports: + - port: 8080 + name: http + protocol: TCP + - apiVersion: multicluster.x-k8s.io/v1alpha1 + kind: ServiceImport + metadata: + namespace: default + name: service-import-2 + spec: + ips: + - 8.8.8.8 + ports: + - port: 8081 + name: http + protocol: TCP +endpointSlices: + - apiVersion: discovery.k8s.io/v1 + kind: EndpointSlice + metadata: + name: service-import-1 + namespace: default + labels: + multicluster.kubernetes.io/service-name: service-import-1 + addressType: FQDN + ports: + - name: http + protocol: TCP + port: 8080 + endpoints: + - addresses: + - "foo.bar" + conditions: + ready: true + - apiVersion: discovery.k8s.io/v1 + kind: EndpointSlice + metadata: + name: service-import-2 + namespace: default + labels: + multicluster.kubernetes.io/service-name: service-import-2 + addressType: IPv4 + ports: + - name: http + protocol: TCP + port: 8081 + endpoints: + - addresses: + - "1.2.3.4" + conditions: + ready: true diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-diff-address-type.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-diff-address-type.out.yaml new file mode 100644 index 000000000000..e06b9481218e --- /dev/null +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-diff-address-type.out.yaml @@ -0,0 +1,136 @@ +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + creationTimestamp: null + name: gateway-1 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + listeners: + - allowedRoutes: + namespaces: + from: All + name: http + port: 80 + protocol: HTTP + status: + listeners: + - attachedRoutes: 1 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: http + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute +httpRoutes: +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + creationTimestamp: null + name: httproute-1 + namespace: default + spec: + parentRefs: + - name: gateway-1 + namespace: envoy-gateway + sectionName: http + rules: + - backendRefs: + - group: multicluster.x-k8s.io + kind: ServiceImport + name: service-import-1 + port: 8080 + - group: multicluster.x-k8s.io + kind: ServiceImport + name: service-import-2 + port: 8081 + matches: + - path: + value: / + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Mixed endpointslice address type between backendRefs is not supported + reason: ResolvedRefs + status: "False" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-1 + namespace: envoy-gateway + sectionName: http +infraIR: + envoy-gateway/gateway-1: + proxy: + listeners: + - address: "" + ports: + - containerPort: 10080 + name: http + protocol: HTTP + servicePort: 80 + metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-1 + gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway + name: envoy-gateway/gateway-1 +xdsIR: + envoy-gateway/gateway-1: + accessLog: + text: + - path: /dev/stdout + http: + - address: 0.0.0.0 + hostnames: + - '*' + isHTTP2: false + name: envoy-gateway/gateway-1/http + port: 10080 + routes: + - backendWeights: + invalid: 0 + valid: 0 + destination: + name: httproute/default/httproute-1/rule/0 + settings: + - addressType: FQDN + endpoints: + - host: foo.bar + port: 8080 + protocol: HTTP + weight: 1 + - addressType: IP + endpoints: + - host: 1.2.3.4 + port: 8081 + protocol: HTTP + weight: 1 + hostname: '*' + name: httproute/default/httproute-1/rule/0/match/0/* + pathMatch: + distinct: false + name: "" + prefix: / diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-same-address-type.in.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-same-address-type.in.yaml new file mode 100644 index 000000000000..8ad5fa129060 --- /dev/null +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-same-address-type.in.yaml @@ -0,0 +1,99 @@ +gateways: + - apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + namespace: envoy-gateway + name: gateway-1 + spec: + gatewayClassName: envoy-gateway-class + listeners: + - name: http + protocol: HTTP + port: 80 + allowedRoutes: + namespaces: + from: All +httpRoutes: + - apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + namespace: default + name: httproute-1 + spec: + parentRefs: + - namespace: envoy-gateway + name: gateway-1 + sectionName: http + rules: + - matches: + - path: + value: "/" + backendRefs: + - group: multicluster.x-k8s.io + kind: ServiceImport + name: service-import-1 + port: 8080 + - group: multicluster.x-k8s.io + kind: ServiceImport + name: service-import-2 + port: 8081 +serviceImports: + - apiVersion: multicluster.x-k8s.io/v1alpha1 + kind: ServiceImport + metadata: + namespace: default + name: service-import-1 + spec: + ips: + - 7.7.7.7 + ports: + - port: 8080 + name: http + protocol: TCP + - apiVersion: multicluster.x-k8s.io/v1alpha1 + kind: ServiceImport + metadata: + namespace: default + name: service-import-2 + spec: + ips: + - 8.8.8.8 + ports: + - port: 8081 + name: http + protocol: TCP +endpointSlices: + - apiVersion: discovery.k8s.io/v1 + kind: EndpointSlice + metadata: + name: service-import-1 + namespace: default + labels: + multicluster.kubernetes.io/service-name: service-import-1 + addressType: FQDN + ports: + - name: http + protocol: TCP + port: 8080 + endpoints: + - addresses: + - "foo.bar" + conditions: + ready: true + - apiVersion: discovery.k8s.io/v1 + kind: EndpointSlice + metadata: + name: service-import-2 + namespace: default + labels: + multicluster.kubernetes.io/service-name: service-import-2 + addressType: FQDN + ports: + - name: http + protocol: TCP + port: 8081 + endpoints: + - addresses: + - "bar.foo" + conditions: + ready: true diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-same-address-type.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-same-address-type.out.yaml new file mode 100644 index 000000000000..3c3f35857fb2 --- /dev/null +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-same-address-type.out.yaml @@ -0,0 +1,136 @@ +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + creationTimestamp: null + name: gateway-1 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + listeners: + - allowedRoutes: + namespaces: + from: All + name: http + port: 80 + protocol: HTTP + status: + listeners: + - attachedRoutes: 1 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: http + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute +httpRoutes: +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + creationTimestamp: null + name: httproute-1 + namespace: default + spec: + parentRefs: + - name: gateway-1 + namespace: envoy-gateway + sectionName: http + rules: + - backendRefs: + - group: multicluster.x-k8s.io + kind: ServiceImport + name: service-import-1 + port: 8080 + - group: multicluster.x-k8s.io + kind: ServiceImport + name: service-import-2 + port: 8081 + matches: + - path: + value: / + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Resolved all the Object references for the Route + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-1 + namespace: envoy-gateway + sectionName: http +infraIR: + envoy-gateway/gateway-1: + proxy: + listeners: + - address: "" + ports: + - containerPort: 10080 + name: http + protocol: HTTP + servicePort: 80 + metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-1 + gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway + name: envoy-gateway/gateway-1 +xdsIR: + envoy-gateway/gateway-1: + accessLog: + text: + - path: /dev/stdout + http: + - address: 0.0.0.0 + hostnames: + - '*' + isHTTP2: false + name: envoy-gateway/gateway-1/http + port: 10080 + routes: + - backendWeights: + invalid: 0 + valid: 0 + destination: + name: httproute/default/httproute-1/rule/0 + settings: + - addressType: FQDN + endpoints: + - host: foo.bar + port: 8080 + protocol: HTTP + weight: 1 + - addressType: FQDN + endpoints: + - host: bar.foo + port: 8081 + protocol: HTTP + weight: 1 + hostname: '*' + name: httproute/default/httproute-1/rule/0/match/0/* + pathMatch: + distinct: false + name: "" + prefix: / diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-fqdn-address-type.in.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-fqdn-address-type.in.yaml new file mode 100644 index 000000000000..7fa56a4ae0dd --- /dev/null +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-fqdn-address-type.in.yaml @@ -0,0 +1,66 @@ +gateways: + - apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + namespace: envoy-gateway + name: gateway-1 + spec: + gatewayClassName: envoy-gateway-class + listeners: + - name: http + protocol: HTTP + port: 80 + allowedRoutes: + namespaces: + from: All +httpRoutes: + - apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + namespace: default + name: httproute-1 + spec: + parentRefs: + - namespace: envoy-gateway + name: gateway-1 + sectionName: http + rules: + - matches: + - path: + value: "/" + backendRefs: + - group: multicluster.x-k8s.io + kind: ServiceImport + name: service-import-1 + port: 8080 +serviceImports: + - apiVersion: multicluster.x-k8s.io/v1alpha1 + kind: ServiceImport + metadata: + namespace: default + name: service-import-1 + spec: + ips: + - 7.7.7.7 + ports: + - port: 8080 + name: http + protocol: TCP +endpointSlices: + - apiVersion: discovery.k8s.io/v1 + kind: EndpointSlice + metadata: + name: service-import-1 + namespace: default + labels: + multicluster.kubernetes.io/service-name: service-import-1 + addressType: FQDN + ports: + - name: http + protocol: TCP + port: 8080 + endpoints: + - addresses: + - "foo.bar" + conditions: + ready: true diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-fqdn-address-type.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-fqdn-address-type.out.yaml new file mode 100644 index 000000000000..e18c999c9b16 --- /dev/null +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-fqdn-address-type.out.yaml @@ -0,0 +1,126 @@ +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + creationTimestamp: null + name: gateway-1 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + listeners: + - allowedRoutes: + namespaces: + from: All + name: http + port: 80 + protocol: HTTP + status: + listeners: + - attachedRoutes: 1 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: http + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute +httpRoutes: +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + creationTimestamp: null + name: httproute-1 + namespace: default + spec: + parentRefs: + - name: gateway-1 + namespace: envoy-gateway + sectionName: http + rules: + - backendRefs: + - group: multicluster.x-k8s.io + kind: ServiceImport + name: service-import-1 + port: 8080 + matches: + - path: + value: / + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Resolved all the Object references for the Route + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-1 + namespace: envoy-gateway + sectionName: http +infraIR: + envoy-gateway/gateway-1: + proxy: + listeners: + - address: "" + ports: + - containerPort: 10080 + name: http + protocol: HTTP + servicePort: 80 + metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-1 + gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway + name: envoy-gateway/gateway-1 +xdsIR: + envoy-gateway/gateway-1: + accessLog: + text: + - path: /dev/stdout + http: + - address: 0.0.0.0 + hostnames: + - '*' + isHTTP2: false + name: envoy-gateway/gateway-1/http + port: 10080 + routes: + - backendWeights: + invalid: 0 + valid: 0 + destination: + name: httproute/default/httproute-1/rule/0 + settings: + - addressType: FQDN + endpoints: + - host: foo.bar + port: 8080 + protocol: HTTP + weight: 1 + hostname: '*' + name: httproute/default/httproute-1/rule/0/match/0/* + pathMatch: + distinct: false + name: "" + prefix: / diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-mixed-address-type.in.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-mixed-address-type.in.yaml new file mode 100644 index 000000000000..c58ed15d3f8d --- /dev/null +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-mixed-address-type.in.yaml @@ -0,0 +1,83 @@ +gateways: + - apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + namespace: envoy-gateway + name: gateway-1 + spec: + gatewayClassName: envoy-gateway-class + listeners: + - name: http + protocol: HTTP + port: 80 + allowedRoutes: + namespaces: + from: All +httpRoutes: + - apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + namespace: default + name: httproute-1 + spec: + parentRefs: + - namespace: envoy-gateway + name: gateway-1 + sectionName: http + rules: + - matches: + - path: + value: "/" + backendRefs: + - group: multicluster.x-k8s.io + kind: ServiceImport + name: service-import-1 + port: 8080 +serviceImports: + - apiVersion: multicluster.x-k8s.io/v1alpha1 + kind: ServiceImport + metadata: + namespace: default + name: service-import-1 + spec: + ips: + - 7.7.7.7 + ports: + - port: 8080 + name: http + protocol: TCP +endpointSlices: + - apiVersion: discovery.k8s.io/v1 + kind: EndpointSlice + metadata: + name: service-import-1 + namespace: default + labels: + multicluster.kubernetes.io/service-name: service-import-1 + addressType: IPv4 + ports: + - name: http + protocol: TCP + port: 8080 + endpoints: + - addresses: + - "1.2.3.4" + conditions: + ready: true + - apiVersion: discovery.k8s.io/v1 + kind: EndpointSlice + metadata: + name: service-import-2 + namespace: default + labels: + multicluster.kubernetes.io/service-name: service-import-1 + addressType: FQDN + ports: + - name: http + protocol: TCP + port: 8081 + endpoints: + - addresses: + - "foo.bar" + conditions: + ready: true diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-mixed-address-type.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-mixed-address-type.out.yaml new file mode 100644 index 000000000000..9e8f4dc9b431 --- /dev/null +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-mixed-address-type.out.yaml @@ -0,0 +1,128 @@ +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + creationTimestamp: null + name: gateway-1 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + listeners: + - allowedRoutes: + namespaces: + from: All + name: http + port: 80 + protocol: HTTP + status: + listeners: + - attachedRoutes: 1 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: http + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute +httpRoutes: +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + creationTimestamp: null + name: httproute-1 + namespace: default + spec: + parentRefs: + - name: gateway-1 + namespace: envoy-gateway + sectionName: http + rules: + - backendRefs: + - group: multicluster.x-k8s.io + kind: ServiceImport + name: service-import-1 + port: 8080 + matches: + - path: + value: / + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Mixed endpointslice address type for the same backendRef is not supported + reason: ResolvedRefs + status: "False" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-1 + namespace: envoy-gateway + sectionName: http +infraIR: + envoy-gateway/gateway-1: + proxy: + listeners: + - address: "" + ports: + - containerPort: 10080 + name: http + protocol: HTTP + servicePort: 80 + metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-1 + gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway + name: envoy-gateway/gateway-1 +xdsIR: + envoy-gateway/gateway-1: + accessLog: + text: + - path: /dev/stdout + http: + - address: 0.0.0.0 + hostnames: + - '*' + isHTTP2: false + name: envoy-gateway/gateway-1/http + port: 10080 + routes: + - backendWeights: + invalid: 0 + valid: 0 + destination: + name: httproute/default/httproute-1/rule/0 + settings: + - addressType: Mixed + endpoints: + - host: 1.2.3.4 + port: 8080 + - host: foo.bar + port: 8081 + protocol: HTTP + weight: 1 + hostname: '*' + name: httproute/default/httproute-1/rule/0/match/0/* + pathMatch: + distinct: false + name: "" + prefix: / diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref.out.yaml index 8dd36eaab4a3..73ddc48011b1 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref.out.yaml @@ -112,7 +112,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 8.8.8.8 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml index 292fa7c579e7..246f7843cc73 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml @@ -110,7 +110,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-backend-request-timeout.out.yaml b/internal/gatewayapi/testdata/httproute-backend-request-timeout.out.yaml index e8a69536bcde..e410e752b70f 100755 --- a/internal/gatewayapi/testdata/httproute-backend-request-timeout.out.yaml +++ b/internal/gatewayapi/testdata/httproute-backend-request-timeout.out.yaml @@ -112,7 +112,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-request-timeout.out.yaml b/internal/gatewayapi/testdata/httproute-request-timeout.out.yaml index 784af59968ce..6500ec7b1db2 100644 --- a/internal/gatewayapi/testdata/httproute-request-timeout.out.yaml +++ b/internal/gatewayapi/testdata/httproute-request-timeout.out.yaml @@ -112,7 +112,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml index 0a5d688c5209..ab2c49ecd5b4 100644 --- a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml +++ b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml @@ -112,17 +112,20 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP weight: 1 - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP weight: 1 - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml index b9914097e1ca..f7fc2fafe4bd 100644 --- a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml +++ b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml @@ -115,17 +115,20 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP weight: 1 - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP weight: 2 - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml index feb27921697b..de7926e711ab 100644 --- a/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml @@ -110,7 +110,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-backendref-serviceimport-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/httproute-with-backendref-serviceimport-in-other-namespace-allowed-by-refgrant.out.yaml index ce891f3e31ac..eb8970229023 100644 --- a/internal/gatewayapi/testdata/httproute-with-backendref-serviceimport-in-other-namespace-allowed-by-refgrant.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-backendref-serviceimport-in-other-namespace-allowed-by-refgrant.out.yaml @@ -112,7 +112,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 8.8.8.8 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-empty-matches.out.yaml b/internal/gatewayapi/testdata/httproute-with-empty-matches.out.yaml index 77b8f9ed8d08..3fbb6cd826d2 100644 --- a/internal/gatewayapi/testdata/httproute-with-empty-matches.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-empty-matches.out.yaml @@ -107,7 +107,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml index eaf4f97f4227..c2c6d385ee81 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml @@ -138,7 +138,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml index d95b214ddbfd..0f9c470d2a98 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml @@ -154,7 +154,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml index 18f1c0832a51..a3be9067335e 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml @@ -124,7 +124,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml index d8f6fb860748..590f02627a53 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml @@ -119,7 +119,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml index 3d7bcf385341..3da7f9b3fad7 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml @@ -129,7 +129,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml index e8ded08b7a7b..02140bee7b52 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml @@ -116,7 +116,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml index f8f8387c8b06..020ec1f5ffca 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml @@ -120,7 +120,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-duplicates.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-duplicates.out.yaml index ebd06bcda6be..2fc54e2eb1b1 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-duplicates.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-duplicates.out.yaml @@ -126,7 +126,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -135,14 +136,16 @@ xdsIR: mirrors: - name: httproute/default/httproute-1/rule/0-mirror-0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP weight: 1 - name: httproute/default/httproute-1/rule/0-mirror-1 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml index 70b570f89f75..1b8c98e5438a 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml @@ -148,7 +148,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -157,14 +158,16 @@ xdsIR: mirrors: - name: httproute/default/httproute-1/rule/0-mirror-1 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP weight: 1 - name: httproute/default/httproute-1/rule/0-mirror-2 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.6.5.4 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-no-port.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-no-port.out.yaml index 5c4d788a2e68..2088aa42ac20 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-no-port.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-no-port.out.yaml @@ -120,7 +120,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-not-found.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-not-found.out.yaml index 1dd25e0427f0..b11b92942788 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-not-found.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-not-found.out.yaml @@ -120,7 +120,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter.out.yaml index e3355ceb10ce..347945a0f693 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter.out.yaml @@ -120,7 +120,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -129,7 +130,8 @@ xdsIR: mirrors: - name: httproute/default/httproute-1/rule/0-mirror-0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml index fa69c95125d5..f1932c0b172a 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml @@ -150,7 +150,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml index c6cd70c426e8..3c233ff36059 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml @@ -138,7 +138,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml index 7c8fdc5b531b..e8eb1694853f 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml @@ -154,7 +154,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-remove-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-remove-multiple-filters.out.yaml index 447fac2d3be0..8f0d821cb69f 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-remove-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-remove-multiple-filters.out.yaml @@ -124,7 +124,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-removes.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-removes.out.yaml index 5b623cd6ba8c..218314dba5e0 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-removes.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-removes.out.yaml @@ -119,7 +119,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml index 328798f4ac2e..8a8178a37104 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml @@ -129,7 +129,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-headers.out.yaml index f0b1cd0d6399..43e425d9a1d9 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-headers.out.yaml @@ -116,7 +116,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-remove.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-remove.out.yaml index 6d52a258a0e9..247a70498f48 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-remove.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-remove.out.yaml @@ -120,7 +120,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml index 5c98a914fd02..10a36ffe59de 100644 --- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml @@ -109,7 +109,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-http-method-match.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-http-method-match.out.yaml index 1e2121fd72dd..79cc9551888b 100644 --- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-http-method-match.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-http-method-match.out.yaml @@ -107,7 +107,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-multiple-rules.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-multiple-rules.out.yaml index b7fb0e5c1bb4..8ef1a2b9d9c5 100644 --- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-multiple-rules.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-multiple-rules.out.yaml @@ -139,7 +139,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -164,7 +165,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/1 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -181,7 +183,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/2 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml index b82e6dca274a..2b02c931900c 100644 --- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml @@ -113,7 +113,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-some-invalid-backend-refs-no-service.out.yaml b/internal/gatewayapi/testdata/httproute-with-some-invalid-backend-refs-no-service.out.yaml index c2f5181aff09..ffdd8c567249 100644 --- a/internal/gatewayapi/testdata/httproute-with-some-invalid-backend-refs-no-service.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-some-invalid-backend-refs-no-service.out.yaml @@ -113,7 +113,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml index 16f154f19c60..3f137028b62b 100644 --- a/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml @@ -111,7 +111,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml index 17b2fc20b950..371c57b11a22 100644 --- a/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml @@ -112,7 +112,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -129,7 +130,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-full-path-replace-http.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-full-path-replace-http.out.yaml index b1cefeec9229..94eb7bf953f0 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-full-path-replace-http.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-full-path-replace-http.out.yaml @@ -119,7 +119,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname-prefix-replace.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname-prefix-replace.out.yaml index 0cdf34621e4a..5be780f9667f 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname-prefix-replace.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname-prefix-replace.out.yaml @@ -120,7 +120,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname.out.yaml index 84e6ef65a361..49b64d6a68bb 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname.out.yaml @@ -117,7 +117,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-filter-type.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-filter-type.out.yaml index 129286419c37..136f0c1bf2be 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-filter-type.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-filter-type.out.yaml @@ -117,7 +117,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-prefix-replace-http.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-prefix-replace-http.out.yaml index c0a7f60f73a1..e57189f02f3f 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-prefix-replace-http.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-prefix-replace-http.out.yaml @@ -119,7 +119,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-with-wildcard-hostname-attaching-to-gateway-with-unset-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-wildcard-hostname-attaching-to-gateway-with-unset-hostname.out.yaml index 35c8b7ae01ca..cfc4c8c7b68c 100644 --- a/internal/gatewayapi/testdata/httproute-with-wildcard-hostname-attaching-to-gateway-with-unset-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-wildcard-hostname-attaching-to-gateway-with-unset-hostname.out.yaml @@ -110,7 +110,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproutes-with-multiple-matches.out.yaml b/internal/gatewayapi/testdata/httproutes-with-multiple-matches.out.yaml index 5b495b41e03a..1eed612d234b 100644 --- a/internal/gatewayapi/testdata/httproutes-with-multiple-matches.out.yaml +++ b/internal/gatewayapi/testdata/httproutes-with-multiple-matches.out.yaml @@ -295,7 +295,8 @@ xdsIR: destination: name: httproute/envoy-gateway/httproute-2/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -316,7 +317,8 @@ xdsIR: destination: name: httproute/envoy-gateway/httproute-3/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 8.8.8.8 port: 8080 protocol: HTTP @@ -333,7 +335,8 @@ xdsIR: destination: name: httproute/envoy-gateway/httproute-4/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -354,7 +357,8 @@ xdsIR: destination: name: httproute/envoy-gateway/httproute-5/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 8.8.8.8 port: 8080 protocol: HTTP @@ -371,7 +375,8 @@ xdsIR: destination: name: httproute/envoy-gateway/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -388,7 +393,8 @@ xdsIR: destination: name: httproute/envoy-gateway/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -405,7 +411,8 @@ xdsIR: destination: name: httproute/envoy-gateway/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.out.yaml b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.out.yaml index 3074568ba9e0..01649c779a43 100755 --- a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.out.yaml +++ b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.out.yaml @@ -232,7 +232,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -262,7 +263,8 @@ xdsIR: destination: name: httproute/default/httproute-2/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/securitypolicy-with-basic-auth.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-basic-auth.out.yaml index f8e99c9ae70b..4865ac2d186a 100755 --- a/internal/gatewayapi/testdata/securitypolicy-with-basic-auth.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-basic-auth.out.yaml @@ -139,7 +139,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml index 153f26be9234..36b1715670f5 100755 --- a/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml @@ -289,7 +289,8 @@ xdsIR: destination: name: grpcroute/default/grpcroute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: GRPC @@ -332,7 +333,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/securitypolicy-with-jwt-and-invalid-oidc.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-jwt-and-invalid-oidc.out.yaml index 5ed5a760aff5..04b6d65085de 100755 --- a/internal/gatewayapi/testdata/securitypolicy-with-jwt-and-invalid-oidc.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-jwt-and-invalid-oidc.out.yaml @@ -227,7 +227,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -255,7 +256,8 @@ xdsIR: destination: name: httproute/default/httproute-2/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/securitypolicy-with-jwt-with-custom-extractor.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-jwt-with-custom-extractor.out.yaml index 549feda35ab2..ca5d2dc9d3f4 100755 --- a/internal/gatewayapi/testdata/securitypolicy-with-jwt-with-custom-extractor.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-jwt-with-custom-extractor.out.yaml @@ -273,7 +273,8 @@ xdsIR: destination: name: grpcroute/default/grpcroute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: GRPC @@ -318,7 +319,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/securitypolicy-with-jwt.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-jwt.out.yaml index c14252d3ef11..9d28cafb19a2 100755 --- a/internal/gatewayapi/testdata/securitypolicy-with-jwt.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-jwt.out.yaml @@ -270,7 +270,8 @@ xdsIR: destination: name: grpcroute/default/grpcroute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: GRPC @@ -315,7 +316,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP diff --git a/internal/gatewayapi/testdata/securitypolicy-with-oidc.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-oidc.out.yaml index 0aa2e0e2289b..8091312d89dd 100755 --- a/internal/gatewayapi/testdata/securitypolicy-with-oidc.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-oidc.out.yaml @@ -274,7 +274,8 @@ xdsIR: destination: name: httproute/default/httproute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -301,7 +302,8 @@ xdsIR: destination: name: httproute/default/httproute-2/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTP @@ -326,7 +328,8 @@ xdsIR: destination: name: grpcroute/default/grpcroute-1/rule/0 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: GRPC diff --git a/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml b/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml index aea8b733cab3..f559411d4f28 100644 --- a/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml +++ b/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml @@ -100,7 +100,8 @@ xdsIR: destination: name: tcproute/default/tcproute-1/rule/-1 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: TCP diff --git a/internal/gatewayapi/testdata/tlsroute-attaching-to-gateway.out.yaml b/internal/gatewayapi/testdata/tlsroute-attaching-to-gateway.out.yaml index af83c0f97df3..6ca40cecbe89 100644 --- a/internal/gatewayapi/testdata/tlsroute-attaching-to-gateway.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-attaching-to-gateway.out.yaml @@ -97,7 +97,8 @@ xdsIR: destination: name: tlsroute/default/tlsroute-1/rule/-1 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTPS diff --git a/internal/gatewayapi/testdata/tlsroute-multiple.out.yaml b/internal/gatewayapi/testdata/tlsroute-multiple.out.yaml index bf5d7a8b744a..8d81524ea90f 100644 --- a/internal/gatewayapi/testdata/tlsroute-multiple.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-multiple.out.yaml @@ -131,7 +131,8 @@ xdsIR: destination: name: tlsroute/default/tlsroute-1/rule/-1 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTPS @@ -146,7 +147,8 @@ xdsIR: destination: name: tlsroute/default/tlsroute-2/rule/-1 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTPS diff --git a/internal/gatewayapi/testdata/tlsroute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/tlsroute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml index 014d9dff690c..e65dda7e64b3 100644 --- a/internal/gatewayapi/testdata/tlsroute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml @@ -98,7 +98,8 @@ xdsIR: destination: name: tlsroute/default/tlsroute-1/rule/-1 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTPS diff --git a/internal/gatewayapi/testdata/tlsroute-with-empty-hostname.out.yaml b/internal/gatewayapi/testdata/tlsroute-with-empty-hostname.out.yaml index 19779d07c21a..f843877510f6 100644 --- a/internal/gatewayapi/testdata/tlsroute-with-empty-hostname.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-with-empty-hostname.out.yaml @@ -96,7 +96,8 @@ xdsIR: destination: name: tlsroute/default/tlsroute-1/rule/-1 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTPS diff --git a/internal/gatewayapi/testdata/tlsroute-with-empty-listener-hostname.out.yaml b/internal/gatewayapi/testdata/tlsroute-with-empty-listener-hostname.out.yaml index bd87196bc86e..8c6b78ec44cb 100644 --- a/internal/gatewayapi/testdata/tlsroute-with-empty-listener-hostname.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-with-empty-listener-hostname.out.yaml @@ -98,7 +98,8 @@ xdsIR: destination: name: tlsroute/default/tlsroute-1/rule/-1 settings: - - endpoints: + - addressType: IP + endpoints: - host: 7.7.7.7 port: 8080 protocol: HTTPS diff --git a/internal/ir/xds.go b/internal/ir/xds.go index 65f795d339b9..de252ca61406 100644 --- a/internal/ir/xds.go +++ b/internal/ir/xds.go @@ -17,9 +17,10 @@ import ( apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/util/validation" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" - "github.com/envoyproxy/gateway/api/v1alpha1/validation" + egv1a1validation "github.com/envoyproxy/gateway/api/v1alpha1/validation" ) var ( @@ -33,7 +34,7 @@ var ( ErrHTTPRouteNameEmpty = errors.New("field Name must be specified") ErrHTTPRouteHostnameEmpty = errors.New("field Hostname must be specified") ErrDestinationNameEmpty = errors.New("field Name must be specified") - ErrDestEndpointHostInvalid = errors.New("field Address must be a valid IP address") + ErrDestEndpointHostInvalid = errors.New("field Address must be a valid IP or FQDN address") ErrDestEndpointPortInvalid = errors.New("field Port specified is invalid") ErrStringMatchConditionInvalid = errors.New("only one of the Exact, Prefix, SafeRegex or Distinct fields must be set") ErrStringMatchNameIsEmpty = errors.New("field Name must be specified") @@ -496,7 +497,7 @@ func (h HTTPRoute) Validate() error { func (j *JWT) validate() error { var errs error - if err := validation.ValidateJWTProvider(j.Providers); err != nil { + if err := egv1a1validation.ValidateJWTProvider(j.Providers); err != nil { errs = multierror.Append(errs, err) } @@ -537,6 +538,8 @@ type DestinationSetting struct { // Protocol associated with this destination/port. Protocol AppProtocol `json:"protocol" yaml:"protocol"` Endpoints []*DestinationEndpoint `json:"endpoints,omitempty" yaml:"endpoints,omitempty"` + // AddressTypeState specifies the state of DestinationEndpoint address type. + AddressType *DestinationAddressType `json:"addressType,omitempty" yaml:"addressType,omitempty"` } // Validate the fields within the RouteDestination structure @@ -551,6 +554,15 @@ func (d DestinationSetting) Validate() error { return errs } +// DestinationAddressType describes the address type state for a group of DestinationEndpoint +type DestinationAddressType string + +const ( + IP DestinationAddressType = "IP" + FQDN DestinationAddressType = "FQDN" + MIXED DestinationAddressType = "Mixed" +) + // DestinationEndpoint holds the endpoint details associated with the destination // +kubebuilder:object:generate=true type DestinationEndpoint struct { @@ -563,10 +575,14 @@ type DestinationEndpoint struct { // Validate the fields within the DestinationEndpoint structure func (d DestinationEndpoint) Validate() error { var errs error - // Only support IP hosts for now - if ip := net.ParseIP(d.Host); ip == nil { + + err := validation.IsDNS1123Subdomain(d.Host) + ip := net.ParseIP(d.Host) + + if err != nil && ip == nil { errs = multierror.Append(errs, ErrDestEndpointHostInvalid) } + if d.Port == 0 { errs = multierror.Append(errs, ErrDestEndpointPortInvalid) } @@ -590,7 +606,7 @@ type AddHeader struct { Append bool `json:"append" yaml:"append"` } -// / Validate the fields within the AddHeader structure +// Validate the fields within the AddHeader structure func (h AddHeader) Validate() error { var errs error if h.Name == "" { diff --git a/internal/ir/xds_test.go b/internal/ir/xds_test.go index 2fb249ddcba5..ad9a18228ae2 100644 --- a/internal/ir/xds_test.go +++ b/internal/ir/xds_test.go @@ -950,9 +950,9 @@ func TestValidateRouteDestination(t *testing.T) { want: nil, }, { - name: "invalid ip", + name: "valid hostname", input: RouteDestination{ - Name: "invalid ip", + Name: "valid hostname", Settings: []*DestinationSetting{ { Endpoints: []*DestinationEndpoint{ @@ -964,6 +964,40 @@ func TestValidateRouteDestination(t *testing.T) { }, }, }, + want: nil, + }, + { + name: "valid ip", + input: RouteDestination{ + Name: "valid ip", + Settings: []*DestinationSetting{ + { + Endpoints: []*DestinationEndpoint{ + { + Host: "1.2.3.4", + Port: 8080, + }, + }, + }, + }, + }, + want: nil, + }, + { + name: "invalid address", + input: RouteDestination{ + Name: "invalid address", + Settings: []*DestinationSetting{ + { + Endpoints: []*DestinationEndpoint{ + { + Host: "example.com::foo.bar", + Port: 8080, + }, + }, + }, + }, + }, want: ErrDestEndpointHostInvalid, }, { diff --git a/internal/ir/zz_generated.deepcopy.go b/internal/ir/zz_generated.deepcopy.go index 420eb5f8906f..3eb0f6ac92cb 100644 --- a/internal/ir/zz_generated.deepcopy.go +++ b/internal/ir/zz_generated.deepcopy.go @@ -197,6 +197,11 @@ func (in *DestinationSetting) DeepCopyInto(out *DestinationSetting) { } } } + if in.AddressType != nil { + in, out := &in.AddressType, &out.AddressType + *out = new(DestinationAddressType) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationSetting. diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-dns-cluster.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-dns-cluster.yaml new file mode 100644 index 000000000000..990d883f8d85 --- /dev/null +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-dns-cluster.yaml @@ -0,0 +1,23 @@ +http: +- name: "first-listener" + address: "0.0.0.0" + port: 10080 + hostnames: + - "*" + routes: + - name: "first-route" + hostname: "*" + pathMatch: + prefix: / + queryParamMatches: + - exact: "yes" + name: debug + destination: + name: "first-route-dest" + settings: + - endpoints: + - host: "foo.bar" + port: 50000 + - host: "bar.foo" + port: 50001 + addressType: FQDN diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.clusters.yaml new file mode 100644 index 000000000000..4527713b1c21 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.clusters.yaml @@ -0,0 +1,30 @@ +- commonLbConfig: + localityWeightedLbConfig: {} + connectTimeout: 10s + dnsLookupFamily: V4_ONLY + dnsRefreshRate: 30s + lbPolicy: LEAST_REQUEST + loadAssignment: + clusterName: first-route-dest + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: foo.bar + portValue: 50000 + loadBalancingWeight: 1 + - endpoint: + address: + socketAddress: + address: bar.foo + portValue: 50001 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + locality: + region: first-route-dest/backend/0 + name: first-route-dest + outlierDetection: {} + perConnectionBufferLimitBytes: 32768 + respectDnsTtl: true + type: STRICT_DNS diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.endpoints.yaml new file mode 100644 index 000000000000..fe51488c7066 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.endpoints.yaml @@ -0,0 +1 @@ +[] diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.listeners.yaml new file mode 100644 index 000000000000..73ee1b42ef6f --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.listeners.yaml @@ -0,0 +1,33 @@ +- address: + socketAddress: + address: 0.0.0.0 + portValue: 10080 + defaultFilterChain: + filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + commonHttpProtocolOptions: + headersWithUnderscoresAction: REJECT_REQUEST + http2ProtocolOptions: + initialConnectionWindowSize: 1048576 + initialStreamWindowSize: 65536 + maxConcurrentStreams: 100 + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + mergeSlashes: true + normalizePath: true + pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT + rds: + configSource: + ads: {} + resourceApiVersion: V3 + routeConfigName: first-listener + statPrefix: http + upgradeConfigs: + - upgradeType: websocket + useRemoteAddress: true + name: first-listener + perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.routes.yaml new file mode 100644 index 000000000000..7b23a59dfeeb --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.routes.yaml @@ -0,0 +1,16 @@ +- ignorePortInHostMatching: true + name: first-listener + virtualHosts: + - domains: + - '*' + name: first-listener/* + routes: + - match: + prefix: / + queryParameters: + - name: debug + stringMatch: + exact: "yes" + name: first-route + route: + cluster: first-route-dest diff --git a/internal/xds/translator/translator.go b/internal/xds/translator/translator.go index 26b997569aff..47a04d27c7f7 100644 --- a/internal/xds/translator/translator.go +++ b/internal/xds/translator/translator.go @@ -242,14 +242,7 @@ func (t *Translator) processHTTPListenerXdsTranslation( vHost.Routes = append(vHost.Routes, xdsRoute) if httpRoute.Destination != nil { - if err := addXdsCluster(tCtx, &xdsClusterArgs{ - name: httpRoute.Destination.Name, - settings: httpRoute.Destination.Settings, - tSocket: nil, - endpointType: EndpointTypeStatic, - loadBalancer: httpRoute.LoadBalancer, - proxyProtocol: httpRoute.ProxyProtocol, - }); err != nil && !errors.Is(err, ErrXdsClusterExists) { + if err = processXdsCluster(tCtx, httpRoute); err != nil { errs = multierror.Append(errs, err) } } @@ -415,7 +408,7 @@ func findXdsListener(tCtx *types.ResourceVersionTable, name string) *listenerv3. return nil } -// findXdsRouteConfig finds an xds route with the name and returns nil if there is no match. +// findXdsRouteConfig finds a xds route with the name and returns nil if there is no match. func findXdsRouteConfig(tCtx *types.ResourceVersionTable, name string) *routev3.RouteConfiguration { if tCtx == nil || tCtx.XdsResources == nil || tCtx.XdsResources[resourcev3.RouteType] == nil { return nil @@ -463,6 +456,33 @@ func findXdsEndpoint(tCtx *types.ResourceVersionTable, name string) *endpointv3. return nil } +// processXdsCluster processes a xds cluster by its endpoint address type. +func processXdsCluster(tCtx *types.ResourceVersionTable, httpRoute *ir.HTTPRoute) error { + // Get endpoint address type for xds cluster by returning the first DestinationSetting's AddressType, + // since there's no Mixed AddressType among all the DestinationSettings. + addrTypeState := httpRoute.Destination.Settings[0].AddressType + + var endpointType EndpointType + if addrTypeState != nil && *addrTypeState == ir.FQDN { + endpointType = EndpointTypeDNS + } else { + endpointType = EndpointTypeStatic + } + + if err := addXdsCluster(tCtx, &xdsClusterArgs{ + name: httpRoute.Destination.Name, + settings: httpRoute.Destination.Settings, + tSocket: nil, + endpointType: endpointType, + loadBalancer: httpRoute.LoadBalancer, + proxyProtocol: httpRoute.ProxyProtocol, + }); err != nil && !errors.Is(err, ErrXdsClusterExists) { + return err + } + + return nil +} + // findXdsSecret finds a xds secret with the same name, and returns nil if there is no match. func findXdsSecret(tCtx *types.ResourceVersionTable, name string) *tlsv3.Secret { if tCtx == nil || tCtx.XdsResources == nil || tCtx.XdsResources[resourcev3.SecretType] == nil { diff --git a/internal/xds/translator/translator_test.go b/internal/xds/translator/translator_test.go index 731dcb31a2f5..a501964fabb7 100644 --- a/internal/xds/translator/translator_test.go +++ b/internal/xds/translator/translator_test.go @@ -87,6 +87,9 @@ func TestTranslateXds(t *testing.T) { { name: "http-route-weighted-invalid-backend", }, + { + name: "http-route-dns-cluster", + }, { name: "simple-tls", requireSecrets: true, From e229b2da5cc65b5c4c67a06ce3b33c6a2fa92aa4 Mon Sep 17 00:00:00 2001 From: Xunzhuo Date: Wed, 6 Dec 2023 15:46:50 +0800 Subject: [PATCH 10/31] Update Release Schedules (#2268) Signed-off-by: bitliu --- site/content/en/announcements/_index.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/site/content/en/announcements/_index.md b/site/content/en/announcements/_index.md index 219bf8ae46d0..6a22f4f48d16 100644 --- a/site/content/en/announcements/_index.md +++ b/site/content/en/announcements/_index.md @@ -34,6 +34,8 @@ communications with the Envoy Gateway community, and the mechanics of the releas | 2023 Q1 | Xunzhuo Liu ([Xunzhuo](https://github.com/Xunzhuo)) | | 2023 Q2 | Alice Wasko ([AliceProxy](https://github.com/AliceProxy)) | | 2023 Q3 | Arko Dasgupta ([arkodg](https://github.com/arkodg)) | +| 2023 Q4 | Arko Dasgupta ([arkodg](https://github.com/arkodg)) | +| 2024 Q1 | Xunzhuo Liu ([Xunzhuo](https://github.com/Xunzhuo)) | ## Release Schedule @@ -46,6 +48,7 @@ In order to align with the Envoy Proxy [release schedule][], Envoy Gateway relea | 0.3.0 | 2023/01/22 | 2023/02/09 | +17 day | 2023/08/09 | | 0.4.0 | 2023/04/22 | 2023/04/24 | +2 day | 2023/10/24 | | 0.5.0 | 2023/07/22 | 2023/08/02 | +10 day | 2024/01/02 | +| 0.6.0 | 2023/11/01 | 2023/11/02 | +1 day | 2024/05/02 | [v2.0.0 spec]: https://semver.org/spec/v2.0.0.html [release guide]: ../dev/releasing.md From e0301d165b3f0fd9d8c66fb76b5e2b23f38e20ef Mon Sep 17 00:00:00 2001 From: Ardika Bagus S Date: Wed, 6 Dec 2023 14:50:09 +0700 Subject: [PATCH 11/31] feat: add HorizontalPodAutoscaler support for EnvoyProxy API (#2257) * feat: add HorizontalPodAutoscaler support for EnvoyProxy API Signed-off-by: Ardika Bagus * chore: change maxReplicas with pointer Signed-off-by: Ardika Bagus * chore: add celvalidation for envoyHpa Signed-off-by: Ardika Bagus * chore: move hpa cleanup into deleteHPA Signed-off-by: Ardika Bagus --------- Signed-off-by: Ardika Bagus Co-authored-by: Xunzhuo --- api/v1alpha1/envoyproxy_helpers.go | 24 + api/v1alpha1/envoyproxy_types.go | 9 + api/v1alpha1/kubernetes_helpers.go | 6 + api/v1alpha1/shared_types.go | 32 + api/v1alpha1/zz_generated.deepcopy.go | 43 ++ .../gateway.envoyproxy.io_envoyproxies.yaml | 684 ++++++++++++++++++ .../templates/infra-manager-rbac.yaml | 9 + internal/infrastructure/kubernetes/infra.go | 10 + .../kubernetes/infra_resource.go | 53 +- .../kubernetes/proxy/resource_provider.go | 51 +- .../proxy/resource_provider_test.go | 85 +++ .../kubernetes/proxy/testdata/hpa/custom.yaml | 25 + .../proxy/testdata/hpa/default.yaml | 18 + .../kubernetes/ratelimit/resource_provider.go | 5 + site/content/en/latest/api/extension_types.md | 18 + test/cel-validation/envoyproxy_test.go | 80 ++ 16 files changed, 1147 insertions(+), 5 deletions(-) create mode 100644 internal/infrastructure/kubernetes/proxy/testdata/hpa/custom.yaml create mode 100644 internal/infrastructure/kubernetes/proxy/testdata/hpa/default.yaml diff --git a/api/v1alpha1/envoyproxy_helpers.go b/api/v1alpha1/envoyproxy_helpers.go index 2a0bd91ac0a0..d446df9f054e 100644 --- a/api/v1alpha1/envoyproxy_helpers.go +++ b/api/v1alpha1/envoyproxy_helpers.go @@ -9,6 +9,11 @@ import ( "fmt" "sort" "strings" + + autoscalingv2 "k8s.io/api/autoscaling/v2" + v1 "k8s.io/api/core/v1" + + "github.com/envoyproxy/gateway/internal/utils/ptr" ) // DefaultEnvoyProxyProvider returns a new EnvoyProxyProvider with default settings. @@ -37,6 +42,21 @@ func DefaultEnvoyProxyKubeProvider() *EnvoyProxyKubernetesProvider { } } +func DefaultEnvoyProxyHpaMetrics() []autoscalingv2.MetricSpec { + return []autoscalingv2.MetricSpec{ + { + Resource: &autoscalingv2.ResourceMetricSource{ + Name: v1.ResourceCPU, + Target: autoscalingv2.MetricTarget{ + Type: autoscalingv2.UtilizationMetricType, + AverageUtilization: ptr.To[int32](80), + }, + }, + Type: autoscalingv2.ResourceMetricSourceType, + }, + } +} + // GetEnvoyProxyKubeProvider returns the EnvoyProxyKubernetesProvider of EnvoyProxyProvider or // a default EnvoyProxyKubernetesProvider if unspecified. If EnvoyProxyProvider is not of // type "Kubernetes", a nil EnvoyProxyKubernetesProvider is returned. @@ -64,6 +84,10 @@ func (r *EnvoyProxyProvider) GetEnvoyProxyKubeProvider() *EnvoyProxyKubernetesPr r.Kubernetes.EnvoyService.Type = GetKubernetesServiceType(ServiceTypeLoadBalancer) } + if r.Kubernetes.EnvoyHpa != nil { + r.Kubernetes.EnvoyHpa.setDefault() + } + return r.Kubernetes } diff --git a/api/v1alpha1/envoyproxy_types.go b/api/v1alpha1/envoyproxy_types.go index 4aa7156cb8c3..acf34417c761 100644 --- a/api/v1alpha1/envoyproxy_types.go +++ b/api/v1alpha1/envoyproxy_types.go @@ -127,6 +127,15 @@ type EnvoyProxyKubernetesProvider struct { // +kubebuilder:validation:XValidation:message="loadBalancerIP can only be set for LoadBalancer type",rule="!has(self.loadBalancerIP) || self.type == 'LoadBalancer'" // +kubebuilder:validation:XValidation:message="loadBalancerIP must be a valid IPv4 address",rule="!has(self.loadBalancerIP) || self.loadBalancerIP.matches(r\"^(((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4})\")" EnvoyService *KubernetesServiceSpec `json:"envoyService,omitempty"` + + // EnvoyHpa defines the Horizontal Pod Autoscaler settings for Envoy Proxy Deployment. + // Once the HPA is being set, Replicas field from EnvoyDeployment will be ignored. + // + // +optional + // +kubebuilder:validation:XValidation:message="minReplicas must be greater than 0",rule="!has(self.minReplicas) || self.minReplicas > 0" + // +kubebuilder:validation:XValidation:message="maxReplicas must be greater than 0",rule="!has(self.maxReplicas) || self.maxReplicas > 0" + // +kubebuilder:validation:XValidation:message="maxReplicas cannot be less than or equal to minReplicas",rule="!has(self.minReplicas) || self.maxReplicas > self.minReplicas" + EnvoyHpa *KubernetesHorizontalPodAutoscalerSpec `json:"envoyHpa,omitempty"` } // ProxyLogging defines logging parameters for managed proxies. diff --git a/api/v1alpha1/kubernetes_helpers.go b/api/v1alpha1/kubernetes_helpers.go index 7b6c131e6c97..90c75873cbb5 100644 --- a/api/v1alpha1/kubernetes_helpers.go +++ b/api/v1alpha1/kubernetes_helpers.go @@ -106,3 +106,9 @@ func (deployment *KubernetesDeploymentSpec) defaultKubernetesDeploymentSpec(imag deployment.Container.Image = DefaultKubernetesContainerImage(image) } } + +func (hpa *KubernetesHorizontalPodAutoscalerSpec) setDefault() { + if len(hpa.Metrics) == 0 { + hpa.Metrics = DefaultEnvoyProxyHpaMetrics() + } +} diff --git a/api/v1alpha1/shared_types.go b/api/v1alpha1/shared_types.go index 1764558d706f..e6d19f960ae5 100644 --- a/api/v1alpha1/shared_types.go +++ b/api/v1alpha1/shared_types.go @@ -7,6 +7,7 @@ package v1alpha1 import ( appv1 "k8s.io/api/apps/v1" + autoscalingv2 "k8s.io/api/autoscaling/v2" corev1 "k8s.io/api/core/v1" ) @@ -275,3 +276,34 @@ const ( // https://github.com/google/re2/wiki/Syntax. StringMatchRegularExpression StringMatchType = "RegularExpression" ) + +// KubernetesHorizontalPodAutoscalerSpec defines Kubernetes Horizontal Pod Autoscaler settings of Envoy Proxy Deployment +// See k8s.io.autoscaling.v2.HorizontalPodAutoScalerSpec +type KubernetesHorizontalPodAutoscalerSpec struct { + // minReplicas is the lower limit for the number of replicas to which the autoscaler + // can scale down. It defaults to 1 replica. + // + // +optional + MinReplicas *int32 `json:"minReplicas,omitempty"` + + // maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up. + // It cannot be less that minReplicas. + // + MaxReplicas *int32 `json:"maxReplicas"` + + // metrics contains the specifications for which to use to calculate the + // desired replica count (the maximum replica count across all metrics will + // be used). + // If left empty, it defaults to being based on CPU utilization with average on 80% usage. + // + // +optional + Metrics []autoscalingv2.MetricSpec `json:"metrics,omitempty"` + + // behavior configures the scaling behavior of the target + // in both Up and Down directions (scaleUp and scaleDown fields respectively). + // If not set, the default HPAScalingRules for scale up and scale down are used. + // See k8s.io.autoscaling.v2.HorizontalPodAutoScalerBehavior. + // + // +optional + Behavior *autoscalingv2.HorizontalPodAutoscalerBehavior `json:"behavior,omitempty"` +} diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 88bc53a3ae53..2654e070a272 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -11,6 +11,7 @@ package v1alpha1 import ( appsv1 "k8s.io/api/apps/v1" + "k8s.io/api/autoscaling/v2" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -925,6 +926,11 @@ func (in *EnvoyProxyKubernetesProvider) DeepCopyInto(out *EnvoyProxyKubernetesPr *out = new(KubernetesServiceSpec) (*in).DeepCopyInto(*out) } + if in.EnvoyHpa != nil { + in, out := &in.EnvoyHpa, &out.EnvoyHpa + *out = new(KubernetesHorizontalPodAutoscalerSpec) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyProxyKubernetesProvider. @@ -1428,6 +1434,43 @@ func (in *KubernetesDeploymentSpec) DeepCopy() *KubernetesDeploymentSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubernetesHorizontalPodAutoscalerSpec) DeepCopyInto(out *KubernetesHorizontalPodAutoscalerSpec) { + *out = *in + if in.MinReplicas != nil { + in, out := &in.MinReplicas, &out.MinReplicas + *out = new(int32) + **out = **in + } + if in.MaxReplicas != nil { + in, out := &in.MaxReplicas, &out.MaxReplicas + *out = new(int32) + **out = **in + } + if in.Metrics != nil { + in, out := &in.Metrics, &out.Metrics + *out = make([]v2.MetricSpec, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Behavior != nil { + in, out := &in.Behavior, &out.Behavior + *out = new(v2.HorizontalPodAutoscalerBehavior) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesHorizontalPodAutoscalerSpec. +func (in *KubernetesHorizontalPodAutoscalerSpec) DeepCopy() *KubernetesHorizontalPodAutoscalerSpec { + if in == nil { + return nil + } + out := new(KubernetesHorizontalPodAutoscalerSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KubernetesPodSpec) DeepCopyInto(out *KubernetesPodSpec) { *out = *in diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml index 2b9373716345..7bff9e4149a0 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml @@ -5230,6 +5230,690 @@ spec: type: string type: object type: object + envoyHpa: + description: EnvoyHpa defines the Horizontal Pod Autoscaler + settings for Envoy Proxy Deployment. Once the HPA is being + set, Replicas field from EnvoyDeployment will be ignored. + properties: + behavior: + description: behavior configures the scaling behavior + of the target in both Up and Down directions (scaleUp + and scaleDown fields respectively). If not set, the + default HPAScalingRules for scale up and scale down + are used. See k8s.io.autoscaling.v2.HorizontalPodAutoScalerBehavior. + properties: + scaleDown: + description: scaleDown is scaling policy for scaling + Down. If not set, the default value is to allow + to scale down to minReplicas pods, with a 300 second + stabilization window (i.e., the highest recommendation + for the last 300sec is used). + properties: + policies: + description: policies is a list of potential scaling + polices which can be used during scaling. At + least one policy must be specified, otherwise + the HPAScalingRules will be discarded as invalid + items: + description: HPAScalingPolicy is a single policy + which must hold true for a specified past + interval. + properties: + periodSeconds: + description: periodSeconds specifies the + window of time for which the policy should + hold true. PeriodSeconds must be greater + than zero and less than or equal to 1800 + (30 min). + format: int32 + type: integer + type: + description: type is used to specify the + scaling policy. + type: string + value: + description: value contains the amount of + change which is permitted by the policy. + It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: selectPolicy is used to specify which + policy should be used. If not set, the default + value Max is used. + type: string + stabilizationWindowSeconds: + description: 'stabilizationWindowSeconds is the + number of seconds for which past recommendations + should be considered while scaling up or scaling + down. StabilizationWindowSeconds must be greater + than or equal to zero and less than or equal + to 3600 (one hour). If not set, use the default + values: - For scale up: 0 (i.e. no stabilization + is done). - For scale down: 300 (i.e. the stabilization + window is 300 seconds long).' + format: int32 + type: integer + type: object + scaleUp: + description: 'scaleUp is scaling policy for scaling + Up. If not set, the default value is the higher + of: * increase no more than 4 pods per 60 seconds + * double the number of pods per 60 seconds No stabilization + is used.' + properties: + policies: + description: policies is a list of potential scaling + polices which can be used during scaling. At + least one policy must be specified, otherwise + the HPAScalingRules will be discarded as invalid + items: + description: HPAScalingPolicy is a single policy + which must hold true for a specified past + interval. + properties: + periodSeconds: + description: periodSeconds specifies the + window of time for which the policy should + hold true. PeriodSeconds must be greater + than zero and less than or equal to 1800 + (30 min). + format: int32 + type: integer + type: + description: type is used to specify the + scaling policy. + type: string + value: + description: value contains the amount of + change which is permitted by the policy. + It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: selectPolicy is used to specify which + policy should be used. If not set, the default + value Max is used. + type: string + stabilizationWindowSeconds: + description: 'stabilizationWindowSeconds is the + number of seconds for which past recommendations + should be considered while scaling up or scaling + down. StabilizationWindowSeconds must be greater + than or equal to zero and less than or equal + to 3600 (one hour). If not set, use the default + values: - For scale up: 0 (i.e. no stabilization + is done). - For scale down: 300 (i.e. the stabilization + window is 300 seconds long).' + format: int32 + type: integer + type: object + type: object + maxReplicas: + description: maxReplicas is the upper limit for the number + of replicas to which the autoscaler can scale up. It + cannot be less that minReplicas. + format: int32 + type: integer + metrics: + description: metrics contains the specifications for which + to use to calculate the desired replica count (the maximum + replica count across all metrics will be used). If left + empty, it defaults to being based on CPU utilization + with average on 80% usage. + items: + description: MetricSpec specifies how to scale based + on a single metric (only `type` and one other matching + field should be set at once). + properties: + containerResource: + description: containerResource refers to a resource + metric (such as those specified in requests and + limits) known to Kubernetes describing a single + container in each pod of the current scale target + (e.g. CPU or memory). Such metrics are built in + to Kubernetes, and have special scaling options + on top of those available to normal per-pod metrics + using the "pods" source. This is an alpha feature + and can be enabled by the HPAContainerMetrics + feature flag. + properties: + container: + description: container is the name of the container + in the pods of the scaling target + type: string + name: + description: name is the name of the resource + in question. + type: string + target: + description: target specifies the target value + for the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented + as a percentage of the requested value + of the resource for the pods. Currently + only valid for Resource metric source + type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target + value of the average of the metric across + all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the + metric type is Utilization, Value, or + AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of + the metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - container + - name + - target + type: object + external: + description: external refers to a global metric + that is not associated with any Kubernetes object. + It allows autoscaling based on information coming + from components running outside of cluster (for + example length of queue in cloud messaging service, + or QPS from loadbalancer running outside of cluster). + properties: + metric: + description: metric identifies the target metric + by name and selector + properties: + name: + description: name is the name of the given + metric + type: string + selector: + description: selector is the string-encoded + form of a standard kubernetes label selector + for the given metric When set, it is passed + as an additional parameter to the metrics + server for more specific metrics scoping. + When unset, just the metricName will be + used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value + for the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented + as a percentage of the requested value + of the resource for the pods. Currently + only valid for Resource metric source + type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target + value of the average of the metric across + all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the + metric type is Utilization, Value, or + AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of + the metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + object: + description: object refers to a metric describing + a single kubernetes object (for example, hits-per-second + on an Ingress object). + properties: + describedObject: + description: describedObject specifies the descriptions + of a object,such as kind,name apiVersion + properties: + apiVersion: + description: apiVersion is the API version + of the referent + type: string + kind: + description: 'kind is the kind of the referent; + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'name is the name of the referent; + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - kind + - name + type: object + metric: + description: metric identifies the target metric + by name and selector + properties: + name: + description: name is the name of the given + metric + type: string + selector: + description: selector is the string-encoded + form of a standard kubernetes label selector + for the given metric When set, it is passed + as an additional parameter to the metrics + server for more specific metrics scoping. + When unset, just the metricName will be + used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value + for the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented + as a percentage of the requested value + of the resource for the pods. Currently + only valid for Resource metric source + type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target + value of the average of the metric across + all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the + metric type is Utilization, Value, or + AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of + the metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - describedObject + - metric + - target + type: object + pods: + description: pods refers to a metric describing + each pod in the current scale target (for example, + transactions-processed-per-second). The values + will be averaged together before being compared + to the target value. + properties: + metric: + description: metric identifies the target metric + by name and selector + properties: + name: + description: name is the name of the given + metric + type: string + selector: + description: selector is the string-encoded + form of a standard kubernetes label selector + for the given metric When set, it is passed + as an additional parameter to the metrics + server for more specific metrics scoping. + When unset, just the metricName will be + used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value + for the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented + as a percentage of the requested value + of the resource for the pods. Currently + only valid for Resource metric source + type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target + value of the average of the metric across + all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the + metric type is Utilization, Value, or + AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of + the metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + resource: + description: resource refers to a resource metric + (such as those specified in requests and limits) + known to Kubernetes describing each pod in the + current scale target (e.g. CPU or memory). Such + metrics are built in to Kubernetes, and have special + scaling options on top of those available to normal + per-pod metrics using the "pods" source. + properties: + name: + description: name is the name of the resource + in question. + type: string + target: + description: target specifies the target value + for the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented + as a percentage of the requested value + of the resource for the pods. Currently + only valid for Resource metric source + type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target + value of the average of the metric across + all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the + metric type is Utilization, Value, or + AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of + the metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - name + - target + type: object + type: + description: 'type is the type of metric source. It + should be one of "ContainerResource", "External", + "Object", "Pods" or "Resource", each mapping to + a matching field in the object. Note: "ContainerResource" + type is available on when the feature-gate HPAContainerMetrics + is enabled' + type: string + required: + - type + type: object + type: array + minReplicas: + description: minReplicas is the lower limit for the number + of replicas to which the autoscaler can scale down. + It defaults to 1 replica. + format: int32 + type: integer + required: + - maxReplicas + type: object + x-kubernetes-validations: + - message: minReplicas must be greater than 0 + rule: '!has(self.minReplicas) || self.minReplicas > 0' + - message: maxReplicas must be greater than 0 + rule: '!has(self.maxReplicas) || self.maxReplicas > 0' + - message: maxReplicas cannot be less than or equal to minReplicas + rule: '!has(self.minReplicas) || self.maxReplicas > self.minReplicas' envoyService: description: EnvoyService defines the desired state of the Envoy service resource. If unspecified, default settings diff --git a/charts/gateway-helm/templates/infra-manager-rbac.yaml b/charts/gateway-helm/templates/infra-manager-rbac.yaml index 6f3e5a4677f8..3929524f4841 100644 --- a/charts/gateway-helm/templates/infra-manager-rbac.yaml +++ b/charts/gateway-helm/templates/infra-manager-rbac.yaml @@ -25,6 +25,15 @@ rules: - get - update - delete +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - get + - update + - delete --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/internal/infrastructure/kubernetes/infra.go b/internal/infrastructure/kubernetes/infra.go index f6b27d26702a..0d1f6e18c030 100644 --- a/internal/infrastructure/kubernetes/infra.go +++ b/internal/infrastructure/kubernetes/infra.go @@ -10,6 +10,7 @@ import ( "github.com/pkg/errors" appsv1 "k8s.io/api/apps/v1" + autoscalingv2 "k8s.io/api/autoscaling/v2" corev1 "k8s.io/api/core/v1" "sigs.k8s.io/controller-runtime/pkg/client" @@ -25,6 +26,7 @@ type ResourceRender interface { Service() (*corev1.Service, error) ConfigMap() (*corev1.ConfigMap, error) Deployment() (*appsv1.Deployment, error) + HorizontalPodAutoscaler() (*autoscalingv2.HorizontalPodAutoscaler, error) } // Infra manages the creation and deletion of Kubernetes infrastructure @@ -68,6 +70,10 @@ func (i *Infra) createOrUpdate(ctx context.Context, r ResourceRender) error { return errors.Wrapf(err, "failed to create or update service %s/%s", i.Namespace, r.Name()) } + if err := i.createOrUpdateHPA(ctx, r); err != nil { + return errors.Wrapf(err, "failed to create or update hpa %s/%s", i.Namespace, r.Name()) + } + return nil } @@ -89,5 +95,9 @@ func (i *Infra) delete(ctx context.Context, r ResourceRender) error { return errors.Wrapf(err, "failed to delete service %s/%s", i.Namespace, r.Name()) } + if err := i.deleteHPA(ctx, r); err != nil { + return errors.Wrapf(err, "failed to delete hpa %s/%s", i.Namespace, r.Name()) + } + return nil } diff --git a/internal/infrastructure/kubernetes/infra_resource.go b/internal/infrastructure/kubernetes/infra_resource.go index af041ad33135..d0e21be628ef 100644 --- a/internal/infrastructure/kubernetes/infra_resource.go +++ b/internal/infrastructure/kubernetes/infra_resource.go @@ -9,7 +9,10 @@ import ( "context" "reflect" + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" appsv1 "k8s.io/api/apps/v1" + autoscalingv2 "k8s.io/api/autoscaling/v2" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" @@ -74,8 +77,44 @@ func (i *Infra) createOrUpdateDeployment(ctx context.Context, r ResourceRender) Name: deployment.Name, } + hpa, err := r.HorizontalPodAutoscaler() + if err != nil { + return err + } + + var opts cmp.Options + if hpa != nil { + opts = append(opts, cmpopts.IgnoreFields(appsv1.DeploymentSpec{}, "Replicas")) + } + return i.Client.CreateOrUpdate(ctx, key, current, deployment, func() bool { - return !reflect.DeepEqual(deployment.Spec, current.Spec) + return !cmp.Equal(current.Spec, deployment.Spec, opts...) + }) +} + +// createOrUpdateHPA creates HorizontalPodAutoscaler object in the kube api server based on +// the provided ResourceRender, if it doesn't exist and updates it if it does, +// and delete hpa if not set. +func (i *Infra) createOrUpdateHPA(ctx context.Context, r ResourceRender) error { + hpa, err := r.HorizontalPodAutoscaler() + if err != nil { + return err + } + + // when HorizontalPodAutoscaler is not set, + // then delete the object in the kube api server if any. + if hpa == nil { + return i.deleteHPA(ctx, r) + } + + current := &autoscalingv2.HorizontalPodAutoscaler{} + key := types.NamespacedName{ + Namespace: hpa.Namespace, + Name: hpa.Name, + } + + return i.Client.CreateOrUpdate(ctx, key, current, hpa, func() bool { + return !cmp.Equal(hpa.Spec, current.Spec) }) } @@ -145,3 +184,15 @@ func (i *Infra) deleteService(ctx context.Context, r ResourceRender) error { return i.Client.Delete(ctx, svc) } + +// deleteHpa deletes the Horizontal Pod Autoscaler associated to its renderer, if it exists. +func (i *Infra) deleteHPA(ctx context.Context, r ResourceRender) error { + hpa := &autoscalingv2.HorizontalPodAutoscaler{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: i.Namespace, + Name: r.Name(), + }, + } + + return i.Client.Delete(ctx, hpa) +} diff --git a/internal/infrastructure/kubernetes/proxy/resource_provider.go b/internal/infrastructure/kubernetes/proxy/resource_provider.go index bc446f79f9e4..6ab47c0b3348 100644 --- a/internal/infrastructure/kubernetes/proxy/resource_provider.go +++ b/internal/infrastructure/kubernetes/proxy/resource_provider.go @@ -11,10 +11,12 @@ import ( "golang.org/x/exp/maps" appsv1 "k8s.io/api/apps/v1" + autoscalingv2 "k8s.io/api/autoscaling/v2" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/utils/pointer" + "k8s.io/utils/ptr" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/gatewayapi" @@ -56,7 +58,7 @@ func (r *ResourceRender) ServiceAccount() (*corev1.ServiceAccount, error) { }, ObjectMeta: metav1.ObjectMeta{ Namespace: r.Namespace, - Name: ExpectedResourceHashedName(r.infra.Name), + Name: r.Name(), Labels: labels, }, }, nil @@ -110,7 +112,7 @@ func (r *ResourceRender) Service() (*corev1.Service, error) { }, ObjectMeta: metav1.ObjectMeta{ Namespace: r.Namespace, - Name: ExpectedResourceHashedName(r.infra.Name), + Name: r.Name(), Labels: labels, Annotations: annotations, }, @@ -135,7 +137,7 @@ func (r *ResourceRender) ConfigMap() (*corev1.ConfigMap, error) { }, ObjectMeta: metav1.ObjectMeta{ Namespace: r.Namespace, - Name: ExpectedResourceHashedName(r.infra.Name), + Name: r.Name(), Labels: labels, }, Data: map[string]string{ @@ -192,7 +194,7 @@ func (r *ResourceRender) Deployment() (*appsv1.Deployment, error) { }, ObjectMeta: metav1.ObjectMeta{ Namespace: r.Namespace, - Name: ExpectedResourceHashedName(r.infra.Name), + Name: r.Name(), Labels: dpLabels, }, Spec: appsv1.DeploymentSpec{ @@ -224,5 +226,46 @@ func (r *ResourceRender) Deployment() (*appsv1.Deployment, error) { }, } + // omit the deployment replicas if HPA is being set + if provider.GetEnvoyProxyKubeProvider().EnvoyHpa != nil { + deployment.Spec.Replicas = nil + } + return deployment, nil } + +func (r *ResourceRender) HorizontalPodAutoscaler() (*autoscalingv2.HorizontalPodAutoscaler, error) { + provider := r.infra.GetProxyConfig().GetEnvoyProxyProvider() + if provider.Type != egv1a1.ProviderTypeKubernetes { + return nil, fmt.Errorf("invalid provider type %v for Kubernetes infra manager", provider.Type) + } + + hpaConfig := provider.GetEnvoyProxyKubeProvider().EnvoyHpa + if hpaConfig == nil { + return nil, nil + } + + hpa := &autoscalingv2.HorizontalPodAutoscaler{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "autoscaling/v2", + Kind: "HorizontalPodAutoscaler", + }, + ObjectMeta: metav1.ObjectMeta{ + Namespace: r.Namespace, + Name: r.Name(), + }, + Spec: autoscalingv2.HorizontalPodAutoscalerSpec{ + ScaleTargetRef: autoscalingv2.CrossVersionObjectReference{ + APIVersion: "apps/v1", + Kind: "Deployment", + Name: r.Name(), + }, + MinReplicas: hpaConfig.MinReplicas, + MaxReplicas: ptr.Deref[int32](hpaConfig.MaxReplicas, 1), + Metrics: hpaConfig.Metrics, + Behavior: hpaConfig.Behavior, + }, + } + + return hpa, nil +} diff --git a/internal/infrastructure/kubernetes/proxy/resource_provider_test.go b/internal/infrastructure/kubernetes/proxy/resource_provider_test.go index 1c784927385f..f4603fc370c7 100644 --- a/internal/infrastructure/kubernetes/proxy/resource_provider_test.go +++ b/internal/infrastructure/kubernetes/proxy/resource_provider_test.go @@ -14,6 +14,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" appsv1 "k8s.io/api/apps/v1" + autoscalingv2 "k8s.io/api/autoscaling/v2" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" "k8s.io/utils/pointer" @@ -23,6 +24,7 @@ import ( "github.com/envoyproxy/gateway/internal/envoygateway/config" "github.com/envoyproxy/gateway/internal/gatewayapi" "github.com/envoyproxy/gateway/internal/ir" + "github.com/envoyproxy/gateway/internal/utils/ptr" ) const ( @@ -340,6 +342,7 @@ func TestDeployment(t *testing.T) { if tc.deploy != nil { kube.EnvoyDeployment = tc.deploy } + replace := egv1a1.BootstrapTypeReplace if tc.bootstrap != "" { tc.infra.Proxy.Config.Spec.Bootstrap = &egv1a1.ProxyBootstrap{ @@ -506,3 +509,85 @@ func loadServiceAccount() (*corev1.ServiceAccount, error) { _ = yaml.Unmarshal(saYAML, sa) return sa, nil } + +func TestHorizontalPodAutoscaler(t *testing.T) { + cfg, err := config.New() + require.NoError(t, err) + + cases := []struct { + caseName string + infra *ir.Infra + hpa *egv1a1.KubernetesHorizontalPodAutoscalerSpec + }{ + { + caseName: "default", + infra: newTestInfra(), + hpa: &egv1a1.KubernetesHorizontalPodAutoscalerSpec{ + MaxReplicas: ptr.To[int32](1), + }, + }, + { + caseName: "custom", + infra: newTestInfra(), + hpa: &egv1a1.KubernetesHorizontalPodAutoscalerSpec{ + MinReplicas: ptr.To[int32](5), + MaxReplicas: ptr.To[int32](10), + Metrics: []autoscalingv2.MetricSpec{ + { + Resource: &autoscalingv2.ResourceMetricSource{ + Name: corev1.ResourceCPU, + Target: autoscalingv2.MetricTarget{ + Type: autoscalingv2.UtilizationMetricType, + AverageUtilization: ptr.To[int32](60), + }, + }, + Type: autoscalingv2.ResourceMetricSourceType, + }, + { + Resource: &autoscalingv2.ResourceMetricSource{ + Name: corev1.ResourceMemory, + Target: autoscalingv2.MetricTarget{ + Type: autoscalingv2.UtilizationMetricType, + AverageUtilization: ptr.To[int32](70), + }, + }, + Type: autoscalingv2.ResourceMetricSourceType, + }, + }, + }, + }, + } + + for _, tc := range cases { + t.Run(tc.caseName, func(t *testing.T) { + provider := tc.infra.GetProxyInfra().GetProxyConfig().GetEnvoyProxyProvider() + provider.Kubernetes = egv1a1.DefaultEnvoyProxyKubeProvider() + + if tc.hpa != nil { + provider.Kubernetes.EnvoyHpa = tc.hpa + } + + provider.GetEnvoyProxyKubeProvider() + + r := NewResourceRender(cfg.Namespace, tc.infra.GetProxyInfra()) + hpa, err := r.HorizontalPodAutoscaler() + require.NoError(t, err) + + want, err := loadHPA(tc.caseName) + require.NoError(t, err) + + assert.Equal(t, want, hpa) + }) + } +} + +func loadHPA(caseName string) (*autoscalingv2.HorizontalPodAutoscaler, error) { + hpaYAML, err := os.ReadFile(fmt.Sprintf("testdata/hpa/%s.yaml", caseName)) + if err != nil { + return nil, err + } + + hpa := &autoscalingv2.HorizontalPodAutoscaler{} + _ = yaml.Unmarshal(hpaYAML, hpa) + return hpa, nil +} diff --git a/internal/infrastructure/kubernetes/proxy/testdata/hpa/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/hpa/custom.yaml new file mode 100644 index 000000000000..17171f8abb3e --- /dev/null +++ b/internal/infrastructure/kubernetes/proxy/testdata/hpa/custom.yaml @@ -0,0 +1,25 @@ +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: envoy-default-37a8eec1 + namespace: envoy-gateway-system +spec: + maxReplicas: 10 + metrics: + - resource: + name: cpu + target: + averageUtilization: 60 + type: Utilization + type: Resource + - resource: + name: memory + target: + averageUtilization: 70 + type: Utilization + type: Resource + minReplicas: 5 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: envoy-default-37a8eec1 diff --git a/internal/infrastructure/kubernetes/proxy/testdata/hpa/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/hpa/default.yaml new file mode 100644 index 000000000000..d11b7e476369 --- /dev/null +++ b/internal/infrastructure/kubernetes/proxy/testdata/hpa/default.yaml @@ -0,0 +1,18 @@ +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: envoy-default-37a8eec1 + namespace: envoy-gateway-system +spec: + metrics: + - resource: + name: cpu + target: + averageUtilization: 80 + type: Utilization + type: Resource + maxReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: envoy-default-37a8eec1 diff --git a/internal/infrastructure/kubernetes/ratelimit/resource_provider.go b/internal/infrastructure/kubernetes/ratelimit/resource_provider.go index f39961795ccc..bb7f2ee598d1 100644 --- a/internal/infrastructure/kubernetes/ratelimit/resource_provider.go +++ b/internal/infrastructure/kubernetes/ratelimit/resource_provider.go @@ -7,6 +7,7 @@ package ratelimit import ( appsv1 "k8s.io/api/apps/v1" + autoscalingv2 "k8s.io/api/autoscaling/v2" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" @@ -202,3 +203,7 @@ func (r *ResourceRender) Deployment() (*appsv1.Deployment, error) { return deployment, nil } + +func (r *ResourceRender) HorizontalPodAutoscaler() (*autoscalingv2.HorizontalPodAutoscaler, error) { + return nil, nil +} diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index 7379bf3cef7d..4fa146d29a99 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -647,6 +647,7 @@ _Appears in:_ | --- | --- | | `envoyDeployment` _[KubernetesDeploymentSpec](#kubernetesdeploymentspec)_ | EnvoyDeployment defines the desired state of the Envoy deployment resource. If unspecified, default settings for the managed Envoy deployment resource are applied. | | `envoyService` _[KubernetesServiceSpec](#kubernetesservicespec)_ | EnvoyService defines the desired state of the Envoy service resource. If unspecified, default settings for the managed Envoy service resource are applied. | +| `envoyHpa` _[KubernetesHorizontalPodAutoscalerSpec](#kuberneteshorizontalpodautoscalerspec)_ | EnvoyHpa defines the Horizontal Pod Autoscaler settings for Envoy Proxy Deployment. Once the HPA is being set, Replicas field from EnvoyDeployment will be ignored. | #### EnvoyProxyProvider @@ -976,6 +977,23 @@ _Appears in:_ | `initContainers` _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#container-v1-core) array_ | List of initialization containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | +#### KubernetesHorizontalPodAutoscalerSpec + + + +KubernetesHorizontalPodAutoscalerSpec defines Kubernetes Horizontal Pod Autoscaler settings of Envoy Proxy Deployment See k8s.io.autoscaling.v2.HorizontalPodAutoScalerSpec + +_Appears in:_ +- [EnvoyProxyKubernetesProvider](#envoyproxykubernetesprovider) + +| Field | Description | +| --- | --- | +| `minReplicas` _integer_ | minReplicas is the lower limit for the number of replicas to which the autoscaler can scale down. It defaults to 1 replica. | +| `maxReplicas` _integer_ | maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up. It cannot be less that minReplicas. | +| `metrics` _[MetricSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#metricspec-v2-autoscaling) array_ | metrics contains the specifications for which to use to calculate the desired replica count (the maximum replica count across all metrics will be used). If left empty, it defaults to being based on CPU utilization with average on 80% usage. | +| `behavior` _[HorizontalPodAutoscalerBehavior](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#horizontalpodautoscalerbehavior-v2-autoscaling)_ | behavior configures the scaling behavior of the target in both Up and Down directions (scaleUp and scaleDown fields respectively). If not set, the default HPAScalingRules for scale up and scale down are used. See k8s.io.autoscaling.v2.HorizontalPodAutoScalerBehavior. | + + #### KubernetesPodSpec diff --git a/test/cel-validation/envoyproxy_test.go b/test/cel-validation/envoyproxy_test.go index ac949ff971d6..86b5a8ddc5ee 100644 --- a/test/cel-validation/envoyproxy_test.go +++ b/test/cel-validation/envoyproxy_test.go @@ -419,6 +419,86 @@ func TestEnvoyProxyProvider(t *testing.T) { }, wantErrors: []string{}, }, + { + desc: "ProxyHpa-maxReplicas-is-required", + mutate: func(envoy *egv1a1.EnvoyProxy) { + envoy.Spec = egv1a1.EnvoyProxySpec{ + Provider: &egv1a1.EnvoyProxyProvider{ + Type: egv1a1.ProviderTypeKubernetes, + Kubernetes: &egv1a1.EnvoyProxyKubernetesProvider{ + EnvoyHpa: &egv1a1.KubernetesHorizontalPodAutoscalerSpec{}, + }, + }, + } + }, + wantErrors: []string{"spec.provider.kubernetes.envoyHpa.maxReplicas: Required value"}, + }, + { + desc: "ProxyHpa-minReplicas-less-than-0", + mutate: func(envoy *egv1a1.EnvoyProxy) { + envoy.Spec = egv1a1.EnvoyProxySpec{ + Provider: &egv1a1.EnvoyProxyProvider{ + Type: egv1a1.ProviderTypeKubernetes, + Kubernetes: &egv1a1.EnvoyProxyKubernetesProvider{ + EnvoyHpa: &egv1a1.KubernetesHorizontalPodAutoscalerSpec{ + MinReplicas: ptr.To[int32](-1), + MaxReplicas: ptr.To[int32](2), + }, + }, + }, + } + }, + wantErrors: []string{"minReplicas must be greater than 0"}, + }, + { + desc: "ProxyHpa-maxReplicas-less-than-0", + mutate: func(envoy *egv1a1.EnvoyProxy) { + envoy.Spec = egv1a1.EnvoyProxySpec{ + Provider: &egv1a1.EnvoyProxyProvider{ + Type: egv1a1.ProviderTypeKubernetes, + Kubernetes: &egv1a1.EnvoyProxyKubernetesProvider{ + EnvoyHpa: &egv1a1.KubernetesHorizontalPodAutoscalerSpec{ + MaxReplicas: ptr.To[int32](-1), + }, + }, + }, + } + }, + wantErrors: []string{"maxReplicas must be greater than 0"}, + }, + { + desc: "ProxyHpa-maxReplicas-less-than-minReplicas", + mutate: func(envoy *egv1a1.EnvoyProxy) { + envoy.Spec = egv1a1.EnvoyProxySpec{ + Provider: &egv1a1.EnvoyProxyProvider{ + Type: egv1a1.ProviderTypeKubernetes, + Kubernetes: &egv1a1.EnvoyProxyKubernetesProvider{ + EnvoyHpa: &egv1a1.KubernetesHorizontalPodAutoscalerSpec{ + MinReplicas: ptr.To[int32](5), + MaxReplicas: ptr.To[int32](2), + }, + }, + }, + } + }, + wantErrors: []string{"maxReplicas cannot be less than or equal to minReplicas"}, + }, + { + desc: "ProxyHpa-valid", + mutate: func(envoy *egv1a1.EnvoyProxy) { + envoy.Spec = egv1a1.EnvoyProxySpec{ + Provider: &egv1a1.EnvoyProxyProvider{ + Type: egv1a1.ProviderTypeKubernetes, + Kubernetes: &egv1a1.EnvoyProxyKubernetesProvider{ + EnvoyHpa: &egv1a1.KubernetesHorizontalPodAutoscalerSpec{ + MinReplicas: ptr.To[int32](5), + MaxReplicas: ptr.To[int32](10), + }, + }, + }, + } + }, + }, } for _, tc := range cases { From 8d65767abfba288eb3700123f0715d3a3540303e Mon Sep 17 00:00:00 2001 From: Meng Date: Wed, 6 Dec 2023 15:56:49 +0800 Subject: [PATCH 12/31] docs: add a "releases" tab (#2160) * Add a release tab in docs Signed-off-by: lemonlinger * Add release notes docs Signed-off-by: lemonlinger --------- Signed-off-by: lemonlinger Co-authored-by: Xunzhuo --- site/content/en/latest/releases/_index.md | 5 ++ site/content/en/latest/releases/v0.1.0.md | 9 +++ .../content/en/latest/releases/v0.2.0-rc.1.md | 37 +++++++++ .../content/en/latest/releases/v0.2.0-rc.2.md | 34 ++++++++ site/content/en/latest/releases/v0.2.0.md | 53 +++++++++++++ .../content/en/latest/releases/v0.3.0-rc.1.md | 64 +++++++++++++++ site/content/en/latest/releases/v0.3.0.md | 77 +++++++++++++++++++ .../content/en/latest/releases/v0.4.0-rc.1.md | 56 ++++++++++++++ site/content/en/latest/releases/v0.4.0.md | 59 ++++++++++++++ .../content/en/latest/releases/v0.5.0-rc.1.md | 71 +++++++++++++++++ site/content/en/latest/releases/v0.5.0.md | 71 +++++++++++++++++ .../content/en/latest/releases/v0.6.0-rc.1.md | 64 +++++++++++++++ site/content/en/latest/releases/v0.6.0.md | 70 +++++++++++++++++ 13 files changed, 670 insertions(+) create mode 100644 site/content/en/latest/releases/_index.md create mode 100644 site/content/en/latest/releases/v0.1.0.md create mode 100644 site/content/en/latest/releases/v0.2.0-rc.1.md create mode 100644 site/content/en/latest/releases/v0.2.0-rc.2.md create mode 100644 site/content/en/latest/releases/v0.2.0.md create mode 100644 site/content/en/latest/releases/v0.3.0-rc.1.md create mode 100644 site/content/en/latest/releases/v0.3.0.md create mode 100644 site/content/en/latest/releases/v0.4.0-rc.1.md create mode 100644 site/content/en/latest/releases/v0.4.0.md create mode 100644 site/content/en/latest/releases/v0.5.0-rc.1.md create mode 100644 site/content/en/latest/releases/v0.5.0.md create mode 100644 site/content/en/latest/releases/v0.6.0-rc.1.md create mode 100644 site/content/en/latest/releases/v0.6.0.md diff --git a/site/content/en/latest/releases/_index.md b/site/content/en/latest/releases/_index.md new file mode 100644 index 000000000000..382eb1dd20da --- /dev/null +++ b/site/content/en/latest/releases/_index.md @@ -0,0 +1,5 @@ +--- +title: "Releases" +weight: 90 +description: This section includes Releases of Envoy Gateway. +--- diff --git a/site/content/en/latest/releases/v0.1.0.md b/site/content/en/latest/releases/v0.1.0.md new file mode 100644 index 000000000000..3d55118a8468 --- /dev/null +++ b/site/content/en/latest/releases/v0.1.0.md @@ -0,0 +1,9 @@ +--- +title: "v0.1.0" +publishdate: 2022-05-16 +--- + +Date: May 16, 2022 + +## Documentation +- The initial open source release describing project goals and high-level design. diff --git a/site/content/en/latest/releases/v0.2.0-rc.1.md b/site/content/en/latest/releases/v0.2.0-rc.1.md new file mode 100644 index 000000000000..59da2015f9d8 --- /dev/null +++ b/site/content/en/latest/releases/v0.2.0-rc.1.md @@ -0,0 +1,37 @@ +--- +title: "v0.2.0-rc.1" +publishdate: 2022-08-31 +--- + +Date: August 31, 2022 + +## Documentation +- Added a quickstart guide for users to run and use Envoy Gateway. + +## API +- Added the EnvoyGateway API type for configuring Envoy Gateway. +- Added the EnvoyProxy API type for configuring managed Envoys. + +## CI +- Added tooling to build, run, etc. Envoy Gateway. + +## Providers +- Added the Kubernetes provider. + +## xDS +- Added xDS server to configure managed Envoys. + +## IR +- Added xds and infra IRs to decouple user-facing APIs from Envoy Gateway. +- Added IR validation. + +## Translator +- Added the gatewayapi translator to translate Gateway API and associated resources to the IR and manage +- Gateway API status. + +## Message Service +- Added infra and xds IR watchable map messages for inter-component communication. +- Added a Runner to each component to support pub/sub between components. + +## Infra Manager +- Added Kubernetes Infra Manager to manage Envoy infrastructure running in a Kubernetes cluster. diff --git a/site/content/en/latest/releases/v0.2.0-rc.2.md b/site/content/en/latest/releases/v0.2.0-rc.2.md new file mode 100644 index 000000000000..756ccfb18da7 --- /dev/null +++ b/site/content/en/latest/releases/v0.2.0-rc.2.md @@ -0,0 +1,34 @@ +--- +title: "v0.2.0-rc.2" +publishdate: 2022-09-29 +--- + +Date: September 29, 2022 + +## Documentation +- Updated and expanded developer documentation. +- Added `kube-demo` target to demonstrate Envoy Gateway functionality. +- Added developer debugging documentation. + +## CI +- Added Gateway API conformance tests. + +## Providers +- Added watchers for dependent resources of managed Envoy infrastructure. +- Added Gateway namespace/name labels to managed resources. +- Added support for finalizing the managed GatewayClass. + +## xDS +- Updated xds server and Envoy bootstrap config to use Delta xDS. +- Added initial support for mTLS between the xDS server and Envoy. + +## Translator +- Expanded support for Gateway API status. +- Added support for request modifier and redirect filters. +- Added support to return 500 responses for invalid backends. + +## Message Service +- Updated IRs to support managing multiple Envoy fleets. + +## Infra Manager +- Separate Envoy infrastructure is created per Gateway. diff --git a/site/content/en/latest/releases/v0.2.0.md b/site/content/en/latest/releases/v0.2.0.md new file mode 100644 index 000000000000..6ebad0cf8f2e --- /dev/null +++ b/site/content/en/latest/releases/v0.2.0.md @@ -0,0 +1,53 @@ +--- +title: "v0.2.0" +publishdate: 2022-10-19 +--- + +Date: October 19, 2022 + +## Documentation +- Added Config API, translator, roadmap, and message bus design documentation. +- Added documentation for releasing Envoy Gateway. +- Added user guides for configuring common tasks, e.g. HTTP request routing. +- Added support for the Sphinx documentation generator. + +## API +- Added the EnvoyGateway API type for configuring Envoy Gateway. +- Added the EnvoyProxy API type for configuring managed Envoys. + +## CI Tooling Testing +- Added tooling to build, run, etc. Envoy Gateway. +- Added Gateway API conformance tests. +- Added Make-based tooling to fetch all tools so checks (code lint, spellchecks) and tests can be run locally. +- Added support for releasing latest artifacts to GitHub. +- Added code coverage with a minimum 60% threshold. + +## IR +- Added xds and infra IRs to decouple user-facing APIs from Envoy Gateway. +- Added IR validation. + +## Translator +- Added the gatewayapi translator to translate Gateway API and associated resources to the IR and manage the status of Gateway API resources. +- Added the xDS translator to translate the xds IR to xDS resources. + +## Message Service +- Added infra and xds IR watchable map messages for inter-component communication. +- Added a Runner to each Envoy Gateway component to support pub/sub between components. +- Added support for managing multiple separate Envoy proxy fleets. + +## Infra Manager +- Added Kubernetes Infra Manager to manage Envoy infrastructure running in a Kubernetes cluster. +- Added support for managing a separate Envoy infrastructure per Gateway. + +## Providers +- Added the Kubernetes provider with support for managing GatewayClass, Gateway, HTTPRoute, ReferenceGrant, and TLSRoute resources. +- Due to Issue #539, a ReferenceGrant is not removed from the system when unreferenced. +- Due to Issue #577, TLSRoute is not being tested for Gateway API conformance. +- Added watchers for dependent resources of managed Envoy infrastructure to trigger reconciliation. +- Added support for labeling managed infrastructure using Gateway namespace/name labels. +- Added support for finalizing the managed GatewayClass. + +## xDS +- Added xDS server support to configure managed Envoys using Delta xDS. +- Added initial support for mTLS between the xDS server and managed Envoys. +- Due to envoyproxy/go-control-plane Issue #599, Envoy Gateway logs the private key of HTTPS listeners. diff --git a/site/content/en/latest/releases/v0.3.0-rc.1.md b/site/content/en/latest/releases/v0.3.0-rc.1.md new file mode 100644 index 000000000000..4c50801e6f3e --- /dev/null +++ b/site/content/en/latest/releases/v0.3.0-rc.1.md @@ -0,0 +1,64 @@ +--- +title: "v0.3.0-rc.1" +publishdate: 2023-02-02 +--- + +Date: February 02, 2023 + +## Documentation +- Added Support for Multiple Release Versions +- Added Support for Versioned Docs +- Added Release Details Docs +- Refactored Layout for User Docs + +## API +- Upgraded to v0.6.0 Gateway API +- Added Support for the TCPRoute API +- Added Support for the UDPRoute API +- Added Support for the GRPCRoute API (Add to the ListenerStatus.SupportedKinds Field until https://github.com/envoyproxy/gateway/issues/950 is fixed.) +- Added Support for HTTPRoute URLRewrite Filter +- Added Support for HTTPRoute RequestMirror Filter +- Added Support for HTTPRoute ResponseHeaderModifier Filter +- Added APIs to Manage Envoy Deployment +- Added Support for Request Authentication +- Added Support for Global Rate Limiting +- Added Support for Routes ReferenceGrant +- Added Support for Namespace Server Config Type + +## CI Tooling Testing +- Fixes Make Image Failed in Darwin +- Fixes Wait for Job Succeeded before conformance test +- Upgraded Echoserver Image Tag +- Added Support for User-Facing Version +- Added Support for Testing EG against Multiple Kubernetes Versions + +## Conformance +- Enabled HTTPRouteInvalidParentRefNotMatchingListenerPort conformance test +- Enabled GatewayInvalidTLSConfiguration conformance test +- Enabled GatewayInvalidRouteKind conformance test +- Enabled HTTPRoutePartiallyInvalidViaInvalidReferenceGrant conformance test +- Enabled HTTPRouteReferenceGrant conformance test +- Enabled HTTPRouteMethodMatching conformance test + +## IR +- Added TCP Listener per TLSRoute + +## Translator +- Fixes Remove Stale Listener Condition +- Added Support for Suffix Matches for Headers +- Added Support for HTTP Method Matching to HTTPRoute +- Added Support for Regex Match Type +- Added Support for HTTPQueryParamMatch + +## Providers +- Refactored Kubernetes Provider to Single Reconciler +- Upgraded Kube Provider Test Data Manifests to v0.6.0 +- Removed Duplicate Settings from Bootstrap Config +- Updated Certgen to Use EG Namespace Env +- Added EnvoyProxy to Translator and Kube Infra Manager +- Upgraded Envoyproxy Image to envoy-dev latest in Main +- Removed EG Logs Private Key + +## xDS +- Fixed Start xDS Server Watchable Map Panics +- Enabled Access Logging for xDS Components diff --git a/site/content/en/latest/releases/v0.3.0.md b/site/content/en/latest/releases/v0.3.0.md new file mode 100644 index 000000000000..4eacf8c45c85 --- /dev/null +++ b/site/content/en/latest/releases/v0.3.0.md @@ -0,0 +1,77 @@ +--- +title: "v0.3.0" +publishdate: 2023-02-09 +--- + +Date: February 09, 2023 + +## Documentation +- Added Global Rate Limit User Docs +- Added Request Authentication User Docs +- Added TCP Routing User Docs +- Added UDP Routing User Docs +- Added GRPC Routing User Docs +- Added HTTP Response Headers User Docs +- Added TCP and UDP Proxy Design Docs +- Added egctl Design Docs +- Added Rate Limit Design Docs +- Added Request Authentication Design Docs +- Added Support for Versioned Docs +- Added Support for Multiple Release Versions +- Added Release Details Docs +- Added API Docs Generating Tooling +- Refactored Layout for User Docs + +## API +- Upgraded to v0.6.1 Gateway API +- Added Support for the TCPRoute API +- Added Support for the UDPRoute API +- Added Support for the GRPCRoute API +- Added Support for HTTPRoute URLRewrite Filter +- Added Support for HTTPRoute RequestMirror Filter +- Added Support for HTTPRoute ResponseHeaderModifier Filter +- Added Support for Request Authentication +- Added Support for Global Rate Limiting +- Added Support for Routes ReferenceGrant +- Added Support for Namespace Server Config Type +- Added initial management of Envoy Proxy deployment via EnvoyProxy API + +## CI Tooling Testing +- Fixed Make Image Failed in Darwin +- Fixed Wait for Job Succeeded before conformance test +- Upgraded Echoserver Image Tag +- Added Support for User-Facing Version +- Added Support for Testing EG against Multiple Kubernetes Versions + +## Conformance +- Enabled GatewayClassObservedGenerationBump conformance test +- Enabled GatewayInvalidTLSConfiguration conformance test +- Enabled GatewayInvalidRouteKind conformance test +- Enabled HTTPRouteReferenceGrant conformance test +- Enabled HTTPRouteMethodMatching conformance test +- Enabled HTTPRoutePartiallyInvalidViaInvalidReferenceGrant conformance test +- Enabled HTTPRouteInvalidParentRefNotMatchingListenerPort conformance test +- (Currently EG passes all conformance tests except redirect and gateway/httproute ObservedGenerationBump tests. Redirect tests are failing due to a possible issue with the way upstream conformance tests have made assumptions. Skip them for now until below issues #992 #993 #994 are resolved) + +## IR +- Added TCP Listener per TLSRoute + +## Translator +- Fixes Remove Stale Listener Condition +- Added Support for Suffix Matches for Headers +- Added Support for HTTP Method Matching to HTTPRoute +- Added Support for Regex Match Type +- Added Support for HTTPQueryParamMatch + +## Providers +- Refactored Kubernetes Provider to Single Reconciler +- Upgraded Kube Provider Test Data Manifests to v0.6.1 +- Removed Duplicate Settings from Bootstrap Config +- Updated Certgen to Use EG Namespace Env +- Added EnvoyProxy to Translator and Kube Infra Manager +- Upgraded Envoyproxy Image to envoy-dev latest in Main +- Removed EG Logs Private Key + +## xDS +- Fixed Start xDS Server Watchable Map Panics +- Enabled Access Logging for xDS Components diff --git a/site/content/en/latest/releases/v0.4.0-rc.1.md b/site/content/en/latest/releases/v0.4.0-rc.1.md new file mode 100644 index 000000000000..927069f641f5 --- /dev/null +++ b/site/content/en/latest/releases/v0.4.0-rc.1.md @@ -0,0 +1,56 @@ +--- +title: "v0.4.0-rc.1" +publishdate: 2023-04-13 +--- + +Date: April 13, 2023 + +## Documentation +- Added Docs for Installing and Using egctl + +## Installation +- Added Helm Installation Support +- Added Support for Ratelimiting Based On IP Subnet +- Added Gateway API Support Doc + +## API +- Upgraded to Gateway API v0.6.2 +- Added Support for Custom Envoy Proxy Bootstrap Config +- Added Support for Configuring the Envoy Proxy Image and Service +- Added Support for Configuring Annotations, Resources, and Securitycontext Settings on Ratelimit Infra and Envoy Proxy +- Added Support for Using Multiple Certificates on a Single Fully Qualified Domain Name +- Gateway Status Address is now Populated for ClusterIP type Envoy Services +- Envoy Proxy Pod and Container SecurityContext is now Configurable +- Added Custom Envoy Gateway Extensions Framework +- Added Support for Service Method Match in GRPCRoute + +## CI Tooling Testing +- Fixed CI Flakes During Helm Install +- Added Test To Ensure Static xDS Cluster Has Same Field Values as Dynamic Cluster +- Added egctl to Build and Test CI Workflow +- Code Coverage Thresholds are now Enforced by CI +- Fixed latest-release-check CI Job Failures +- Added Auto Release Tooling for Charts + +## Conformance +- Enabled GatewayWithAttachedRoutes Test +- Enabled Enable HTTPRouteInvalidParentRefNotMatchingSectionName Test +- Enabled Enable HTTPRouteDisallowedKind Test +- Re-Enabled Gateway/HTTPRouteObservedGenerationBump Test + +## Translator +- Added Support for Dynamic GatewayControllerName in Route Status + +## Providers +- Update GatewayClass Status Based on EnvoyProxy Config Validation + +## xDS +- Added EDS Support +- Fixed PathSeparatedPrefix and Optimized Logic for Prefixes Ending With Trailing Slash +- Updated Deprecated RegexMatcher +- Refactored Authn and Ratelimit Features to Reuse buildXdsCluster + +## Cli +- Added egctl CLI Tool +- Added egctl Support for Dry Runs of Gateway API Config +- Added egctl Support for Dumping Envoy Proxy xDS Resources diff --git a/site/content/en/latest/releases/v0.4.0.md b/site/content/en/latest/releases/v0.4.0.md new file mode 100644 index 000000000000..12c409040888 --- /dev/null +++ b/site/content/en/latest/releases/v0.4.0.md @@ -0,0 +1,59 @@ +--- +title: "v0.4.0" +publishdate: 2023-04-24 +--- + +Date: April 24, 2023 + +## Documentation +- Added Docs for Installing and Using egctl + +## Installation +- Added Helm Installation Support +- Added Support for Ratelimiting Based On IP Subnet +- Added Gateway API Support Doc +- Added Namespace Resource to Helm Templates +- Updated Installation Yaml to Use the envoy-gateway-system Namespace + +## API +- Upgraded to Gateway API v0.6.2 +- Added Support for Custom Envoy Proxy Bootstrap Config +- Added Support for Configuring the Envoy Proxy Image and Service +- Added Support for Configuring Annotations, Resources, and Securitycontext Settings on Ratelimit Infra and Envoy Proxy +- Added Support for Using Multiple Certificates on a Single Fully Qualified Domain Name +- Gateway Status Address is now Populated for ClusterIP type Envoy Services +- Envoy Proxy Pod and Container SecurityContext is now Configurable +- Added Custom Envoy Gateway Extensions Framework +- Added Support for Service Method Match in GRPCRoute +- Fixed a Bug in the Extension Hooks for xDS Virtual Hosts and Routes + +## CI Tooling Testing +- Fixed CI Flakes During Helm Install +- Added Test To Ensure Static xDS Cluster Has Same Field Values as Dynamic Cluster +- Added egctl to Build and Test CI Workflow +- Code Coverage Thresholds are now Enforced by CI +- Fixed latest-release-check CI Job Failures +- Added Auto Release Tooling for Charts + +## Conformance +- Enabled GatewayWithAttachedRoutes Test +- Enabled Enable HTTPRouteInvalidParentRefNotMatchingSectionName Test +- Enabled Enable HTTPRouteDisallowedKind Test +- Re-Enabled Gateway/HTTPRouteObservedGenerationBump Test + +## Translator +- Added Support for Dynamic GatewayControllerName in Route Status + +## Providers +- Update GatewayClass Status Based on EnvoyProxy Config Validation + +## xDS +- Added EDS Support +- Fixed PathSeparatedPrefix and Optimized Logic for Prefixes Ending With Trailing Slash +- Updated Deprecated RegexMatcher +- Refactored Authn and Ratelimit Features to Reuse buildXdsCluster + +## Cli +- Added egctl CLI Tool +- Added egctl Support for Dry Runs of Gateway API Config +- Added egctl Support for Dumping Envoy Proxy xDS Resources diff --git a/site/content/en/latest/releases/v0.5.0-rc.1.md b/site/content/en/latest/releases/v0.5.0-rc.1.md new file mode 100644 index 000000000000..17d407db18ae --- /dev/null +++ b/site/content/en/latest/releases/v0.5.0-rc.1.md @@ -0,0 +1,71 @@ +--- +title: "v0.5.0" +publishdate: 2023-07-26 +--- + +Date: July 26, 2023 + +## Documentation +- Added Docs for Installation page using Helm +- Added Docs for Cert Manager Integration +- Added Docs for Presentation Links +- Added Docs for configuring multiple TLS Certificates per Listener + +## Installation +- Added Support for configuring Envoy Gateway Label and Annotations using Helm +- Increased default Resource defaults for Envoy Gateway to 100m CPU and 256Mi Memory +- Fixes Helm values for EnvoyGateway startup configuration +- Added opt-in field to skip creating control plane TLS Certificates allowing users to bring their own certificates. + +## API +- Upgraded to Gateway API v0.7.1 +- Added Support for EnvoyPatchPolicy +- Added Support for EnvoyProxy Telemetry - Access Logging, Traces and Metrics +- Added Support for configuring EnvoyProxy Pod Labels +- Added Support for configuring EnvoyProxy Deployment Strategy Settings, Volumes and Volume Mounts +- Added Support for configuring EnvoyProxy as a NodePort Type Service +- Added Support for Distinct RateLimiting for IP Addresses +- Added Support for converting JWT Claims to Headers, to be used for RateLimiting +- Added Admin Server for Envoy Gateway +- Added Pprof Debug Support for Envoy Gateway +- Added Support to Watch for Resources in Select Namespaces +### Breaking Changes +- Renamed field in EnvoyGateway API from Extension to ExtensionManager + +## CI Tooling Testing +- Added Retest Github Action +- Added CherryPick Github Action +- Added E2E Step in Github CI Workflow +- Added RateLimit E2E Tests +- Added JWT Claim based RateLimit E2E Tests +- Added Access Logging E2E tests +- Added Metrics E2E tests +- Added Tracing E2E tests + +## Conformance +- Enabled GatewayWithAttachedRoutes Test +- Enabled HttpRouteRequestMirror Test +- Skipped HTTPRouteRedirectPortAndScheme Test + +## Translator +### Breaking changes +- Renamed IR resources from - to / +- which also affects generated Xds Resources + +## Providers +- Reconcile Node resources to be able to compute Status Addresses for Gateway +- Discard Status before publishing Provider resources to reduce memory consumption + +## xDS +- Fix Init Race in Xds Runner when starting Xds Server and receiving Xds Input +- Switched to Xds SOTW Server for RateLimit Service Configuration +- Added Control Plane TLS between EnvoyProxy and RateLimit Service +- Enabled adding RateLimit Headers when RateLimit is set +- Allowed GRPCRoute and HTTPRoute to be linked to the same HTTPS Listener +- Set ALPN in the Xds Listener with TLS enabled. +- Added Best Practices Default Edge Settings to Xds Resources +- Compute and Publish EnvoyPatchPolicy status from xds-translator runner + +## Cli +- Added egctl x translate Support to generate default missing Resources +- Added egctl x translate Support for AuthenticationFilter and EnvoyPatchPolicy diff --git a/site/content/en/latest/releases/v0.5.0.md b/site/content/en/latest/releases/v0.5.0.md new file mode 100644 index 000000000000..ce1bd6b91889 --- /dev/null +++ b/site/content/en/latest/releases/v0.5.0.md @@ -0,0 +1,71 @@ +--- +title: "v0.5.0" +publishdate: 2023-07-26 +--- + +Date: July 26, 2023 + +## Documentation +- Added Docs for Installation page using Helm +- Added Docs for Cert Manager Integration +- Added Docs for Presentation Links +- Added Docs for configuring multiple TLS Certificates per Listener + +## Installation +- Added Support for configuring Envoy Gateway Label and Annotations using Helm +- Increased default Resource defaults for Envoy Gateway to 100m CPU and 256Mi Memory +- Fixes Helm values for EnvoyGateway startup configuration +- Added opt-in field to skip creating control plane TLS Certificates allowing users to bring their own certificates. + +## API +- Upgraded to Gateway API v0.7.1 +- Added Support for EnvoyPatchPolicy +- Added Support for EnvoyProxy Telemetry - Access Logging, Traces and Metrics +- Added Support for configuring EnvoyProxy Pod Labels +- Added Support for configuring EnvoyProxy Deployment Strategy Settings, Volumes and Volume Mounts +- Added Support for configuring EnvoyProxy as a NodePort Type Service +- Added Support for Distinct RateLimiting for IP Addresses +- Added Support for converting JWT Claims to Headers, to be used for RateLimiting +- Added Admin Server for Envoy Gateway +- Added Pprof Debug Support for Envoy Gateway +- Added Support to Watch for Resources in Select Namespaces +### Breaking Changes +- Renamed field in EnvoyGateway API from Extension to ExtensionManager + +## CI Tooling Testing +- Added Retest Github Action +- Added CherryPick Github Action +- Added E2E Step in Github CI Workflow +- Added RateLimit E2E Tests +- Added JWT Claim based RateLimit E2E Tests +- Added Access Logging E2E tests +- Added Metrics E2E tests +- Added Tracing E2E tests + +## Conformance +- Enabled GatewayWithAttachedRoutes Test +- Enabled HttpRouteRequestMirror Test +- Skipped HTTPRouteRedirectPortAndScheme Test + +## Translator +### Breaking Changes +- Renamed IR resources from - to / + which also affects generated Xds Resources + +## Providers +- Reconcile Node resources to be able to compute Status Addresses for Gateway +- Discard Status before publishing Provider resources to reduce memory consumption + +## xDS +- Fix Init Race in Xds Runner when starting Xds Server and receiving Xds Input +- Switched to Xds SOTW Server for RateLimit Service Configuration +- Added Control Plane TLS between EnvoyProxy and RateLimit Service +- Enabled adding RateLimit Headers when RateLimit is set +- Allowed GRPCRoute and HTTPRoute to be linked to the same HTTPS Listener +- Set ALPN in the Xds Listener with TLS enabled. +- Added Best Practices Default Edge Settings to Xds Resources +- Compute and Publish EnvoyPatchPolicy status from xds-translator runner + +## Cli +- Added egctl x translate Support to generate default missing Resources +- Added egctl x translate Support for AuthenticationFilter and EnvoyPatchPolicy diff --git a/site/content/en/latest/releases/v0.6.0-rc.1.md b/site/content/en/latest/releases/v0.6.0-rc.1.md new file mode 100644 index 000000000000..5141bc27966e --- /dev/null +++ b/site/content/en/latest/releases/v0.6.0-rc.1.md @@ -0,0 +1,64 @@ +--- +title: "v0.6.0-rc.1" +publishdate: 2023-10-27 +--- + +Date: Oct 27, 2023 + +## Documentation +- Introduced a new website based on Hugo +- Added Grafana dashboards and integration docs for EnvoyProxy metrics +- Added Grafana integration docs for Gateway API metrics + +## Installation +- Added Support for configuring Envoy Gateway Label and Annotations using Helm +- Increased default Resource defaults for Envoy Gateway to 100m CPU and 256Mi Memory +- Fixes Helm values for EnvoyGateway startup configuration +- Added opt-in field to skip creating control plane TLS Certificates allowing users to bring their own certificates. + +## API +- Upgraded to Gateway API v1.0.0 +- Added the ClientTrafficPolicy CRD with Keep Alive Support +- Added the BackendTrafficPolicy CRD with RateLimit and LoadBalancer Support +- Added the SecurityPolicy CRD with CORS and JWT Support +- Added EnvoyGateway Metrics with Prometheus and OpenTelemetry support +- Added Support for InitContainers in EnvoyProxy CRD +- Added Support for LoadBalancerIP in EnvoyProxy CRD +- Added Support for AllocateLoadBalancerNodePorts in EnvoyProxy CRD +- Added Support for LoadBalancerClass in EnvoyProxy CRD +- Added Support for selecting EnvoyProxy stats to be generated +- Added Support for enabling EnvoyProxy Virtual Host metrics +- Added Support for Merging Gateway resources onto the same infrastructure + +### Breaking changes +- Removed the AuthenticationFilter CRD +- Removed the RateLimitFilter CRD +- Enabled EnvoyProxy Prometheus Endpoint by default with an option to disable it +- Updated the Bootstrap field within the EnvoyProxy CRD with an additional value +- field to specify bootstrap config + +## watchable +- Improved caching of resource by implementing a compare function agnostic of resource order + +## Translator +### Breaking changes +- Added support for routing to EndpointSlice endpoints +- Added support for HTTPRoute Timeouts +- Added support for multiple RequestMirror filters per HTTPRoute rule +- Use / instead of - in IR Route Names +- Added Support to ignore ports in Host header + +## Providers +- Added the generationChangedPredicate to most resources to limit resource reconiliation +- Improved reconiliation by using the same enqueue request for all resources +- Added support for reconciling ServiceImport CRD +- Added support for selectively watching resources based on Namespace Selector + +## XDS +- Fixed Layered Runtime warnings +- Upgraded to the latest version of go-control-plane that fixed xDS Resource ordering issues for ADS. +- Added HTTP2 Keep Alives to the xds connection + +## Cli +- Added Support for egctl stats command + diff --git a/site/content/en/latest/releases/v0.6.0.md b/site/content/en/latest/releases/v0.6.0.md new file mode 100644 index 000000000000..2b8714030b00 --- /dev/null +++ b/site/content/en/latest/releases/v0.6.0.md @@ -0,0 +1,70 @@ +--- +title: "v0.6.0" +publishdate: 2023-11-01 +--- + +Date: Nov 1, 2023 + +## Documentation +- Introduced a new website based on Hugo +- Added Grafana dashboards and integration docs for EnvoyProxy metrics +- Added Grafana integration docs for Gateway API metrics + +## Installation +- Updated EnvoyProxy image to be a distroless variant. +- Removed resources around kube-rbac-proxy + +## API +- Upgraded to Gateway API v1.0.0 +- Added the ClientTrafficPolicy CRD with Keep Alive Support +- Added the BackendTrafficPolicy CRD with RateLimit and LoadBalancer Support +- Added the SecurityPolicy CRD with CORS and JWT Support +- Added EnvoyGateway Metrics with Prometheus and OpenTelemetry support +- Added Support for InitContainers in EnvoyProxy CRD +- Added Support for LoadBalancerIP in EnvoyProxy CRD +- Added Support for AllocateLoadBalancerNodePorts in EnvoyProxy CRD +- Added Support for LoadBalancerClass in EnvoyProxy CRD +- Added Support for selecting EnvoyProxy stats to be generated +- Added Support for enabling EnvoyProxy Virtual Host metrics +- Added Support for Merging Gateway resources onto the same infrastructure + +### Breaking changes +- Removed the AuthenticationFilter CRD +- Removed the RateLimitFilter CRD +- Moved EnvoyProxy CRD from `config.gateway.envoyproxy.io` to `gateway.envoyproxy.io` +- Enabled EnvoyProxy Prometheus Endpoint by default with an option to disable it +- Updated the Bootstrap field within the EnvoyProxy CRD with an additional value +- field to specify bootstrap config + +## Conformance +- Added Support for HTTPRouteBackendProtocolH2C Test +- Added Support for HTTPRouteBackendProtocolWebSocket Test +- Added Support for HTTPRouteRequestMultipleMirrors Test +- Added Support for HTTPRouteTimeoutRequest Test +- Added Support for HTTPRouteTimeoutBackendRequest Test +- Added Support for HTTPRouteRedirectPortAndScheme Test + +## Watchable +- Improved caching of resource by implementing a compare function agnostic of resource order + +## Translator +- Added support for routing to EndpointSlice endpoints +- Added support for HTTPRoute Timeouts +- Added support for multiple RequestMirror filters per HTTPRoute rule +- Use / instead of - in IR Route Names +- Added Support to ignore ports in Host header + +## Providers +- Added the generationChangedPredicate to most resources to limit resource reconiliation +- Improved reconiliation by using the same enqueue request for all resources +- Added support for reconciling ServiceImport CRD +- Added support for selectively watching resources based on Namespace Selector + + +## XDS +- Fixed Layered Runtime warnings +- Upgraded to the latest version of go-control-plane that fixed xDS Resource ordering issues for ADS. +- Added HTTP2 Keep Alives to the xds connection + +## Cli +- Added Support for egctl stats command From d1c19dc657a9b5d14b6b6069283f3dbd7f3026ce Mon Sep 17 00:00:00 2001 From: Xunzhuo Date: Wed, 6 Dec 2023 18:33:07 +0800 Subject: [PATCH 13/31] docs: use / as baseURL domain (#2274) fix(docs): use / as baseURL domain Signed-off-by: bitliu --- site/hugo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site/hugo.toml b/site/hugo.toml index 2c60c9e85b67..42b20f01c294 100644 --- a/site/hugo.toml +++ b/site/hugo.toml @@ -1,4 +1,4 @@ -baseURL = "https://gateway.envoyproxy.io/" +baseURL = "/" title = "Envoy Gateway" # Language settings From 00feeb4246a58dd95f062d90a89f450137e02875 Mon Sep 17 00:00:00 2001 From: Ardika Bagus S Date: Thu, 7 Dec 2023 06:54:59 +0700 Subject: [PATCH 14/31] docs: add user guide for EnvoyProxy HPA (#2271) * docs: add user guide to customize envoyproxy hpa Signed-off-by: Ardika Bagus * chore: fix format Signed-off-by: Ardika Bagus --------- Signed-off-by: Ardika Bagus --- api/v1alpha1/shared_types.go | 4 +- site/content/en/latest/api/extension_types.md | 2 +- .../en/latest/user/customize-envoyproxy.md | 40 +++++++++++++++++-- 3 files changed, 39 insertions(+), 7 deletions(-) diff --git a/api/v1alpha1/shared_types.go b/api/v1alpha1/shared_types.go index e6d19f960ae5..b3126c42f27e 100644 --- a/api/v1alpha1/shared_types.go +++ b/api/v1alpha1/shared_types.go @@ -277,8 +277,8 @@ const ( StringMatchRegularExpression StringMatchType = "RegularExpression" ) -// KubernetesHorizontalPodAutoscalerSpec defines Kubernetes Horizontal Pod Autoscaler settings of Envoy Proxy Deployment -// See k8s.io.autoscaling.v2.HorizontalPodAutoScalerSpec +// KubernetesHorizontalPodAutoscalerSpec defines Kubernetes Horizontal Pod Autoscaler settings of Envoy Proxy Deployment. +// See k8s.io.autoscaling.v2.HorizontalPodAutoScalerSpec. type KubernetesHorizontalPodAutoscalerSpec struct { // minReplicas is the lower limit for the number of replicas to which the autoscaler // can scale down. It defaults to 1 replica. diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index 4fa146d29a99..650863ef0f52 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -981,7 +981,7 @@ _Appears in:_ -KubernetesHorizontalPodAutoscalerSpec defines Kubernetes Horizontal Pod Autoscaler settings of Envoy Proxy Deployment See k8s.io.autoscaling.v2.HorizontalPodAutoScalerSpec +KubernetesHorizontalPodAutoscalerSpec defines Kubernetes Horizontal Pod Autoscaler settings of Envoy Proxy Deployment. See k8s.io.autoscaling.v2.HorizontalPodAutoScalerSpec. _Appears in:_ - [EnvoyProxyKubernetesProvider](#envoyproxykubernetesprovider) diff --git a/site/content/en/latest/user/customize-envoyproxy.md b/site/content/en/latest/user/customize-envoyproxy.md index a6d93810988f..6565d08b0dcf 100644 --- a/site/content/en/latest/user/customize-envoyproxy.md +++ b/site/content/en/latest/user/customize-envoyproxy.md @@ -135,7 +135,7 @@ EOF ## Customize EnvoyProxy Deployment Env -You can customize the EnvoyProxy Deployment Env via EnvoyProxy Config like: +You can customize the EnvoyProxy Deployment Env via EnvoyProxy Config like: ```shell cat < Date: Thu, 7 Dec 2023 11:01:12 +0800 Subject: [PATCH 15/31] fix(docs): v0.5.0-rc.1 title (#2270) Signed-off-by: bitliu --- site/content/en/latest/releases/v0.5.0-rc.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site/content/en/latest/releases/v0.5.0-rc.1.md b/site/content/en/latest/releases/v0.5.0-rc.1.md index 17d407db18ae..bda070995c8c 100644 --- a/site/content/en/latest/releases/v0.5.0-rc.1.md +++ b/site/content/en/latest/releases/v0.5.0-rc.1.md @@ -1,5 +1,5 @@ --- -title: "v0.5.0" +title: "v0.5.0-rc.1" publishdate: 2023-07-26 --- From 8f003cd7b6fe962abe3f758e72b441c5c7d33153 Mon Sep 17 00:00:00 2001 From: Xunzhuo Date: Thu, 7 Dec 2023 11:34:51 +0800 Subject: [PATCH 16/31] feat: support docs preview (#2278) Signed-off-by: bitliu --- .github/workflows/docs.yaml | 49 ++++++++++++++++++++++++++++++++----- 1 file changed, 43 insertions(+), 6 deletions(-) diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index 7bda29e66a01..78757414ab95 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -6,12 +6,8 @@ on: - "release/v*" paths-ignore: - "**/*.png" - pull_request: - branches: - - "main" - - "release/v*" - paths-ignore: - - "**/*.png" + pull_request_target: + types: [opened, synchronize, reopened] jobs: docs-lint: @@ -19,6 +15,8 @@ jobs: steps: - name: Check out code uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.sha }} - name: Run markdown linter uses: nosborn/github-action-markdown-cli@v3.3.0 @@ -36,6 +34,7 @@ jobs: uses: actions/checkout@v4 with: submodules: true + ref: ${{ github.event.pull_request.head.sha }} - name: Setup Hugo uses: peaceiris/actions-hugo@v2 @@ -60,6 +59,44 @@ jobs: # Duration after which artifact will expire in days. # retention-days: # optional, default is 1 + docs-preview: + if: "github.event_name == 'pull_request_target'" + needs: docs-build + runs-on: ubuntu-22.04 + steps: + - name: Git checkout + uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.sha }} + - name: Setup Hugo + uses: peaceiris/actions-hugo@v2 + with: + hugo-version: 'latest' + extended: true + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: '18' + - name: Install Site Dependencies and Build Site + run: make docs + - name: Deploy to Netlify + uses: nwtgck/actions-netlify@v2.0 + with: + publish-dir: 'site/public' + production-deploy: false + github-token: ${{ secrets.GITHUB_TOKEN }} + deploy-message: "Deploy from GitHub Actions" + alias: "${{ github.event.repository.name }}-pr-${{ github.event.pull_request.number }}-preview" + # these all default to 'true' + enable-pull-request-comment: true + enable-commit-comment: false + enable-commit-status: true + overwrites-pull-request-comment: true + env: + NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} + NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }} + timeout-minutes: 1 + # This workflow contains a single job called "build" docs-publish: if: github.event_name == 'push' From 52af65e2d35d6d8cbd02e3b8257d1784b0f31dd6 Mon Sep 17 00:00:00 2001 From: zirain Date: Thu, 7 Dec 2023 16:34:42 +0800 Subject: [PATCH 17/31] chore: add paths for docs action (#2279) Signed-off-by: zirain --- .github/workflows/docs.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index 78757414ab95..b7ac6b65519d 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -4,10 +4,12 @@ on: branches: - "main" - "release/v*" - paths-ignore: - - "**/*.png" + paths: + - 'site/**' pull_request_target: types: [opened, synchronize, reopened] + paths: + - 'site/**' jobs: docs-lint: From 557591eddcf6c18e93eb1645d8ffffbb06e5b555 Mon Sep 17 00:00:00 2001 From: Xunzhuo Date: Fri, 8 Dec 2023 12:18:56 +0800 Subject: [PATCH 18/31] ci: add PR comment and cc reviewers (#2280) * feat: welcome comment and auto cc gateway reviewers Signed-off-by: bitliu * update Signed-off-by: bitliu * fix lint Signed-off-by: bitliu --------- Signed-off-by: bitliu --- .github/workflows/welcome.yaml | 40 ++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 .github/workflows/welcome.yaml diff --git a/.github/workflows/welcome.yaml b/.github/workflows/welcome.yaml new file mode 100644 index 000000000000..750c36f1c1d9 --- /dev/null +++ b/.github/workflows/welcome.yaml @@ -0,0 +1,40 @@ +name: Welcome + +on: + pull_request_target: + types: [opened] + +jobs: + comment: + permissions: + pull-requests: write + runs-on: ubuntu-latest + steps: + - name: Comment + uses: peter-evans/create-or-update-comment@v3 + with: + issue-number: ${{ github.event.pull_request.number }} + body: | + 🚀 Thank you for contributing to the [Envoy Gateway](https://gateway.envoyproxy.io/) project! 🚀 + + Before merging, please ensure to follow the process below: + + 1. Requesting Reviews: + - cc @envoyproxy/gateway-reviewers team for an initial review. + - After the initial review, reviewers should request the @envoyproxy/gateway-maintainers team for further review. + 2. Review Approval: + - Your PR needs to receive at least two approvals. + - At least one approval must come from a member of the gateway-maintainers team. + + **NOTE**: Once your PR is under review, ***please do not rebase and force push it***. Otherwise, it will force your reviewers to review the PR from scratch rather than simply look at your latest changes. + +
+ What's more, you can help expedite the processing of your PR by +
+ + - Ensuring you have self-reviewed your work according to the project's [Contribution Guidelines](https://gateway.envoyproxy.io/latest/contributions/develop). + - If your PR addresses a specific issue, make sure to mention it in the PR description. + - Respond promptly if there are any test failures or suggestions for improvements that we comment on. + +
+ reactions: 'heart' From ea3d56816dae5f0110e6b6212ef44fe47e96cd4b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Dec 2023 15:22:48 +0800 Subject: [PATCH 19/31] build(deps): bump actions/stale from 8 to 9 (#2293) Bumps [actions/stale](https://github.com/actions/stale) from 8 to 9. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/v8...v9) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/stale.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 1e8967a03521..f13fbcbec0ed 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -15,7 +15,7 @@ jobs: steps: - name: Prune Stale - uses: actions/stale@v8 + uses: actions/stale@v9 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Different amounts of days for issues/PRs are not currently supported but there is a PR From 58140344277fb169927873f534adc8ac246ba175 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Dec 2023 15:23:19 +0800 Subject: [PATCH 20/31] build(deps): bump actions/deploy-pages from 2.0.5 to 3.0.1 (#2292) Bumps [actions/deploy-pages](https://github.com/actions/deploy-pages) from 2.0.5 to 3.0.1. - [Release notes](https://github.com/actions/deploy-pages/releases) - [Commits](https://github.com/actions/deploy-pages/compare/v2.0.5...v3.0.1) --- updated-dependencies: - dependency-name: actions/deploy-pages dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Xunzhuo --- .github/workflows/docs.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index b7ac6b65519d..c1a8e3205239 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -119,4 +119,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v2.0.5 + uses: actions/deploy-pages@v3.0.1 From 499c04d35fcf3ed27a046c646354fae3d9d7487c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Dec 2023 15:23:43 +0800 Subject: [PATCH 21/31] build(deps): bump nwtgck/actions-netlify from 2.0 to 2.1 (#2291) Bumps [nwtgck/actions-netlify](https://github.com/nwtgck/actions-netlify) from 2.0 to 2.1. - [Release notes](https://github.com/nwtgck/actions-netlify/releases) - [Changelog](https://github.com/nwtgck/actions-netlify/blob/develop/CHANGELOG.md) - [Commits](https://github.com/nwtgck/actions-netlify/compare/v2.0...v2.1) --- updated-dependencies: - dependency-name: nwtgck/actions-netlify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Xunzhuo --- .github/workflows/docs.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index c1a8e3205239..ce9c9f9ce388 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -82,7 +82,7 @@ jobs: - name: Install Site Dependencies and Build Site run: make docs - name: Deploy to Netlify - uses: nwtgck/actions-netlify@v2.0 + uses: nwtgck/actions-netlify@v2.1 with: publish-dir: 'site/public' production-deploy: false From f71f37246478bac4fc2f18e0bb5c46c0886d49a7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Dec 2023 15:24:31 +0800 Subject: [PATCH 22/31] build(deps): bump envoyproxy/toolshed from actions-v0.1.82 to 0.2.13 (#2290) Bumps [envoyproxy/toolshed](https://github.com/envoyproxy/toolshed) from actions-v0.1.82 to 0.2.13. This release includes the previously tagged commit. - [Release notes](https://github.com/envoyproxy/toolshed/releases) - [Commits](https://github.com/envoyproxy/toolshed/compare/actions-v0.1.82...actions-v0.2.13) --- updated-dependencies: - dependency-name: envoyproxy/toolshed dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Xunzhuo --- .github/workflows/retest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/retest.yaml b/.github/workflows/retest.yaml index cb722b6392d1..ba6e98678b16 100644 --- a/.github/workflows/retest.yaml +++ b/.github/workflows/retest.yaml @@ -22,6 +22,6 @@ jobs: pull-requests: write actions: write steps: - - uses: envoyproxy/toolshed/gh-actions/retest@actions-v0.1.82 + - uses: envoyproxy/toolshed/gh-actions/retest@actions-v0.2.13 with: token: ${{ secrets.GITHUB_TOKEN }} From f7d1e2cdc691b784228793fe718a880b419c530c Mon Sep 17 00:00:00 2001 From: Xunzhuo Date: Wed, 13 Dec 2023 21:30:14 +0800 Subject: [PATCH 23/31] fix: mergeGateways panics when restarting control plane (#2283) Signed-off-by: bitliu --- internal/provider/kubernetes/predicates.go | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/internal/provider/kubernetes/predicates.go b/internal/provider/kubernetes/predicates.go index 9a98bff10356..0ffcfc369a40 100644 --- a/internal/provider/kubernetes/predicates.go +++ b/internal/provider/kubernetes/predicates.go @@ -180,10 +180,13 @@ func (r *gatewayAPIReconciler) validateServiceForReconcile(obj client.Object) bo gclass, ok := labels[gatewayapi.OwningGatewayClassLabel] if ok { res, _ := r.resources.GatewayAPIResources.Load(gclass) - for _, gw := range res.Gateways { - gw := gw - r.statusUpdateForGateway(ctx, gw) + if res != nil && len(res.Gateways) > 0 { + for _, gw := range res.Gateways { + gw := gw + r.statusUpdateForGateway(ctx, gw) + } } + return false } @@ -313,9 +316,11 @@ func (r *gatewayAPIReconciler) validateDeploymentForReconcile(obj client.Object) gclass, ok := labels[gatewayapi.OwningGatewayClassLabel] if ok { res, _ := r.resources.GatewayAPIResources.Load(gclass) - for _, gtw := range res.Gateways { - gtw := gtw - r.statusUpdateForGateway(ctx, gtw) + if res != nil && len(res.Gateways) > 0 { + for _, gw := range res.Gateways { + gw := gw + r.statusUpdateForGateway(ctx, gw) + } } return false } From 176823cef42f7807b4d715b74214f16131433067 Mon Sep 17 00:00:00 2001 From: Huabing Zhao Date: Wed, 13 Dec 2023 21:57:56 +0800 Subject: [PATCH 24/31] forward jwt tokens after verification (#2300) * forward jwt tokens after verification Signed-off-by: huabing zhao * fix test Signed-off-by: huabing zhao * fix test Signed-off-by: huabing zhao --------- Signed-off-by: huabing zhao --- .../out/jwt-single-route-single-match-to-xds.all.json | 1 + .../out/jwt-single-route-single-match-to-xds.all.yaml | 1 + .../out/jwt-single-route-single-match-to-xds.listener.yaml | 1 + internal/xds/translator/jwt.go | 1 + .../testdata/out/xds-ir/jwt-custom-extractor.listeners.yaml | 1 + .../out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml | 4 ++++ .../out/xds-ir/jwt-multi-route-single-provider.listeners.yaml | 2 ++ .../testdata/out/xds-ir/jwt-ratelimit.listeners.yaml | 1 + .../out/xds-ir/jwt-single-route-single-match.listeners.yaml | 1 + 9 files changed, 13 insertions(+) diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json index 16c1d3522fc7..f3452b71909f 100644 --- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json +++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json @@ -394,6 +394,7 @@ "@type": "type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication", "providers": { "httproute/envoy-gateway-system/backend/rule/0/match/0/www_example_com/example": { + "forward": true, "remoteJwks": { "asyncFetch": {}, "cacheDuration": "300s", diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml index 8b70c138d50f..6f26675e23fa 100644 --- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml @@ -233,6 +233,7 @@ xds: '@type': type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication providers: httproute/envoy-gateway-system/backend/rule/0/match/0/www_example_com/example: + forward: true remoteJwks: asyncFetch: {} cacheDuration: 300s diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml index 273ca89e7c79..7c8a353b83ca 100644 --- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml +++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml @@ -48,6 +48,7 @@ xds: '@type': type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication providers: httproute/envoy-gateway-system/backend/rule/0/match/0/www_example_com/example: + forward: true remoteJwks: asyncFetch: {} cacheDuration: 300s diff --git a/internal/xds/translator/jwt.go b/internal/xds/translator/jwt.go index 619b99b552ea..ea5dd6ce28f1 100644 --- a/internal/xds/translator/jwt.go +++ b/internal/xds/translator/jwt.go @@ -142,6 +142,7 @@ func buildJWTAuthn(irListener *ir.HTTPListener) (*jwtauthnv3.JwtAuthentication, JwksSourceSpecifier: remote, PayloadInMetadata: irProvider.Issuer, ClaimToHeaders: claimToHeaders, + Forward: true, } if irProvider.ExtractFrom != nil { diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.listeners.yaml index 2481c634ea7f..3bd76da8af01 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.listeners.yaml @@ -21,6 +21,7 @@ first-route/example: audiences: - foo.com + forward: true fromCookies: - session_access_token issuer: https://www.example.com diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml index 1eec8005ef8b..23990992ee73 100755 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml @@ -24,6 +24,7 @@ claimToHeaders: - claimName: claim.neteased.key headerName: one-route-example-key1 + forward: true issuer: https://www.example.com payloadInMetadata: https://www.example.com remoteJwks: @@ -43,6 +44,7 @@ headerName: one-route-example2-key1 - claimName: name headerName: one-route-example2-key2 + forward: true issuer: https://www.two.example.com payloadInMetadata: https://www.two.example.com remoteJwks: @@ -59,6 +61,7 @@ claimToHeaders: - claimName: claim.neteased.key headerName: second-route-example-key1 + forward: true issuer: https://www.example.com payloadInMetadata: https://www.example.com remoteJwks: @@ -73,6 +76,7 @@ audiences: - one.foo.com - two.foo.com + forward: true issuer: https://www.two.example.com payloadInMetadata: https://www.two.example.com remoteJwks: diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.listeners.yaml index 133530ef79fe..bc515a98bb81 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.listeners.yaml @@ -46,6 +46,7 @@ claimToHeaders: - claimName: claim.neteased.key headerName: first-route-key + forward: true issuer: https://www.example.com payloadInMetadata: https://www.example.com remoteJwks: @@ -59,6 +60,7 @@ second-route/example: audiences: - foo.com + forward: true issuer: https://www.example.com payloadInMetadata: https://www.example.com remoteJwks: diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.listeners.yaml index 8ff2832d64bf..797be82e9828 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.listeners.yaml @@ -21,6 +21,7 @@ first-route/example: audiences: - foo.com + forward: true issuer: https://www.example.com payloadInMetadata: https://www.example.com remoteJwks: diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.listeners.yaml index 9a095ee2e290..e268247f4752 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.listeners.yaml @@ -21,6 +21,7 @@ first-route/example: audiences: - foo.com + forward: true issuer: https://www.example.com payloadInMetadata: https://www.example.com remoteJwks: From 9aebfdc3e3b984219600671c4f1d4e76b140d675 Mon Sep 17 00:00:00 2001 From: Tanuj Dwivedi Date: Thu, 14 Dec 2023 18:31:52 +0530 Subject: [PATCH 25/31] feature: add hostNetwork to the podSpec (#1944) * added hostNetwork to the podSpec Signed-off-by: tanujd11 * make gen-check Signed-off-by: tanujd11 --------- Signed-off-by: tanujd11 Co-authored-by: Xunzhuo --- api/v1alpha1/shared_types.go | 4 ++++ .../crds/generated/gateway.envoyproxy.io_envoyproxies.yaml | 4 ++++ internal/infrastructure/kubernetes/proxy/resource_provider.go | 1 + .../infrastructure/kubernetes/proxy/resource_provider_test.go | 1 + .../kubernetes/proxy/testdata/deployments/custom.yaml | 1 + .../infrastructure/kubernetes/ratelimit/resource_provider.go | 1 + .../kubernetes/ratelimit/resource_provider_test.go | 1 + .../kubernetes/ratelimit/testdata/deployments/custom.yaml | 1 + site/content/en/latest/api/extension_types.md | 1 + 9 files changed, 15 insertions(+) diff --git a/api/v1alpha1/shared_types.go b/api/v1alpha1/shared_types.go index b3126c42f27e..7fa593ef1869 100644 --- a/api/v1alpha1/shared_types.go +++ b/api/v1alpha1/shared_types.go @@ -113,6 +113,10 @@ type KubernetesPodSpec struct { // // +optional Volumes []corev1.Volume `json:"volumes,omitempty"` + + // HostNetwork, If this is set to true, the pod will use host's network namespace. + // +optional + HostNetwork bool `json:"hostNetwork,omitempty"` } // KubernetesContainerSpec defines the desired state of the Kubernetes container resource. diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml index 7bff9e4149a0..3228d86ccf9b 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml @@ -3024,6 +3024,10 @@ spec: should be appended to the pods. By default, no pod annotations are appended. type: object + hostNetwork: + description: HostNetwork, If this is set to true, + the pod will use host's network namespace. + type: boolean labels: additionalProperties: type: string diff --git a/internal/infrastructure/kubernetes/proxy/resource_provider.go b/internal/infrastructure/kubernetes/proxy/resource_provider.go index 6ab47c0b3348..20ce9d4bf5e0 100644 --- a/internal/infrastructure/kubernetes/proxy/resource_provider.go +++ b/internal/infrastructure/kubernetes/proxy/resource_provider.go @@ -216,6 +216,7 @@ func (r *ResourceRender) Deployment() (*appsv1.Deployment, error) { RestartPolicy: corev1.RestartPolicyAlways, SchedulerName: "default-scheduler", SecurityContext: deploymentConfig.Pod.SecurityContext, + HostNetwork: deploymentConfig.Pod.HostNetwork, Affinity: deploymentConfig.Pod.Affinity, Tolerations: deploymentConfig.Pod.Tolerations, Volumes: expectedDeploymentVolumes(r.infra.Name, deploymentConfig), diff --git a/internal/infrastructure/kubernetes/proxy/resource_provider_test.go b/internal/infrastructure/kubernetes/proxy/resource_provider_test.go index f4603fc370c7..6d2d6a6102da 100644 --- a/internal/infrastructure/kubernetes/proxy/resource_provider_test.go +++ b/internal/infrastructure/kubernetes/proxy/resource_provider_test.go @@ -93,6 +93,7 @@ func TestDeployment(t *testing.T) { SecurityContext: &corev1.PodSecurityContext{ RunAsUser: pointer.Int64(1000), }, + HostNetwork: true, }, Container: &egv1a1.KubernetesContainerSpec{ Image: pointer.String("envoyproxy/envoy:v1.2.3"), diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml index 03c4ec7b993a..2a1fe754986e 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml @@ -34,6 +34,7 @@ spec: prometheus.io/scrape: "true" spec: automountServiceAccountToken: false + hostNetwork: true containers: - args: - --service-cluster default diff --git a/internal/infrastructure/kubernetes/ratelimit/resource_provider.go b/internal/infrastructure/kubernetes/ratelimit/resource_provider.go index bb7f2ee598d1..f1309d322625 100644 --- a/internal/infrastructure/kubernetes/ratelimit/resource_provider.go +++ b/internal/infrastructure/kubernetes/ratelimit/resource_provider.go @@ -178,6 +178,7 @@ func (r *ResourceRender) Deployment() (*appsv1.Deployment, error) { RestartPolicy: corev1.RestartPolicyAlways, SchedulerName: "default-scheduler", SecurityContext: r.rateLimitDeployment.Pod.SecurityContext, + HostNetwork: r.rateLimitDeployment.Pod.HostNetwork, Volumes: expectedDeploymentVolumes(r.rateLimit, r.rateLimitDeployment), Affinity: r.rateLimitDeployment.Pod.Affinity, Tolerations: r.rateLimitDeployment.Pod.Tolerations, diff --git a/internal/infrastructure/kubernetes/ratelimit/resource_provider_test.go b/internal/infrastructure/kubernetes/ratelimit/resource_provider_test.go index 02d8df7254c1..ab4d6b65ae8b 100644 --- a/internal/infrastructure/kubernetes/ratelimit/resource_provider_test.go +++ b/internal/infrastructure/kubernetes/ratelimit/resource_provider_test.go @@ -158,6 +158,7 @@ func TestDeployment(t *testing.T) { SecurityContext: &corev1.PodSecurityContext{ RunAsUser: pointer.Int64(1000), }, + HostNetwork: true, }, Container: &egv1a1.KubernetesContainerSpec{ Image: pointer.String("custom-image"), diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/custom.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/custom.yaml index b34ab0fe2543..c922b53f5190 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/custom.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/custom.yaml @@ -31,6 +31,7 @@ spec: prometheus.io/scrape: "true" spec: automountServiceAccountToken: false + hostNetwork: true containers: - command: - /bin/ratelimit diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index 650863ef0f52..62789bcf949d 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -1011,6 +1011,7 @@ _Appears in:_ | `affinity` _[Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#affinity-v1-core)_ | If specified, the pod's scheduling constraints. | | `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#toleration-v1-core) array_ | If specified, the pod's tolerations. | | `volumes` _[Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#volume-v1-core) array_ | Volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes | +| `hostNetwork` _boolean_ | HostNetwork, If this is set to true, the pod will use host's network namespace. | #### KubernetesServiceSpec From 52946bef5132a302b6f5edd6d154062f35906e22 Mon Sep 17 00:00:00 2001 From: Huabing Zhao Date: Sat, 16 Dec 2023 02:21:53 +0800 Subject: [PATCH 26/31] Add AllowCredentials knob to CORS setting (#2307) add AllowCredentials knob to CORS setting Signed-off-by: huabing zhao --- api/v1alpha1/cors_types.go | 3 +++ api/v1alpha1/zz_generated.deepcopy.go | 5 +++++ .../gateway.envoyproxy.io_securitypolicies.yaml | 5 +++++ internal/gatewayapi/securitypolicy.go | 11 ++++++----- internal/ir/xds.go | 2 ++ internal/xds/translator/cors.go | 1 + internal/xds/translator/testdata/in/xds-ir/cors.yaml | 1 + .../translator/testdata/out/xds-ir/cors.routes.yaml | 1 + site/content/en/latest/api/extension_types.md | 1 + 9 files changed, 25 insertions(+), 5 deletions(-) diff --git a/api/v1alpha1/cors_types.go b/api/v1alpha1/cors_types.go index 34a415f903bc..2831a372d6da 100644 --- a/api/v1alpha1/cors_types.go +++ b/api/v1alpha1/cors_types.go @@ -21,4 +21,7 @@ type CORS struct { ExposeHeaders []string `json:"exposeHeaders,omitempty" yaml:"exposeHeaders,omitempty"` // MaxAge defines how long the results of a preflight request can be cached. MaxAge *metav1.Duration `json:"maxAge,omitempty" yaml:"maxAge,omitempty"` + // AllowCredentials indicates whether a request can include user credentials + // like cookies, authentication headers, or TLS client certificates. + AllowCredentials *bool `json:"allowCredentials,omitempty" yaml:"allowCredentials,omitempty"` } diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 2654e070a272..78360fa1282e 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -181,6 +181,11 @@ func (in *CORS) DeepCopyInto(out *CORS) { *out = new(v1.Duration) **out = **in } + if in.AllowCredentials != nil { + in, out := &in.AllowCredentials, &out.AllowCredentials + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CORS. diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml index 944672a9a994..7c75d345b088 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml @@ -101,6 +101,11 @@ spec: description: CORS defines the configuration for Cross-Origin Resource Sharing (CORS). properties: + allowCredentials: + description: AllowCredentials indicates whether a request can + include user credentials like cookies, authentication headers, + or TLS client certificates. + type: boolean allowHeaders: description: AllowHeaders defines the headers that are allowed to be sent with requests. diff --git a/internal/gatewayapi/securitypolicy.go b/internal/gatewayapi/securitypolicy.go index 70dad753ef40..edd06f6c4e5a 100644 --- a/internal/gatewayapi/securitypolicy.go +++ b/internal/gatewayapi/securitypolicy.go @@ -413,11 +413,12 @@ func (t *Translator) buildCORS(cors *egv1a1.CORS) (*ir.CORS, error) { } return &ir.CORS{ - AllowOrigins: allowOrigins, - AllowMethods: cors.AllowMethods, - AllowHeaders: cors.AllowHeaders, - ExposeHeaders: cors.ExposeHeaders, - MaxAge: cors.MaxAge, + AllowOrigins: allowOrigins, + AllowMethods: cors.AllowMethods, + AllowHeaders: cors.AllowHeaders, + ExposeHeaders: cors.ExposeHeaders, + MaxAge: cors.MaxAge, + AllowCredentials: cors.AllowCredentials != nil && *cors.AllowCredentials, }, nil } diff --git a/internal/ir/xds.go b/internal/ir/xds.go index de252ca61406..b485fdc637af 100644 --- a/internal/ir/xds.go +++ b/internal/ir/xds.go @@ -328,6 +328,8 @@ type CORS struct { ExposeHeaders []string `json:"exposeHeaders,omitempty" yaml:"exposeHeaders,omitempty"` // MaxAge defines how long the results of a preflight request can be cached. MaxAge *metav1.Duration `json:"maxAge,omitempty" yaml:"maxAge,omitempty"` + // AllowCredentials indicates whether a request can include user credentials. + AllowCredentials bool `json:"allowCredentials,omitempty" yaml:"allowCredentials,omitempty"` } // JWT defines the schema for authenticating HTTP requests using diff --git a/internal/xds/translator/cors.go b/internal/xds/translator/cors.go index 50ead8f3d2e0..a7fe606d03e0 100644 --- a/internal/xds/translator/cors.go +++ b/internal/xds/translator/cors.go @@ -140,6 +140,7 @@ func (*cors) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error { if irRoute.CORS.MaxAge != nil { maxAge = strconv.Itoa(int(irRoute.CORS.MaxAge.Seconds())) } + allowCredentials = &wrappers.BoolValue{Value: irRoute.CORS.AllowCredentials} routeCfgProto := &corsv3.CorsPolicy{ AllowOriginStringMatch: allowOrigins, diff --git a/internal/xds/translator/testdata/in/xds-ir/cors.yaml b/internal/xds/translator/testdata/in/xds-ir/cors.yaml index 6887b75f9c31..d7af9c71192c 100644 --- a/internal/xds/translator/testdata/in/xds-ir/cors.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/cors.yaml @@ -32,4 +32,5 @@ http: exposeHeaders: - "x-header-3" - "x-header-4" + allowCredentials: true maxAge: 1000s diff --git a/internal/xds/translator/testdata/out/xds-ir/cors.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/cors.routes.yaml index 681285a8d7e9..fc0fdea378e2 100755 --- a/internal/xds/translator/testdata/out/xds-ir/cors.routes.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/cors.routes.yaml @@ -13,6 +13,7 @@ typedPerFilterConfig: envoy.filters.http.cors: '@type': type.googleapis.com/envoy.extensions.filters.http.cors.v3.CorsPolicy + allowCredentials: true allowHeaders: x-header-1, x-header-2 allowMethods: GET, POST allowOriginStringMatch: diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index 62789bcf949d..dc11cd57a0cd 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -123,6 +123,7 @@ _Appears in:_ | `allowHeaders` _string array_ | AllowHeaders defines the headers that are allowed to be sent with requests. | | `exposeHeaders` _string array_ | ExposeHeaders defines the headers that can be exposed in the responses. | | `maxAge` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#duration-v1-meta)_ | MaxAge defines how long the results of a preflight request can be cached. | +| `allowCredentials` _boolean_ | AllowCredentials indicates whether a request can include user credentials like cookies, authentication headers, or TLS client certificates. | #### ClaimToHeader From ad8d79bc42891160d5fb06c6f42858afedc40d4d Mon Sep 17 00:00:00 2001 From: Xunzhuo Date: Mon, 18 Dec 2023 10:30:29 +0800 Subject: [PATCH 27/31] membership: promote @zhaohuabing as maintainer (#2303) Signed-off-by: bitliu --- OWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OWNERS b/OWNERS index 2895f975ebf3..4d581494fd7c 100644 --- a/OWNERS +++ b/OWNERS @@ -14,13 +14,13 @@ maintainers: - Xunzhuo - zirain - qicz +- zhaohuabing reviewers: - chauhanshubham - kflynn - LanceEa -- zhaohuabing - tmsnan - tanujd11 - cnvergence From b6de1fcecccab805aed68fc76f74e07f1b867e0a Mon Sep 17 00:00:00 2001 From: zzjin Date: Mon, 18 Dec 2023 17:23:45 +0800 Subject: [PATCH 28/31] Upgrade use of generic ptr to cleaner codebase. (#2319) * Upgrade use of generic ptr to cleaner codebase. Signed-off-by: zzjin * Update golanglint-ci for dep `k8s.io/utils/pointer` Signed-off-by: zzjin --------- Signed-off-by: zzjin --- api/v1alpha1/envoyproxy_helpers.go | 3 +- api/v1alpha1/kubernetes_helpers.go | 4 +- .../validation/envoyproxy_validate_test.go | 7 +- internal/envoygateway/config/decoder_test.go | 14 +-- internal/gatewayapi/backendtrafficpolicy.go | 2 +- internal/gatewayapi/clienttrafficpolicy.go | 2 +- internal/gatewayapi/envoypatchpolicy.go | 2 +- internal/gatewayapi/route.go | 2 +- internal/gatewayapi/securitypolicy.go | 2 +- internal/gatewayapi/translator_test.go | 22 ++-- .../kubernetes/proxy/resource.go | 8 +- .../kubernetes/proxy/resource_provider.go | 11 +- .../proxy/resource_provider_test.go | 47 ++++---- .../kubernetes/proxy_deployment_test.go | 4 +- .../kubernetes/ratelimit/resource.go | 6 +- .../kubernetes/ratelimit/resource_provider.go | 10 +- .../ratelimit/resource_provider_test.go | 60 +++++----- .../kubernetes/resource/resource_test.go | 2 +- internal/ir/xds_test.go | 103 +++++++++--------- .../provider/kubernetes/kubernetes_test.go | 2 +- internal/provider/kubernetes/routes_test.go | 2 +- internal/provider/kubernetes/test/utils.go | 2 +- internal/status/conditions_test.go | 3 +- internal/status/gateway.go | 3 +- internal/status/gateway_test.go | 3 +- internal/utils/ptr/ptr.go | 10 -- internal/xds/bootstrap/bootstrap_test.go | 2 +- internal/xds/translator/accesslog.go | 4 +- internal/xds/translator/jwt.go | 4 +- internal/xds/translator/oidc.go | 4 +- internal/xds/translator/ratelimit.go | 4 +- internal/xds/translator/tracing.go | 4 +- test/cel-validation/envoyproxy_test.go | 2 +- tools/linter/golangci-lint/.golangci.yml | 2 + 34 files changed, 171 insertions(+), 191 deletions(-) delete mode 100644 internal/utils/ptr/ptr.go diff --git a/api/v1alpha1/envoyproxy_helpers.go b/api/v1alpha1/envoyproxy_helpers.go index d446df9f054e..cca9121f3f70 100644 --- a/api/v1alpha1/envoyproxy_helpers.go +++ b/api/v1alpha1/envoyproxy_helpers.go @@ -12,8 +12,7 @@ import ( autoscalingv2 "k8s.io/api/autoscaling/v2" v1 "k8s.io/api/core/v1" - - "github.com/envoyproxy/gateway/internal/utils/ptr" + "k8s.io/utils/ptr" ) // DefaultEnvoyProxyProvider returns a new EnvoyProxyProvider with default settings. diff --git a/api/v1alpha1/kubernetes_helpers.go b/api/v1alpha1/kubernetes_helpers.go index 90c75873cbb5..300681736423 100644 --- a/api/v1alpha1/kubernetes_helpers.go +++ b/api/v1alpha1/kubernetes_helpers.go @@ -9,7 +9,7 @@ import ( appv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ) // DefaultKubernetesDeploymentReplicas returns the default replica settings. @@ -27,7 +27,7 @@ func DefaultKubernetesDeploymentStrategy() *appv1.DeploymentStrategy { // DefaultKubernetesContainerImage returns the default envoyproxy image. func DefaultKubernetesContainerImage(image string) *string { - return pointer.String(image) + return ptr.To(image) } // DefaultKubernetesDeployment returns a new KubernetesDeploymentSpec with default settings. diff --git a/api/v1alpha1/validation/envoyproxy_validate_test.go b/api/v1alpha1/validation/envoyproxy_validate_test.go index 0bfc5558e1b0..0a9fcde07b0b 100644 --- a/api/v1alpha1/validation/envoyproxy_validate_test.go +++ b/api/v1alpha1/validation/envoyproxy_validate_test.go @@ -15,10 +15,9 @@ import ( "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" - "github.com/envoyproxy/gateway/internal/utils/ptr" ) var ( @@ -301,7 +300,7 @@ func TestValidateEnvoyProxy(t *testing.T) { }, Spec: egv1a1.EnvoyProxySpec{ Bootstrap: &egv1a1.ProxyBootstrap{ - Type: (*egv1a1.BootstrapType)(pointer.String(string(egv1a1.BootstrapTypeMerge))), + Type: ptr.To(egv1a1.BootstrapTypeMerge), Value: mergeUserBootstrap, }, }, @@ -390,7 +389,7 @@ func TestValidateEnvoyProxy(t *testing.T) { { Format: egv1a1.ProxyAccessLogFormat{ Type: egv1a1.ProxyAccessLogFormatTypeText, - Text: pointer.String("[%START_TIME%]"), + Text: ptr.To("[%START_TIME%]"), }, Sinks: []egv1a1.ProxyAccessLogSink{ { diff --git a/internal/envoygateway/config/decoder_test.go b/internal/envoygateway/config/decoder_test.go index 16cf2ef6b085..ebd1bf145e68 100644 --- a/internal/envoygateway/config/decoder_test.go +++ b/internal/envoygateway/config/decoder_test.go @@ -12,7 +12,7 @@ import ( "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" "github.com/envoyproxy/gateway/api/v1alpha1" @@ -148,11 +148,11 @@ func TestDecode(t *testing.T) { Value: "env_b_value", }, }, - Image: pointer.String("envoyproxy/ratelimit:latest"), + Image: ptr.To("envoyproxy/ratelimit:latest"), Resources: v1alpha1.DefaultResourceRequirements(), SecurityContext: &corev1.SecurityContext{ - RunAsUser: pointer.Int64(2000), - AllowPrivilegeEscalation: pointer.Bool(false), + RunAsUser: ptr.To[int64](2000), + AllowPrivilegeEscalation: ptr.To(false), }, }, Pod: &v1alpha1.KubernetesPodSpec{ @@ -161,9 +161,9 @@ func TestDecode(t *testing.T) { "key2": "val2", }, SecurityContext: &corev1.PodSecurityContext{ - RunAsUser: pointer.Int64(1000), - RunAsGroup: pointer.Int64(3000), - FSGroup: pointer.Int64(2000), + RunAsUser: ptr.To[int64](1000), + RunAsGroup: ptr.To[int64](3000), + FSGroup: ptr.To[int64](2000), FSGroupChangePolicy: func(s corev1.PodFSGroupChangePolicy) *corev1.PodFSGroupChangePolicy { return &s }(corev1.FSGroupChangeOnRootMismatch), }, }, diff --git a/internal/gatewayapi/backendtrafficpolicy.go b/internal/gatewayapi/backendtrafficpolicy.go index fc21e970bab8..f9af6fc0d68e 100644 --- a/internal/gatewayapi/backendtrafficpolicy.go +++ b/internal/gatewayapi/backendtrafficpolicy.go @@ -13,13 +13,13 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" gwv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gwv1b1 "sigs.k8s.io/gateway-api/apis/v1beta1" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/ir" "github.com/envoyproxy/gateway/internal/status" - "github.com/envoyproxy/gateway/internal/utils/ptr" ) type policyTargetRouteKey struct { diff --git a/internal/gatewayapi/clienttrafficpolicy.go b/internal/gatewayapi/clienttrafficpolicy.go index db67a5262af4..bb026f1a750f 100644 --- a/internal/gatewayapi/clienttrafficpolicy.go +++ b/internal/gatewayapi/clienttrafficpolicy.go @@ -13,13 +13,13 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/sets" + "k8s.io/utils/ptr" gwv1b1 "sigs.k8s.io/gateway-api/apis/v1" gwv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/ir" "github.com/envoyproxy/gateway/internal/status" - "github.com/envoyproxy/gateway/internal/utils/ptr" ) const ( diff --git a/internal/gatewayapi/envoypatchpolicy.go b/internal/gatewayapi/envoypatchpolicy.go index caf5e9a60921..6e790ff25db2 100644 --- a/internal/gatewayapi/envoypatchpolicy.go +++ b/internal/gatewayapi/envoypatchpolicy.go @@ -10,13 +10,13 @@ import ( "sort" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" gwv1b1 "sigs.k8s.io/gateway-api/apis/v1" gwv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/ir" "github.com/envoyproxy/gateway/internal/status" - "github.com/envoyproxy/gateway/internal/utils/ptr" ) func (t *Translator) ProcessEnvoyPatchPolicies(envoyPatchPolicies []*egv1a1.EnvoyPatchPolicy, xdsIR XdsIRMap) { diff --git a/internal/gatewayapi/route.go b/internal/gatewayapi/route.go index b2795e08e2e4..87ba9a4a25c4 100644 --- a/internal/gatewayapi/route.go +++ b/internal/gatewayapi/route.go @@ -13,12 +13,12 @@ import ( corev1 "k8s.io/api/core/v1" discoveryv1 "k8s.io/api/discovery/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" gwapiv1a1 "sigs.k8s.io/gateway-api/apis/v1alpha2" mcsapi "sigs.k8s.io/mcs-api/pkg/apis/v1alpha1" "github.com/envoyproxy/gateway/internal/ir" - "github.com/envoyproxy/gateway/internal/utils/ptr" ) var ( diff --git a/internal/gatewayapi/securitypolicy.go b/internal/gatewayapi/securitypolicy.go index edd06f6c4e5a..adcd0bd292bf 100644 --- a/internal/gatewayapi/securitypolicy.go +++ b/internal/gatewayapi/securitypolicy.go @@ -18,6 +18,7 @@ import ( v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" gwv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gwv1b1 "sigs.k8s.io/gateway-api/apis/v1beta1" @@ -26,7 +27,6 @@ import ( egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/ir" "github.com/envoyproxy/gateway/internal/status" - "github.com/envoyproxy/gateway/internal/utils/ptr" ) func (t *Translator) ProcessSecurityPolicies(securityPolicies []*egv1a1.SecurityPolicy, diff --git a/internal/gatewayapi/translator_test.go b/internal/gatewayapi/translator_test.go index ed30fb531423..1887f39ecc1b 100644 --- a/internal/gatewayapi/translator_test.go +++ b/internal/gatewayapi/translator_test.go @@ -25,13 +25,13 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" "sigs.k8s.io/gateway-api/apis/v1beta1" "sigs.k8s.io/yaml" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/utils/field" "github.com/envoyproxy/gateway/internal/utils/file" - "github.com/envoyproxy/gateway/internal/utils/ptr" ) var ( @@ -115,22 +115,22 @@ func TestTranslate(t *testing.T) { Ports: []discoveryv1.EndpointPort{ { Name: ptr.To("http"), - Port: ptr.To(int32(8080)), + Port: ptr.To[int32](8080), Protocol: ptr.To(corev1.ProtocolTCP), }, { Name: ptr.To("https"), - Port: ptr.To(int32(8443)), + Port: ptr.To[int32](8443), Protocol: ptr.To(corev1.ProtocolTCP), }, { Name: ptr.To("tcp"), - Port: ptr.To(int32(8163)), + Port: ptr.To[int32](8163), Protocol: ptr.To(corev1.ProtocolTCP), }, { Name: ptr.To("udp"), - Port: ptr.To(int32(8162)), + Port: ptr.To[int32](8162), Protocol: ptr.To(corev1.ProtocolUDP), }, }, @@ -180,7 +180,7 @@ func TestTranslate(t *testing.T) { Ports: []discoveryv1.EndpointPort{ { Name: ptr.To("http"), - Port: ptr.To(int32(8080)), + Port: ptr.To[int32](8080), Protocol: ptr.To(corev1.ProtocolTCP), }, }, @@ -303,22 +303,22 @@ func TestTranslateWithExtensionKinds(t *testing.T) { Ports: []discoveryv1.EndpointPort{ { Name: ptr.To("http"), - Port: ptr.To(int32(8080)), + Port: ptr.To[int32](8080), Protocol: ptr.To(corev1.ProtocolTCP), }, { Name: ptr.To("https"), - Port: ptr.To(int32(8443)), + Port: ptr.To[int32](8443), Protocol: ptr.To(corev1.ProtocolTCP), }, { Name: ptr.To("tcp"), - Port: ptr.To(int32(8163)), + Port: ptr.To[int32](8163), Protocol: ptr.To(corev1.ProtocolTCP), }, { Name: ptr.To("udp"), - Port: ptr.To(int32(8162)), + Port: ptr.To[int32](8162), Protocol: ptr.To(corev1.ProtocolUDP), }, }, @@ -367,7 +367,7 @@ func TestTranslateWithExtensionKinds(t *testing.T) { Ports: []discoveryv1.EndpointPort{ { Name: ptr.To("http"), - Port: ptr.To(int32(8080)), + Port: ptr.To[int32](8080), Protocol: ptr.To(corev1.ProtocolTCP), }, }, diff --git a/internal/infrastructure/kubernetes/proxy/resource.go b/internal/infrastructure/kubernetes/proxy/resource.go index 065d0dc28ba0..b4ccc760286b 100644 --- a/internal/infrastructure/kubernetes/proxy/resource.go +++ b/internal/infrastructure/kubernetes/proxy/resource.go @@ -10,7 +10,7 @@ import ( corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/envoygateway/config" @@ -231,7 +231,7 @@ func expectedDeploymentVolumes(name string, deploymentSpec *egv1a1.KubernetesDep VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: "envoy", - DefaultMode: pointer.Int32(420), + DefaultMode: ptr.To[int32](420), }, }, }, @@ -252,8 +252,8 @@ func expectedDeploymentVolumes(name string, deploymentSpec *egv1a1.KubernetesDep Path: SdsCertFilename, }, }, - DefaultMode: pointer.Int32(420), - Optional: pointer.Bool(false), + DefaultMode: ptr.To[int32](420), + Optional: ptr.To(false), }, }, }, diff --git a/internal/infrastructure/kubernetes/proxy/resource_provider.go b/internal/infrastructure/kubernetes/proxy/resource_provider.go index 20ce9d4bf5e0..b84618e5386d 100644 --- a/internal/infrastructure/kubernetes/proxy/resource_provider.go +++ b/internal/infrastructure/kubernetes/proxy/resource_provider.go @@ -15,7 +15,6 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/utils/pointer" "k8s.io/utils/ptr" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" @@ -210,8 +209,8 @@ func (r *ResourceRender) Deployment() (*appsv1.Deployment, error) { Containers: containers, InitContainers: deploymentConfig.InitContainers, ServiceAccountName: ExpectedResourceHashedName(r.infra.Name), - AutomountServiceAccountToken: pointer.Bool(false), - TerminationGracePeriodSeconds: pointer.Int64(int64(300)), + AutomountServiceAccountToken: ptr.To(false), + TerminationGracePeriodSeconds: ptr.To[int64](300), DNSPolicy: corev1.DNSClusterFirst, RestartPolicy: corev1.RestartPolicyAlways, SchedulerName: "default-scheduler", @@ -222,8 +221,8 @@ func (r *ResourceRender) Deployment() (*appsv1.Deployment, error) { Volumes: expectedDeploymentVolumes(r.infra.Name, deploymentConfig), }, }, - RevisionHistoryLimit: pointer.Int32(10), - ProgressDeadlineSeconds: pointer.Int32(600), + RevisionHistoryLimit: ptr.To[int32](10), + ProgressDeadlineSeconds: ptr.To[int32](600), }, } @@ -262,7 +261,7 @@ func (r *ResourceRender) HorizontalPodAutoscaler() (*autoscalingv2.HorizontalPod Name: r.Name(), }, MinReplicas: hpaConfig.MinReplicas, - MaxReplicas: ptr.Deref[int32](hpaConfig.MaxReplicas, 1), + MaxReplicas: ptr.Deref(hpaConfig.MaxReplicas, 1), Metrics: hpaConfig.Metrics, Behavior: hpaConfig.Behavior, }, diff --git a/internal/infrastructure/kubernetes/proxy/resource_provider_test.go b/internal/infrastructure/kubernetes/proxy/resource_provider_test.go index 6d2d6a6102da..ddb86054c359 100644 --- a/internal/infrastructure/kubernetes/proxy/resource_provider_test.go +++ b/internal/infrastructure/kubernetes/proxy/resource_provider_test.go @@ -17,14 +17,13 @@ import ( autoscalingv2 "k8s.io/api/autoscaling/v2" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "sigs.k8s.io/yaml" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/envoygateway/config" "github.com/envoyproxy/gateway/internal/gatewayapi" "github.com/envoyproxy/gateway/internal/ir" - "github.com/envoyproxy/gateway/internal/utils/ptr" ) const ( @@ -81,7 +80,7 @@ func TestDeployment(t *testing.T) { caseName: "custom", infra: newTestInfra(), deploy: &egv1a1.KubernetesDeploymentSpec{ - Replicas: pointer.Int32(2), + Replicas: ptr.To[int32](2), Strategy: egv1a1.DefaultKubernetesDeploymentStrategy(), Pod: &egv1a1.KubernetesPodSpec{ Annotations: map[string]string{ @@ -91,12 +90,12 @@ func TestDeployment(t *testing.T) { "foo.bar": "custom-label", }, SecurityContext: &corev1.PodSecurityContext{ - RunAsUser: pointer.Int64(1000), + RunAsUser: ptr.To[int64](1000), }, HostNetwork: true, }, Container: &egv1a1.KubernetesContainerSpec{ - Image: pointer.String("envoyproxy/envoy:v1.2.3"), + Image: ptr.To("envoyproxy/envoy:v1.2.3"), Resources: &corev1.ResourceRequirements{ Limits: corev1.ResourceList{ corev1.ResourceCPU: resource.MustParse("400m"), @@ -108,7 +107,7 @@ func TestDeployment(t *testing.T) { }, }, SecurityContext: &corev1.SecurityContext{ - Privileged: pointer.Bool(true), + Privileged: ptr.To(true), }, }, }, @@ -123,14 +122,14 @@ func TestDeployment(t *testing.T) { caseName: "extension-env", infra: newTestInfra(), deploy: &egv1a1.KubernetesDeploymentSpec{ - Replicas: pointer.Int32(2), + Replicas: ptr.To[int32](2), Strategy: egv1a1.DefaultKubernetesDeploymentStrategy(), Pod: &egv1a1.KubernetesPodSpec{ Annotations: map[string]string{ "prometheus.io/scrape": "true", }, SecurityContext: &corev1.PodSecurityContext{ - RunAsUser: pointer.Int64(1000), + RunAsUser: ptr.To[int64](1000), }, }, Container: &egv1a1.KubernetesContainerSpec{ @@ -144,7 +143,7 @@ func TestDeployment(t *testing.T) { Value: "env_b_value", }, }, - Image: pointer.String("envoyproxy/envoy:v1.2.3"), + Image: ptr.To("envoyproxy/envoy:v1.2.3"), Resources: &corev1.ResourceRequirements{ Limits: corev1.ResourceList{ corev1.ResourceCPU: resource.MustParse("400m"), @@ -156,7 +155,7 @@ func TestDeployment(t *testing.T) { }, }, SecurityContext: &corev1.SecurityContext{ - Privileged: pointer.Bool(true), + Privileged: ptr.To(true), }, }, }, @@ -165,19 +164,19 @@ func TestDeployment(t *testing.T) { caseName: "default-env", infra: newTestInfra(), deploy: &egv1a1.KubernetesDeploymentSpec{ - Replicas: pointer.Int32(2), + Replicas: ptr.To[int32](2), Strategy: egv1a1.DefaultKubernetesDeploymentStrategy(), Pod: &egv1a1.KubernetesPodSpec{ Annotations: map[string]string{ "prometheus.io/scrape": "true", }, SecurityContext: &corev1.PodSecurityContext{ - RunAsUser: pointer.Int64(1000), + RunAsUser: ptr.To[int64](1000), }, }, Container: &egv1a1.KubernetesContainerSpec{ Env: nil, - Image: pointer.String("envoyproxy/envoy:v1.2.3"), + Image: ptr.To("envoyproxy/envoy:v1.2.3"), Resources: &corev1.ResourceRequirements{ Limits: corev1.ResourceList{ corev1.ResourceCPU: resource.MustParse("400m"), @@ -189,7 +188,7 @@ func TestDeployment(t *testing.T) { }, }, SecurityContext: &corev1.SecurityContext{ - Privileged: pointer.Bool(true), + Privileged: ptr.To(true), }, }, }, @@ -198,14 +197,14 @@ func TestDeployment(t *testing.T) { caseName: "volumes", infra: newTestInfra(), deploy: &egv1a1.KubernetesDeploymentSpec{ - Replicas: pointer.Int32(2), + Replicas: ptr.To[int32](2), Strategy: egv1a1.DefaultKubernetesDeploymentStrategy(), Pod: &egv1a1.KubernetesPodSpec{ Annotations: map[string]string{ "prometheus.io/scrape": "true", }, SecurityContext: &corev1.PodSecurityContext{ - RunAsUser: pointer.Int64(1000), + RunAsUser: ptr.To[int64](1000), }, Volumes: []corev1.Volume{ { @@ -213,7 +212,7 @@ func TestDeployment(t *testing.T) { VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: "custom-envoy-cert", - DefaultMode: pointer.Int32(420), + DefaultMode: ptr.To[int32](420), }, }, }, @@ -230,7 +229,7 @@ func TestDeployment(t *testing.T) { Value: "env_b_value", }, }, - Image: pointer.String("envoyproxy/envoy:v1.2.3"), + Image: ptr.To("envoyproxy/envoy:v1.2.3"), Resources: &corev1.ResourceRequirements{ Limits: corev1.ResourceList{ corev1.ResourceCPU: resource.MustParse("400m"), @@ -242,7 +241,7 @@ func TestDeployment(t *testing.T) { }, }, SecurityContext: &corev1.SecurityContext{ - Privileged: pointer.Bool(true), + Privileged: ptr.To(true), }, }, }, @@ -270,14 +269,14 @@ func TestDeployment(t *testing.T) { caseName: "with-concurrency", infra: newTestInfra(), deploy: nil, - concurrency: pointer.Int32(4), + concurrency: ptr.To[int32](4), bootstrap: `test bootstrap config`, }, { caseName: "custom_with_initcontainers", infra: newTestInfra(), deploy: &egv1a1.KubernetesDeploymentSpec{ - Replicas: pointer.Int32(3), + Replicas: ptr.To[int32](3), Strategy: egv1a1.DefaultKubernetesDeploymentStrategy(), Pod: &egv1a1.KubernetesPodSpec{ Annotations: map[string]string{ @@ -287,7 +286,7 @@ func TestDeployment(t *testing.T) { "foo.bar": "custom-label", }, SecurityContext: &corev1.PodSecurityContext{ - RunAsUser: pointer.Int64(1000), + RunAsUser: ptr.To[int64](1000), }, Volumes: []corev1.Volume{ { @@ -299,7 +298,7 @@ func TestDeployment(t *testing.T) { }, }, Container: &egv1a1.KubernetesContainerSpec{ - Image: pointer.String("envoyproxy/envoy:v1.2.3"), + Image: ptr.To("envoyproxy/envoy:v1.2.3"), Resources: &corev1.ResourceRequirements{ Limits: corev1.ResourceList{ corev1.ResourceCPU: resource.MustParse("400m"), @@ -311,7 +310,7 @@ func TestDeployment(t *testing.T) { }, }, SecurityContext: &corev1.SecurityContext{ - Privileged: pointer.Bool(true), + Privileged: ptr.To(true), }, VolumeMounts: []corev1.VolumeMount{ { diff --git a/internal/infrastructure/kubernetes/proxy_deployment_test.go b/internal/infrastructure/kubernetes/proxy_deployment_test.go index 8af9e2e97e3e..5dda2a8be7a6 100644 --- a/internal/infrastructure/kubernetes/proxy_deployment_test.go +++ b/internal/infrastructure/kubernetes/proxy_deployment_test.go @@ -12,7 +12,7 @@ import ( "github.com/stretchr/testify/require" appsv1 "k8s.io/api/apps/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" fakeclient "sigs.k8s.io/controller-runtime/pkg/client/fake" @@ -85,7 +85,7 @@ func TestCreateOrUpdateProxyDeployment(t *testing.T) { Kubernetes: &egv1a1.EnvoyProxyKubernetesProvider{ EnvoyDeployment: &egv1a1.KubernetesDeploymentSpec{ Container: &egv1a1.KubernetesContainerSpec{ - Image: pointer.String("envoyproxy/envoy-dev:v1.2.3"), + Image: ptr.To("envoyproxy/envoy-dev:v1.2.3"), }, }, }, diff --git a/internal/infrastructure/kubernetes/ratelimit/resource.go b/internal/infrastructure/kubernetes/ratelimit/resource.go index 13ab8f053cf8..95631e41ab8d 100644 --- a/internal/infrastructure/kubernetes/ratelimit/resource.go +++ b/internal/infrastructure/kubernetes/ratelimit/resource.go @@ -13,7 +13,7 @@ import ( corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" @@ -183,7 +183,7 @@ func expectedDeploymentVolumes(rateLimit *egv1a1.RateLimit, rateLimitDeployment VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: string(rateLimit.Backend.Redis.TLS.CertificateRef.Name), - DefaultMode: pointer.Int32(420), + DefaultMode: ptr.To[int32](420), }, }, }) @@ -194,7 +194,7 @@ func expectedDeploymentVolumes(rateLimit *egv1a1.RateLimit, rateLimitDeployment VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: "envoy-rate-limit", - DefaultMode: pointer.Int32(420), + DefaultMode: ptr.To[int32](420), }, }, }) diff --git a/internal/infrastructure/kubernetes/ratelimit/resource_provider.go b/internal/infrastructure/kubernetes/ratelimit/resource_provider.go index f1309d322625..244b4f6b5bc7 100644 --- a/internal/infrastructure/kubernetes/ratelimit/resource_provider.go +++ b/internal/infrastructure/kubernetes/ratelimit/resource_provider.go @@ -12,7 +12,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/infrastructure/kubernetes/resource" @@ -172,8 +172,8 @@ func (r *ResourceRender) Deployment() (*appsv1.Deployment, error) { Spec: corev1.PodSpec{ Containers: containers, ServiceAccountName: InfraName, - AutomountServiceAccountToken: pointer.Bool(false), - TerminationGracePeriodSeconds: pointer.Int64(int64(300)), + AutomountServiceAccountToken: ptr.To(false), + TerminationGracePeriodSeconds: ptr.To[int64](300), DNSPolicy: corev1.DNSClusterFirst, RestartPolicy: corev1.RestartPolicyAlways, SchedulerName: "default-scheduler", @@ -184,8 +184,8 @@ func (r *ResourceRender) Deployment() (*appsv1.Deployment, error) { Tolerations: r.rateLimitDeployment.Pod.Tolerations, }, }, - RevisionHistoryLimit: pointer.Int32(10), - ProgressDeadlineSeconds: pointer.Int32(600), + RevisionHistoryLimit: ptr.To[int32](10), + ProgressDeadlineSeconds: ptr.To[int32](600), }, } diff --git a/internal/infrastructure/kubernetes/ratelimit/resource_provider_test.go b/internal/infrastructure/kubernetes/ratelimit/resource_provider_test.go index ab4d6b65ae8b..d3cb1f8bc2c4 100644 --- a/internal/infrastructure/kubernetes/ratelimit/resource_provider_test.go +++ b/internal/infrastructure/kubernetes/ratelimit/resource_provider_test.go @@ -16,7 +16,7 @@ import ( corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" "k8s.io/apimachinery/pkg/types" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" "sigs.k8s.io/yaml" @@ -149,19 +149,19 @@ func TestDeployment(t *testing.T) { caseName: "custom", rateLimit: rateLimit, deploy: &egv1a1.KubernetesDeploymentSpec{ - Replicas: pointer.Int32(2), + Replicas: ptr.To[int32](2), Strategy: egv1a1.DefaultKubernetesDeploymentStrategy(), Pod: &egv1a1.KubernetesPodSpec{ Annotations: map[string]string{ "prometheus.io/scrape": "true", }, SecurityContext: &corev1.PodSecurityContext{ - RunAsUser: pointer.Int64(1000), + RunAsUser: ptr.To[int64](1000), }, HostNetwork: true, }, Container: &egv1a1.KubernetesContainerSpec{ - Image: pointer.String("custom-image"), + Image: ptr.To("custom-image"), Resources: &corev1.ResourceRequirements{ Limits: corev1.ResourceList{ corev1.ResourceCPU: resource.MustParse("400m"), @@ -173,7 +173,7 @@ func TestDeployment(t *testing.T) { }, }, SecurityContext: &corev1.SecurityContext{ - Privileged: pointer.Bool(true), + Privileged: ptr.To(true), }, }, }, @@ -182,14 +182,14 @@ func TestDeployment(t *testing.T) { caseName: "extension-env", rateLimit: rateLimit, deploy: &egv1a1.KubernetesDeploymentSpec{ - Replicas: pointer.Int32(2), + Replicas: ptr.To[int32](2), Strategy: egv1a1.DefaultKubernetesDeploymentStrategy(), Pod: &egv1a1.KubernetesPodSpec{ Annotations: map[string]string{ "prometheus.io/scrape": "true", }, SecurityContext: &corev1.PodSecurityContext{ - RunAsUser: pointer.Int64(1000), + RunAsUser: ptr.To[int64](1000), }, }, Container: &egv1a1.KubernetesContainerSpec{ @@ -203,7 +203,7 @@ func TestDeployment(t *testing.T) { Value: "env_b_value", }, }, - Image: pointer.String("custom-image"), + Image: ptr.To("custom-image"), Resources: &corev1.ResourceRequirements{ Limits: corev1.ResourceList{ corev1.ResourceCPU: resource.MustParse("400m"), @@ -215,7 +215,7 @@ func TestDeployment(t *testing.T) { }, }, SecurityContext: &corev1.SecurityContext{ - Privileged: pointer.Bool(true), + Privileged: ptr.To(true), }, }, }, @@ -224,19 +224,19 @@ func TestDeployment(t *testing.T) { caseName: "default-env", rateLimit: rateLimit, deploy: &egv1a1.KubernetesDeploymentSpec{ - Replicas: pointer.Int32(2), + Replicas: ptr.To[int32](2), Strategy: egv1a1.DefaultKubernetesDeploymentStrategy(), Pod: &egv1a1.KubernetesPodSpec{ Annotations: map[string]string{ "prometheus.io/scrape": "true", }, SecurityContext: &corev1.PodSecurityContext{ - RunAsUser: pointer.Int64(1000), + RunAsUser: ptr.To[int64](1000), }, }, Container: &egv1a1.KubernetesContainerSpec{ Env: nil, - Image: pointer.String("custom-image"), + Image: ptr.To("custom-image"), Resources: &corev1.ResourceRequirements{ Limits: corev1.ResourceList{ corev1.ResourceCPU: resource.MustParse("400m"), @@ -248,7 +248,7 @@ func TestDeployment(t *testing.T) { }, }, SecurityContext: &corev1.SecurityContext{ - Privileged: pointer.Bool(true), + Privileged: ptr.To(true), }, }, }, @@ -257,14 +257,14 @@ func TestDeployment(t *testing.T) { caseName: "override-env", rateLimit: rateLimit, deploy: &egv1a1.KubernetesDeploymentSpec{ - Replicas: pointer.Int32(2), + Replicas: ptr.To[int32](2), Strategy: egv1a1.DefaultKubernetesDeploymentStrategy(), Pod: &egv1a1.KubernetesPodSpec{ Annotations: map[string]string{ "prometheus.io/scrape": "true", }, SecurityContext: &corev1.PodSecurityContext{ - RunAsUser: pointer.Int64(1000), + RunAsUser: ptr.To[int64](1000), }, }, Container: &egv1a1.KubernetesContainerSpec{ @@ -274,7 +274,7 @@ func TestDeployment(t *testing.T) { Value: "true", }, }, - Image: pointer.String("custom-image"), + Image: ptr.To("custom-image"), Resources: &corev1.ResourceRequirements{ Limits: corev1.ResourceList{ corev1.ResourceCPU: resource.MustParse("400m"), @@ -286,7 +286,7 @@ func TestDeployment(t *testing.T) { }, }, SecurityContext: &corev1.SecurityContext{ - Privileged: pointer.Bool(true), + Privileged: ptr.To(true), }, }, }, @@ -307,14 +307,14 @@ func TestDeployment(t *testing.T) { }, }, deploy: &egv1a1.KubernetesDeploymentSpec{ - Replicas: pointer.Int32(2), + Replicas: ptr.To[int32](2), Strategy: egv1a1.DefaultKubernetesDeploymentStrategy(), Pod: &egv1a1.KubernetesPodSpec{ Annotations: map[string]string{ "prometheus.io/scrape": "true", }, SecurityContext: &corev1.PodSecurityContext{ - RunAsUser: pointer.Int64(1000), + RunAsUser: ptr.To[int64](1000), }, }, Container: &egv1a1.KubernetesContainerSpec{ @@ -328,7 +328,7 @@ func TestDeployment(t *testing.T) { Value: "true", }, }, - Image: pointer.String("custom-image"), + Image: ptr.To("custom-image"), Resources: &corev1.ResourceRequirements{ Limits: corev1.ResourceList{ corev1.ResourceCPU: resource.MustParse("400m"), @@ -340,7 +340,7 @@ func TestDeployment(t *testing.T) { }, }, SecurityContext: &corev1.SecurityContext{ - Privileged: pointer.Bool(true), + Privileged: ptr.To(true), }, }, }, @@ -361,14 +361,14 @@ func TestDeployment(t *testing.T) { }, }, deploy: &egv1a1.KubernetesDeploymentSpec{ - Replicas: pointer.Int32(2), + Replicas: ptr.To[int32](2), Strategy: egv1a1.DefaultKubernetesDeploymentStrategy(), Pod: &egv1a1.KubernetesPodSpec{ Annotations: map[string]string{ "prometheus.io/scrape": "true", }, SecurityContext: &corev1.PodSecurityContext{ - RunAsUser: pointer.Int64(1000), + RunAsUser: ptr.To[int64](1000), }, Tolerations: []corev1.Toleration{ { @@ -390,7 +390,7 @@ func TestDeployment(t *testing.T) { Value: "true", }, }, - Image: pointer.String("custom-image"), + Image: ptr.To("custom-image"), Resources: &corev1.ResourceRequirements{ Limits: corev1.ResourceList{ corev1.ResourceCPU: resource.MustParse("400m"), @@ -402,7 +402,7 @@ func TestDeployment(t *testing.T) { }, }, SecurityContext: &corev1.SecurityContext{ - Privileged: pointer.Bool(true), + Privileged: ptr.To(true), }, }, }, @@ -423,14 +423,14 @@ func TestDeployment(t *testing.T) { }, }, deploy: &egv1a1.KubernetesDeploymentSpec{ - Replicas: pointer.Int32(2), + Replicas: ptr.To[int32](2), Strategy: egv1a1.DefaultKubernetesDeploymentStrategy(), Pod: &egv1a1.KubernetesPodSpec{ Annotations: map[string]string{ "prometheus.io/scrape": "true", }, SecurityContext: &corev1.PodSecurityContext{ - RunAsUser: pointer.Int64(1000), + RunAsUser: ptr.To[int64](1000), }, Tolerations: []corev1.Toleration{ { @@ -446,7 +446,7 @@ func TestDeployment(t *testing.T) { VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: "custom-cert", - DefaultMode: pointer.Int32(420), + DefaultMode: ptr.To[int32](420), }, }, }, @@ -463,7 +463,7 @@ func TestDeployment(t *testing.T) { Value: "true", }, }, - Image: pointer.String("custom-image"), + Image: ptr.To("custom-image"), Resources: &corev1.ResourceRequirements{ Limits: corev1.ResourceList{ corev1.ResourceCPU: resource.MustParse("400m"), @@ -475,7 +475,7 @@ func TestDeployment(t *testing.T) { }, }, SecurityContext: &corev1.SecurityContext{ - Privileged: pointer.Bool(true), + Privileged: ptr.To(true), }, VolumeMounts: []corev1.VolumeMount{}, }, diff --git a/internal/infrastructure/kubernetes/resource/resource_test.go b/internal/infrastructure/kubernetes/resource/resource_test.go index f0ace1384ca6..1cb7c2145488 100644 --- a/internal/infrastructure/kubernetes/resource/resource_test.go +++ b/internal/infrastructure/kubernetes/resource/resource_test.go @@ -13,9 +13,9 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" - "github.com/envoyproxy/gateway/internal/utils/ptr" ) func TestExpectedServiceSpec(t *testing.T) { diff --git a/internal/ir/xds_test.go b/internal/ir/xds_test.go index ad9a18228ae2..cca7ef581ae9 100644 --- a/internal/ir/xds_test.go +++ b/internal/ir/xds_test.go @@ -11,9 +11,9 @@ import ( "github.com/google/go-cmp/cmp" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "k8s.io/utils/ptr" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" - "github.com/envoyproxy/gateway/internal/utils/ptr" ) var ( @@ -136,7 +136,7 @@ var ( Name: "happy", Hostname: "*", PathMatch: &StringMatch{ - Exact: ptrTo("example"), + Exact: ptr.To("example"), }, Destination: &happyRouteDestination, } @@ -144,7 +144,7 @@ var ( Name: "invalid-backend", Hostname: "*", PathMatch: &StringMatch{ - Exact: ptrTo("invalid-backend"), + Exact: ptr.To("invalid-backend"), }, BackendWeights: BackendWeights{ Invalid: 1, @@ -154,7 +154,7 @@ var ( Name: "weighted-invalid-backends", Hostname: "*", PathMatch: &StringMatch{ - Exact: ptrTo("invalid-backends"), + Exact: ptr.To("invalid-backends"), }, Destination: &happyRouteDestination, BackendWeights: BackendWeights{ @@ -167,16 +167,16 @@ var ( Name: "redirect", Hostname: "*", PathMatch: &StringMatch{ - Exact: ptrTo("redirect"), + Exact: ptr.To("redirect"), }, Redirect: &Redirect{ - Scheme: ptrTo("https"), - Hostname: ptrTo("redirect.example.com"), + Scheme: ptr.To("https"), + Hostname: ptr.To("redirect.example.com"), Path: &HTTPPathModifier{ - FullReplace: ptrTo("/redirect"), + FullReplace: ptr.To("/redirect"), }, - Port: ptrTo(uint32(8443)), - StatusCode: ptrTo(int32(301)), + Port: ptr.To(uint32(8443)), + StatusCode: ptr.To[int32](301), }, } // A direct response error is used when an invalid filter type is supplied @@ -184,10 +184,10 @@ var ( Name: "filter-error", Hostname: "*", PathMatch: &StringMatch{ - Exact: ptrTo("filter-error"), + Exact: ptr.To("filter-error"), }, DirectResponse: &DirectResponse{ - Body: ptrTo("invalid filter type"), + Body: ptr.To("invalid filter type"), StatusCode: uint32(500), }, } @@ -196,41 +196,41 @@ var ( Name: "redirect-bad-status-scheme-nopat", Hostname: "*", PathMatch: &StringMatch{ - Exact: ptrTo("redirect"), + Exact: ptr.To("redirect"), }, Redirect: &Redirect{ - Scheme: ptrTo("err"), - Hostname: ptrTo("redirect.example.com"), + Scheme: ptr.To("err"), + Hostname: ptr.To("redirect.example.com"), Path: &HTTPPathModifier{}, - Port: ptrTo(uint32(8443)), - StatusCode: ptrTo(int32(305)), + Port: ptr.To(uint32(8443)), + StatusCode: ptr.To[int32](305), }, } redirectFilterBadPath = HTTPRoute{ Name: "redirect", Hostname: "*", PathMatch: &StringMatch{ - Exact: ptrTo("redirect"), + Exact: ptr.To("redirect"), }, Redirect: &Redirect{ - Scheme: ptrTo("https"), - Hostname: ptrTo("redirect.example.com"), + Scheme: ptr.To("https"), + Hostname: ptr.To("redirect.example.com"), Path: &HTTPPathModifier{ - FullReplace: ptrTo("/redirect"), - PrefixMatchReplace: ptrTo("/redirect"), + FullReplace: ptr.To("/redirect"), + PrefixMatchReplace: ptr.To("/redirect"), }, - Port: ptrTo(uint32(8443)), - StatusCode: ptrTo(int32(301)), + Port: ptr.To(uint32(8443)), + StatusCode: ptr.To[int32](301), }, } directResponseBadStatus = HTTPRoute{ Name: "redirect", Hostname: "*", PathMatch: &StringMatch{ - Exact: ptrTo("redirect"), + Exact: ptr.To("redirect"), }, DirectResponse: &DirectResponse{ - Body: ptrTo("invalid filter type"), + Body: ptr.To("invalid filter type"), StatusCode: uint32(799), }, } @@ -239,12 +239,12 @@ var ( Name: "rewrite", Hostname: "*", PathMatch: &StringMatch{ - Exact: ptrTo("rewrite"), + Exact: ptr.To("rewrite"), }, URLRewrite: &URLRewrite{ - Hostname: ptrTo("rewrite.example.com"), + Hostname: ptr.To("rewrite.example.com"), Path: &HTTPPathModifier{ - FullReplace: ptrTo("/rewrite"), + FullReplace: ptr.To("/rewrite"), }, }, } @@ -253,13 +253,13 @@ var ( Name: "rewrite", Hostname: "*", PathMatch: &StringMatch{ - Exact: ptrTo("rewrite"), + Exact: ptr.To("rewrite"), }, URLRewrite: &URLRewrite{ - Hostname: ptrTo("rewrite.example.com"), + Hostname: ptr.To("rewrite.example.com"), Path: &HTTPPathModifier{ - FullReplace: ptrTo("/rewrite"), - PrefixMatchReplace: ptrTo("/rewrite"), + FullReplace: ptr.To("/rewrite"), + PrefixMatchReplace: ptr.To("/rewrite"), }, }, } @@ -268,7 +268,7 @@ var ( Name: "addheader", Hostname: "*", PathMatch: &StringMatch{ - Exact: ptrTo("addheader"), + Exact: ptr.To("addheader"), }, AddRequestHeaders: []AddHeader{ { @@ -293,7 +293,7 @@ var ( Name: "remheader", Hostname: "*", PathMatch: &StringMatch{ - Exact: ptrTo("remheader"), + Exact: ptr.To("remheader"), }, RemoveRequestHeaders: []string{ "x-request-header", @@ -306,7 +306,7 @@ var ( Name: "duplicateheader", Hostname: "*", PathMatch: &StringMatch{ - Exact: ptrTo("duplicateheader"), + Exact: ptr.To("duplicateheader"), }, AddRequestHeaders: []AddHeader{ { @@ -331,7 +331,7 @@ var ( Name: "addemptyheader", Hostname: "*", PathMatch: &StringMatch{ - Exact: ptrTo("addemptyheader"), + Exact: ptr.To("addemptyheader"), }, AddRequestHeaders: []AddHeader{ { @@ -346,7 +346,7 @@ var ( Name: "addheader", Hostname: "*", PathMatch: &StringMatch{ - Exact: ptrTo("addheader"), + Exact: ptr.To("addheader"), }, AddResponseHeaders: []AddHeader{ { @@ -371,7 +371,7 @@ var ( Name: "remheader", Hostname: "*", PathMatch: &StringMatch{ - Exact: ptrTo("remheader"), + Exact: ptr.To("remheader"), }, RemoveResponseHeaders: []string{ "x-request-header", @@ -384,7 +384,7 @@ var ( Name: "duplicateheader", Hostname: "*", PathMatch: &StringMatch{ - Exact: ptrTo("duplicateheader"), + Exact: ptr.To("duplicateheader"), }, AddResponseHeaders: []AddHeader{ { @@ -409,7 +409,7 @@ var ( Name: "addemptyheader", Hostname: "*", PathMatch: &StringMatch{ - Exact: ptrTo("addemptyheader"), + Exact: ptr.To("addemptyheader"), }, AddResponseHeaders: []AddHeader{ { @@ -424,7 +424,7 @@ var ( Name: "jwtauthen", Hostname: "*", PathMatch: &StringMatch{ - Exact: ptrTo("jwtauthen"), + Exact: ptr.To("jwtauthen"), }, JWT: &JWT{ Providers: []egv1a1.JWTProvider{ @@ -441,7 +441,7 @@ var ( Name: "mirrorfilter", Hostname: "*", PathMatch: &StringMatch{ - Exact: ptrTo("mirrorfilter"), + Exact: ptr.To("mirrorfilter"), }, Mirrors: []*RouteDestination{&happyRouteDestination}, } @@ -462,11 +462,6 @@ var ( } ) -// Creates a pointer to any type -func ptrTo[T any](x T) *T { - return &x -} - func TestValidateXds(t *testing.T) { tests := []struct { name string @@ -802,7 +797,7 @@ func TestValidateHTTPRoute(t *testing.T) { input: HTTPRoute{ Hostname: "*", PathMatch: &StringMatch{ - Exact: ptrTo("example"), + Exact: ptr.To("example"), }, Destination: &happyRouteDestination, }, @@ -813,7 +808,7 @@ func TestValidateHTTPRoute(t *testing.T) { input: HTTPRoute{ Name: "invalid hostname", PathMatch: &StringMatch{ - Exact: ptrTo("example"), + Exact: ptr.To("example"), }, Destination: &happyRouteDestination, }, @@ -833,7 +828,7 @@ func TestValidateHTTPRoute(t *testing.T) { name: "empty name and invalid match", input: HTTPRoute{ Hostname: "*", - HeaderMatches: []*StringMatch{ptrTo(StringMatch{})}, + HeaderMatches: []*StringMatch{ptr.To(StringMatch{})}, Destination: &happyRouteDestination, }, want: []error{ErrHTTPRouteNameEmpty, ErrStringMatchConditionInvalid}, @@ -1070,7 +1065,7 @@ func TestValidateStringMatch(t *testing.T) { { name: "happy", input: StringMatch{ - Exact: ptrTo("example"), + Exact: ptr.To("example"), }, want: nil, }, @@ -1082,9 +1077,9 @@ func TestValidateStringMatch(t *testing.T) { { name: "multiple fields set", input: StringMatch{ - Exact: ptrTo("example"), + Exact: ptr.To("example"), Name: "example", - Prefix: ptrTo("example"), + Prefix: ptr.To("example"), }, want: ErrStringMatchConditionInvalid, }, diff --git a/internal/provider/kubernetes/kubernetes_test.go b/internal/provider/kubernetes/kubernetes_test.go index 4eab96cd5a14..39f96109ff8e 100644 --- a/internal/provider/kubernetes/kubernetes_test.go +++ b/internal/provider/kubernetes/kubernetes_test.go @@ -24,6 +24,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/rest" + "k8s.io/utils/ptr" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/envtest" "sigs.k8s.io/controller-runtime/pkg/log" @@ -36,7 +37,6 @@ import ( "github.com/envoyproxy/gateway/internal/gatewayapi" "github.com/envoyproxy/gateway/internal/message" "github.com/envoyproxy/gateway/internal/provider/kubernetes/test" - "github.com/envoyproxy/gateway/internal/utils/ptr" ) const ( diff --git a/internal/provider/kubernetes/routes_test.go b/internal/provider/kubernetes/routes_test.go index cb126d3f2a13..c4f46b5693ed 100644 --- a/internal/provider/kubernetes/routes_test.go +++ b/internal/provider/kubernetes/routes_test.go @@ -16,6 +16,7 @@ import ( "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" fakeclient "sigs.k8s.io/controller-runtime/pkg/client/fake" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" @@ -26,7 +27,6 @@ import ( "github.com/envoyproxy/gateway/internal/gatewayapi" "github.com/envoyproxy/gateway/internal/logging" "github.com/envoyproxy/gateway/internal/provider/utils" - "github.com/envoyproxy/gateway/internal/utils/ptr" ) func TestProcessHTTPRoutes(t *testing.T) { diff --git a/internal/provider/kubernetes/test/utils.go b/internal/provider/kubernetes/test/utils.go index 539b2ab594f9..bb1fe05b6888 100644 --- a/internal/provider/kubernetes/test/utils.go +++ b/internal/provider/kubernetes/test/utils.go @@ -11,11 +11,11 @@ import ( discoveryv1 "k8s.io/api/discovery/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" - "github.com/envoyproxy/gateway/internal/utils/ptr" ) type ObjectKindNamespacedName struct { diff --git a/internal/status/conditions_test.go b/internal/status/conditions_test.go index e1a24821f182..88620b7aa0cd 100644 --- a/internal/status/conditions_test.go +++ b/internal/status/conditions_test.go @@ -23,9 +23,8 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" utilclock "k8s.io/utils/clock" fakeclock "k8s.io/utils/clock/testing" + "k8s.io/utils/ptr" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" - - "github.com/envoyproxy/gateway/internal/utils/ptr" ) var clock utilclock.Clock = utilclock.RealClock{} diff --git a/internal/status/gateway.go b/internal/status/gateway.go index 7d7e96203f08..b7245c206aa5 100644 --- a/internal/status/gateway.go +++ b/internal/status/gateway.go @@ -8,9 +8,8 @@ package status import ( appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" + "k8s.io/utils/ptr" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" - - "github.com/envoyproxy/gateway/internal/utils/ptr" ) // UpdateGatewayStatusAcceptedCondition updates the status condition for the provided Gateway based on the accepted state. diff --git a/internal/status/gateway_test.go b/internal/status/gateway_test.go index c93ea62bef78..c20d29b8ec05 100644 --- a/internal/status/gateway_test.go +++ b/internal/status/gateway_test.go @@ -13,9 +13,8 @@ import ( appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" - - "github.com/envoyproxy/gateway/internal/utils/ptr" ) func TestUpdateGatewayStatusProgrammedCondition(t *testing.T) { diff --git a/internal/utils/ptr/ptr.go b/internal/utils/ptr/ptr.go deleted file mode 100644 index 368c36c5b83e..000000000000 --- a/internal/utils/ptr/ptr.go +++ /dev/null @@ -1,10 +0,0 @@ -// Copyright Envoy Gateway Authors -// SPDX-License-Identifier: Apache-2.0 -// The full text of the Apache license is available in the LICENSE file at -// the root of the repo. - -package ptr - -func To[T any](in T) *T { - return &in -} diff --git a/internal/xds/bootstrap/bootstrap_test.go b/internal/xds/bootstrap/bootstrap_test.go index 4b5a3d81cd79..6cb0ed314691 100644 --- a/internal/xds/bootstrap/bootstrap_test.go +++ b/internal/xds/bootstrap/bootstrap_test.go @@ -12,9 +12,9 @@ import ( "testing" "github.com/stretchr/testify/assert" + "k8s.io/utils/ptr" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" - "github.com/envoyproxy/gateway/internal/utils/ptr" ) func TestGetRenderedBootstrapConfig(t *testing.T) { diff --git a/internal/xds/translator/accesslog.go b/internal/xds/translator/accesslog.go index 1ecf6c78760b..a74315a255e9 100644 --- a/internal/xds/translator/accesslog.go +++ b/internal/xds/translator/accesslog.go @@ -19,9 +19,9 @@ import ( "golang.org/x/exp/maps" "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/structpb" + "k8s.io/utils/ptr" "github.com/envoyproxy/gateway/internal/ir" - "github.com/envoyproxy/gateway/internal/utils/ptr" "github.com/envoyproxy/gateway/internal/xds/types" ) @@ -242,7 +242,7 @@ func processClusterForAccessLog(tCtx *types.ResourceVersionTable, al *ir.AccessL clusterName := buildClusterName("accesslog", otel.Host, otel.Port) ds := &ir.DestinationSetting{ - Weight: ptr.To(uint32(1)), + Weight: ptr.To[uint32](1), Protocol: ir.GRPC, Endpoints: []*ir.DestinationEndpoint{ir.NewDestEndpoint(otel.Host, otel.Port)}, } diff --git a/internal/xds/translator/jwt.go b/internal/xds/translator/jwt.go index ea5dd6ce28f1..2978c5485050 100644 --- a/internal/xds/translator/jwt.go +++ b/internal/xds/translator/jwt.go @@ -18,9 +18,9 @@ import ( "github.com/tetratelabs/multierror" "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/durationpb" + "k8s.io/utils/ptr" "github.com/envoyproxy/gateway/internal/ir" - "github.com/envoyproxy/gateway/internal/utils/ptr" "github.com/envoyproxy/gateway/internal/xds/types" ) @@ -269,7 +269,7 @@ func (*jwt) patchResources(tCtx *types.ResourceVersionTable, routes []*ir.HTTPRo } ds = &ir.DestinationSetting{ - Weight: ptr.To(uint32(1)), + Weight: ptr.To[uint32](1), Endpoints: []*ir.DestinationEndpoint{ir.NewDestEndpoint(jwks.hostname, jwks.port)}, } diff --git a/internal/xds/translator/oidc.go b/internal/xds/translator/oidc.go index abed8228b86d..e2cadc9a9587 100644 --- a/internal/xds/translator/oidc.go +++ b/internal/xds/translator/oidc.go @@ -19,9 +19,9 @@ import ( "github.com/golang/protobuf/ptypes/duration" "github.com/tetratelabs/multierror" "google.golang.org/protobuf/types/known/anypb" + "k8s.io/utils/ptr" "github.com/envoyproxy/gateway/internal/ir" - "github.com/envoyproxy/gateway/internal/utils/ptr" "github.com/envoyproxy/gateway/internal/xds/types" ) @@ -251,7 +251,7 @@ func createOAuth2TokenEndpointClusters(tCtx *types.ResourceVersionTable, } ds = &ir.DestinationSetting{ - Weight: ptr.To(uint32(1)), + Weight: ptr.To[uint32](1), Endpoints: []*ir.DestinationEndpoint{ir.NewDestEndpoint( cluster.hostname, cluster.port), diff --git a/internal/xds/translator/ratelimit.go b/internal/xds/translator/ratelimit.go index a8c2abcd5ca2..55e4a09d2b5a 100644 --- a/internal/xds/translator/ratelimit.go +++ b/internal/xds/translator/ratelimit.go @@ -25,9 +25,9 @@ import ( "google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/wrapperspb" goyaml "gopkg.in/yaml.v3" // nolint: depguard + "k8s.io/utils/ptr" "github.com/envoyproxy/gateway/internal/ir" - "github.com/envoyproxy/gateway/internal/utils/ptr" "github.com/envoyproxy/gateway/internal/xds/types" ) @@ -431,7 +431,7 @@ func (t *Translator) createRateLimitServiceCluster(tCtx *types.ResourceVersionTa // Create cluster if it does not exist host, port := t.getRateLimitServiceGrpcHostPort() ds := &ir.DestinationSetting{ - Weight: ptr.To(uint32(1)), + Weight: ptr.To[uint32](1), Protocol: ir.GRPC, Endpoints: []*ir.DestinationEndpoint{ir.NewDestEndpoint(host, uint32(port))}, } diff --git a/internal/xds/translator/tracing.go b/internal/xds/translator/tracing.go index c7ee389088e5..1349995ff86a 100644 --- a/internal/xds/translator/tracing.go +++ b/internal/xds/translator/tracing.go @@ -14,11 +14,11 @@ import ( tracingtype "github.com/envoyproxy/go-control-plane/envoy/type/tracing/v3" xdstype "github.com/envoyproxy/go-control-plane/envoy/type/v3" "github.com/pkg/errors" + "k8s.io/utils/ptr" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/ir" "github.com/envoyproxy/gateway/internal/utils/protocov" - "github.com/envoyproxy/gateway/internal/utils/ptr" "github.com/envoyproxy/gateway/internal/xds/types" ) @@ -124,7 +124,7 @@ func processClusterForTracing(tCtx *types.ResourceVersionTable, tracing *ir.Trac clusterName := buildClusterName("tracing", tracing.Provider.Host, uint32(tracing.Provider.Port)) ds := &ir.DestinationSetting{ - Weight: ptr.To(uint32(1)), + Weight: ptr.To[uint32](1), Protocol: ir.GRPC, Endpoints: []*ir.DestinationEndpoint{ir.NewDestEndpoint(tracing.Provider.Host, uint32(tracing.Provider.Port))}, } diff --git a/test/cel-validation/envoyproxy_test.go b/test/cel-validation/envoyproxy_test.go index 86b5a8ddc5ee..40347665ea85 100644 --- a/test/cel-validation/envoyproxy_test.go +++ b/test/cel-validation/envoyproxy_test.go @@ -16,9 +16,9 @@ import ( "time" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" - "github.com/envoyproxy/gateway/internal/utils/ptr" ) func TestEnvoyProxyProvider(t *testing.T) { diff --git a/tools/linter/golangci-lint/.golangci.yml b/tools/linter/golangci-lint/.golangci.yml index ac65207238c5..56f8ee1278ea 100644 --- a/tools/linter/golangci-lint/.golangci.yml +++ b/tools/linter/golangci-lint/.golangci.yml @@ -28,6 +28,8 @@ linters-settings: desc: "use sigs.k8s.io/yaml instead" - pkg: gopkg.in/yaml.v3 desc: "use sigs.k8s.io/yaml instead" + - pkg: k8s.io/utils/pointer + desc: "use k8s.io/utils/ptr instead" gci: sections: # Captures all standard packages if they do not match another section. From a5aff6bf87e6a8dc6e4fbd6708ed2a4b0e86a20f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Dec 2023 12:01:17 -0800 Subject: [PATCH 29/31] build(deps): bump envoyproxy/toolshed from actions-v0.2.13 to 0.2.17 (#2318) Bumps [envoyproxy/toolshed](https://github.com/envoyproxy/toolshed) from actions-v0.2.13 to 0.2.17. This release includes the previously tagged commit. - [Release notes](https://github.com/envoyproxy/toolshed/releases) - [Commits](https://github.com/envoyproxy/toolshed/compare/actions-v0.2.13...actions-v0.2.17) --- updated-dependencies: - dependency-name: envoyproxy/toolshed dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/retest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/retest.yaml b/.github/workflows/retest.yaml index ba6e98678b16..21da15299249 100644 --- a/.github/workflows/retest.yaml +++ b/.github/workflows/retest.yaml @@ -22,6 +22,6 @@ jobs: pull-requests: write actions: write steps: - - uses: envoyproxy/toolshed/gh-actions/retest@actions-v0.2.13 + - uses: envoyproxy/toolshed/gh-actions/retest@actions-v0.2.17 with: token: ${{ secrets.GITHUB_TOKEN }} From 1a79f10e355d12bac06f0153009666f716c90634 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Dec 2023 12:01:41 -0800 Subject: [PATCH 30/31] build(deps): bump google.golang.org/grpc from 1.59.0 to 1.60.0 (#2315) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.59.0 to 1.60.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.59.0...v1.60.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 3b793c2c05a4..a8236d7e1124 100644 --- a/go.mod +++ b/go.mod @@ -33,7 +33,7 @@ require ( go.opentelemetry.io/proto/otlp v1.0.0 go.uber.org/zap v1.26.0 golang.org/x/exp v0.0.0-20231006140011-7918f672742d - google.golang.org/grpc v1.59.0 + google.golang.org/grpc v1.60.0 google.golang.org/protobuf v1.31.0 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.28.4 @@ -119,9 +119,9 @@ require ( golang.org/x/time v0.3.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect + google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/component-base v0.28.4 // indirect diff --git a/go.sum b/go.sum index 5c1f6389f349..92e701d96ad3 100644 --- a/go.sum +++ b/go.sum @@ -672,12 +672,12 @@ google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRn google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d h1:VBu5YqKPv6XiJ199exd8Br+Aetz+o08F+PLMnwJQHAY= -google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4= -google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d h1:DoPTO70H+bcDXcd39vOqb2viZxgqeBeSGtZ55yZU4/Q= -google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d h1:uvYuEyMHKNt+lT4K3bN6fGswmK8qSvcreM3BwjDh+y4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= +google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 h1:SeZZZx0cP0fqUyA+oRzP9k7cSwJlvDFiROO72uwD6i0= +google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97/go.mod h1:t1VqOqqvce95G3hIDCT5FeO3YUc6Q4Oe24L/+rNMxRk= +google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97 h1:W18sezcAYs+3tDZX4F80yctqa12jcP1PUS2gQu1zTPU= +google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97/go.mod h1:iargEX0SFPm3xcfMI0d1domjg0ZF4Aa0p2awqyxhvF0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97 h1:6GQBEOdGkX6MMTLT9V+TjtIRZCw9VPD5Z+yHY9wMgS0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97/go.mod h1:v7nGkzlmW8P3n/bKmWBn2WpBjpOEx8Q6gMueudAmKfY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= @@ -685,8 +685,8 @@ google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk= -google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= +google.golang.org/grpc v1.60.0 h1:6FQAR0kM31P6MRdeluor2w2gPaS4SVNrD/DNTxrQ15k= +google.golang.org/grpc v1.60.0/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From 6ec8afd85733b61daf0df8dc2aa10a9fb5da5239 Mon Sep 17 00:00:00 2001 From: zirain Date: Tue, 19 Dec 2023 10:30:18 +0800 Subject: [PATCH 31/31] implement gateway.spec.infrastructure (#2294) * implement gateway.spec.infrastructure Signed-off-by: zirain * remove Signed-off-by: zirain * lint Signed-off-by: zirain * gen-check Signed-off-by: zirain * lint Signed-off-by: zirain * update override Signed-off-by: zirain --------- Signed-off-by: zirain --- .../testdata/gateway-infrastructure.in.yaml | 76 +++++++ .../testdata/gateway-infrastructure.out.yaml | 144 ++++++++++++ internal/gatewayapi/translator.go | 34 ++- .../kubernetes/proxy/resource_provider.go | 58 +++-- .../proxy/resource_provider_test.go | 137 ++++++++++-- .../default.yaml} | 0 .../testdata/configmap/with-annotations.yaml | 17 ++ .../override-labels-and-annotations.yaml | 211 ++++++++++++++++++ .../deployments/with-annotations.yaml | 205 +++++++++++++++++ .../kubernetes/proxy/testdata/hpa/custom.yaml | 3 + .../proxy/testdata/hpa/default.yaml | 3 + .../proxy/testdata/hpa/with-annotations.yaml | 24 ++ .../default.yaml} | 0 .../serviceaccount/with-annotations.yaml | 14 ++ .../services/override-annotations.yaml | 37 +++ .../testdata/services/with-annotations.yaml | 33 +++ internal/ir/infra.go | 3 + internal/ir/zz_generated.deepcopy.go | 7 + 18 files changed, 960 insertions(+), 46 deletions(-) create mode 100644 internal/gatewayapi/testdata/gateway-infrastructure.in.yaml create mode 100644 internal/gatewayapi/testdata/gateway-infrastructure.out.yaml rename internal/infrastructure/kubernetes/proxy/testdata/{configmap.yaml => configmap/default.yaml} (100%) create mode 100644 internal/infrastructure/kubernetes/proxy/testdata/configmap/with-annotations.yaml create mode 100644 internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml create mode 100644 internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml create mode 100644 internal/infrastructure/kubernetes/proxy/testdata/hpa/with-annotations.yaml rename internal/infrastructure/kubernetes/proxy/testdata/{serviceaccount.yaml => serviceaccount/default.yaml} (100%) create mode 100644 internal/infrastructure/kubernetes/proxy/testdata/serviceaccount/with-annotations.yaml create mode 100644 internal/infrastructure/kubernetes/proxy/testdata/services/override-annotations.yaml create mode 100644 internal/infrastructure/kubernetes/proxy/testdata/services/with-annotations.yaml diff --git a/internal/gatewayapi/testdata/gateway-infrastructure.in.yaml b/internal/gatewayapi/testdata/gateway-infrastructure.in.yaml new file mode 100644 index 000000000000..0ce21aaf14e8 --- /dev/null +++ b/internal/gatewayapi/testdata/gateway-infrastructure.in.yaml @@ -0,0 +1,76 @@ +gateways: + - apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + namespace: default + name: gateway-1 + spec: + gatewayClassName: envoy-gateway-class + infrastructure: + labels: + infra-label1: infra-val1 + infra-label2: infra-val2 + annotations: + infra-anno-key1: infra-anno-val1 + infra-anno-key2: infra-anno-val2 + listeners: + - name: https + protocol: HTTPS + port: 443 + allowedRoutes: + namespaces: + from: Same + tls: + mode: Terminate + certificateRefs: + - name: tls-secret-1 + status: + listeners: + - name: https + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + attachedRoutes: 1 + conditions: + - type: Programmed + status: "True" + reason: Programmed + message: Listener has been successfully translated + - name: http + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + attachedRoutes: 1 + conditions: + - type: Programmed + status: "True" + reason: Programmed + message: Listener has been successfully translated +httpRoutes: + - apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + namespace: default + name: httproute-1 + spec: + parentRefs: + - name: gateway-1 + namespace: default + rules: + - matches: + - path: + value: "/" + backendRefs: + - name: service-1 + port: 8080 +secrets: + - apiVersion: v1 + kind: Secret + metadata: + namespace: default + name: tls-secret-1 + type: kubernetes.io/tls + data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNxRENDQVpBQ0NRREVNZ1lZblFyQ29EQU5CZ2txaGtpRzl3MEJBUXNGQURBV01SUXdFZ1lEVlFRRERBdG0KYjI4dVltRnlMbU52YlRBZUZ3MHlNekF4TURVeE16UXpNalJhRncweU5EQXhNRFV4TXpRek1qUmFNQll4RkRBUwpCZ05WQkFNTUMyWnZieTVpWVhJdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDCkFRRUFuZEh6d21wS2NUSUViamhGZ2RXd1RSTjc1Y3A4b3VsWnhMMUdydlI2SXc3ejdqaTBSNFcvTm85bkdmOU0KWVAyQ1JqaXN6NTFtd3hTeGVCcm9jTGVBK21reGkxK2lEdk5kQytyU0x4MTN6RUxTQ25xYnVzUHM3bUdmSlpxOAo5TGhlbmx5bzQzaDVjYTZINUxqTXd1L1JHVWlGMzFYck5yaVlGQlB2RTJyQitkd24vTkVrUTRoOFJxcXlwcmtuCkYvcWM5Sk1ZQVlGRld1VkNwa0lFbmRYMUN5dlFOT2FkZmN2cmd6dDV2SmwwT2kxQWdyaU5hWGJFUEdudWY3STQKcXBCSEdVWE5lMVdsOVdlVklxS1g0T2FFWERWQzZGQzdHOHptZWVMVzFBa1lFVm5pcFg2b1NCK0JjL1NIVlZOaApzQkxSbXRuc3pmTnRUMlFyZCttcGt4ODBaUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ1VKOElDCkJveUVqT3V3enBHYVJoR044QjRqT1B6aHVDT0V0ZDM3UzAybHUwN09IenlCdmJzVEd6S3dCZ0x5bVdmR2tINEIKajdDTHNwOEZ6TkhLWnVhQmdwblo5SjZETE9Od2ZXZTJBWXA3TGRmT0tWQlVkTVhRaU9tN2pKOUhob0Ntdk1ONwpic2pjaFdKb013ckZmK3dkQUthdHowcUFQeWhMeWUvRnFtaVZ4a09SWmF3K1Q5bURaK0g0OXVBU2d1SnVOTXlRClY2RXlYNmd0Z1dxMzc2SHZhWE1TLzNoYW1Zb1ZXWEk1TXhpUE9ZeG5BQmtKQjRTQ2dJUmVqYkpmVmFRdG9RNGEKejAyaVVMZW5ESUllUU9Zb2JLY01CWGYxQjRQQVFtc2VocVZJYnpzUUNHaTU0VkRyczZiWmQvN0pzMXpDcHBncwpKaUQ1SXFNaktXRHdxN2FLCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + diff --git a/internal/gatewayapi/testdata/gateway-infrastructure.out.yaml b/internal/gatewayapi/testdata/gateway-infrastructure.out.yaml new file mode 100644 index 000000000000..381fa22a6ce6 --- /dev/null +++ b/internal/gatewayapi/testdata/gateway-infrastructure.out.yaml @@ -0,0 +1,144 @@ +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + creationTimestamp: null + name: gateway-1 + namespace: default + spec: + gatewayClassName: envoy-gateway-class + infrastructure: + annotations: + infra-anno-key1: infra-anno-val1 + infra-anno-key2: infra-anno-val2 + labels: + infra-label1: infra-val1 + infra-label2: infra-val2 + listeners: + - allowedRoutes: + namespaces: + from: Same + name: https + port: 443 + protocol: HTTPS + tls: + certificateRefs: + - group: null + kind: null + name: tls-secret-1 + mode: Terminate + status: + listeners: + - attachedRoutes: 1 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: https + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute +httpRoutes: +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + creationTimestamp: null + name: httproute-1 + namespace: default + spec: + parentRefs: + - name: gateway-1 + namespace: default + rules: + - backendRefs: + - name: service-1 + port: 8080 + matches: + - path: + value: / + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Resolved all the Object references for the Route + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-1 + namespace: default +infraIR: + default/gateway-1: + proxy: + listeners: + - address: "" + ports: + - containerPort: 10443 + name: https + protocol: HTTPS + servicePort: 443 + metadata: + annotations: + infra-anno-key1: infra-anno-val1 + infra-anno-key2: infra-anno-val2 + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-1 + gateway.envoyproxy.io/owning-gateway-namespace: default + infra-label1: infra-val1 + infra-label2: infra-val2 + name: default/gateway-1 +xdsIR: + default/gateway-1: + accessLog: + text: + - path: /dev/stdout + http: + - address: 0.0.0.0 + hostnames: + - '*' + isHTTP2: false + name: default/gateway-1/https + port: 10443 + routes: + - backendWeights: + invalid: 0 + valid: 0 + destination: + name: httproute/default/httproute-1/rule/0 + settings: + - addressType: IP + endpoints: + - host: 7.7.7.7 + port: 8080 + protocol: HTTP + weight: 1 + hostname: '*' + name: httproute/default/httproute-1/rule/0/match/0/* + pathMatch: + distinct: false + name: "" + prefix: / + tls: + - name: default-tls-secret-1 + privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNxRENDQVpBQ0NRREVNZ1lZblFyQ29EQU5CZ2txaGtpRzl3MEJBUXNGQURBV01SUXdFZ1lEVlFRRERBdG0KYjI4dVltRnlMbU52YlRBZUZ3MHlNekF4TURVeE16UXpNalJhRncweU5EQXhNRFV4TXpRek1qUmFNQll4RkRBUwpCZ05WQkFNTUMyWnZieTVpWVhJdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDCkFRRUFuZEh6d21wS2NUSUViamhGZ2RXd1RSTjc1Y3A4b3VsWnhMMUdydlI2SXc3ejdqaTBSNFcvTm85bkdmOU0KWVAyQ1JqaXN6NTFtd3hTeGVCcm9jTGVBK21reGkxK2lEdk5kQytyU0x4MTN6RUxTQ25xYnVzUHM3bUdmSlpxOAo5TGhlbmx5bzQzaDVjYTZINUxqTXd1L1JHVWlGMzFYck5yaVlGQlB2RTJyQitkd24vTkVrUTRoOFJxcXlwcmtuCkYvcWM5Sk1ZQVlGRld1VkNwa0lFbmRYMUN5dlFOT2FkZmN2cmd6dDV2SmwwT2kxQWdyaU5hWGJFUEdudWY3STQKcXBCSEdVWE5lMVdsOVdlVklxS1g0T2FFWERWQzZGQzdHOHptZWVMVzFBa1lFVm5pcFg2b1NCK0JjL1NIVlZOaApzQkxSbXRuc3pmTnRUMlFyZCttcGt4ODBaUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ1VKOElDCkJveUVqT3V3enBHYVJoR044QjRqT1B6aHVDT0V0ZDM3UzAybHUwN09IenlCdmJzVEd6S3dCZ0x5bVdmR2tINEIKajdDTHNwOEZ6TkhLWnVhQmdwblo5SjZETE9Od2ZXZTJBWXA3TGRmT0tWQlVkTVhRaU9tN2pKOUhob0Ntdk1ONwpic2pjaFdKb013ckZmK3dkQUthdHowcUFQeWhMeWUvRnFtaVZ4a09SWmF3K1Q5bURaK0g0OXVBU2d1SnVOTXlRClY2RXlYNmd0Z1dxMzc2SHZhWE1TLzNoYW1Zb1ZXWEk1TXhpUE9ZeG5BQmtKQjRTQ2dJUmVqYkpmVmFRdG9RNGEKejAyaVVMZW5ESUllUU9Zb2JLY01CWGYxQjRQQVFtc2VocVZJYnpzUUNHaTU0VkRyczZiWmQvN0pzMXpDcHBncwpKaUQ1SXFNaktXRHdxN2FLCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K diff --git a/internal/gatewayapi/translator.go b/internal/gatewayapi/translator.go index 198b30680dbf..418f653fe1ef 100644 --- a/internal/gatewayapi/translator.go +++ b/internal/gatewayapi/translator.go @@ -6,6 +6,7 @@ package gatewayapi import ( + "golang.org/x/exp/maps" "k8s.io/apimachinery/pkg/runtime/schema" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" @@ -234,13 +235,21 @@ func (t *Translator) InitIRs(gateways []*GatewayContext, resources *Resources) ( for _, gateway := range gateways { gwXdsIR := &ir.Xds{} gwInfraIR := ir.NewInfra() + labels := infrastructureLabels(gateway.Gateway) + annotations := infrastructureAnnotations(gateway.Gateway) + gwInfraIR.Proxy.GetProxyMetadata().Annotations = annotations + if isMergeGatewaysEnabled(resources) { t.MergeGateways = true irKey = string(t.GatewayClassName) - gwInfraIR.Proxy.GetProxyMetadata().Labels = GatewayClassOwnerLabel(string(t.GatewayClassName)) + + maps.Copy(labels, GatewayClassOwnerLabel(string(t.GatewayClassName))) + gwInfraIR.Proxy.GetProxyMetadata().Labels = labels } else { irKey = irStringKey(gateway.Gateway.Namespace, gateway.Gateway.Name) - gwInfraIR.Proxy.GetProxyMetadata().Labels = GatewayOwnerLabels(gateway.Namespace, gateway.Name) + + maps.Copy(labels, GatewayOwnerLabels(gateway.Namespace, gateway.Name)) + gwInfraIR.Proxy.GetProxyMetadata().Labels = labels } gwInfraIR.Proxy.Name = irKey @@ -252,6 +261,27 @@ func (t *Translator) InitIRs(gateways []*GatewayContext, resources *Resources) ( return xdsIR, infraIR } +func infrastructureAnnotations(gtw *gwapiv1.Gateway) map[string]string { + if gtw.Spec.Infrastructure != nil && len(gtw.Spec.Infrastructure.Annotations) > 0 { + res := make(map[string]string) + for k, v := range gtw.Spec.Infrastructure.Annotations { + res[string(k)] = string(v) + } + return res + } + return nil +} + +func infrastructureLabels(gtw *gwapiv1.Gateway) map[string]string { + res := make(map[string]string) + if gtw.Spec.Infrastructure != nil { + for k, v := range gtw.Spec.Infrastructure.Labels { + res[string(k)] = string(v) + } + } + return res +} + // XdsIR and InfraIR map keys by default are {GatewayNamespace}/{GatewayName}, but if mergeGateways is set, they are merged under {GatewayClassName} key. func (t *Translator) getIRKey(gateway *gwapiv1.Gateway) string { irKey := irStringKey(gateway.Namespace, gateway.Name) diff --git a/internal/infrastructure/kubernetes/proxy/resource_provider.go b/internal/infrastructure/kubernetes/proxy/resource_provider.go index b84618e5386d..61a393d71a0a 100644 --- a/internal/infrastructure/kubernetes/proxy/resource_provider.go +++ b/internal/infrastructure/kubernetes/proxy/resource_provider.go @@ -56,9 +56,10 @@ func (r *ResourceRender) ServiceAccount() (*corev1.ServiceAccount, error) { APIVersion: "v1", }, ObjectMeta: metav1.ObjectMeta{ - Namespace: r.Namespace, - Name: r.Name(), - Labels: labels, + Namespace: r.Namespace, + Name: r.Name(), + Labels: labels, + Annotations: r.infra.GetProxyMetadata().Annotations, }, }, nil } @@ -91,11 +92,16 @@ func (r *ResourceRender) Service() (*corev1.Service, error) { } // Get annotations - var annotations map[string]string + annotations := map[string]string{} + maps.Copy(annotations, r.infra.GetProxyMetadata().Annotations) + provider := r.infra.GetProxyConfig().GetEnvoyProxyProvider() envoyServiceConfig := provider.GetEnvoyProxyKubeProvider().EnvoyService if envoyServiceConfig.Annotations != nil { - annotations = envoyServiceConfig.Annotations + maps.Copy(annotations, envoyServiceConfig.Annotations) + } + if len(annotations) == 0 { + annotations = nil } // Set the spec of gateway service @@ -135,9 +141,10 @@ func (r *ResourceRender) ConfigMap() (*corev1.ConfigMap, error) { APIVersion: "v1", }, ObjectMeta: metav1.ObjectMeta{ - Namespace: r.Namespace, - Name: r.Name(), - Labels: labels, + Namespace: r.Namespace, + Name: r.Name(), + Labels: labels, + Annotations: r.infra.GetProxyMetadata().Annotations, }, Data: map[string]string{ SdsCAFilename: SdsCAConfigMapData, @@ -162,6 +169,7 @@ func (r *ResourceRender) Deployment() (*appsv1.Deployment, error) { } // Set the labels based on the owning gateway name. + dpAnnotations := r.infra.GetProxyMetadata().Annotations labels := r.infra.GetProxyMetadata().Labels dpLabels := envoyLabels(labels) if (len(dpLabels[gatewayapi.OwningGatewayNameLabel]) == 0 || len(dpLabels[gatewayapi.OwningGatewayNamespaceLabel]) == 0) && len(dpLabels[gatewayapi.OwningGatewayClassLabel]) == 0 { @@ -173,17 +181,16 @@ func (r *ResourceRender) Deployment() (*appsv1.Deployment, error) { selector := resource.GetSelector(podLabels) // Get annotations - var annotations map[string]string - if deploymentConfig.Pod.Annotations != nil { - annotations = deploymentConfig.Pod.Annotations - } + podAnnotations := map[string]string{} + maps.Copy(podAnnotations, dpAnnotations) + maps.Copy(podAnnotations, deploymentConfig.Pod.Annotations) if enablePrometheus(r.infra) { - if annotations == nil { - annotations = make(map[string]string, 2) - } - annotations["prometheus.io/path"] = "/stats/prometheus" // TODO: make this configurable - annotations["prometheus.io/scrape"] = "true" - annotations["prometheus.io/port"] = strconv.Itoa(bootstrap.EnvoyReadinessPort) + podAnnotations["prometheus.io/path"] = "/stats/prometheus" // TODO: make this configurable + podAnnotations["prometheus.io/scrape"] = "true" + podAnnotations["prometheus.io/port"] = strconv.Itoa(bootstrap.EnvoyReadinessPort) + } + if len(podAnnotations) == 0 { + podAnnotations = nil } deployment := &appsv1.Deployment{ @@ -192,9 +199,10 @@ func (r *ResourceRender) Deployment() (*appsv1.Deployment, error) { APIVersion: "apps/v1", }, ObjectMeta: metav1.ObjectMeta{ - Namespace: r.Namespace, - Name: r.Name(), - Labels: dpLabels, + Namespace: r.Namespace, + Name: r.Name(), + Labels: dpLabels, + Annotations: dpAnnotations, }, Spec: appsv1.DeploymentSpec{ Replicas: deploymentConfig.Replicas, @@ -203,7 +211,7 @@ func (r *ResourceRender) Deployment() (*appsv1.Deployment, error) { Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ Labels: selector.MatchLabels, - Annotations: annotations, + Annotations: podAnnotations, }, Spec: corev1.PodSpec{ Containers: containers, @@ -251,8 +259,10 @@ func (r *ResourceRender) HorizontalPodAutoscaler() (*autoscalingv2.HorizontalPod Kind: "HorizontalPodAutoscaler", }, ObjectMeta: metav1.ObjectMeta{ - Namespace: r.Namespace, - Name: r.Name(), + Namespace: r.Namespace, + Name: r.Name(), + Annotations: r.infra.GetProxyMetadata().Annotations, + Labels: r.infra.GetProxyMetadata().Labels, }, Spec: autoscalingv2.HorizontalPodAutoscalerSpec{ ScaleTargetRef: autoscalingv2.CrossVersionObjectReference{ diff --git a/internal/infrastructure/kubernetes/proxy/resource_provider_test.go b/internal/infrastructure/kubernetes/proxy/resource_provider_test.go index ddb86054c359..935ac447bab8 100644 --- a/internal/infrastructure/kubernetes/proxy/resource_provider_test.go +++ b/internal/infrastructure/kubernetes/proxy/resource_provider_test.go @@ -34,8 +34,20 @@ const ( ) func newTestInfra() *ir.Infra { + return newTestInfraWithAnnotations(nil) +} + +func newTestInfraWithAnnotations(annotations map[string]string) *ir.Infra { + return newTestInfraWithAnnotationsAndLabels(annotations, nil) +} + +func newTestInfraWithAnnotationsAndLabels(annotations, labels map[string]string) *ir.Infra { i := ir.NewInfra() + i.Proxy.GetProxyMetadata().Annotations = annotations + if len(labels) > 0 { + i.Proxy.GetProxyMetadata().Labels = labels + } i.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNamespaceLabel] = "default" i.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNameLabel] = i.Proxy.Name i.Proxy.Listeners = []ir.ProxyListener{ @@ -335,6 +347,34 @@ func TestDeployment(t *testing.T) { }, }, }, + { + caseName: "with-annotations", + infra: newTestInfraWithAnnotations(map[string]string{ + "anno1": "value1", + "anno2": "value2", + }), + deploy: nil, + }, + { + caseName: "override-labels-and-annotations", + infra: newTestInfraWithAnnotationsAndLabels(map[string]string{ + "anno1": "value1", + "anno2": "value2", + }, map[string]string{ + "label1": "value1", + "label2": "value2", + }), + deploy: &egv1a1.KubernetesDeploymentSpec{ + Pod: &egv1a1.KubernetesPodSpec{ + Annotations: map[string]string{ + "anno1": "value1-override", + }, + Labels: map[string]string{ + "label1": "value1-override", + }, + }, + }, + }, } for _, tc := range cases { t.Run(tc.caseName, func(t *testing.T) { @@ -428,6 +468,28 @@ func TestService(t *testing.T) { Type: &svcType, }, }, + { + caseName: "with-annotations", + infra: newTestInfraWithAnnotations(map[string]string{ + "anno1": "value1", + "anno2": "value2", + }), + }, + { + caseName: "override-annotations", + infra: newTestInfraWithAnnotationsAndLabels(map[string]string{ + "anno1": "value1", + "anno2": "value2", + }, map[string]string{ + "label1": "value1", + "label2": "value2", + }), + service: &egv1a1.KubernetesServiceSpec{ + Annotations: map[string]string{ + "anno1": "value1-override", + }, + }, + }, } for _, tc := range cases { t.Run(tc.caseName, func(t *testing.T) { @@ -461,21 +523,38 @@ func loadService(caseName string) (*corev1.Service, error) { func TestConfigMap(t *testing.T) { cfg, err := config.New() require.NoError(t, err) + cases := []struct { + name string + infra *ir.Infra + }{ + { + name: "default", + infra: newTestInfra(), + }, { + name: "with-annotations", + infra: newTestInfraWithAnnotations(map[string]string{ + "anno1": "value1", + "anno2": "value2", + }), + }, + } - infra := newTestInfra() - - r := NewResourceRender(cfg.Namespace, infra.GetProxyInfra()) - cm, err := r.ConfigMap() - require.NoError(t, err) + for _, tc := range cases { + t.Run(tc.name, func(t *testing.T) { + r := NewResourceRender(cfg.Namespace, tc.infra.GetProxyInfra()) + cm, err := r.ConfigMap() + require.NoError(t, err) - expected, err := loadConfigmap() - require.NoError(t, err) + expected, err := loadConfigmap(tc.name) + require.NoError(t, err) - assert.Equal(t, expected, cm) + assert.Equal(t, expected, cm) + }) + } } -func loadConfigmap() (*corev1.ConfigMap, error) { - cmYAML, err := os.ReadFile("testdata/configmap.yaml") +func loadConfigmap(tc string) (*corev1.ConfigMap, error) { + cmYAML, err := os.ReadFile(fmt.Sprintf("testdata/configmap/%s.yaml", tc)) if err != nil { return nil, err } @@ -485,23 +564,41 @@ func loadConfigmap() (*corev1.ConfigMap, error) { } func TestServiceAccount(t *testing.T) { + cfg, err := config.New() require.NoError(t, err) + cases := []struct { + name string + infra *ir.Infra + }{ + { + name: "default", + infra: newTestInfra(), + }, { + name: "with-annotations", + infra: newTestInfraWithAnnotations(map[string]string{ + "anno1": "value1", + "anno2": "value2", + }), + }, + } - infra := newTestInfra() - - r := NewResourceRender(cfg.Namespace, infra.GetProxyInfra()) - sa, err := r.ServiceAccount() - require.NoError(t, err) + for _, tc := range cases { + t.Run(tc.name, func(t *testing.T) { + r := NewResourceRender(cfg.Namespace, tc.infra.GetProxyInfra()) + sa, err := r.ServiceAccount() + require.NoError(t, err) - expected, err := loadServiceAccount() - require.NoError(t, err) + expected, err := loadServiceAccount(tc.name) + require.NoError(t, err) - assert.Equal(t, expected, sa) + assert.Equal(t, expected, sa) + }) + } } -func loadServiceAccount() (*corev1.ServiceAccount, error) { - saYAML, err := os.ReadFile("testdata/serviceaccount.yaml") +func loadServiceAccount(tc string) (*corev1.ServiceAccount, error) { + saYAML, err := os.ReadFile(fmt.Sprintf("testdata/serviceaccount/%s.yaml", tc)) if err != nil { return nil, err } diff --git a/internal/infrastructure/kubernetes/proxy/testdata/configmap.yaml b/internal/infrastructure/kubernetes/proxy/testdata/configmap/default.yaml similarity index 100% rename from internal/infrastructure/kubernetes/proxy/testdata/configmap.yaml rename to internal/infrastructure/kubernetes/proxy/testdata/configmap/default.yaml diff --git a/internal/infrastructure/kubernetes/proxy/testdata/configmap/with-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/configmap/with-annotations.yaml new file mode 100644 index 000000000000..4435e134a514 --- /dev/null +++ b/internal/infrastructure/kubernetes/proxy/testdata/configmap/with-annotations.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + annotations: + anno1: value1 + anno2: value2 + labels: + app.kubernetes.io/name: envoy + app.kubernetes.io/component: proxy + app.kubernetes.io/managed-by: envoy-gateway + gateway.envoyproxy.io/owning-gateway-name: default + gateway.envoyproxy.io/owning-gateway-namespace: default + name: envoy-default-37a8eec1 + namespace: envoy-gateway-system +data: + xds-certificate.json: '{"resources":[{"@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret","name":"xds_certificate","tls_certificate":{"certificate_chain":{"filename":"/certs/tls.crt"},"private_key":{"filename":"/certs/tls.key"}}}]}' + xds-trusted-ca.json: '{"resources":[{"@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret","name":"xds_trusted_ca","validation_context":{"trusted_ca":{"filename":"/certs/ca.crt"},"match_typed_subject_alt_names":[{"san_type":"DNS","matcher":{"exact":"envoy-gateway"}}]}}]}' diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml new file mode 100644 index 000000000000..df2bb0e6a467 --- /dev/null +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml @@ -0,0 +1,211 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + anno1: value1 + anno2: value2 + labels: + app.kubernetes.io/name: envoy + app.kubernetes.io/component: proxy + app.kubernetes.io/managed-by: envoy-gateway + gateway.envoyproxy.io/owning-gateway-name: default + gateway.envoyproxy.io/owning-gateway-namespace: default + label1: value1 + label2: value2 + name: envoy-default-37a8eec1 + namespace: envoy-gateway-system +spec: + replicas: 1 + strategy: + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/name: envoy + app.kubernetes.io/component: proxy + app.kubernetes.io/managed-by: envoy-gateway + gateway.envoyproxy.io/owning-gateway-name: default + gateway.envoyproxy.io/owning-gateway-namespace: default + label1: value1-override + label2: value2 + template: + metadata: + annotations: + anno1: value1-override + anno2: value2 + labels: + app.kubernetes.io/name: envoy + app.kubernetes.io/component: proxy + app.kubernetes.io/managed-by: envoy-gateway + gateway.envoyproxy.io/owning-gateway-name: default + gateway.envoyproxy.io/owning-gateway-namespace: default + label1: value1-override + label2: value2 + spec: + automountServiceAccountToken: false + containers: + - args: + - --service-cluster default + - --service-node $(ENVOY_POD_NAME) + - | + --config-yaml admin: + access_log: + - name: envoy.access_loggers.file + typed_config: + "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/null + address: + socket_address: + address: 127.0.0.1 + port_value: 19000 + dynamic_resources: + ads_config: + api_type: DELTA_GRPC + transport_api_version: V3 + grpc_services: + - envoy_grpc: + cluster_name: xds_cluster + set_node_on_first_message_only: true + lds_config: + ads: {} + resource_api_version: V3 + cds_config: + ads: {} + resource_api_version: V3 + static_resources: + listeners: + - name: envoy-gateway-proxy-ready-0.0.0.0-19001 + address: + socket_address: + address: 0.0.0.0 + port_value: 19001 + protocol: TCP + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: eg-ready-http + route_config: + name: local_route + http_filters: + - name: envoy.filters.http.health_check + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + pass_through_mode: false + headers: + - name: ":path" + string_match: + exact: /ready + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + clusters: + - connect_timeout: 10s + load_assignment: + cluster_name: xds_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18000 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: + connection_keepalive: + interval: 30s + timeout: 5s + name: xds_cluster + type: STRICT_DNS + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 + - --log-level warn + - --cpuset-threads + command: + - envoy + env: + - name: ENVOY_GATEWAY_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: ENVOY_POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + image: envoyproxy/envoy-dev:latest + imagePullPolicy: IfNotPresent + name: envoy + ports: + - containerPort: 8080 + name: EnvoyH-d76a15e2 + protocol: TCP + - containerPort: 8443 + name: EnvoyH-6658f727 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 512Mi + readinessProbe: + httpGet: + path: /ready + port: 19001 + scheme: HTTP + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /certs + name: certs + readOnly: true + - mountPath: /sds + name: sds + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + serviceAccountName: envoy-default-37a8eec1 + terminationGracePeriodSeconds: 300 + volumes: + - name: certs + secret: + secretName: envoy + defaultMode: 420 + - configMap: + defaultMode: 420 + items: + - key: xds-trusted-ca.json + path: xds-trusted-ca.json + - key: xds-certificate.json + path: xds-certificate.json + name: envoy-default-37a8eec1 + optional: false + name: sds + revisionHistoryLimit: 10 + progressDeadlineSeconds: 600 diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml new file mode 100644 index 000000000000..6b0367843de4 --- /dev/null +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml @@ -0,0 +1,205 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + anno1: value1 + anno2: value2 + labels: + app.kubernetes.io/name: envoy + app.kubernetes.io/component: proxy + app.kubernetes.io/managed-by: envoy-gateway + gateway.envoyproxy.io/owning-gateway-name: default + gateway.envoyproxy.io/owning-gateway-namespace: default + name: envoy-default-37a8eec1 + namespace: envoy-gateway-system +spec: + replicas: 1 + strategy: + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/name: envoy + app.kubernetes.io/component: proxy + app.kubernetes.io/managed-by: envoy-gateway + gateway.envoyproxy.io/owning-gateway-name: default + gateway.envoyproxy.io/owning-gateway-namespace: default + template: + metadata: + annotations: + anno1: value1 + anno2: value2 + labels: + app.kubernetes.io/name: envoy + app.kubernetes.io/component: proxy + app.kubernetes.io/managed-by: envoy-gateway + gateway.envoyproxy.io/owning-gateway-name: default + gateway.envoyproxy.io/owning-gateway-namespace: default + spec: + automountServiceAccountToken: false + containers: + - args: + - --service-cluster default + - --service-node $(ENVOY_POD_NAME) + - | + --config-yaml admin: + access_log: + - name: envoy.access_loggers.file + typed_config: + "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/null + address: + socket_address: + address: 127.0.0.1 + port_value: 19000 + dynamic_resources: + ads_config: + api_type: DELTA_GRPC + transport_api_version: V3 + grpc_services: + - envoy_grpc: + cluster_name: xds_cluster + set_node_on_first_message_only: true + lds_config: + ads: {} + resource_api_version: V3 + cds_config: + ads: {} + resource_api_version: V3 + static_resources: + listeners: + - name: envoy-gateway-proxy-ready-0.0.0.0-19001 + address: + socket_address: + address: 0.0.0.0 + port_value: 19001 + protocol: TCP + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: eg-ready-http + route_config: + name: local_route + http_filters: + - name: envoy.filters.http.health_check + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + pass_through_mode: false + headers: + - name: ":path" + string_match: + exact: /ready + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + clusters: + - connect_timeout: 10s + load_assignment: + cluster_name: xds_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18000 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: + connection_keepalive: + interval: 30s + timeout: 5s + name: xds_cluster + type: STRICT_DNS + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 + - --log-level warn + - --cpuset-threads + command: + - envoy + env: + - name: ENVOY_GATEWAY_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: ENVOY_POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + image: envoyproxy/envoy-dev:latest + imagePullPolicy: IfNotPresent + name: envoy + ports: + - containerPort: 8080 + name: EnvoyH-d76a15e2 + protocol: TCP + - containerPort: 8443 + name: EnvoyH-6658f727 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 512Mi + readinessProbe: + httpGet: + path: /ready + port: 19001 + scheme: HTTP + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /certs + name: certs + readOnly: true + - mountPath: /sds + name: sds + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + serviceAccountName: envoy-default-37a8eec1 + terminationGracePeriodSeconds: 300 + volumes: + - name: certs + secret: + secretName: envoy + defaultMode: 420 + - configMap: + defaultMode: 420 + items: + - key: xds-trusted-ca.json + path: xds-trusted-ca.json + - key: xds-certificate.json + path: xds-certificate.json + name: envoy-default-37a8eec1 + optional: false + name: sds + revisionHistoryLimit: 10 + progressDeadlineSeconds: 600 diff --git a/internal/infrastructure/kubernetes/proxy/testdata/hpa/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/hpa/custom.yaml index 17171f8abb3e..6827dec99666 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/hpa/custom.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/hpa/custom.yaml @@ -1,6 +1,9 @@ apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: default + gateway.envoyproxy.io/owning-gateway-namespace: default name: envoy-default-37a8eec1 namespace: envoy-gateway-system spec: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/hpa/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/hpa/default.yaml index d11b7e476369..4c5446c2d357 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/hpa/default.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/hpa/default.yaml @@ -1,6 +1,9 @@ apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: default + gateway.envoyproxy.io/owning-gateway-namespace: default name: envoy-default-37a8eec1 namespace: envoy-gateway-system spec: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/hpa/with-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/hpa/with-annotations.yaml new file mode 100644 index 000000000000..9fa28d6ca6af --- /dev/null +++ b/internal/infrastructure/kubernetes/proxy/testdata/hpa/with-annotations.yaml @@ -0,0 +1,24 @@ +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + annotations: + anno1: value1 + anno2: value2 + labels: + gateway.envoyproxy.io/owning-gateway-name: default + gateway.envoyproxy.io/owning-gateway-namespace: default + name: envoy-default-37a8eec1 + namespace: envoy-gateway-system +spec: + metrics: + - resource: + name: cpu + target: + averageUtilization: 80 + type: Utilization + type: Resource + maxReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: envoy-default-37a8eec1 diff --git a/internal/infrastructure/kubernetes/proxy/testdata/serviceaccount.yaml b/internal/infrastructure/kubernetes/proxy/testdata/serviceaccount/default.yaml similarity index 100% rename from internal/infrastructure/kubernetes/proxy/testdata/serviceaccount.yaml rename to internal/infrastructure/kubernetes/proxy/testdata/serviceaccount/default.yaml diff --git a/internal/infrastructure/kubernetes/proxy/testdata/serviceaccount/with-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/serviceaccount/with-annotations.yaml new file mode 100644 index 000000000000..f63c97451ca3 --- /dev/null +++ b/internal/infrastructure/kubernetes/proxy/testdata/serviceaccount/with-annotations.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + anno1: value1 + anno2: value2 + labels: + app.kubernetes.io/name: envoy + app.kubernetes.io/component: proxy + app.kubernetes.io/managed-by: envoy-gateway + gateway.envoyproxy.io/owning-gateway-name: default + gateway.envoyproxy.io/owning-gateway-namespace: default + name: envoy-default-37a8eec1 + namespace: envoy-gateway-system diff --git a/internal/infrastructure/kubernetes/proxy/testdata/services/override-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/services/override-annotations.yaml new file mode 100644 index 000000000000..8953b5d9590d --- /dev/null +++ b/internal/infrastructure/kubernetes/proxy/testdata/services/override-annotations.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + anno1: value1-override + anno2: value2 + labels: + app.kubernetes.io/name: envoy + app.kubernetes.io/component: proxy + app.kubernetes.io/managed-by: envoy-gateway + gateway.envoyproxy.io/owning-gateway-name: default + gateway.envoyproxy.io/owning-gateway-namespace: default + label1: value1 + label2: value2 + name: envoy-default-37a8eec1 + namespace: envoy-gateway-system +spec: + externalTrafficPolicy: Local + ports: + - name: envoy-EnvoyHTTPPort-d76a15e2 + port: 0 + protocol: TCP + targetPort: 8080 + - name: envoy-EnvoyHTTPSPort-6658f727 + port: 0 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/name: envoy + app.kubernetes.io/component: proxy + app.kubernetes.io/managed-by: envoy-gateway + gateway.envoyproxy.io/owning-gateway-name: default + gateway.envoyproxy.io/owning-gateway-namespace: default + label1: value1 + label2: value2 + sessionAffinity: None + type: LoadBalancer diff --git a/internal/infrastructure/kubernetes/proxy/testdata/services/with-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/services/with-annotations.yaml new file mode 100644 index 000000000000..75635bc5fcd5 --- /dev/null +++ b/internal/infrastructure/kubernetes/proxy/testdata/services/with-annotations.yaml @@ -0,0 +1,33 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + anno1: value1 + anno2: value2 + labels: + app.kubernetes.io/name: envoy + app.kubernetes.io/component: proxy + app.kubernetes.io/managed-by: envoy-gateway + gateway.envoyproxy.io/owning-gateway-name: default + gateway.envoyproxy.io/owning-gateway-namespace: default + name: envoy-default-37a8eec1 + namespace: envoy-gateway-system +spec: + externalTrafficPolicy: Local + ports: + - name: envoy-EnvoyHTTPPort-d76a15e2 + port: 0 + protocol: TCP + targetPort: 8080 + - name: envoy-EnvoyHTTPSPort-6658f727 + port: 0 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/name: envoy + app.kubernetes.io/component: proxy + app.kubernetes.io/managed-by: envoy-gateway + gateway.envoyproxy.io/owning-gateway-name: default + gateway.envoyproxy.io/owning-gateway-namespace: default + sessionAffinity: None + type: LoadBalancer diff --git a/internal/ir/infra.go b/internal/ir/infra.go index 8899d81cb6e6..382c44ac4873 100644 --- a/internal/ir/infra.go +++ b/internal/ir/infra.go @@ -44,6 +44,9 @@ type ProxyInfra struct { // InfraMetadata defines metadata for the managed proxy infrastructure. // +k8s:deepcopy-gen=true type InfraMetadata struct { + // Annotations define a map of string keys and values that can be used to + // organize and categorize proxy infrastructure objects. + Annotations map[string]string `json:"annotations,omitempty" yaml:"annotations,omitempty"` // Labels define a map of string keys and values that can be used to organize // and categorize proxy infrastructure objects. Labels map[string]string `json:"labels,omitempty" yaml:"labels,omitempty"` diff --git a/internal/ir/zz_generated.deepcopy.go b/internal/ir/zz_generated.deepcopy.go index 3eb0f6ac92cb..8ad68937d2b2 100644 --- a/internal/ir/zz_generated.deepcopy.go +++ b/internal/ir/zz_generated.deepcopy.go @@ -547,6 +547,13 @@ func (in *Infra) DeepCopy() *Infra { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InfraMetadata) DeepCopyInto(out *InfraMetadata) { *out = *in + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } if in.Labels != nil { in, out := &in.Labels, &out.Labels *out = make(map[string]string, len(*in))