update

Signed-off-by: bitliu <[email protected]>

api/config/v1alpha1/helpers.go

@@ -107,8 +107,8 @@ func DefaultKubernetesDeploymentReplicas() *int32 {
 	return &repl
 }
 
-// DefaultKubernetesDeploymentImage returns the default envoyproxy image.
-func DefaultKubernetesDeploymentImage() *string {
+// DefaultKubernetesContainerImage returns the default envoyproxy image.
+func DefaultKubernetesContainerImage() *string {
 	return pointer.String(DefaultEnvoyProxyImage)
 }
 
@@ -118,7 +118,6 @@ func DefaultKubernetesDeployment() *KubernetesDeploymentSpec {
 		Replicas:  DefaultKubernetesDeploymentReplicas(),
 		Pod:       DefaultKubernetesPod(),
 		Container: DefaultKubernetesContainer(),
-		Image:     DefaultKubernetesDeploymentImage(),
 	}
 }
 
@@ -131,6 +130,7 @@ func DefaultKubernetesPod() *KubernetesPodSpec {
 func DefaultKubernetesContainer() *KubernetesContainerSpec {
 	return &KubernetesContainerSpec{
 		Resources: DefaultResourceRequirements(),
+		Image:     DefaultKubernetesContainerImage(),
 	}
 }
 
@@ -194,8 +194,8 @@ func (r *EnvoyProxyProvider) GetEnvoyProxyKubeProvider() *EnvoyProxyKubernetesPr
 		r.Kubernetes.EnvoyDeployment.Container.Resources = DefaultResourceRequirements()
 	}
 
-	if r.Kubernetes.EnvoyDeployment.Image == nil {
-		r.Kubernetes.EnvoyDeployment.Image = DefaultKubernetesDeploymentImage()
+	if r.Kubernetes.EnvoyDeployment.Container.Image == nil {
+		r.Kubernetes.EnvoyDeployment.Container.Image = DefaultKubernetesContainerImage()
 	}
 
 	if r.Kubernetes.EnvoyService == nil {
@@ -242,5 +242,9 @@ func (r *EnvoyGatewayProvider) GetEnvoyGatewayKubeProvider() *EnvoyGatewayKubern
 		r.Kubernetes.RateLimitDeployment.Container.Resources = DefaultResourceRequirements()
 	}
 
+	if r.Kubernetes.RateLimitDeployment.Container.Image == nil {
+		r.Kubernetes.RateLimitDeployment.Container.Image = DefaultKubernetesContainerImage()
+	}
+
 	return r.Kubernetes
 }

api/config/v1alpha1/shared_types.go

@@ -57,11 +57,6 @@ type KubernetesDeploymentSpec struct {
 	// +optional
 	Container *KubernetesContainerSpec `json:"container,omitempty"`
 
-	// Image specifies the EnvoyProxy container image to be used, instead of the default image.
-	//
-	// +optional
-	Image *string `json:"image,omitempty"`
-
 	// TODO: Expose config as use cases are better understood, e.g. labels.
 }
 
@@ -94,6 +89,11 @@ type KubernetesContainerSpec struct {
 	//
 	// +optional
 	SecurityContext *corev1.SecurityContext `json:"securityContext,omitempty"`
+
+	// Image specifies the EnvoyProxy container image to be used, instead of the default image.
+	//
+	// +optional
+	Image *string `json:"image,omitempty"`
 }
 
 // ServiceType string describes ingress methods for a service

api/config/v1alpha1/validate_test.go

@@ -241,10 +241,10 @@ func TestEnvoyGatewayProvider(t *testing.T) {
 
 	envoyGatewayProvider := envoyGateway.GetEnvoyGatewayProvider()
 	assert.True(t, envoyGatewayProvider.Kubernetes == nil)
-	assert.True(t, reflect.DeepEqual(envoyGateway.Provider, envoyGatewayProvider))
+	assert.Equal(t, envoyGateway.Provider, envoyGatewayProvider)
 
 	envoyGatewayProvider.Kubernetes = DefaultEnvoyGatewayKubeProvider()
-	assert.True(t, reflect.DeepEqual(envoyGatewayProvider.Kubernetes.RateLimitDeployment, DefaultKubernetesDeployment()))
+	assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment, DefaultKubernetesDeployment())
 
 	envoyGatewayProvider.Kubernetes = &EnvoyGatewayKubernetesProvider{}
 	assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment == nil)
@@ -265,24 +265,27 @@ func TestEnvoyGatewayProvider(t *testing.T) {
 		Container: &KubernetesContainerSpec{
 			Resources:       nil,
 			SecurityContext: nil,
+			Image:           nil,
 		},
 	}}
 	assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container.Resources == nil)
 	envoyGatewayProvider.GetEnvoyGatewayKubeProvider()
 
 	assert.True(t, envoyGatewayProvider.Kubernetes != nil)
-	assert.True(t, reflect.DeepEqual(envoyGatewayProvider.Kubernetes, envoyGatewayKubeProvider))
+	assert.Equal(t, envoyGatewayProvider.Kubernetes, envoyGatewayKubeProvider)
 
 	assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment != nil)
-	assert.True(t, reflect.DeepEqual(envoyGatewayProvider.Kubernetes.RateLimitDeployment, DefaultKubernetesDeployment()))
+	assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment, DefaultKubernetesDeployment())
 	assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Replicas != nil)
-	assert.True(t, reflect.DeepEqual(envoyGatewayProvider.Kubernetes.RateLimitDeployment.Replicas, DefaultKubernetesDeploymentReplicas()))
+	assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Replicas, DefaultKubernetesDeploymentReplicas())
 	assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Pod != nil)
-	assert.True(t, reflect.DeepEqual(envoyGatewayProvider.Kubernetes.RateLimitDeployment.Pod, DefaultKubernetesPod()))
+	assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Pod, DefaultKubernetesPod())
 	assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container != nil)
-	assert.True(t, reflect.DeepEqual(envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container, DefaultKubernetesContainer()))
+	assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container, DefaultKubernetesContainer())
 	assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container.Resources != nil)
-	assert.True(t, reflect.DeepEqual(envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container.Resources, DefaultResourceRequirements()))
+	assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container.Resources, DefaultResourceRequirements())
+	assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container.Image != nil)
+	assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container.Image, DefaultKubernetesContainerImage())
 }
 
 func TestEnvoyProxyProvider(t *testing.T) {

charts/gateway-helm/README.md

@@ -1,36 +1,83 @@
-# Usage
+# gateway-helm
+
+![Version: v0.0.0-latest](https://img.shields.io/badge/Version-v0.0.0--latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square)
+
+The Helm chart for Envoy Gateway
+
+**Homepage:** <https://gateway.envoyproxy.io/>
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| envoy-gateway-steering-committee |  | <https://github.com/envoyproxy/gateway/blob/main/GOVERNANCE.md> |
+| envoy-gateway-maintainers |  | <https://github.com/envoyproxy/gateway/blob/main/CODEOWNERS> |
+
+## Source Code
+
+* <https://github.com/envoyproxy/gateway>
+
+## Usage
 
 [Helm](https://helm.sh) must be installed to use the charts.  Please refer to
 Helm's [documentation](https://helm.sh/docs) to get started.
 
-## Install from DockerHub
+### Install from DockerHub
 
 Once Helm has been set up correctly, install the chart from dockerhub:
 
 ``` shell
   helm install eg oci://docker.io/envoyproxy/gateway-helm -n envoy-gateway-system --create-namespace
 ```
 
-## Install from Source Code
+### Install from Source Code
 
 You can also install the helm chart from the source code:
 
 To install the eg chart along with Gateway API CRDs and Envoy Gateway CRDs:
 
 ``` shell
-    helm install eg --create-namespace charts/gateway-helm -n envoy-gateway-system
+    make kube-deploy TAG=latest
 ```
 
-## Skip install CRDs
+### Skip install CRDs
 
 You can install the eg chart along without Gateway API CRDs and Envoy Gateway CRDs, make sure CRDs exist in Cluster first if you want to skip to install them, otherwise EG may fail to start:
 
 ``` shell
-    helm install eg --create-namespace charts/gateway-helm -n envoy-gateway-system --skip-crds
+    helm install eg --create-namespace oci://docker.io/envoyproxy/gateway-helm -n envoy-gateway-system --skip-crds
 ```
 
 To uninstall the chart:
 
 ``` shell
     helm delete eg
 ```
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| config.envoyGateway.gateway.controllerName | string | `"gateway.envoyproxy.io/gatewayclass-controller"` |  |
+| config.envoyGateway.provider.type | string | `"Kubernetes"` |  |
+| deployment.envoyGateway.image.repository | string | `"docker.io/envoyproxy/gateway-dev"` |  |
+| deployment.envoyGateway.image.tag | string | `"latest"` |  |
+| deployment.envoyGateway.imagePullPolicy | string | `"Always"` |  |
+| deployment.envoyGateway.resources.limits.cpu | string | `"500m"` |  |
+| deployment.envoyGateway.resources.limits.memory | string | `"128Mi"` |  |
+| deployment.envoyGateway.resources.requests.cpu | string | `"10m"` |  |
+| deployment.envoyGateway.resources.requests.memory | string | `"64Mi"` |  |
+| deployment.kubeRbacProxy.image.repository | string | `"gcr.io/kubebuilder/kube-rbac-proxy"` |  |
+| deployment.kubeRbacProxy.image.tag | string | `"v0.11.0"` |  |
+| deployment.kubeRbacProxy.resources.limits.cpu | string | `"500m"` |  |
+| deployment.kubeRbacProxy.resources.limits.memory | string | `"128Mi"` |  |
+| deployment.kubeRbacProxy.resources.requests.cpu | string | `"5m"` |  |
+| deployment.kubeRbacProxy.resources.requests.memory | string | `"64Mi"` |  |
+| deployment.ports[0].name | string | `"grpc"` |  |
+| deployment.ports[0].port | int | `18000` |  |
+| deployment.ports[0].targetPort | int | `18000` |  |
+| deployment.replicas | int | `1` |  |
+| envoyGatewayMetricsService.ports[0].name | string | `"https"` |  |
+| envoyGatewayMetricsService.ports[0].port | int | `8443` |  |
+| envoyGatewayMetricsService.ports[0].protocol | string | `"TCP"` |  |
+| envoyGatewayMetricsService.ports[0].targetPort | string | `"https"` |  |

charts/gateway-helm/crds/generated/config.gateway.envoyproxy.io_envoyproxies.yaml

@@ -96,6 +96,10 @@ spec:
                             description: Container defines the resources and securityContext
                               of container.
                             properties:
+                              image:
+                                description: Image specifies the EnvoyProxy container
+                                  image to be used, instead of the default image.
+                                type: string
                               resources:
                                 description: 'Resources required by this container.
                                   More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
@@ -346,10 +350,6 @@ spec:
                                     type: object
                                 type: object
                             type: object
-                          image:
-                            description: Image specifies the EnvoyProxy container
-                              image to be used, instead of the default image.
-                            type: string
                           pod:
                             description: Pod defines the desired annotations and securityContext
                               of container.

docs/latest/api/config_types.md

@@ -257,6 +257,7 @@ _Appears in:_
 | --- | --- |
 | `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#resourcerequirements-v1-core)_ | Resources required by this container. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
 | `securityContext` _[SecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#securitycontext-v1-core)_ | SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ |
+| `image` _string_ | Image specifies the EnvoyProxy container image to be used, instead of the default image. |
 
 
 ## KubernetesDeploymentSpec
@@ -274,7 +275,6 @@ _Appears in:_
 | `replicas` _integer_ | Replicas is the number of desired pods. Defaults to 1. |
 | `pod` _[KubernetesPodSpec](#kubernetespodspec)_ | Pod defines the desired annotations and securityContext of container. |
 | `container` _[KubernetesContainerSpec](#kubernetescontainerspec)_ | Container defines the resources and securityContext of container. |
-| `image` _string_ | Image specifies the EnvoyProxy container image to be used, instead of the default image. |
 
 
 ## KubernetesPodSpec

docs/latest/design/system-design.md

@@ -39,7 +39,7 @@ defined as Kubernetes resources that provide the following services:
 * Infrastructure Management- Manage the data plane infrastructure, i.e. deploy, upgrade, etc. This configuration is
   expressed through [GatewayClass][gc] and [Gateway][gw] resources. The `EnvoyProxy` [Custom Resource][cr] can be
   referenced by `gatewayclass.spec.parametersRef` to modify data plane infrastructure default parameters,
-  e.g. expose Envoy network endpoints using a NodePort service instead of a LoadBalancer service.
+  e.g. expose Envoy network endpoints using a `ClusterIP` service instead of a `LoadBalancer` service.
 * Traffic Routing- Define how to handle application-level requests to backend services. For example, route all HTTP
   requests for "www.example.com" to a backend service running a web server. This configuration is expressed through
   [HTTPRoute][hroute] and [TLSRoute][troute] resources that match, filter, and route traffic to a [backend][be].

docs/latest/user/customize-envoyproxy.md

@@ -72,7 +72,8 @@ spec:
     type: Kubernetes
     kubernetes:
       envoyDeployment:
-        image: envoyproxy/envoy:v1.25-latest
+        container:
+          image: envoyproxy/envoy:v1.25-latest
 EOF
 ```
 
@@ -94,9 +95,10 @@ spec:
     type: Kubernetes
     kubernetes:
       envoyDeployment:
-        podAnnotations:
-          custom1: deploy-annotation1
-          custom2: deploy-annotation2
+        pod:
+          annotations:
+            custom1: deploy-annotation1
+            custom2: deploy-annotation2
 EOF
 ```
 
@@ -118,13 +120,14 @@ spec:
     type: Kubernetes
     kubernetes:
       envoyDeployment:
-        resources:
-          requests:
-            cpu: 150m
-            memory: 640Mi
-          limits:
-            cpu: 500m
-            memory: 1Gi
+        container:
+          resources:
+            requests:
+              cpu: 150m
+              memory: 640Mi
+            limits:
+              cpu: 500m
+              memory: 1Gi
 EOF
 ```
 
@@ -155,31 +158,6 @@ EOF
 
 After applying the config, you can get the envoyproxy service, and see annotations has been added.
 
-## Customize EnvoyProxy Service Annotations
-
-You can customize the EnvoyProxy Service Annotations via EnvoyProxy Config like:
-
-```shell
-cat <<EOF | kubectl apply -f -
-apiVersion: config.gateway.envoyproxy.io/v1alpha1
-kind: EnvoyProxy
-metadata:
-  name: custom-proxy-config
-  namespace: envoy-gateway-system
-spec:
-  provider:
-    type: Kubernetes
-    kubernetes:
-      envoyService:
-        annotations:
-          custom1: svc-annotation1
-          custom2: svc-annotation2
-
-EOF
-```
-
-After applying the config, you can get the envoyproxy service, and see annotations has been added.
-
 ## Customize EnvoyProxy Bootstrap Config
 
 You can customize the EnvoyProxy Bootstrap Config via EnvoyProxy Config like:
@@ -202,4 +180,4 @@ After applying the config, the bootstrap config will be overridden by the new co
 Envoy Gateway will use Webhook to validate the bootstrap config you provided.
 
 [Gateway API documentation]: https://gateway-api.sigs.k8s.io/
-[EnvoyProxy]: https://www.envoyproxy.io/
+[EnvoyProxy]: https://www.envoyproxy.io/

internal/cmd/version/version.go

@@ -36,7 +36,7 @@ func Get() Info {
 var (
 	envoyGatewayVersion string
 	gatewayAPIVersion   string
-	envoyProxyVersion   = strings.Split(*v1alpha1.DefaultKubernetesDeploymentImage(), ":")[1]
+	envoyProxyVersion   = strings.Split(*v1alpha1.DefaultKubernetesContainerImage(), ":")[1]
 	gitCommitID         string
 )
 

internal/gatewayapi/testdata/envoyproxy-valid.in.yaml

@@ -12,8 +12,8 @@ envoyproxy:
           type: LoadBalancer
         envoyDeployment:
           replicas: 2
-          image: "envoyproxy/gateway:v0.4.0"
           container:
+            image: "envoyproxy/gateway:v0.4.0"
             resources:
               requests:
                 cpu: 100m

internal/gatewayapi/testdata/envoyproxy-valid.out.yaml

@@ -60,9 +60,9 @@ infraIR:
               envoyService:
                 type: LoadBalancer
               envoyDeployment:
-                image: "envoyproxy/gateway:v0.4.0"
                 replicas: 2
                 container:
+                  image: "envoyproxy/gateway:v0.4.0"
                   resources:
                     requests:
                       cpu: 100m