From 8a6b2408b061271c0d2b171247710c7e1c7d1120 Mon Sep 17 00:00:00 2001 From: tanujd11 Date: Sun, 29 Oct 2023 23:41:45 +0530 Subject: [PATCH] Add http3 support to EG Signed-off-by: tanujd11 --- api/v1alpha1/clienttrafficpolicy_types.go | 4 + ...y.envoyproxy.io_clienttrafficpolicies.yaml | 4 + internal/gatewayapi/clienttrafficpolicy.go | 24 ++- internal/gatewayapi/listener.go | 10 +- ...ndtrafficpolicy-status-conditions.out.yaml | 5 + ...ndtrafficpolicy-with-loadbalancer.out.yaml | 2 + ...ckendtrafficpolicy-with-ratelimit.out.yaml | 2 + .../clienttrafficpolicy-http3.in.yaml | 59 +++++++ .../clienttrafficpolicy-http3.out.yaml | 154 ++++++++++++++++++ ...nttrafficpolicy-status-conditions.out.yaml | 5 + ...clienttrafficpolicy-tcp-keepalive.out.yaml | 4 + .../testdata/disable-accesslog.out.yaml | 1 + .../envoypatchpolicy-cross-ns-target.out.yaml | 1 + ...oypatchpolicy-invalid-target-kind.out.yaml | 1 + .../testdata/envoypatchpolicy-valid.out.yaml | 1 + ...oxy-accesslog-file-json-no-format.out.yaml | 1 + .../envoyproxy-accesslog-file-json.out.yaml | 1 + ...voyproxy-accesslog-with-bad-sinks.out.yaml | 1 + .../testdata/envoyproxy-accesslog.out.yaml | 1 + .../testdata/envoyproxy-valid.out.yaml | 1 + ...th-extension-filter-invalid-group.out.yaml | 1 + ...ith-non-matching-extension-filter.out.yaml | 1 + ...with-unsupported-extension-filter.out.yaml | 1 + ...route-with-valid-extension-filter.out.yaml | 1 + ...-namespace-with-allowed-httproute.out.yaml | 1 + ...mespace-with-disallowed-httproute.out.yaml | 1 + ...way-with-addresses-with-ipaddress.out.yaml | 1 + ...valid-allowed-namespaces-selector.out.yaml | 2 - ...with-invalid-allowed-routes-group.out.yaml | 2 - ...allowed-routes-kind-and-supported.out.yaml | 2 - ...-with-invalid-allowed-routes-kind.out.yaml | 2 - ...th-invalid-allowed-tls-route-kind.out.yaml | 2 - ...nvalid-multiple-tls-configuration.out.yaml | 2 - ...id-tls-configuration-invalid-mode.out.yaml | 2 - ...configuration-no-certificate-refs.out.yaml | 2 - ...ion-no-valid-certificate-for-fqdn.out.yaml | 2 - ...nfiguration-secret-does-not-exist.out.yaml | 2 - ...uration-secret-in-other-namespace.out.yaml | 2 - ...configuration-secret-is-not-valid.out.yaml | 2 - ...ssing-allowed-namespaces-selector.out.yaml | 2 - ...h-listener-with-tcp-with-hostname.out.yaml | 2 - ...route-with-mismatch-port-protocol.out.yaml | 1 + ...h-tcproute-with-multiple-backends.out.yaml | 1 + ...with-tcproute-with-multiple-rules.out.yaml | 1 + ...her-namespace-allowed-by-refgrant.out.yaml | 1 + ...ith-tls-terminate-and-passthrough.out.yaml | 4 + ...h-listener-with-udp-with-hostname.out.yaml | 2 - ...route-with-mismatch-port-protocol.out.yaml | 1 + ...h-udproute-with-multiple-backends.out.yaml | 1 + ...with-udproute-with-multiple-rules.out.yaml | 1 + ...-listener-with-unmatched-tcproute.out.yaml | 1 + ...-listener-with-unmatched-udproute.out.yaml | 1 + ...istener-with-unsupported-protocol.out.yaml | 2 - ...ith-same-algorithm-different-fqdn.out.yaml | 1 + ...-valid-multiple-tls-configuration.out.yaml | 1 + ...ener-with-valid-tls-configuration.out.yaml | 1 + ...with-preexisting-status-condition.out.yaml | 1 + ...-listener-with-multiple-tcproutes.out.yaml | 1 + ...-listener-with-multiple-udproutes.out.yaml | 1 + ...teway-with-stale-status-condition.out.yaml | 1 + ...listeners-on-same-tcp-or-tls-port.out.yaml | 1 + ...th-two-listeners-on-same-udp-port.out.yaml | 1 + ...d-tlsroute-same-hostname-and-port.out.yaml | 2 - ...isteners-with-multiple-httproutes.out.yaml | 4 + ...eners-with-same-port-and-hostname.out.yaml | 2 - ...me-port-and-incompatible-protocol.out.yaml | 2 - ...-with-same-port-http-tcp-protocol.out.yaml | 4 + ...-with-same-port-http-udp-protocol.out.yaml | 4 + ...s-with-tcproutes-with-sectionname.out.yaml | 4 + ...ith-tcproutes-without-sectionname.out.yaml | 4 + ...s-with-udproutes-with-sectionname.out.yaml | 4 + ...ith-udproutes-without-sectionname.out.yaml | 4 + .../grpcroute-with-header-match.out.yaml | 1 + ...ute-with-method-and-service-match.out.yaml | 1 + .../grpcroute-with-method-match.out.yaml | 1 + ...oute-with-request-header-modifier.out.yaml | 1 + .../grpcroute-with-service-match.out.yaml | 1 + ...way-with-more-different-listeners.out.yaml | 22 +++ ...ng-to-gateway-with-more-listeners.out.yaml | 1 + ...wo-listeners-with-different-ports.out.yaml | 4 + ...ing-to-gateway-with-two-listeners.out.yaml | 1 + .../httproute-attaching-to-gateway.out.yaml | 1 + ...taching-to-listener-matching-port.out.yaml | 1 + ...ner-on-gateway-with-two-listeners.out.yaml | 1 + ...ner-with-serviceimport-backendref.out.yaml | 1 + .../httproute-attaching-to-listener.out.yaml | 1 + ...httproute-backend-request-timeout.out.yaml | 1 + ...ing-to-listener-non-matching-port.out.yaml | 1 + .../httproute-request-timeout.out.yaml | 1 + ...-multiple-backends-and-no-weights.out.yaml | 1 + ...ith-multiple-backends-and-weights.out.yaml | 1 + ...her-namespace-allowed-by-refgrant.out.yaml | 1 + ...her-namespace-allowed-by-refgrant.out.yaml | 1 + .../httproute-with-empty-matches.out.yaml | 1 + ...er-duplicate-add-multiple-filters.out.yaml | 1 + ...with-header-filter-duplicate-adds.out.yaml | 1 + ...duplicate-remove-multiple-filters.out.yaml | 1 + ...h-header-filter-duplicate-removes.out.yaml | 1 + ...header-filter-empty-header-values.out.yaml | 1 + ...-with-header-filter-empty-headers.out.yaml | 1 + ...ith-header-filter-invalid-headers.out.yaml | 1 + ...ute-with-header-filter-no-headers.out.yaml | 1 + ...th-header-filter-no-valid-headers.out.yaml | 1 + ...tproute-with-header-filter-remove.out.yaml | 1 + ...with-invalid-backend-ref-bad-port.out.yaml | 1 + ...invalid-backend-ref-invalid-group.out.yaml | 1 + ...-invalid-backend-ref-invalid-kind.out.yaml | 1 + ...-with-invalid-backend-ref-no-port.out.yaml | 1 + ...lid-backend-ref-no-service.import.out.yaml | 1 + ...th-invalid-backend-ref-no-service.out.yaml | 1 + ...lid-backendref-in-other-namespace.out.yaml | 1 + ...ute-with-mirror-filter-duplicates.out.yaml | 1 + ...route-with-mirror-filter-multiple.out.yaml | 1 + ...ith-mirror-filter-service-no-port.out.yaml | 1 + ...h-mirror-filter-service-not-found.out.yaml | 1 + .../httproute-with-mirror-filter.out.yaml | 1 + ...to-gateway-with-wildcard-hostname.out.yaml | 1 + ...ct-filter-full-path-replace-https.out.yaml | 1 + ...ute-with-redirect-filter-hostname.out.yaml | 1 + ...direct-filter-invalid-filter-type.out.yaml | 1 + ...th-redirect-filter-invalid-scheme.out.yaml | 1 + ...th-redirect-filter-invalid-status.out.yaml | 1 + ...ter-prefix-replace-with-port-http.out.yaml | 1 + ...-with-response-header-filter-adds.out.yaml | 1 + ...er-duplicate-add-multiple-filters.out.yaml | 1 + ...onse-header-filter-duplicate-adds.out.yaml | 1 + ...duplicate-remove-multiple-filters.out.yaml | 1 + ...e-header-filter-duplicate-removes.out.yaml | 1 + ...header-filter-empty-header-values.out.yaml | 1 + ...ponse-header-filter-empty-headers.out.yaml | 1 + ...nse-header-filter-invalid-headers.out.yaml | 1 + ...response-header-filter-no-headers.out.yaml | 1 + ...se-header-filter-no-valid-headers.out.yaml | 1 + ...ith-response-header-filter-remove.out.yaml | 1 + ...single-rule-with-exact-path-match.out.yaml | 1 + ...ingle-rule-with-http-method-match.out.yaml | 1 + ...h-single-rule-with-multiple-rules.out.yaml | 1 + ...h-prefix-and-exact-header-matches.out.yaml | 1 + ...e-invalid-backend-refs-no-service.out.yaml | 1 + ...to-gateway-with-wildcard-hostname.out.yaml | 1 + ...to-gateway-with-wildcard-hostname.out.yaml | 1 + ...ite-filter-full-path-replace-http.out.yaml | 1 + ...te-filter-hostname-prefix-replace.out.yaml | 1 + ...e-with-urlrewrite-filter-hostname.out.yaml | 1 + ...ewrite-filter-invalid-filter-type.out.yaml | 1 + ...rlrewrite-filter-invalid-hostname.out.yaml | 1 + ...e-filter-invalid-multiple-filters.out.yaml | 1 + ...lrewrite-filter-invalid-path-type.out.yaml | 1 + ...th-urlrewrite-filter-invalid-path.out.yaml | 1 + ...th-urlrewrite-filter-missing-path.out.yaml | 1 + ...ewrite-filter-prefix-replace-http.out.yaml | 1 + ...ng-to-gateway-with-unset-hostname.out.yaml | 1 + .../httproutes-with-multiple-matches.out.yaml | 1 + .../merge-invalid-multiple-gateways.out.yaml | 4 + ...multiple-gateways-multiple-routes.out.yaml | 4 + .../merge-valid-multiple-gateways.out.yaml | 4 + .../securitypolicy-status-conditions.out.yaml | 5 + .../securitypolicy-with-cors.out.yaml | 2 + .../testdata/securitypolicy-with-jwt.out.yaml | 2 + ...teway-with-listener-tls-terminate.out.yaml | 1 + .../tlsroute-attaching-to-gateway.out.yaml | 1 + .../testdata/tlsroute-multiple.out.yaml | 1 + ...attaching-to-gateway-with-no-mode.out.yaml | 2 - ...her-namespace-allowed-by-refgrant.out.yaml | 1 + .../tlsroute-with-empty-hostname.out.yaml | 1 + ...oute-with-empty-listener-hostname.out.yaml | 1 + ...er-both-passthrough-and-cert-data.out.yaml | 2 - internal/gatewayapi/translator.go | 2 +- .../kubernetes/proxy/resource_provider.go | 12 ++ .../proxy/resource_provider_test.go | 2 +- internal/ir/infra.go | 19 +-- internal/ir/infra_test.go | 15 +- internal/ir/xds.go | 2 + internal/ir/zz_generated.deepcopy.go | 8 +- internal/xds/translator/listener.go | 77 ++++++++- .../translator/testdata/in/xds-ir/http3.yaml | 29 ++++ .../testdata/out/xds-ir/http3.clusters.yaml | 14 ++ .../testdata/out/xds-ir/http3.endpoints.yaml | 11 ++ .../testdata/out/xds-ir/http3.listeners.yaml | 98 +++++++++++ .../testdata/out/xds-ir/http3.routes.yaml | 17 ++ .../testdata/out/xds-ir/http3.secrets.yaml | 6 + internal/xds/translator/translator.go | 32 +++- internal/xds/translator/translator_test.go | 4 + site/content/en/latest/api/extension_types.md | 1 + site/content/en/latest/user/http3.md | 127 +++++++++++++++ 185 files changed, 912 insertions(+), 77 deletions(-) create mode 100644 internal/gatewayapi/testdata/clienttrafficpolicy-http3.in.yaml create mode 100755 internal/gatewayapi/testdata/clienttrafficpolicy-http3.out.yaml create mode 100644 internal/xds/translator/testdata/in/xds-ir/http3.yaml create mode 100755 internal/xds/translator/testdata/out/xds-ir/http3.clusters.yaml create mode 100755 internal/xds/translator/testdata/out/xds-ir/http3.endpoints.yaml create mode 100755 internal/xds/translator/testdata/out/xds-ir/http3.listeners.yaml create mode 100755 internal/xds/translator/testdata/out/xds-ir/http3.routes.yaml create mode 100755 internal/xds/translator/testdata/out/xds-ir/http3.secrets.yaml create mode 100644 site/content/en/latest/user/http3.md diff --git a/api/v1alpha1/clienttrafficpolicy_types.go b/api/v1alpha1/clienttrafficpolicy_types.go index 43907dba96ae..e8099c367493 100644 --- a/api/v1alpha1/clienttrafficpolicy_types.go +++ b/api/v1alpha1/clienttrafficpolicy_types.go @@ -53,6 +53,10 @@ type ClientTrafficPolicySpec struct { // // +optional TCPKeepalive *TCPKeepalive `json:"tcpKeepalive,omitempty"` + // EnableHTTP3 enables HTTP/3 support on the listener. + // Disabled by default. + // +optional + EnableHTTP3 bool `json:"enableHTTP3,omitempty"` } // TCPKeepalive define the TCP Keepalive configuration. diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml index 7e0edba928ff..03349fd972ee 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml @@ -44,6 +44,10 @@ spec: spec: description: Spec defines the desired state of ClientTrafficPolicy. properties: + enableHTTP3: + description: EnableHTTP3 enables HTTP/3 support on the listener. Disabled + by default. + type: boolean targetRef: description: TargetRef is the name of the Gateway resource this policy is being attached to. This Policy and the TargetRef MUST be in the diff --git a/internal/gatewayapi/clienttrafficpolicy.go b/internal/gatewayapi/clienttrafficpolicy.go index 3eb1f6ffe2cb..b6c41cee414b 100644 --- a/internal/gatewayapi/clienttrafficpolicy.go +++ b/internal/gatewayapi/clienttrafficpolicy.go @@ -31,9 +31,9 @@ func hasSectionName(policy *egv1a1.ClientTrafficPolicy) bool { return policy.Spec.TargetRef.SectionName != nil } -func ProcessClientTrafficPolicies(clientTrafficPolicies []*egv1a1.ClientTrafficPolicy, +func (t *Translator) ProcessClientTrafficPolicies(clientTrafficPolicies []*egv1a1.ClientTrafficPolicy, gateways []*GatewayContext, - xdsIR XdsIRMap) []*egv1a1.ClientTrafficPolicy { + xdsIR XdsIRMap, infraIR InfraIRMap) []*egv1a1.ClientTrafficPolicy { var res []*egv1a1.ClientTrafficPolicy // Sort based on timestamp @@ -91,7 +91,7 @@ func ProcessClientTrafficPolicies(clientTrafficPolicies []*egv1a1.ClientTrafficP // Translate for listener matching section name for _, l := range gateway.listeners { if string(l.Name) == section { - translateClientTrafficPolicyForListener(&policy.Spec, l, xdsIR) + t.translateClientTrafficPolicyForListener(&policy.Spec, l, xdsIR, infraIR) break } } @@ -168,7 +168,7 @@ func ProcessClientTrafficPolicies(clientTrafficPolicies []*egv1a1.ClientTrafficP continue } - translateClientTrafficPolicyForListener(&policy.Spec, l, xdsIR) + t.translateClientTrafficPolicyForListener(&policy.Spec, l, xdsIR, infraIR) } // Set Accepted=True @@ -265,7 +265,7 @@ func resolveCTPolicyTargetRef(policy *egv1a1.ClientTrafficPolicy, gateways []*Ga return gateway } -func translateClientTrafficPolicyForListener(policySpec *egv1a1.ClientTrafficPolicySpec, l *ListenerContext, xdsIR XdsIRMap) { +func (t *Translator) translateClientTrafficPolicyForListener(policySpec *egv1a1.ClientTrafficPolicySpec, l *ListenerContext, xdsIR XdsIRMap, infraIR InfraIRMap) { // Find IR irKey := irStringKey(l.gateway.Namespace, l.gateway.Name) // It must exist since we've already finished processing the gateways @@ -288,6 +288,20 @@ func translateClientTrafficPolicyForListener(policySpec *egv1a1.ClientTrafficPol if httpIR != nil { // Translate TCPKeepalive translateListenerTCPKeepalive(policySpec.TCPKeepalive, httpIR) + // enable http3 if set and TLS is enabled + if httpIR.TLS != nil { + httpIR.EnableHTTP3 = policySpec.EnableHTTP3 + var proxyListenerIR *ir.ProxyListener + for _, proxyListener := range infraIR[irKey].Proxy.Listeners { + if proxyListener.Name == irListenerName { + proxyListenerIR = proxyListener + break + } + } + if proxyListenerIR != nil { + proxyListenerIR.EnableHTTP3 = policySpec.EnableHTTP3 + } + } } } diff --git a/internal/gatewayapi/listener.go b/internal/gatewayapi/listener.go index e24d58f7fbd3..d2dcca0bfe93 100644 --- a/internal/gatewayapi/listener.go +++ b/internal/gatewayapi/listener.go @@ -138,15 +138,19 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR XdsIRMap if t.MergeGateways { infraPortName = irHTTPListenerName(listener) } - infraPort := ir.ListenerPort{ Name: infraPortName, Protocol: proto, ServicePort: servicePort.port, ContainerPort: containerPort, } - // Only 1 listener is supported. - infraIR[irKey].Proxy.Listeners[0].Ports = append(infraIR[irKey].Proxy.Listeners[0].Ports, infraPort) + + proxyListener := &ir.ProxyListener{ + Name: irHTTPListenerName(listener), + Ports: []ir.ListenerPort{infraPort}, + } + + infraIR[irKey].Proxy.Listeners = append(infraIR[irKey].Proxy.Listeners, proxyListener) } } } diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-status-conditions.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-status-conditions.out.yaml index d8fe370ea6af..f2a610c1cb29 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-status-conditions.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-status-conditions.out.yaml @@ -305,6 +305,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http @@ -319,11 +320,15 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 name: http protocol: HTTP servicePort: 80 + - address: "" + name: envoy-gateway/gateway-2/tcp + ports: - containerPort: 10053 name: tcp protocol: TCP diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml index a8c1817427c8..0fb01b165ca3 100755 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml @@ -202,6 +202,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http @@ -216,6 +217,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml index 1903b43a593f..d8552c3de82b 100755 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml @@ -220,6 +220,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http @@ -234,6 +235,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-http3.in.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-http3.in.yaml new file mode 100644 index 000000000000..a5b611f1a6fe --- /dev/null +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-http3.in.yaml @@ -0,0 +1,59 @@ +clientTrafficPolicies: +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: ClientTrafficPolicy + metadata: + namespace: envoy-gateway + name: target-gateway-1 + spec: + enableHTTP3: true + targetRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + namespace: envoy-gateway +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + namespace: envoy-gateway + name: gateway-1 + spec: + gatewayClassName: envoy-gateway-class + listeners: + - name: tls + protocol: HTTPS + port: 443 + allowedRoutes: + namespaces: + from: All + tls: + mode: Terminate + certificateRefs: + - name: tls-secret-1 +secrets: +- apiVersion: v1 + kind: Secret + metadata: + namespace: envoy-gateway + name: tls-secret-1 + type: kubernetes.io/tls + data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNxRENDQVpBQ0NRREVNZ1lZblFyQ29EQU5CZ2txaGtpRzl3MEJBUXNGQURBV01SUXdFZ1lEVlFRRERBdG0KYjI4dVltRnlMbU52YlRBZUZ3MHlNekF4TURVeE16UXpNalJhRncweU5EQXhNRFV4TXpRek1qUmFNQll4RkRBUwpCZ05WQkFNTUMyWnZieTVpWVhJdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDCkFRRUFuZEh6d21wS2NUSUViamhGZ2RXd1RSTjc1Y3A4b3VsWnhMMUdydlI2SXc3ejdqaTBSNFcvTm85bkdmOU0KWVAyQ1JqaXN6NTFtd3hTeGVCcm9jTGVBK21reGkxK2lEdk5kQytyU0x4MTN6RUxTQ25xYnVzUHM3bUdmSlpxOAo5TGhlbmx5bzQzaDVjYTZINUxqTXd1L1JHVWlGMzFYck5yaVlGQlB2RTJyQitkd24vTkVrUTRoOFJxcXlwcmtuCkYvcWM5Sk1ZQVlGRld1VkNwa0lFbmRYMUN5dlFOT2FkZmN2cmd6dDV2SmwwT2kxQWdyaU5hWGJFUEdudWY3STQKcXBCSEdVWE5lMVdsOVdlVklxS1g0T2FFWERWQzZGQzdHOHptZWVMVzFBa1lFVm5pcFg2b1NCK0JjL1NIVlZOaApzQkxSbXRuc3pmTnRUMlFyZCttcGt4ODBaUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ1VKOElDCkJveUVqT3V3enBHYVJoR044QjRqT1B6aHVDT0V0ZDM3UzAybHUwN09IenlCdmJzVEd6S3dCZ0x5bVdmR2tINEIKajdDTHNwOEZ6TkhLWnVhQmdwblo5SjZETE9Od2ZXZTJBWXA3TGRmT0tWQlVkTVhRaU9tN2pKOUhob0Ntdk1ONwpic2pjaFdKb013ckZmK3dkQUthdHowcUFQeWhMeWUvRnFtaVZ4a09SWmF3K1Q5bURaK0g0OXVBU2d1SnVOTXlRClY2RXlYNmd0Z1dxMzc2SHZhWE1TLzNoYW1Zb1ZXWEk1TXhpUE9ZeG5BQmtKQjRTQ2dJUmVqYkpmVmFRdG9RNGEKejAyaVVMZW5ESUllUU9Zb2JLY01CWGYxQjRQQVFtc2VocVZJYnpzUUNHaTU0VkRyczZiWmQvN0pzMXpDcHBncwpKaUQ1SXFNaktXRHdxN2FLCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K +httpRoutes: +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + namespace: default + name: httproute-1 + spec: + parentRefs: + - namespace: envoy-gateway + name: gateway-1 + rules: + - matches: + - path: + value: "/" + backendRefs: + - name: service-1 + port: 8080 diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-http3.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-http3.out.yaml new file mode 100755 index 000000000000..d893bf0e86f4 --- /dev/null +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-http3.out.yaml @@ -0,0 +1,154 @@ +clientTrafficPolicies: +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: ClientTrafficPolicy + metadata: + creationTimestamp: null + name: target-gateway-1 + namespace: envoy-gateway + spec: + enableHTTP3: true + targetRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + status: + conditions: + - lastTransitionTime: null + message: ClientTrafficPolicy has been accepted. + reason: Accepted + status: "True" + type: Accepted +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + creationTimestamp: null + name: gateway-1 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + listeners: + - allowedRoutes: + namespaces: + from: All + name: tls + port: 443 + protocol: HTTPS + tls: + certificateRefs: + - group: null + kind: null + name: tls-secret-1 + mode: Terminate + status: + listeners: + - attachedRoutes: 1 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: tls + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute +httpRoutes: +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + creationTimestamp: null + name: httproute-1 + namespace: default + spec: + parentRefs: + - name: gateway-1 + namespace: envoy-gateway + rules: + - backendRefs: + - name: service-1 + port: 8080 + matches: + - path: + value: / + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Resolved all the Object references for the Route + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-1 + namespace: envoy-gateway +infraIR: + envoy-gateway/gateway-1: + proxy: + listeners: + - address: "" + enableHTTP3: true + name: envoy-gateway/gateway-1/tls + ports: + - containerPort: 10443 + name: tls + protocol: HTTPS + servicePort: 443 + metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-1 + gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway + name: envoy-gateway/gateway-1 +xdsIR: + envoy-gateway/gateway-1: + accessLog: + text: + - path: /dev/stdout + http: + - address: 0.0.0.0 + enableHTTP3: true + hostnames: + - '*' + isHTTP2: false + name: envoy-gateway/gateway-1/tls + port: 10443 + routes: + - backendWeights: + invalid: 0 + valid: 0 + destination: + name: httproute/default/httproute-1/rule/0 + settings: + - endpoints: + - host: 7.7.7.7 + port: 8080 + weight: 1 + hostname: '*' + name: httproute/default/httproute-1/rule/0/match/0/* + pathMatch: + distinct: false + name: "" + prefix: / + tls: + - name: envoy-gateway-tls-secret-1 + privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNxRENDQVpBQ0NRREVNZ1lZblFyQ29EQU5CZ2txaGtpRzl3MEJBUXNGQURBV01SUXdFZ1lEVlFRRERBdG0KYjI4dVltRnlMbU52YlRBZUZ3MHlNekF4TURVeE16UXpNalJhRncweU5EQXhNRFV4TXpRek1qUmFNQll4RkRBUwpCZ05WQkFNTUMyWnZieTVpWVhJdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDCkFRRUFuZEh6d21wS2NUSUViamhGZ2RXd1RSTjc1Y3A4b3VsWnhMMUdydlI2SXc3ejdqaTBSNFcvTm85bkdmOU0KWVAyQ1JqaXN6NTFtd3hTeGVCcm9jTGVBK21reGkxK2lEdk5kQytyU0x4MTN6RUxTQ25xYnVzUHM3bUdmSlpxOAo5TGhlbmx5bzQzaDVjYTZINUxqTXd1L1JHVWlGMzFYck5yaVlGQlB2RTJyQitkd24vTkVrUTRoOFJxcXlwcmtuCkYvcWM5Sk1ZQVlGRld1VkNwa0lFbmRYMUN5dlFOT2FkZmN2cmd6dDV2SmwwT2kxQWdyaU5hWGJFUEdudWY3STQKcXBCSEdVWE5lMVdsOVdlVklxS1g0T2FFWERWQzZGQzdHOHptZWVMVzFBa1lFVm5pcFg2b1NCK0JjL1NIVlZOaApzQkxSbXRuc3pmTnRUMlFyZCttcGt4ODBaUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ1VKOElDCkJveUVqT3V3enBHYVJoR044QjRqT1B6aHVDT0V0ZDM3UzAybHUwN09IenlCdmJzVEd6S3dCZ0x5bVdmR2tINEIKajdDTHNwOEZ6TkhLWnVhQmdwblo5SjZETE9Od2ZXZTJBWXA3TGRmT0tWQlVkTVhRaU9tN2pKOUhob0Ntdk1ONwpic2pjaFdKb013ckZmK3dkQUthdHowcUFQeWhMeWUvRnFtaVZ4a09SWmF3K1Q5bURaK0g0OXVBU2d1SnVOTXlRClY2RXlYNmd0Z1dxMzc2SHZhWE1TLzNoYW1Zb1ZXWEk1TXhpUE9ZeG5BQmtKQjRTQ2dJUmVqYkpmVmFRdG9RNGEKejAyaVVMZW5ESUllUU9Zb2JLY01CWGYxQjRQQVFtc2VocVZJYnpzUUNHaTU0VkRyczZiWmQvN0pzMXpDcHBncwpKaUQ1SXFNaktXRHdxN2FLCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-status-conditions.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-status-conditions.out.yaml index 413b622c7435..335682b19bd8 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-status-conditions.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-status-conditions.out.yaml @@ -261,6 +261,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http @@ -275,11 +276,15 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 name: http protocol: HTTP servicePort: 80 + - address: "" + name: envoy-gateway/gateway-2/tcp + ports: - containerPort: 10053 name: tcp protocol: TCP diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-tcp-keepalive.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-tcp-keepalive.out.yaml index df173dba7d59..bf4305f07fc3 100755 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-tcp-keepalive.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-tcp-keepalive.out.yaml @@ -124,11 +124,15 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10080 name: http-1 protocol: HTTP servicePort: 80 + - address: "" + name: envoy-gateway/gateway-1/http-2 + ports: - containerPort: 8080 name: http-2 protocol: HTTP diff --git a/internal/gatewayapi/testdata/disable-accesslog.out.yaml b/internal/gatewayapi/testdata/disable-accesslog.out.yaml index 39e8d26d5711..77d0e208ce51 100644 --- a/internal/gatewayapi/testdata/disable-accesslog.out.yaml +++ b/internal/gatewayapi/testdata/disable-accesslog.out.yaml @@ -105,6 +105,7 @@ infraIR: status: {} listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-cross-ns-target.out.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-cross-ns-target.out.yaml index f7293e04c96f..55203790cea1 100755 --- a/internal/gatewayapi/testdata/envoypatchpolicy-cross-ns-target.out.yaml +++ b/internal/gatewayapi/testdata/envoypatchpolicy-cross-ns-target.out.yaml @@ -44,6 +44,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind.out.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind.out.yaml index b5d451c716be..e1bacc4ce567 100755 --- a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind.out.yaml +++ b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind.out.yaml @@ -44,6 +44,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-valid.out.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-valid.out.yaml index 5c75624e1367..b9ec0ed1cdf2 100644 --- a/internal/gatewayapi/testdata/envoypatchpolicy-valid.out.yaml +++ b/internal/gatewayapi/testdata/envoypatchpolicy-valid.out.yaml @@ -44,6 +44,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.out.yaml index d7032df5b1a1..ea61b4e661c1 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.out.yaml @@ -111,6 +111,7 @@ infraIR: status: {} listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.out.yaml index 4e3a60ba8f3d..d0d73b718312 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.out.yaml @@ -114,6 +114,7 @@ infraIR: status: {} listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.out.yaml index b4611b897da2..edc91caa9817 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.out.yaml @@ -112,6 +112,7 @@ infraIR: status: {} listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog.out.yaml index 01428c425e24..36cdb05506ff 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog.out.yaml @@ -119,6 +119,7 @@ infraIR: status: {} listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/envoyproxy-valid.out.yaml b/internal/gatewayapi/testdata/envoyproxy-valid.out.yaml index 9157ee690626..876e3f0a4bcd 100644 --- a/internal/gatewayapi/testdata/envoyproxy-valid.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-valid.out.yaml @@ -102,6 +102,7 @@ infraIR: status: {} listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/extensions/httproute-with-extension-filter-invalid-group.out.yaml b/internal/gatewayapi/testdata/extensions/httproute-with-extension-filter-invalid-group.out.yaml index 2828bf081661..0cefcf276ee3 100644 --- a/internal/gatewayapi/testdata/extensions/httproute-with-extension-filter-invalid-group.out.yaml +++ b/internal/gatewayapi/testdata/extensions/httproute-with-extension-filter-invalid-group.out.yaml @@ -92,6 +92,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/extensions/httproute-with-non-matching-extension-filter.out.yaml b/internal/gatewayapi/testdata/extensions/httproute-with-non-matching-extension-filter.out.yaml index d9271e30fc90..454d71acd4bd 100644 --- a/internal/gatewayapi/testdata/extensions/httproute-with-non-matching-extension-filter.out.yaml +++ b/internal/gatewayapi/testdata/extensions/httproute-with-non-matching-extension-filter.out.yaml @@ -90,6 +90,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/extensions/httproute-with-unsupported-extension-filter.out.yaml b/internal/gatewayapi/testdata/extensions/httproute-with-unsupported-extension-filter.out.yaml index 5f8e8829df68..11516f418fdb 100644 --- a/internal/gatewayapi/testdata/extensions/httproute-with-unsupported-extension-filter.out.yaml +++ b/internal/gatewayapi/testdata/extensions/httproute-with-unsupported-extension-filter.out.yaml @@ -90,6 +90,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/extensions/httproute-with-valid-extension-filter.out.yaml b/internal/gatewayapi/testdata/extensions/httproute-with-valid-extension-filter.out.yaml index d01e792dd710..b60d29f74310 100644 --- a/internal/gatewayapi/testdata/extensions/httproute-with-valid-extension-filter.out.yaml +++ b/internal/gatewayapi/testdata/extensions/httproute-with-valid-extension-filter.out.yaml @@ -90,6 +90,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml index 25c3cce6796d..bdc22a9dbda1 100644 --- a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml +++ b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml @@ -79,6 +79,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-disallowed-httproute.out.yaml b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-disallowed-httproute.out.yaml index 0c17d8dd89f8..be00c72971bc 100644 --- a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-disallowed-httproute.out.yaml +++ b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-disallowed-httproute.out.yaml @@ -79,6 +79,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/gateway-with-addresses-with-ipaddress.out.yaml b/internal/gatewayapi/testdata/gateway-with-addresses-with-ipaddress.out.yaml index 160fdae760ea..948f6da89309 100644 --- a/internal/gatewayapi/testdata/gateway-with-addresses-with-ipaddress.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-addresses-with-ipaddress.out.yaml @@ -49,6 +49,7 @@ infraIR: - 5.6.7.8 listeners: - address: "" + name: envoy-gateway/gateway-1/tcp ports: - containerPort: 10080 name: tcp diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-namespaces-selector.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-namespaces-selector.out.yaml index d360fbafe44f..5a2251c4ba7e 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-namespaces-selector.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-namespaces-selector.out.yaml @@ -80,8 +80,6 @@ httpRoutes: infraIR: envoy-gateway/gateway-1: proxy: - listeners: - - address: "" metadata: labels: gateway.envoyproxy.io/owning-gateway-name: gateway-1 diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-group.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-group.out.yaml index 1bd59a4c7c28..72e28c2a3067 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-group.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-group.out.yaml @@ -71,8 +71,6 @@ httpRoutes: infraIR: envoy-gateway/gateway-1: proxy: - listeners: - - address: "" metadata: labels: gateway.envoyproxy.io/owning-gateway-name: gateway-1 diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-kind-and-supported.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-kind-and-supported.out.yaml index 03568e1828b3..4cf8b87dc5bd 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-kind-and-supported.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-kind-and-supported.out.yaml @@ -73,8 +73,6 @@ httpRoutes: infraIR: envoy-gateway/gateway-1: proxy: - listeners: - - address: "" metadata: labels: gateway.envoyproxy.io/owning-gateway-name: gateway-1 diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-kind.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-kind.out.yaml index 0854ce26a7d3..4614c1d62533 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-kind.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-kind.out.yaml @@ -71,8 +71,6 @@ httpRoutes: infraIR: envoy-gateway/gateway-1: proxy: - listeners: - - address: "" metadata: labels: gateway.envoyproxy.io/owning-gateway-name: gateway-1 diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-tls-route-kind.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-tls-route-kind.out.yaml index d6a010af299c..4331ad96e82b 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-tls-route-kind.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-tls-route-kind.out.yaml @@ -39,8 +39,6 @@ gateways: infraIR: envoy-gateway/gateway-1: proxy: - listeners: - - address: "" metadata: labels: gateway.envoyproxy.io/owning-gateway-name: gateway-1 diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-multiple-tls-configuration.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-multiple-tls-configuration.out.yaml index 7217e4191af3..985ca9e86bb4 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-multiple-tls-configuration.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-multiple-tls-configuration.out.yaml @@ -86,8 +86,6 @@ httpRoutes: infraIR: envoy-gateway/gateway-1: proxy: - listeners: - - address: "" metadata: labels: gateway.envoyproxy.io/owning-gateway-name: gateway-1 diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-invalid-mode.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-invalid-mode.out.yaml index 7db3c46cef12..9c003863b843 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-invalid-mode.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-invalid-mode.out.yaml @@ -79,8 +79,6 @@ httpRoutes: infraIR: envoy-gateway/gateway-1: proxy: - listeners: - - address: "" metadata: labels: gateway.envoyproxy.io/owning-gateway-name: gateway-1 diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-no-certificate-refs.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-no-certificate-refs.out.yaml index 654ea7d841e3..bf9e8737d58b 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-no-certificate-refs.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-no-certificate-refs.out.yaml @@ -74,8 +74,6 @@ httpRoutes: infraIR: envoy-gateway/gateway-1: proxy: - listeners: - - address: "" metadata: labels: gateway.envoyproxy.io/owning-gateway-name: gateway-1 diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-no-valid-certificate-for-fqdn.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-no-valid-certificate-for-fqdn.out.yaml index deb3363ef432..96ffa9f8df7f 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-no-valid-certificate-for-fqdn.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-no-valid-certificate-for-fqdn.out.yaml @@ -81,8 +81,6 @@ httpRoutes: infraIR: envoy-gateway/gateway-1: proxy: - listeners: - - address: "" metadata: labels: gateway.envoyproxy.io/owning-gateway-name: gateway-1 diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-does-not-exist.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-does-not-exist.out.yaml index b7e09ffc5e6c..eec69441c0ef 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-does-not-exist.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-does-not-exist.out.yaml @@ -78,8 +78,6 @@ httpRoutes: infraIR: envoy-gateway/gateway-1: proxy: - listeners: - - address: "" metadata: labels: gateway.envoyproxy.io/owning-gateway-name: gateway-1 diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-in-other-namespace.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-in-other-namespace.out.yaml index ac0bea42b996..95fc6b268d3b 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-in-other-namespace.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-in-other-namespace.out.yaml @@ -80,8 +80,6 @@ httpRoutes: infraIR: envoy-gateway/gateway-1: proxy: - listeners: - - address: "" metadata: labels: gateway.envoyproxy.io/owning-gateway-name: gateway-1 diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-is-not-valid.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-is-not-valid.out.yaml index 3e8ca57f3350..b989ed2cb149 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-is-not-valid.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-is-not-valid.out.yaml @@ -78,8 +78,6 @@ httpRoutes: infraIR: envoy-gateway/gateway-1: proxy: - listeners: - - address: "" metadata: labels: gateway.envoyproxy.io/owning-gateway-name: gateway-1 diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-missing-allowed-namespaces-selector.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-missing-allowed-namespaces-selector.out.yaml index 9e7040d42cf1..554c576e296d 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-missing-allowed-namespaces-selector.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-missing-allowed-namespaces-selector.out.yaml @@ -73,8 +73,6 @@ httpRoutes: infraIR: envoy-gateway/gateway-1: proxy: - listeners: - - address: "" metadata: labels: gateway.envoyproxy.io/owning-gateway-name: gateway-1 diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tcp-with-hostname.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tcp-with-hostname.out.yaml index d6d72c554526..50308df1df7e 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tcp-with-hostname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tcp-with-hostname.out.yaml @@ -36,8 +36,6 @@ gateways: infraIR: envoy-gateway/gateway-1: proxy: - listeners: - - address: "" metadata: labels: gateway.envoyproxy.io/owning-gateway-name: gateway-1 diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-mismatch-port-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-mismatch-port-protocol.out.yaml index 76f634d295aa..77a58f7d65ea 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-mismatch-port-protocol.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-mismatch-port-protocol.out.yaml @@ -42,6 +42,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/tcp ports: - containerPort: 10162 name: tcp diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-backends.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-backends.out.yaml index 5ca44bf64d02..553ff9d0b16f 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-backends.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-backends.out.yaml @@ -42,6 +42,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/tcp ports: - containerPort: 10080 name: tcp diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-rules.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-rules.out.yaml index b24190c9e08e..978a22736d48 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-rules.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-rules.out.yaml @@ -42,6 +42,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/tcp ports: - containerPort: 10080 name: tcp diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml index 851bdc815384..5fb4d2429405 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml @@ -86,6 +86,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/tls ports: - containerPort: 10443 name: tls diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml index 125a1519bac4..204be872bf8c 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml @@ -116,11 +116,15 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/tls-passthrough ports: - containerPort: 10090 name: tls-passthrough protocol: TLS servicePort: 90 + - address: "" + name: envoy-gateway/gateway-1/tls-terminate + ports: - containerPort: 10443 name: tls-terminate protocol: HTTPS diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-udp-with-hostname.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-udp-with-hostname.out.yaml index cdec1d564903..c3022120b3f5 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-udp-with-hostname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-udp-with-hostname.out.yaml @@ -36,8 +36,6 @@ gateways: infraIR: envoy-gateway/gateway-1: proxy: - listeners: - - address: "" metadata: labels: gateway.envoyproxy.io/owning-gateway-name: gateway-1 diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-mismatch-port-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-mismatch-port-protocol.out.yaml index 518de1b91fa0..e4aca555675a 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-mismatch-port-protocol.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-mismatch-port-protocol.out.yaml @@ -42,6 +42,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/udp ports: - containerPort: 10162 name: udp diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-backends.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-backends.out.yaml index f52d4f1a720a..3c2e09288e92 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-backends.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-backends.out.yaml @@ -42,6 +42,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/udp ports: - containerPort: 10080 name: udp diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-rules.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-rules.out.yaml index c024a1cfa91e..cdb791b99eb4 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-rules.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-rules.out.yaml @@ -42,6 +42,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/udp ports: - containerPort: 10080 name: udp diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-tcproute.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-tcproute.out.yaml index 16f687f3ce2a..ac01f5781271 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-tcproute.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-tcproute.out.yaml @@ -42,6 +42,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/tcp ports: - containerPort: 10080 name: tcp diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-udproute.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-udproute.out.yaml index f5d768207dc7..70b93b3f9ec0 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-udproute.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-udproute.out.yaml @@ -42,6 +42,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/udp ports: - containerPort: 10080 name: udp diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-unsupported-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-unsupported-protocol.out.yaml index 7e24746ae1d3..8d0e6bed2a09 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-unsupported-protocol.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-unsupported-protocol.out.yaml @@ -73,8 +73,6 @@ httpRoutes: infraIR: envoy-gateway/gateway-1: proxy: - listeners: - - address: "" metadata: labels: gateway.envoyproxy.io/owning-gateway-name: gateway-1 diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml index 806ed34a6b65..3c5a5fb37b26 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml @@ -88,6 +88,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/tls ports: - containerPort: 10443 name: tls diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml index 07a1de64cb48..ed081faaeb47 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml @@ -88,6 +88,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/tls ports: - containerPort: 10443 name: tls diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml index 337937ea2908..08998b84b42e 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml @@ -85,6 +85,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/tls ports: - containerPort: 10443 name: tls diff --git a/internal/gatewayapi/testdata/gateway-with-preexisting-status-condition.out.yaml b/internal/gatewayapi/testdata/gateway-with-preexisting-status-condition.out.yaml index 7f3e382bf42e..64067894e53c 100644 --- a/internal/gatewayapi/testdata/gateway-with-preexisting-status-condition.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-preexisting-status-condition.out.yaml @@ -79,6 +79,7 @@ infraIR: proxy: listeners: - address: "" + name: default/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-tcproutes.out.yaml b/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-tcproutes.out.yaml index a88038eae962..dfe70d87950a 100644 --- a/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-tcproutes.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-tcproutes.out.yaml @@ -42,6 +42,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/tcp ports: - containerPort: 10162 name: tcp diff --git a/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-udproutes.out.yaml b/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-udproutes.out.yaml index 754dae0c4dca..18df3985eca8 100644 --- a/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-udproutes.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-udproutes.out.yaml @@ -42,6 +42,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/udp ports: - containerPort: 10162 name: udp diff --git a/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml b/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml index cc331a9ec1de..15f9ad0afbca 100644 --- a/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml @@ -85,6 +85,7 @@ infraIR: proxy: listeners: - address: "" + name: default/gateway-1/https ports: - containerPort: 10443 name: https diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-tcp-or-tls-port.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-tcp-or-tls-port.out.yaml index 9f6f8957295c..09e4292924b9 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-tcp-or-tls-port.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-tcp-or-tls-port.out.yaml @@ -71,6 +71,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/tcp1 ports: - containerPort: 10162 name: tcp1 diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-udp-port.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-udp-port.out.yaml index 4b312da21d86..e73bf98b4196 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-udp-port.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-udp-port.out.yaml @@ -69,6 +69,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/udp1 ports: - containerPort: 10162 name: udp1 diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-http-and-tlsroute-same-hostname-and-port.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-http-and-tlsroute-same-hostname-and-port.out.yaml index dda0a7c4e74c..93ac832b871b 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-http-and-tlsroute-same-hostname-and-port.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-http-and-tlsroute-same-hostname-and-port.out.yaml @@ -108,8 +108,6 @@ httpRoutes: infraIR: envoy-gateway/gateway-1: proxy: - listeners: - - address: "" metadata: labels: gateway.envoyproxy.io/owning-gateway-name: gateway-1 diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-multiple-httproutes.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-multiple-httproutes.out.yaml index d7f5bbc33e2d..87faaa2dc89f 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-multiple-httproutes.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-multiple-httproutes.out.yaml @@ -144,11 +144,15 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10080 name: http-1 protocol: HTTP servicePort: 80 + - address: "" + name: envoy-gateway/gateway-1/http-2 + ports: - containerPort: 10081 name: http-2 protocol: HTTP diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-and-hostname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-and-hostname.out.yaml index c7db7a21465c..767edcbd86b2 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-and-hostname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-and-hostname.out.yaml @@ -108,8 +108,6 @@ httpRoutes: infraIR: envoy-gateway/gateway-1: proxy: - listeners: - - address: "" metadata: labels: gateway.envoyproxy.io/owning-gateway-name: gateway-1 diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-and-incompatible-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-and-incompatible-protocol.out.yaml index 7ec1823a77e6..0c94ff694781 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-and-incompatible-protocol.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-and-incompatible-protocol.out.yaml @@ -108,8 +108,6 @@ httpRoutes: infraIR: envoy-gateway/gateway-1: proxy: - listeners: - - address: "" metadata: labels: gateway.envoyproxy.io/owning-gateway-name: gateway-1 diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-tcp-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-tcp-protocol.out.yaml index da39c8b00efc..cefd36eb4a17 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-tcp-protocol.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-tcp-protocol.out.yaml @@ -107,11 +107,15 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http protocol: HTTP servicePort: 80 + - address: "" + name: envoy-gateway/gateway-1/tcp + ports: - containerPort: 10080 name: tcp protocol: TCP diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-udp-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-udp-protocol.out.yaml index d59e161199d5..e97f5405e8cb 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-udp-protocol.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-udp-protocol.out.yaml @@ -107,11 +107,15 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http protocol: HTTP servicePort: 80 + - address: "" + name: envoy-gateway/gateway-1/udp + ports: - containerPort: 10080 name: udp protocol: UDP diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-with-sectionname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-with-sectionname.out.yaml index 49acc6c84522..5f98214142bc 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-with-sectionname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-with-sectionname.out.yaml @@ -69,11 +69,15 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/tcp1 ports: - containerPort: 10162 name: tcp1 protocol: TCP servicePort: 162 + - address: "" + name: envoy-gateway/gateway-1/tcp2 + ports: - containerPort: 10163 name: tcp2 protocol: TCP diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-without-sectionname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-without-sectionname.out.yaml index 759e45901db5..02aaf83ee18b 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-without-sectionname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-without-sectionname.out.yaml @@ -69,11 +69,15 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/tcp1 ports: - containerPort: 10161 name: tcp1 protocol: TCP servicePort: 161 + - address: "" + name: envoy-gateway/gateway-1/tcp2 + ports: - containerPort: 10162 name: tcp2 protocol: TCP diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-with-sectionname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-with-sectionname.out.yaml index a5a304ba208f..95000b5a7d79 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-with-sectionname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-with-sectionname.out.yaml @@ -69,11 +69,15 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/udp1 ports: - containerPort: 10162 name: udp1 protocol: UDP servicePort: 162 + - address: "" + name: envoy-gateway/gateway-1/udp2 + ports: - containerPort: 10163 name: udp2 protocol: UDP diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-without-sectionname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-without-sectionname.out.yaml index 692388c6498c..17706a01f5cb 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-without-sectionname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-without-sectionname.out.yaml @@ -69,11 +69,15 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/udp1 ports: - containerPort: 10161 name: udp1 protocol: UDP servicePort: 161 + - address: "" + name: envoy-gateway/gateway-1/udp2 + ports: - containerPort: 10162 name: udp2 protocol: UDP diff --git a/internal/gatewayapi/testdata/grpcroute-with-header-match.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-header-match.out.yaml index 59d139d01c15..5f118fdf4429 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-header-match.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-header-match.out.yaml @@ -83,6 +83,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/grpcroute-with-method-and-service-match.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-method-and-service-match.out.yaml index ee66e91bc17a..6627e3721ad0 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-method-and-service-match.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-method-and-service-match.out.yaml @@ -87,6 +87,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/grpcroute-with-method-match.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-method-match.out.yaml index b7fc079c14f7..83daacad6b4c 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-method-match.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-method-match.out.yaml @@ -85,6 +85,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml index 1891581612ee..3617fd8012b9 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml @@ -84,6 +84,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/grpcroute-with-service-match.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-service-match.out.yaml index 4406f205c538..75afc5bc755d 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-service-match.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-service-match.out.yaml @@ -85,6 +85,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-different-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-different-listeners.out.yaml index d30026097abb..3a6fda40025d 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-different-listeners.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-different-listeners.out.yaml @@ -290,35 +290,57 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10081 name: http-1 protocol: HTTP servicePort: 81 + - address: "" + name: envoy-gateway/gateway-1/http-2 + ports: - containerPort: 10082 name: http-2 protocol: HTTP servicePort: 82 + - address: "" + name: envoy-gateway/gateway-1/http-3 + ports: - containerPort: 10083 name: http-3 protocol: HTTP servicePort: 83 + - address: "" + name: envoy-gateway/gateway-1/http-4 + ports: - containerPort: 10084 name: http-4 protocol: HTTP servicePort: 84 + - address: "" + name: envoy-gateway/gateway-1/http-5 + ports: - containerPort: 10085 name: http-5 protocol: HTTP servicePort: 85 + - address: "" + name: envoy-gateway/gateway-1/http-6 + ports: - containerPort: 10086 name: http-6 protocol: HTTP servicePort: 86 + - address: "" + name: envoy-gateway/gateway-1/http-7 + ports: - containerPort: 10087 name: http-7 protocol: HTTP servicePort: 87 + - address: "" + name: envoy-gateway/gateway-1/http-8 + ports: - containerPort: 10088 name: http-8 protocol: HTTP diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-listeners.out.yaml index de694b38c8c7..4b2092247c52 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-listeners.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-listeners.out.yaml @@ -290,6 +290,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10080 name: http-1 diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml index 737d43da6689..aebe9d5ef7cd 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml @@ -114,11 +114,15 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http protocol: HTTP servicePort: 80 + - address: "" + name: envoy-gateway/gateway-1/tls + ports: - containerPort: 10443 name: tls protocol: HTTPS diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml index e88edaa93ac3..482037855d09 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml @@ -110,6 +110,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10080 name: http-1 diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml index ae14d6cbe635..b1ea11ab4e00 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml @@ -79,6 +79,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-matching-port.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-matching-port.out.yaml index a8d9a02048b4..ac79316a39bf 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-matching-port.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-matching-port.out.yaml @@ -83,6 +83,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml index dddac198b29a..aca32d931ed3 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml @@ -112,6 +112,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10080 name: http-1 diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref.out.yaml index f5334296b701..bfa443c90a46 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref.out.yaml @@ -83,6 +83,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml index aae08dee8708..75cf6e095dae 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml @@ -81,6 +81,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-backend-request-timeout.out.yaml b/internal/gatewayapi/testdata/httproute-backend-request-timeout.out.yaml index d910e6e5442d..cbc43d64c2e4 100755 --- a/internal/gatewayapi/testdata/httproute-backend-request-timeout.out.yaml +++ b/internal/gatewayapi/testdata/httproute-backend-request-timeout.out.yaml @@ -83,6 +83,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-not-attaching-to-listener-non-matching-port.out.yaml b/internal/gatewayapi/testdata/httproute-not-attaching-to-listener-non-matching-port.out.yaml index 4cd3e58a7741..8ee33eb83ba6 100644 --- a/internal/gatewayapi/testdata/httproute-not-attaching-to-listener-non-matching-port.out.yaml +++ b/internal/gatewayapi/testdata/httproute-not-attaching-to-listener-non-matching-port.out.yaml @@ -82,6 +82,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10080 name: http-1 diff --git a/internal/gatewayapi/testdata/httproute-request-timeout.out.yaml b/internal/gatewayapi/testdata/httproute-request-timeout.out.yaml index 8e55e85f2bed..48a31ae521ae 100644 --- a/internal/gatewayapi/testdata/httproute-request-timeout.out.yaml +++ b/internal/gatewayapi/testdata/httproute-request-timeout.out.yaml @@ -83,6 +83,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml index d7fc6c8c81c8..1ba2bec2467c 100644 --- a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml +++ b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml @@ -83,6 +83,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml index 06e52bfe474d..807c25a74530 100644 --- a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml +++ b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml @@ -86,6 +86,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml index c9c5a58e59d1..ade71d9f2d8f 100644 --- a/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml @@ -81,6 +81,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-backendref-serviceimport-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/httproute-with-backendref-serviceimport-in-other-namespace-allowed-by-refgrant.out.yaml index 20ed4f04dbbb..10b8c25543f5 100644 --- a/internal/gatewayapi/testdata/httproute-with-backendref-serviceimport-in-other-namespace-allowed-by-refgrant.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-backendref-serviceimport-in-other-namespace-allowed-by-refgrant.out.yaml @@ -83,6 +83,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-empty-matches.out.yaml b/internal/gatewayapi/testdata/httproute-with-empty-matches.out.yaml index 14f190acbc5a..0a753cfff0a5 100644 --- a/internal/gatewayapi/testdata/httproute-with-empty-matches.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-empty-matches.out.yaml @@ -78,6 +78,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml index b186106f0cef..d6f24a41ac5c 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml @@ -99,6 +99,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml index 55a7d36259cb..455262b5a106 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml @@ -109,6 +109,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml index 7f12824c553d..13f2b801c252 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml @@ -95,6 +95,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml index a466c593e7a9..058436f9be9c 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml @@ -90,6 +90,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml index 2e4b11c24cb4..61d9820448d3 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml @@ -93,6 +93,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-headers.out.yaml index 9d79d3a34752..1aaf77b38bb9 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-headers.out.yaml @@ -95,6 +95,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-invalid-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-invalid-headers.out.yaml index 14cb1d167ef5..93b653873f41 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-invalid-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-invalid-headers.out.yaml @@ -96,6 +96,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml index d2d65c9dd620..60d34e51db3f 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml @@ -87,6 +87,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-no-valid-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-no-valid-headers.out.yaml index b32d9c0a1223..cb538f2539a8 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-no-valid-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-no-valid-headers.out.yaml @@ -91,6 +91,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml index 2ae92bdd5042..ad6dbc35b52d 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml @@ -91,6 +91,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-bad-port.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-bad-port.out.yaml index e75b60882e60..d16f800276a1 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-bad-port.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-bad-port.out.yaml @@ -80,6 +80,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-group.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-group.out.yaml index 50079248c8a4..088f84f48fea 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-group.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-group.out.yaml @@ -84,6 +84,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-kind.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-kind.out.yaml index 6781dcc65b7f..ef8fd463af07 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-kind.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-kind.out.yaml @@ -81,6 +81,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-port.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-port.out.yaml index 020a7bf3f968..27fd1e1d06f7 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-port.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-port.out.yaml @@ -80,6 +80,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.import.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.import.out.yaml index 669c5afcdab4..38a97b0ccf39 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.import.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.import.out.yaml @@ -82,6 +82,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.out.yaml index 9e4963f11276..a33581037930 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.out.yaml @@ -80,6 +80,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backendref-in-other-namespace.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backendref-in-other-namespace.out.yaml index 9543bab4beb3..c8c1c972d486 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backendref-in-other-namespace.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backendref-in-other-namespace.out.yaml @@ -81,6 +81,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-duplicates.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-duplicates.out.yaml index afa9f1c45245..f21add9e4124 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-duplicates.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-duplicates.out.yaml @@ -97,6 +97,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml index d5aa80f0bd19..aadf2120e74e 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml @@ -109,6 +109,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-no-port.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-no-port.out.yaml index 85b30ec48e60..ea899e0e283e 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-no-port.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-no-port.out.yaml @@ -91,6 +91,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-not-found.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-not-found.out.yaml index 2858e31d5aa2..98b603715ca8 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-not-found.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-not-found.out.yaml @@ -91,6 +91,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter.out.yaml index 6d64d583a12b..355910d42cd4 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter.out.yaml @@ -91,6 +91,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-non-matching-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-non-matching-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml index 14f9cf7dacc6..a93bf2433031 100644 --- a/internal/gatewayapi/testdata/httproute-with-non-matching-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-non-matching-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml @@ -83,6 +83,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml index 3b0c94febaad..c55dd6b6349e 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml @@ -92,6 +92,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml index effccbc5fa30..8bc3c41d8103 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml @@ -90,6 +90,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-filter-type.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-filter-type.out.yaml index b551b071c987..a39f17b7e78c 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-filter-type.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-filter-type.out.yaml @@ -90,6 +90,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-scheme.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-scheme.out.yaml index ce331c461d99..36752959db4c 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-scheme.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-scheme.out.yaml @@ -90,6 +90,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-status.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-status.out.yaml index 08792fc26766..247c14cf4476 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-status.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-status.out.yaml @@ -89,6 +89,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-prefix-replace-with-port-http.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-prefix-replace-with-port-http.out.yaml index e87602dc49ce..cc9a1e5ef6e6 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-prefix-replace-with-port-http.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-prefix-replace-with-port-http.out.yaml @@ -93,6 +93,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml index d376bb2bd31b..818b17eca3f3 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml @@ -105,6 +105,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml index 082da467faa0..88b50c701acc 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml @@ -99,6 +99,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml index 7387da265c82..2ea6e24e6aab 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml @@ -109,6 +109,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-remove-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-remove-multiple-filters.out.yaml index 5050624b40e6..91e4dda1cfb2 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-remove-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-remove-multiple-filters.out.yaml @@ -95,6 +95,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-removes.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-removes.out.yaml index a6d34ce09448..fffd6f07f6fc 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-removes.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-removes.out.yaml @@ -90,6 +90,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml index dce73fb7d960..b123c560342c 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml @@ -93,6 +93,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-headers.out.yaml index 1635b1117577..22ff8bc073d9 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-headers.out.yaml @@ -95,6 +95,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-invalid-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-invalid-headers.out.yaml index 77ff80ec20d2..b324a0dbcc25 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-invalid-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-invalid-headers.out.yaml @@ -96,6 +96,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-headers.out.yaml index 80d939f8009a..7014d8c1b2e0 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-headers.out.yaml @@ -87,6 +87,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-valid-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-valid-headers.out.yaml index e18af4f074e3..d249c6ff62dd 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-valid-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-valid-headers.out.yaml @@ -91,6 +91,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-remove.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-remove.out.yaml index e1d73c904222..046671ac7b81 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-remove.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-remove.out.yaml @@ -91,6 +91,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml index 3de870613b98..b20642487087 100644 --- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml @@ -80,6 +80,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-http-method-match.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-http-method-match.out.yaml index fdb845ae1d0e..1d928dbc6112 100644 --- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-http-method-match.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-http-method-match.out.yaml @@ -78,6 +78,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-multiple-rules.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-multiple-rules.out.yaml index 33d4418d46ae..fa34845c4cd7 100644 --- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-multiple-rules.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-multiple-rules.out.yaml @@ -110,6 +110,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml index 4bb51c36abff..c61772f41542 100644 --- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml @@ -84,6 +84,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-some-invalid-backend-refs-no-service.out.yaml b/internal/gatewayapi/testdata/httproute-with-some-invalid-backend-refs-no-service.out.yaml index cd095768ea33..ef2339c5ca51 100644 --- a/internal/gatewayapi/testdata/httproute-with-some-invalid-backend-refs-no-service.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-some-invalid-backend-refs-no-service.out.yaml @@ -84,6 +84,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml index 8654dbf94b42..e7a8511b8d99 100644 --- a/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml @@ -82,6 +82,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml index f89e37188817..d0d75732263d 100644 --- a/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml @@ -83,6 +83,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-full-path-replace-http.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-full-path-replace-http.out.yaml index a216ec0d08e3..b88f5cde6f92 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-full-path-replace-http.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-full-path-replace-http.out.yaml @@ -90,6 +90,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname-prefix-replace.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname-prefix-replace.out.yaml index 1758895c365f..a02dd8be6fcf 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname-prefix-replace.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname-prefix-replace.out.yaml @@ -91,6 +91,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname.out.yaml index c89bf6ad9e64..acb2ac7b91f5 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname.out.yaml @@ -88,6 +88,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-filter-type.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-filter-type.out.yaml index 8b3354f1a3bd..e0307cdb2061 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-filter-type.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-filter-type.out.yaml @@ -88,6 +88,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-hostname.out.yaml index 4368e3326aa9..3e12deabef2f 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-hostname.out.yaml @@ -94,6 +94,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-multiple-filters.out.yaml index 4860707ed5ac..2ce7b0071a1f 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-multiple-filters.out.yaml @@ -96,6 +96,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path-type.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path-type.out.yaml index 3ac9cd2e136c..95f67f68f2fa 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path-type.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path-type.out.yaml @@ -92,6 +92,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path.out.yaml index 69dfe2109174..1d7446756de1 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path.out.yaml @@ -91,6 +91,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-missing-path.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-missing-path.out.yaml index df69cdec6440..cb02f20a101d 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-missing-path.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-missing-path.out.yaml @@ -89,6 +89,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-prefix-replace-http.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-prefix-replace-http.out.yaml index a77717cbd761..5a83521c31a1 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-prefix-replace-http.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-prefix-replace-http.out.yaml @@ -90,6 +90,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproute-with-wildcard-hostname-attaching-to-gateway-with-unset-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-wildcard-hostname-attaching-to-gateway-with-unset-hostname.out.yaml index 6f9a6e0f8932..d192a4c01dda 100644 --- a/internal/gatewayapi/testdata/httproute-with-wildcard-hostname-attaching-to-gateway-with-unset-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-wildcard-hostname-attaching-to-gateway-with-unset-hostname.out.yaml @@ -81,6 +81,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/httproutes-with-multiple-matches.out.yaml b/internal/gatewayapi/testdata/httproutes-with-multiple-matches.out.yaml index 83b255739cfb..8d5cb5f6176b 100644 --- a/internal/gatewayapi/testdata/httproutes-with-multiple-matches.out.yaml +++ b/internal/gatewayapi/testdata/httproutes-with-multiple-matches.out.yaml @@ -266,6 +266,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.out.yaml b/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.out.yaml index 46f9e3d125bb..f6a2eedeef96 100755 --- a/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.out.yaml +++ b/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.out.yaml @@ -113,11 +113,15 @@ infraIR: status: {} listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: envoy-gateway/gateway-1/http protocol: HTTP servicePort: 80 + - address: "" + name: envoy-gateway/gateway-2/udp + ports: - containerPort: 10080 name: envoy-gateway/gateway-2/udp protocol: UDP diff --git a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.out.yaml b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.out.yaml index b7a576904269..7cd0af0d538d 100755 --- a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.out.yaml +++ b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.out.yaml @@ -200,11 +200,15 @@ infraIR: status: {} listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: envoy-gateway/gateway-1/http protocol: HTTP servicePort: 80 + - address: "" + name: envoy-gateway/gateway-2/http-2 + ports: - containerPort: 8888 name: envoy-gateway/gateway-2/http-2 protocol: HTTP diff --git a/internal/gatewayapi/testdata/merge-valid-multiple-gateways.out.yaml b/internal/gatewayapi/testdata/merge-valid-multiple-gateways.out.yaml index 8a1c69768446..729c0dfcd83e 100755 --- a/internal/gatewayapi/testdata/merge-valid-multiple-gateways.out.yaml +++ b/internal/gatewayapi/testdata/merge-valid-multiple-gateways.out.yaml @@ -122,11 +122,15 @@ infraIR: status: {} listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: envoy-gateway/gateway-1/http protocol: HTTP servicePort: 80 + - address: "" + name: envoy-gateway/gateway-2/http-2 + ports: - containerPort: 8888 name: envoy-gateway/gateway-2/http-2 protocol: HTTP diff --git a/internal/gatewayapi/testdata/securitypolicy-status-conditions.out.yaml b/internal/gatewayapi/testdata/securitypolicy-status-conditions.out.yaml index 4a2610a0084b..656b8c08fe81 100755 --- a/internal/gatewayapi/testdata/securitypolicy-status-conditions.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-status-conditions.out.yaml @@ -207,6 +207,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http @@ -221,11 +222,15 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 name: http protocol: HTTP servicePort: 80 + - address: "" + name: envoy-gateway/gateway-2/tcp + ports: - containerPort: 10053 name: tcp protocol: TCP diff --git a/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml index 0a2b0cbb239c..10346e2bbe86 100755 --- a/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml @@ -157,6 +157,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http @@ -171,6 +172,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/securitypolicy-with-jwt.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-jwt.out.yaml index 8acf1b66a513..8c3bbcb51f56 100755 --- a/internal/gatewayapi/testdata/securitypolicy-with-jwt.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-jwt.out.yaml @@ -157,6 +157,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 name: http @@ -171,6 +172,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 name: http diff --git a/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml b/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml index 20df52b004f1..762a2a7f0f90 100644 --- a/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml +++ b/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml @@ -48,6 +48,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/tls ports: - containerPort: 10090 name: tls diff --git a/internal/gatewayapi/testdata/tlsroute-attaching-to-gateway.out.yaml b/internal/gatewayapi/testdata/tlsroute-attaching-to-gateway.out.yaml index 8e45df442d5a..a153abc39190 100644 --- a/internal/gatewayapi/testdata/tlsroute-attaching-to-gateway.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-attaching-to-gateway.out.yaml @@ -45,6 +45,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/tls ports: - containerPort: 10090 name: tls diff --git a/internal/gatewayapi/testdata/tlsroute-multiple.out.yaml b/internal/gatewayapi/testdata/tlsroute-multiple.out.yaml index 77b25d4495f6..74e472d81d39 100644 --- a/internal/gatewayapi/testdata/tlsroute-multiple.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-multiple.out.yaml @@ -44,6 +44,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/tls ports: - containerPort: 10091 name: tls diff --git a/internal/gatewayapi/testdata/tlsroute-not-attaching-to-gateway-with-no-mode.out.yaml b/internal/gatewayapi/testdata/tlsroute-not-attaching-to-gateway-with-no-mode.out.yaml index 2fac08a9c5ed..8e6e0644f748 100644 --- a/internal/gatewayapi/testdata/tlsroute-not-attaching-to-gateway-with-no-mode.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-not-attaching-to-gateway-with-no-mode.out.yaml @@ -37,8 +37,6 @@ gateways: infraIR: envoy-gateway/gateway-1: proxy: - listeners: - - address: "" metadata: labels: gateway.envoyproxy.io/owning-gateway-name: gateway-1 diff --git a/internal/gatewayapi/testdata/tlsroute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/tlsroute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml index 4264efe0bef1..9394bc9f0121 100644 --- a/internal/gatewayapi/testdata/tlsroute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml @@ -45,6 +45,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/tls ports: - containerPort: 10090 name: tls diff --git a/internal/gatewayapi/testdata/tlsroute-with-empty-hostname.out.yaml b/internal/gatewayapi/testdata/tlsroute-with-empty-hostname.out.yaml index cb9f727850e1..fe1b1ea2362b 100644 --- a/internal/gatewayapi/testdata/tlsroute-with-empty-hostname.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-with-empty-hostname.out.yaml @@ -44,6 +44,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/tls ports: - containerPort: 10091 name: tls diff --git a/internal/gatewayapi/testdata/tlsroute-with-empty-listener-hostname.out.yaml b/internal/gatewayapi/testdata/tlsroute-with-empty-listener-hostname.out.yaml index 414c6b8e574e..fff6f437f6a6 100644 --- a/internal/gatewayapi/testdata/tlsroute-with-empty-listener-hostname.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-with-empty-listener-hostname.out.yaml @@ -44,6 +44,7 @@ infraIR: proxy: listeners: - address: "" + name: envoy-gateway/gateway-1/tls ports: - containerPort: 10091 name: tls diff --git a/internal/gatewayapi/testdata/tlsroute-with-listener-both-passthrough-and-cert-data.out.yaml b/internal/gatewayapi/testdata/tlsroute-with-listener-both-passthrough-and-cert-data.out.yaml index 0e48f934a107..27bdbc322e09 100644 --- a/internal/gatewayapi/testdata/tlsroute-with-listener-both-passthrough-and-cert-data.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-with-listener-both-passthrough-and-cert-data.out.yaml @@ -42,8 +42,6 @@ gateways: infraIR: envoy-gateway/gateway-1: proxy: - listeners: - - address: "" metadata: labels: gateway.envoyproxy.io/owning-gateway-name: gateway-1 diff --git a/internal/gatewayapi/translator.go b/internal/gatewayapi/translator.go index f5d6b54bc223..859a5fe8b598 100644 --- a/internal/gatewayapi/translator.go +++ b/internal/gatewayapi/translator.go @@ -146,7 +146,7 @@ func (t *Translator) Translate(resources *Resources) *TranslateResult { t.ProcessEnvoyPatchPolicies(resources.EnvoyPatchPolicies, xdsIR) // Process ClientTrafficPolicies - clientTrafficPolicies := ProcessClientTrafficPolicies(resources.ClientTrafficPolicies, gateways, xdsIR) + clientTrafficPolicies := t.ProcessClientTrafficPolicies(resources.ClientTrafficPolicies, gateways, xdsIR, infraIR) // Process all Addresses for all relevant Gateways. t.ProcessAddresses(gateways, xdsIR, infraIR, resources) diff --git a/internal/infrastructure/kubernetes/proxy/resource_provider.go b/internal/infrastructure/kubernetes/proxy/resource_provider.go index bc446f79f9e4..e0dede53d130 100644 --- a/internal/infrastructure/kubernetes/proxy/resource_provider.go +++ b/internal/infrastructure/kubernetes/proxy/resource_provider.go @@ -80,6 +80,18 @@ func (r *ResourceRender) Service() (*corev1.Service, error) { TargetPort: target, } ports = append(ports, p) + + if port.Protocol == ir.HTTPSProtocolType { + if listener.EnableHTTP3 { + p := corev1.ServicePort{ + Name: ExpectedResourceHashedName(port.Name + "-h3"), + Protocol: corev1.ProtocolUDP, + Port: port.ServicePort, + TargetPort: target, + } + ports = append(ports, p) + } + } } } diff --git a/internal/infrastructure/kubernetes/proxy/resource_provider_test.go b/internal/infrastructure/kubernetes/proxy/resource_provider_test.go index 1c784927385f..4e0e8e5edd31 100644 --- a/internal/infrastructure/kubernetes/proxy/resource_provider_test.go +++ b/internal/infrastructure/kubernetes/proxy/resource_provider_test.go @@ -37,7 +37,7 @@ func newTestInfra() *ir.Infra { i.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNamespaceLabel] = "default" i.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNameLabel] = i.Proxy.Name - i.Proxy.Listeners = []ir.ProxyListener{ + i.Proxy.Listeners = []*ir.ProxyListener{ { Ports: []ir.ListenerPort{ { diff --git a/internal/ir/infra.go b/internal/ir/infra.go index 8899d81cb6e6..a69f89cbaf1d 100644 --- a/internal/ir/infra.go +++ b/internal/ir/infra.go @@ -35,7 +35,7 @@ type ProxyInfra struct { // Config defines user-facing configuration of the managed proxy infrastructure. Config *v1alpha1.EnvoyProxy `json:"config,omitempty" yaml:"config,omitempty"` // Listeners define the listeners exposed by the proxy infrastructure. - Listeners []ProxyListener `json:"listeners,omitempty" yaml:"listeners,omitempty"` + Listeners []*ProxyListener `json:"listeners,omitempty" yaml:"listeners,omitempty"` // Addresses contain the external addresses this gateway has been // requested to be available at. Addresses []string `json:"addresses,omitempty" yaml:"addresses,omitempty"` @@ -52,10 +52,14 @@ type InfraMetadata struct { // ProxyListener defines the listener configuration of the proxy infrastructure. // +k8s:deepcopy-gen=true type ProxyListener struct { + // Name of the ProxyListener + Name string `json:"name" yaml:"name"` // Address is the address that the listener should listen on. Address string `json:"address" yaml:"address"` // Ports define network ports of the listener. Ports []ListenerPort `json:"ports,omitempty" yaml:"ports,omitempty"` + // EnableHTTP3 enables HTTP/3 support. + EnableHTTP3 bool `json:"enableHTTP3,omitempty" yaml:"enableHTTP3,omitempty"` } // ListenerPort defines a network port of a listener. @@ -104,15 +108,14 @@ func NewInfra() *Infra { // NewProxyInfra returns a new ProxyInfra with default parameters. func NewProxyInfra() *ProxyInfra { return &ProxyInfra{ - Metadata: NewInfraMetadata(), - Name: DefaultProxyName, - Listeners: NewProxyListeners(), + Metadata: NewInfraMetadata(), + Name: DefaultProxyName, } } // NewProxyListeners returns a new slice of ProxyListener with default parameters. -func NewProxyListeners() []ProxyListener { - return []ProxyListener{ +func NewProxyListeners() []*ProxyListener { + return []*ProxyListener{ { Ports: nil, }, @@ -188,10 +191,6 @@ func (p *ProxyInfra) Validate() error { errs = append(errs, errors.New("name field required")) } - if len(p.Listeners) > 1 { - errs = append(errs, errors.New("no more than 1 listener is supported")) - } - if len(p.Listeners) > 0 { for i := range p.Listeners { listener := p.Listeners[i] diff --git a/internal/ir/infra_test.go b/internal/ir/infra_test.go index 31dbb38d3d3d..f9fe9cb1be4f 100644 --- a/internal/ir/infra_test.go +++ b/internal/ir/infra_test.go @@ -20,7 +20,7 @@ func TestValidateInfra(t *testing.T) { { name: "default", infra: NewInfra(), - expect: false, + expect: true, }, { name: "no-name", @@ -46,7 +46,7 @@ func TestValidateInfra(t *testing.T) { infra: &Infra{ Proxy: &ProxyInfra{ Name: "test", - Listeners: []ProxyListener{ + Listeners: []*ProxyListener{ { Ports: []ListenerPort{}, }, @@ -60,7 +60,7 @@ func TestValidateInfra(t *testing.T) { infra: &Infra{ Proxy: &ProxyInfra{ Name: "test", - Listeners: []ProxyListener{ + Listeners: []*ProxyListener{ { Ports: []ListenerPort{ { @@ -79,7 +79,7 @@ func TestValidateInfra(t *testing.T) { infra: &Infra{ Proxy: &ProxyInfra{ Name: "test", - Listeners: []ProxyListener{ + Listeners: []*ProxyListener{ { Ports: []ListenerPort{ { @@ -98,7 +98,7 @@ func TestValidateInfra(t *testing.T) { infra: &Infra{ Proxy: &ProxyInfra{ Name: "test", - Listeners: []ProxyListener{ + Listeners: []*ProxyListener{ { Ports: []ListenerPort{ { @@ -157,9 +157,8 @@ func TestNewProxyInfra(t *testing.T) { { name: "default infra", expected: &ProxyInfra{ - Metadata: NewInfraMetadata(), - Name: DefaultProxyName, - Listeners: NewProxyListeners(), + Metadata: NewInfraMetadata(), + Name: DefaultProxyName, }, }, } diff --git a/internal/ir/xds.go b/internal/ir/xds.go index c0aa13ffbf63..287a2f9cfbda 100644 --- a/internal/ir/xds.go +++ b/internal/ir/xds.go @@ -175,6 +175,8 @@ type HTTPListener struct { IsHTTP2 bool `json:"isHTTP2" yaml:"isHTTP2"` // TCPKeepalive configuration for the listener TCPKeepalive *TCPKeepalive `json:"tcpKeepalive,omitempty" yaml:"tcpKeepalive,omitempty"` + // EnableHTTP3 is set to true to enable downstream HTTP3 support + EnableHTTP3 bool `json:"enableHTTP3,omitempty" yaml:"enableHTTP3,omitempty"` } // Validate the fields within the HTTPListener structure diff --git a/internal/ir/zz_generated.deepcopy.go b/internal/ir/zz_generated.deepcopy.go index 7ebe840dd5a0..560139b9adc1 100644 --- a/internal/ir/zz_generated.deepcopy.go +++ b/internal/ir/zz_generated.deepcopy.go @@ -731,9 +731,13 @@ func (in *ProxyInfra) DeepCopyInto(out *ProxyInfra) { } if in.Listeners != nil { in, out := &in.Listeners, &out.Listeners - *out = make([]ProxyListener, len(*in)) + *out = make([]*ProxyListener, len(*in)) for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(ProxyListener) + (*in).DeepCopyInto(*out) + } } } if in.Addresses != nil { diff --git a/internal/xds/translator/listener.go b/internal/xds/translator/listener.go index 1a118f56426d..05ae67a2020e 100644 --- a/internal/xds/translator/listener.go +++ b/internal/xds/translator/listener.go @@ -16,6 +16,7 @@ import ( hcmv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" tcpv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" udpv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/udp/udp_proxy/v3" + quicv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/quic/v3" tlsv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" "github.com/envoyproxy/go-control-plane/pkg/resource/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" @@ -77,8 +78,33 @@ func buildXdsTCPListener(name, address string, port uint32, keepalive *ir.TCPKee } } +// buildXdsQuicListener creates a xds Listener resource for quic +func buildXdsQuicListener(name, address string, port uint32, accesslog *ir.AccessLog) *listenerv3.Listener { + xdsListener := &listenerv3.Listener{ + Name: name + "-quic", + AccessLog: buildXdsAccessLog(accesslog, true), + Address: &corev3.Address{ + Address: &corev3.Address_SocketAddress{ + SocketAddress: &corev3.SocketAddress{ + Protocol: corev3.SocketAddress_UDP, + Address: address, + PortSpecifier: &corev3.SocketAddress_PortValue{ + PortValue: port, + }, + }, + }, + }, + UdpListenerConfig: &listenerv3.UdpListenerConfig{ + DownstreamSocketConfig: &corev3.UdpSocketConfig{}, + QuicOptions: &listenerv3.QuicProtocolOptions{}, + }, + } + + return xdsListener +} + func (t *Translator) addXdsHTTPFilterChain(xdsListener *listenerv3.Listener, irListener *ir.HTTPListener, - accesslog *ir.AccessLog, tracing *ir.Tracing) error { + accesslog *ir.AccessLog, tracing *ir.Tracing, http3Listener bool) error { al := buildXdsAccessLog(accesslog, false) hcmTracing, err := buildHCMTracing(tracing) @@ -134,6 +160,10 @@ func (t *Translator) addXdsHTTPFilterChain(xdsListener *listenerv3.Listener, irL } } + if http3Listener { + mgr.CodecType = hcmv3.HttpConnectionManager_HTTP3 + mgr.Http3ProtocolOptions = &corev3.Http3ProtocolOptions{} + } // Add HTTP filters to the HCM, the filters have already been sorted in the // correct order in the patchHCMWithFilters function. if err := t.patchHCMWithFilters(mgr, irListener); err != nil { @@ -155,9 +185,17 @@ func (t *Translator) addXdsHTTPFilterChain(xdsListener *listenerv3.Listener, irL } if irListener.TLS != nil { - tSocket, err := buildXdsDownstreamTLSSocket(irListener.TLS) - if err != nil { - return err + var tSocket *corev3.TransportSocket + if http3Listener { + tSocket, err = buildDownstreamQUICTransportSocket(irListener.TLS) + if err != nil { + return err + } + } else { + tSocket, err = buildXdsDownstreamTLSSocket(irListener.TLS) + if err != nil { + return err + } } filterChain.TransportSocket = tSocket if err := addServerNamesMatch(xdsListener, filterChain, irListener.Hostnames); err != nil { @@ -299,6 +337,37 @@ func addXdsTLSInspectorFilter(xdsListener *listenerv3.Listener) error { return nil } +func buildDownstreamQUICTransportSocket(tlsConfigs []*ir.TLSListenerConfig) (*corev3.TransportSocket, error) { + tlsCtx := &quicv3.QuicDownstreamTransport{ + DownstreamTlsContext: &tlsv3.DownstreamTlsContext{ + CommonTlsContext: &tlsv3.CommonTlsContext{ + AlpnProtocols: []string{"h3"}, + }, + RequireClientCertificate: &wrappers.BoolValue{Value: true}, + }, + } + + for _, tlsConfig := range tlsConfigs { + tlsCtx.DownstreamTlsContext.CommonTlsContext.TlsCertificateSdsSecretConfigs = append( + tlsCtx.DownstreamTlsContext.CommonTlsContext.TlsCertificateSdsSecretConfigs, + &tlsv3.SdsSecretConfig{ + Name: tlsConfig.Name, + SdsConfig: makeConfigSource(), + }) + } + + tlsCtxAny, err := anypb.New(tlsCtx) + if err != nil { + return nil, err + } + return &corev3.TransportSocket{ + Name: wellknown.TransportSocketQuic, + ConfigType: &corev3.TransportSocket_TypedConfig{ + TypedConfig: tlsCtxAny, + }, + }, nil +} + func buildXdsDownstreamTLSSocket(tlsConfigs []*ir.TLSListenerConfig) (*corev3.TransportSocket, error) { tlsCtx := &tlsv3.DownstreamTlsContext{ CommonTlsContext: &tlsv3.CommonTlsContext{ diff --git a/internal/xds/translator/testdata/in/xds-ir/http3.yaml b/internal/xds/translator/testdata/in/xds-ir/http3.yaml new file mode 100644 index 000000000000..7a7d8b92aa89 --- /dev/null +++ b/internal/xds/translator/testdata/in/xds-ir/http3.yaml @@ -0,0 +1,29 @@ +http: +- address: 0.0.0.0 + enableHTTP3: true + hostnames: + - '*' + isHTTP2: false + name: envoy-gateway/gateway-1/tls + port: 10443 + routes: + - backendWeights: + invalid: 0 + valid: 0 + destination: + name: httproute/default/httproute-1/rule/0 + settings: + - endpoints: + - host: 7.7.7.7 + port: 8080 + weight: 1 + hostname: '*' + name: httproute/default/httproute-1/rule/0/match/0/* + pathMatch: + distinct: false + name: "" + prefix: / + tls: + - name: envoy-gateway-tls-secret-1 + privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNxRENDQVpBQ0NRREVNZ1lZblFyQ29EQU5CZ2txaGtpRzl3MEJBUXNGQURBV01SUXdFZ1lEVlFRRERBdG0KYjI4dVltRnlMbU52YlRBZUZ3MHlNekF4TURVeE16UXpNalJhRncweU5EQXhNRFV4TXpRek1qUmFNQll4RkRBUwpCZ05WQkFNTUMyWnZieTVpWVhJdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDCkFRRUFuZEh6d21wS2NUSUViamhGZ2RXd1RSTjc1Y3A4b3VsWnhMMUdydlI2SXc3ejdqaTBSNFcvTm85bkdmOU0KWVAyQ1JqaXN6NTFtd3hTeGVCcm9jTGVBK21reGkxK2lEdk5kQytyU0x4MTN6RUxTQ25xYnVzUHM3bUdmSlpxOAo5TGhlbmx5bzQzaDVjYTZINUxqTXd1L1JHVWlGMzFYck5yaVlGQlB2RTJyQitkd24vTkVrUTRoOFJxcXlwcmtuCkYvcWM5Sk1ZQVlGRld1VkNwa0lFbmRYMUN5dlFOT2FkZmN2cmd6dDV2SmwwT2kxQWdyaU5hWGJFUEdudWY3STQKcXBCSEdVWE5lMVdsOVdlVklxS1g0T2FFWERWQzZGQzdHOHptZWVMVzFBa1lFVm5pcFg2b1NCK0JjL1NIVlZOaApzQkxSbXRuc3pmTnRUMlFyZCttcGt4ODBaUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ1VKOElDCkJveUVqT3V3enBHYVJoR044QjRqT1B6aHVDT0V0ZDM3UzAybHUwN09IenlCdmJzVEd6S3dCZ0x5bVdmR2tINEIKajdDTHNwOEZ6TkhLWnVhQmdwblo5SjZETE9Od2ZXZTJBWXA3TGRmT0tWQlVkTVhRaU9tN2pKOUhob0Ntdk1ONwpic2pjaFdKb013ckZmK3dkQUthdHowcUFQeWhMeWUvRnFtaVZ4a09SWmF3K1Q5bURaK0g0OXVBU2d1SnVOTXlRClY2RXlYNmd0Z1dxMzc2SHZhWE1TLzNoYW1Zb1ZXWEk1TXhpUE9ZeG5BQmtKQjRTQ2dJUmVqYkpmVmFRdG9RNGEKejAyaVVMZW5ESUllUU9Zb2JLY01CWGYxQjRQQVFtc2VocVZJYnpzUUNHaTU0VkRyczZiWmQvN0pzMXpDcHBncwpKaUQ1SXFNaktXRHdxN2FLCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K diff --git a/internal/xds/translator/testdata/out/xds-ir/http3.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http3.clusters.yaml new file mode 100755 index 000000000000..986aeb8e82e4 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/http3.clusters.yaml @@ -0,0 +1,14 @@ +- commonLbConfig: + localityWeightedLbConfig: {} + connectTimeout: 10s + dnsLookupFamily: V4_ONLY + edsClusterConfig: + edsConfig: + ads: {} + resourceApiVersion: V3 + serviceName: httproute/default/httproute-1/rule/0 + lbPolicy: LEAST_REQUEST + name: httproute/default/httproute-1/rule/0 + outlierDetection: {} + perConnectionBufferLimitBytes: 32768 + type: EDS diff --git a/internal/xds/translator/testdata/out/xds-ir/http3.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/http3.endpoints.yaml new file mode 100755 index 000000000000..5dd9eef2a601 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/http3.endpoints.yaml @@ -0,0 +1,11 @@ +- clusterName: httproute/default/httproute-1/rule/0 + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: 7.7.7.7 + portValue: 8080 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + locality: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http3.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http3.listeners.yaml new file mode 100755 index 000000000000..06cd891b181d --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/http3.listeners.yaml @@ -0,0 +1,98 @@ +- address: + socketAddress: + address: 0.0.0.0 + portValue: 10443 + protocol: UDP + filterChains: + - filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + codecType: HTTP3 + commonHttpProtocolOptions: + headersWithUnderscoresAction: REJECT_REQUEST + http2ProtocolOptions: + initialConnectionWindowSize: 1048576 + initialStreamWindowSize: 65536 + maxConcurrentStreams: 100 + http3ProtocolOptions: {} + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + mergeSlashes: true + normalizePath: true + pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT + rds: + configSource: + ads: {} + resourceApiVersion: V3 + routeConfigName: envoy-gateway/gateway-1/tls + statPrefix: https + upgradeConfigs: + - upgradeType: websocket + useRemoteAddress: true + transportSocket: + name: envoy.transport_sockets.quic + typedConfig: + '@type': type.googleapis.com/envoy.extensions.transport_sockets.quic.v3.QuicDownstreamTransport + downstreamTlsContext: + commonTlsContext: + alpnProtocols: + - h3 + tlsCertificateSdsSecretConfigs: + - name: envoy-gateway-tls-secret-1 + sdsConfig: + ads: {} + resourceApiVersion: V3 + requireClientCertificate: true + name: envoy-gateway/gateway-1/tls-quic + udpListenerConfig: + downstreamSocketConfig: {} + quicOptions: {} +- address: + socketAddress: + address: 0.0.0.0 + portValue: 10443 + filterChains: + - filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + commonHttpProtocolOptions: + headersWithUnderscoresAction: REJECT_REQUEST + http2ProtocolOptions: + initialConnectionWindowSize: 1048576 + initialStreamWindowSize: 65536 + maxConcurrentStreams: 100 + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + mergeSlashes: true + normalizePath: true + pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT + rds: + configSource: + ads: {} + resourceApiVersion: V3 + routeConfigName: envoy-gateway/gateway-1/tls + statPrefix: https + upgradeConfigs: + - upgradeType: websocket + useRemoteAddress: true + transportSocket: + name: envoy.transport_sockets.tls + typedConfig: + '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext + commonTlsContext: + alpnProtocols: + - h2 + - http/1.1 + tlsCertificateSdsSecretConfigs: + - name: envoy-gateway-tls-secret-1 + sdsConfig: + ads: {} + resourceApiVersion: V3 + name: envoy-gateway/gateway-1/tls + perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/http3.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/http3.routes.yaml new file mode 100755 index 000000000000..d129cf7589d9 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/http3.routes.yaml @@ -0,0 +1,17 @@ +- ignorePortInHostMatching: true + name: envoy-gateway/gateway-1/tls + virtualHosts: + - domains: + - '*' + name: envoy-gateway/gateway-1/tls/* + routes: + - match: + prefix: / + name: httproute/default/httproute-1/rule/0/match/0/* + responseHeadersToAdd: + - append: true + header: + key: alt-svc + value: h3=":10443"; ma=86400 + route: + cluster: httproute/default/httproute-1/rule/0 diff --git a/internal/xds/translator/testdata/out/xds-ir/http3.secrets.yaml b/internal/xds/translator/testdata/out/xds-ir/http3.secrets.yaml new file mode 100755 index 000000000000..d4d502ac098d --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/http3.secrets.yaml @@ -0,0 +1,6 @@ +- name: envoy-gateway-tls-secret-1 + tlsCertificate: + certificateChain: + inlineBytes: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNxRENDQVpBQ0NRREVNZ1lZblFyQ29EQU5CZ2txaGtpRzl3MEJBUXNGQURBV01SUXdFZ1lEVlFRRERBdG0KYjI4dVltRnlMbU52YlRBZUZ3MHlNekF4TURVeE16UXpNalJhRncweU5EQXhNRFV4TXpRek1qUmFNQll4RkRBUwpCZ05WQkFNTUMyWnZieTVpWVhJdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDCkFRRUFuZEh6d21wS2NUSUViamhGZ2RXd1RSTjc1Y3A4b3VsWnhMMUdydlI2SXc3ejdqaTBSNFcvTm85bkdmOU0KWVAyQ1JqaXN6NTFtd3hTeGVCcm9jTGVBK21reGkxK2lEdk5kQytyU0x4MTN6RUxTQ25xYnVzUHM3bUdmSlpxOAo5TGhlbmx5bzQzaDVjYTZINUxqTXd1L1JHVWlGMzFYck5yaVlGQlB2RTJyQitkd24vTkVrUTRoOFJxcXlwcmtuCkYvcWM5Sk1ZQVlGRld1VkNwa0lFbmRYMUN5dlFOT2FkZmN2cmd6dDV2SmwwT2kxQWdyaU5hWGJFUEdudWY3STQKcXBCSEdVWE5lMVdsOVdlVklxS1g0T2FFWERWQzZGQzdHOHptZWVMVzFBa1lFVm5pcFg2b1NCK0JjL1NIVlZOaApzQkxSbXRuc3pmTnRUMlFyZCttcGt4ODBaUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ1VKOElDCkJveUVqT3V3enBHYVJoR044QjRqT1B6aHVDT0V0ZDM3UzAybHUwN09IenlCdmJzVEd6S3dCZ0x5bVdmR2tINEIKajdDTHNwOEZ6TkhLWnVhQmdwblo5SjZETE9Od2ZXZTJBWXA3TGRmT0tWQlVkTVhRaU9tN2pKOUhob0Ntdk1ONwpic2pjaFdKb013ckZmK3dkQUthdHowcUFQeWhMeWUvRnFtaVZ4a09SWmF3K1Q5bURaK0g0OXVBU2d1SnVOTXlRClY2RXlYNmd0Z1dxMzc2SHZhWE1TLzNoYW1Zb1ZXWEk1TXhpUE9ZeG5BQmtKQjRTQ2dJUmVqYkpmVmFRdG9RNGEKejAyaVVMZW5ESUllUU9Zb2JLY01CWGYxQjRQQVFtc2VocVZJYnpzUUNHaTU0VkRyczZiWmQvN0pzMXpDcHBncwpKaUQ1SXFNaktXRHdxN2FLCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + privateKey: + inlineBytes: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K diff --git a/internal/xds/translator/translator.go b/internal/xds/translator/translator.go index 82fd0937aefe..eb507d5629a9 100644 --- a/internal/xds/translator/translator.go +++ b/internal/xds/translator/translator.go @@ -19,6 +19,7 @@ import ( matcherv3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" resourcev3 "github.com/envoyproxy/go-control-plane/pkg/resource/v3" "github.com/tetratelabs/multierror" + "google.golang.org/protobuf/types/known/wrapperspb" extensionTypes "github.com/envoyproxy/gateway/internal/extension/types" "github.com/envoyproxy/gateway/internal/ir" @@ -104,8 +105,15 @@ func (t *Translator) processHTTPListenerXdsTranslation(tCtx *types.ResourceVersi // Search for an existing listener, if it does not exist, create one. xdsListener := findXdsListenerByHostPort(tCtx, httpListener.Address, httpListener.Port, corev3.SocketAddress_TCP) + var quicXDSListener *listenerv3.Listener if xdsListener == nil { xdsListener = buildXdsTCPListener(httpListener.Name, httpListener.Address, httpListener.Port, httpListener.TCPKeepalive, accesslog) + if httpListener.EnableHTTP3 { + quicXDSListener = buildXdsQuicListener(httpListener.Name, httpListener.Address, httpListener.Port, accesslog) + if err := tCtx.AddXdsResource(resourcev3.ListenerType, quicXDSListener); err != nil { + return err + } + } if err := tCtx.AddXdsResource(resourcev3.ListenerType, xdsListener); err != nil { return err } @@ -126,9 +134,14 @@ func (t *Translator) processHTTPListenerXdsTranslation(tCtx *types.ResourceVersi } if addFilterChain { - if err := t.addXdsHTTPFilterChain(xdsListener, httpListener, accesslog, tracing); err != nil { + if err := t.addXdsHTTPFilterChain(xdsListener, httpListener, accesslog, tracing, false); err != nil { return err } + if httpListener.EnableHTTP3 { + if err := t.addXdsHTTPFilterChain(quicXDSListener, httpListener, accesslog, tracing, true); err != nil { + return err + } + } } // Create a route config if we have not found one yet @@ -208,6 +221,13 @@ func (t *Translator) processHTTPListenerXdsTranslation(tCtx *types.ResourceVersi return err } + if httpListener.EnableHTTP3 { + http3AltSvcHeader := buildHTTP3AltSvcHeader(int(httpListener.Port)) + if xdsRoute.ResponseHeadersToAdd == nil { + xdsRoute.ResponseHeadersToAdd = make([]*corev3.HeaderValueOption, 0) + } + xdsRoute.ResponseHeadersToAdd = append(xdsRoute.ResponseHeadersToAdd, http3AltSvcHeader) + } vHost.Routes = append(vHost.Routes, xdsRoute) if httpRoute.Destination != nil { @@ -269,6 +289,16 @@ func (t *Translator) processHTTPListenerXdsTranslation(tCtx *types.ResourceVersi return nil } +func buildHTTP3AltSvcHeader(port int) *corev3.HeaderValueOption { + return &corev3.HeaderValueOption{ + Append: &wrapperspb.BoolValue{Value: true}, + Header: &corev3.HeaderValue{ + Key: "alt-svc", + Value: strings.Join([]string{fmt.Sprintf(`%s=":%d"; ma=86400`, "h3", port)}, ", "), + }, + } +} + func processTCPListenerXdsTranslation(tCtx *types.ResourceVersionTable, tcpListeners []*ir.TCPListener, accesslog *ir.AccessLog) error { for _, tcpListener := range tcpListeners { // 1:1 between IR TCPListener and xDS Cluster diff --git a/internal/xds/translator/translator_test.go b/internal/xds/translator/translator_test.go index 15fac37f4951..b0ade3d8bdb7 100644 --- a/internal/xds/translator/translator_test.go +++ b/internal/xds/translator/translator_test.go @@ -90,6 +90,10 @@ func TestTranslateXds(t *testing.T) { name: "simple-tls", requireSecrets: true, }, + { + name: "http3", + requireSecrets: true, + }, { name: "tls-route-passthrough", }, diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index a76e5d3d52d4..6c6c3de21704 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -168,6 +168,7 @@ _Appears in:_ | --- | --- | | `targetRef` _[PolicyTargetReferenceWithSectionName](#policytargetreferencewithsectionname)_ | TargetRef is the name of the Gateway resource this policy is being attached to. This Policy and the TargetRef MUST be in the same namespace for this Policy to have effect and be applied to the Gateway. TargetRef | | `tcpKeepalive` _[TCPKeepalive](#tcpkeepalive)_ | TcpKeepalive settings associated with the downstream client connection. If defined, sets SO_KEEPALIVE on the listener socket to enable TCP Keepalives. Disabled by default. | +| `enableHTTP3` _boolean_ | EnableHTTP3 enables HTTP/3 support on the listener. Disabled by default. | diff --git a/site/content/en/latest/user/http3.md b/site/content/en/latest/user/http3.md new file mode 100644 index 000000000000..427829370890 --- /dev/null +++ b/site/content/en/latest/user/http3.md @@ -0,0 +1,127 @@ +--- +title: "HTTP3" +--- + +This guide will help you get started using HTTP3 using EG. The guide uses a self-signed CA, so it should be used for +testing and demonstration purposes only. + +## Prerequisites + +- OpenSSL to generate TLS assets. + +## Installation + +Follow the steps from the [Quickstart Guide](quickstart.md) to install Envoy Gateway and the example manifest. +Before proceeding, you should be able to query the example backend using HTTP. + +## TLS Certificates + +Generate the certificates and keys used by the Gateway to terminate client TLS connections. + +Create a root certificate and private key to sign certificates: + +```shell +openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -subj '/O=example Inc./CN=example.com' -keyout example.com.key -out example.com.crt +``` + +Create a certificate and a private key for `www.example.com`: + +```shell +openssl req -out www.example.com.csr -newkey rsa:2048 -nodes -keyout www.example.com.key -subj "/CN=www.example.com/O=example organization" +openssl x509 -req -days 365 -CA example.com.crt -CAkey example.com.key -set_serial 0 -in www.example.com.csr -out www.example.com.crt +``` + +Store the cert/key in a Secret: + +```shell +kubectl create secret tls example-cert --key=www.example.com.key --cert=www.example.com.crt +``` + +Update the Gateway from the Quickstart guide to include an HTTPS listener that listens on port `443` and references the +`example-cert` Secret: + +```shell +kubectl patch gateway eg --type=json --patch '[{ + "op": "add", + "path": "/spec/listeners/-", + "value": { + "name": "https", + "protocol": "HTTPS", + "port": 443, + "tls": { + "mode": "Terminate", + "certificateRefs": [{ + "kind": "Secret", + "group": "", + "name": "example-cert", + }], + }, + }, +}]' +``` + +Apply the following ClientTrafficPolicy to enable HTTP3 + +```shell +kubectl apply -f - <