Skip to content

Commit

Permalink
api: lua support in EnvoyExtensionPolicy and HTTPRouteFilter
Browse files Browse the repository at this point in the history
Signed-off-by: Rudrakh Panigrahi <[email protected]>
  • Loading branch information
rudrakhp committed Dec 17, 2024
1 parent 4cba2e2 commit e1afdfc
Show file tree
Hide file tree
Showing 8 changed files with 357 additions and 7 deletions.
15 changes: 11 additions & 4 deletions api/v1alpha1/envoyextensionypolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,16 +32,15 @@ type EnvoyExtensionPolicy struct {
Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
}

// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"
// EnvoyExtensionPolicySpec defines the desired state of EnvoyExtensionPolicy.
//
// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"
// +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true", message="this policy can only have a targetRef.group of gateway.networking.k8s.io"
// +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'UDPRoute', 'TCPRoute', 'TLSRoute'] : true", message="this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute/UDPRoute/TLSRoute"
// +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? !has(self.targetRef.sectionName) : true",message="this policy does not yet support the sectionName field"
// +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.group == 'gateway.networking.k8s.io') : true ", message="this policy can only have a targetRefs[*].group of gateway.networking.k8s.io"
// +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'UDPRoute', 'TCPRoute', 'TLSRoute']) : true ", message="this policy can only have a targetRefs[*].kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute/UDPRoute/TLSRoute"
// +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, !has(ref.sectionName)) : true",message="this policy does not yet support the sectionName field"
//
// EnvoyExtensionPolicySpec defines the desired state of EnvoyExtensionPolicy.
type EnvoyExtensionPolicySpec struct {
PolicyTargetReferences `json:",inline"`

Expand All @@ -54,11 +53,19 @@ type EnvoyExtensionPolicySpec struct {
Wasm []Wasm `json:"wasm,omitempty"`

// ExtProc is an ordered list of external processing filters
// that should added to the envoy filter chain
// that should be added to the envoy filter chain
//
// +kubebuilder:validation:MaxItems=16
// +optional
ExtProc []ExtProc `json:"extProc,omitempty"`

// Lua is an ordered list of Lua filters
// that should be added to the envoy filter chain
//
// +kubebuilder:validation:MaxItems=16
// +optional
// +notImplementedHide
Lua []Lua `json:"lua,omitempty"`
}

//+kubebuilder:object:root=true
Expand Down
47 changes: 47 additions & 0 deletions api/v1alpha1/lua_types.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
// Copyright Envoy Gateway Authors
// SPDX-License-Identifier: Apache-2.0
// The full text of the Apache license is available in the LICENSE file at
// the root of the repo.

package v1alpha1

import gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"

// Lua defines a Lua extension that applies globally
// to all requests passing through the filter chain.
//
// +kubebuilder:validation:XValidation:rule="has(self.source) ? (!has(self.disabled) || self.disabled == false) : (has(self.disabled) && self.disabled == true)",message="Exactly one of source or disabled must be set."
type Lua struct {
// Source is the default LuaSource that will be executed
//
// +optional
Source *LuaSource `json:"source"`
// Disabled is the status of the Lua filter for a particular route.
//
// +optional
Disabled *bool `json:"disabled,omitempty"`
}

// LuaSource contains source code information for a user defined Lua script
// Only one of Inline, ValueRef or EnvironmentVariable must be set
//
// +kubebuilder:validation:XValidation:rule="has(self.inline) ? (!has(self.valueRef) && !has(self.environmentVariable)) : (has(self.valueRef) ? !has(self.environmentVariable) : has(self.environmentVariable))",message="Exactly one of inline, valueRef, or environmentVariable must be set."
type LuaSource struct {
// Inline contains the value as an inline string.
//
// +optional
Inline *string `json:"inline,omitempty"`
// ValueRef contains the contents of the body
// specified as a local object reference.
// Only a reference to ConfigMap is supported.
//
// The value of key `response.body` in the ConfigMap will be used as the response body.
// If the key is not found, the first value in the ConfigMap will be used.
//
// +optional
ValueRef *gwapiv1.LocalObjectReference `json:"valueRef,omitempty"`
// EnvironmentVariable represents an environment variable data source.
//
// +optional
EnvironmentVariable *string `json:"environmentVariable,omitempty"`
}
62 changes: 62 additions & 0 deletions api/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ spec:
extProc:
description: |-
ExtProc is an ordered list of external processing filters
that should added to the envoy filter chain
that should be added to the envoy filter chain
items:
description: ExtProc defines the configuration for External Processing
filter.
Expand Down Expand Up @@ -973,6 +973,76 @@ spec:
== "" || f.group == ''gateway.envoyproxy.io'')) : true'
maxItems: 16
type: array
lua:
description: |-
Lua is an ordered list of Lua filters
that should be added to the envoy filter chain
items:
description: |-
Lua defines a Lua extension that applies globally
to all requests passing through the filter chain.
properties:
disabled:
description: Disabled is the status of the Lua filter for a
particular route.
type: boolean
source:
description: Source is the default LuaSource that will be executed
properties:
environmentVariable:
description: EnvironmentVariable represents an environment
variable data source.
type: string
inline:
description: Inline contains the value as an inline string.
type: string
valueRef:
description: |-
ValueRef contains the contents of the body
specified as a local object reference.
Only a reference to ConfigMap is supported.
The value of key `response.body` in the ConfigMap will be used as the response body.
If the key is not found, the first value in the ConfigMap will be used.
properties:
group:
description: |-
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
description: Kind is kind of the referent. For example
"HTTPRoute" or "Service".
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
required:
- group
- kind
- name
type: object
type: object
x-kubernetes-validations:
- message: Exactly one of inline, valueRef, or environmentVariable
must be set.
rule: 'has(self.inline) ? (!has(self.valueRef) && !has(self.environmentVariable))
: (has(self.valueRef) ? !has(self.environmentVariable) :
has(self.environmentVariable))'
type: object
x-kubernetes-validations:
- message: Exactly one of source or disabled must be set.
rule: 'has(self.source) ? (!has(self.disabled) || self.disabled
== false) : (has(self.disabled) && self.disabled == true)'
maxItems: 16
type: array
targetRef:
description: |-
TargetRef is the name of the resource this policy is being attached to.
Expand Down
1 change: 1 addition & 0 deletions release-notes/current.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ new features: |
Added support for trusted CIDRs in the ClientIPDetectionSettings API
Added support for sending attributes to external processor in EnvoyExtensionPolicy API
Added support for patching EnvoyProxy.spec.provider.kubernetes.envoyHpa and EnvoyProxy.spec.provider.kubernetes.envoyPDB
Added Lua support in EnvoyExtensionPolicy and HTTPRouteFilter APIs
# Fixes for bugs identified in previous versions.
bug fixes: |
Expand Down
35 changes: 34 additions & 1 deletion site/content/en/latest/api/extension_types.md
Original file line number Diff line number Diff line change
Expand Up @@ -980,7 +980,7 @@ _Appears in:_
| `targetRefs` | _[LocalPolicyTargetReferenceWithSectionName](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1alpha2.LocalPolicyTargetReferenceWithSectionName) array_ | true | TargetRefs are the names of the Gateway resources this policy<br />is being attached to. |
| `targetSelectors` | _[TargetSelector](#targetselector) array_ | true | TargetSelectors allow targeting resources for this policy based on labels |
| `wasm` | _[Wasm](#wasm) array_ | false | Wasm is a list of Wasm extensions to be loaded by the Gateway.<br />Order matters, as the extensions will be loaded in the order they are<br />defined in this list. |
| `extProc` | _[ExtProc](#extproc) array_ | false | ExtProc is an ordered list of external processing filters<br />that should added to the envoy filter chain |
| `extProc` | _[ExtProc](#extproc) array_ | false | ExtProc is an ordered list of external processing filters<br />that should be added to the envoy filter chain |


#### EnvoyFilter
Expand Down Expand Up @@ -2738,6 +2738,39 @@ _Appears in:_
| `error` | LogLevelError defines the "Error" logging level.<br /> |


#### Lua



Lua defines a Lua extension that applies globally
to all requests passing through the filter chain.

_Appears in:_
- [EnvoyExtensionPolicySpec](#envoyextensionpolicyspec)

| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `source` | _[LuaSource](#luasource)_ | false | Source is the default LuaSource that will be executed |
| `disabled` | _boolean_ | false | Disabled is the status of the Lua filter for a particular route. |


#### LuaSource



LuaSource contains source code information for a user defined Lua script
Only one of Inline, ValueRef or EnvironmentVariable must be set

_Appears in:_
- [Lua](#lua)

| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `inline` | _string_ | false | Inline contains the value as an inline string. |
| `valueRef` | _[LocalObjectReference](#localobjectreference)_ | false | ValueRef contains the contents of the body<br />specified as a local object reference.<br />Only a reference to ConfigMap is supported.<br /><br />The value of key `response.body` in the ConfigMap will be used as the response body.<br />If the key is not found, the first value in the ConfigMap will be used. |
| `environmentVariable` | _string_ | false | EnvironmentVariable represents an environment variable data source. |


#### MergeType

_Underlying type:_ _string_
Expand Down
35 changes: 34 additions & 1 deletion site/content/zh/latest/api/extension_types.md
Original file line number Diff line number Diff line change
Expand Up @@ -980,7 +980,7 @@ _Appears in:_
| `targetRefs` | _[LocalPolicyTargetReferenceWithSectionName](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1alpha2.LocalPolicyTargetReferenceWithSectionName) array_ | true | TargetRefs are the names of the Gateway resources this policy<br />is being attached to. |
| `targetSelectors` | _[TargetSelector](#targetselector) array_ | true | TargetSelectors allow targeting resources for this policy based on labels |
| `wasm` | _[Wasm](#wasm) array_ | false | Wasm is a list of Wasm extensions to be loaded by the Gateway.<br />Order matters, as the extensions will be loaded in the order they are<br />defined in this list. |
| `extProc` | _[ExtProc](#extproc) array_ | false | ExtProc is an ordered list of external processing filters<br />that should added to the envoy filter chain |
| `extProc` | _[ExtProc](#extproc) array_ | false | ExtProc is an ordered list of external processing filters<br />that should be added to the envoy filter chain |


#### EnvoyFilter
Expand Down Expand Up @@ -2738,6 +2738,39 @@ _Appears in:_
| `error` | LogLevelError defines the "Error" logging level.<br /> |


#### Lua



Lua defines a Lua extension that applies globally
to all requests passing through the filter chain.

_Appears in:_
- [EnvoyExtensionPolicySpec](#envoyextensionpolicyspec)

| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `source` | _[LuaSource](#luasource)_ | false | Source is the default LuaSource that will be executed |
| `disabled` | _boolean_ | false | Disabled is the status of the Lua filter for a particular route. |


#### LuaSource



LuaSource contains source code information for a user defined Lua script
Only one of Inline, ValueRef or EnvironmentVariable must be set

_Appears in:_
- [Lua](#lua)

| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `inline` | _string_ | false | Inline contains the value as an inline string. |
| `valueRef` | _[LocalObjectReference](#localobjectreference)_ | false | ValueRef contains the contents of the body<br />specified as a local object reference.<br />Only a reference to ConfigMap is supported.<br /><br />The value of key `response.body` in the ConfigMap will be used as the response body.<br />If the key is not found, the first value in the ConfigMap will be used. |
| `environmentVariable` | _string_ | false | EnvironmentVariable represents an environment variable data source. |


#### MergeType

_Underlying type:_ _string_
Expand Down
Loading

0 comments on commit e1afdfc

Please sign in to comment.