From 255361fd4bb973e91e3d6c6b1ff94c10b75f4458 Mon Sep 17 00:00:00 2001 From: phantooom Date: Thu, 7 Mar 2024 00:08:46 +0800 Subject: [PATCH 1/5] docs: basic auth example use https Signed-off-by: phantooom --- site/content/en/latest/user/basic-auth.md | 70 +++++++++++++++++++++-- 1 file changed, 64 insertions(+), 6 deletions(-) diff --git a/site/content/en/latest/user/basic-auth.md b/site/content/en/latest/user/basic-auth.md index 6affe9e5c87..0f295db76bb 100644 --- a/site/content/en/latest/user/basic-auth.md +++ b/site/content/en/latest/user/basic-auth.md @@ -21,9 +21,58 @@ Envoy Gateway uses [.htpasswd][.htpasswd] format to store the username-password The file must be stored in a kubernetes secret and referenced in the [SecurityPolicy][SecurityPolicy] configuration. The secret is an Opaque secret, and the username-password pairs must be stored in the key ".htpasswd". +### Create a root certificate + +Create a root certificate and private key to sign certificates: + +```shell +openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -subj '/O=example Inc./CN=example.com' -keyout example.com.key -out example.com.crt +``` + +### Create a certificate secret + +Create a certificate and a private key for `www.example.com`: + +```shell +openssl req -out www.example.com.csr -newkey rsa:2048 -nodes -keyout www.example.com.key -subj "/CN=www.example.com/O=example organization" +openssl x509 -req -days 365 -CA example.com.crt -CAkey example.com.key -set_serial 0 -in www.example.com.csr -out www.example.com.crt +``` + +### Create certificate + +```shell +kubectl create secret tls example-cert --key=www.example.com.key --cert=www.example.com.crt +``` + +### Enable HTTPS +Update the Gateway from the Quickstart guide to include an HTTPS listener that listens on port `443` and references the +`example-cert` Secret: + +```shell +kubectl patch gateway eg --type=json --patch '[{ + "op": "add", + "path": "/spec/listeners/-", + "value": { + "name": "https", + "protocol": "HTTPS", + "port": 443, + "tls": { + "mode": "Terminate", + "certificateRefs": [{ + "kind": "Secret", + "group": "", + "name": "example-cert", + }], + }, + }, +}]' +``` + ### Create a .htpasswd file First, create a [.htpasswd][.htpasswd] file with the username and password you want to use for authentication. +Note: We recommend users to enable HTTPS when using Basic Authentication. + The input password won't be saved, instead, a hash will be generated and saved in the output file. When a request tries to access protected resources, the password in the "Authorization" HTTP header will be hashed and compared with the saved hash. @@ -40,7 +89,7 @@ You can also add more users to the file: htpasswd -bs .htpasswd foo1 bar1 ``` -### Create a kubernetes secret +### Create a basic-auth secret Next, create a kubernetes secret with the generated .htpasswd file in the previous step. @@ -94,13 +143,21 @@ curl -v -H "Host: www.example.com" "http://${GATEWAY_HOST}/" You should see `401 Unauthorized` in the response, indicating that the request is not allowed without authentication. ```shell +* Connected to 127.0.0.1 (127.0.0.1) port 443 +... +* Server certificate: +* subject: CN=www.example.com; O=example organization +* issuer: O=example Inc.; CN=example.com +> GET / HTTP/2 +> Host: www.example.com +> User-Agent: curl/8.6.0 +> Accept: */* ... -< HTTP/1.1 401 Unauthorized +< HTTP/2 401 < content-length: 58 < content-type: text/plain -< date: Tue, 28 Nov 2023 12:43:32 GMT -< server: envoy -< +< date: Wed, 06 Mar 2024 15:59:36 GMT +< * Connection #0 to host 127.0.0.1 left intact User authentication failed. Missing username and password. ``` @@ -108,7 +165,7 @@ User authentication failed. Missing username and password. Send a request to the backend service with `Authentication` header: ```shell -curl -v -H "Host: www.example.com" -u 'foo:bar' "http://${GATEWAY_HOST}/" +curl -kv -H "Host: www.example.com" -u 'foo:bar' "https://${GATEWAY_HOST}/" ``` The request should be allowed and you should see the response from the backend service. @@ -124,6 +181,7 @@ Delete the SecurityPolicy and the secret ```shell kubectl delete securitypolicy/basic-auth-example kubectl delete secret/basic-auth +kubectl delete secret/example-cert ``` ## Next Steps From 17acabc4c2b70eb2148f01b2d04e63b7ab89e0a6 Mon Sep 17 00:00:00 2001 From: Xunzhuo Date: Thu, 7 Mar 2024 11:08:22 +0800 Subject: [PATCH 2/5] docs: refactor user guides (#2797) * docs: refactor user guides Signed-off-by: bitliu * fix: relative paths Signed-off-by: bitliu --------- Signed-off-by: bitliu Signed-off-by: phantooom --- site/content/en/latest/install/api.md | 5 +---- site/content/en/latest/user/extensibility/_index.md | 5 +++++ .../user/{ => extensibility}/envoy-patch-policy.md | 6 +++--- site/content/en/latest/user/observability/_index.md | 5 +++++ .../user/{ => observability}/gateway-api-metrics.md | 2 +- .../user/{ => observability}/grafana-integration.md | 2 +- .../user/{ => observability}/proxy-observability.md | 2 +- site/content/en/latest/user/operations/_index.md | 5 +++++ .../user/{ => operations}/customize-envoyproxy.md | 4 ++-- .../en/latest/user/{ => operations}/deployment-mode.md | 2 +- site/content/en/latest/user/{ => operations}/egctl.md | 2 +- site/content/en/latest/user/quickstart.md | 1 + site/content/en/latest/user/security/_index.md | 5 +++++ .../en/latest/user/{ => security}/basic-auth.md | 10 +++++----- site/content/en/latest/user/{ => security}/cors.md | 10 +++++----- .../latest/user/{ => security}/jwt-authentication.md | 10 +++++----- site/content/en/latest/user/{ => security}/oidc.md | 8 ++++---- .../en/latest/user/{ => security}/secure-gateways.md | 10 +++++----- .../en/latest/user/{ => security}/tls-cert-manager.md | 2 +- .../en/latest/user/{ => security}/tls-passthrough.md | 6 +++--- .../en/latest/user/{ => security}/tls-termination.md | 2 +- site/content/en/latest/user/traffic/_index.md | 5 +++++ .../en/latest/user/{ => traffic}/circuit-breaker.md | 4 ++-- .../latest/user/{ => traffic}/client-traffic-policy.md | 6 +++--- .../en/latest/user/{ => traffic}/fault-injection.md | 8 ++++---- .../en/latest/user/{ => traffic}/gateway-address.md | 4 ++-- .../en/latest/user/{ => traffic}/gatewayapi-support.md | 4 ++-- .../en/latest/user/{ => traffic}/global-rate-limit.md | 4 ++-- .../en/latest/user/{ => traffic}/grpc-routing.md | 2 +- .../en/latest/user/{ => traffic}/http-redirect.md | 2 +- .../latest/user/{ => traffic}/http-request-headers.md | 2 +- .../user/{ => traffic}/http-request-mirroring.md | 2 +- .../latest/user/{ => traffic}/http-response-headers.md | 2 +- .../en/latest/user/{ => traffic}/http-routing.md | 2 +- .../en/latest/user/{ => traffic}/http-timeouts.md | 2 +- .../user/{ => traffic}/http-traffic-splitting.md | 2 +- .../en/latest/user/{ => traffic}/http-urlrewrite.md | 2 +- site/content/en/latest/user/{ => traffic}/http3.md | 0 .../en/latest/user/{ => traffic}/local-rate-limit.md | 4 ++-- .../latest/user/{ => traffic}/multicluster-service.md | 0 site/content/en/latest/user/{ => traffic}/retry.md | 4 ++-- .../en/latest/user/{ => traffic}/tcp-routing.md | 2 +- .../en/latest/user/{ => traffic}/udp-routing.md | 6 +++--- 43 files changed, 98 insertions(+), 75 deletions(-) create mode 100644 site/content/en/latest/user/extensibility/_index.md rename site/content/en/latest/user/{ => extensibility}/envoy-patch-policy.md (96%) create mode 100644 site/content/en/latest/user/observability/_index.md rename site/content/en/latest/user/{ => observability}/gateway-api-metrics.md (96%) rename site/content/en/latest/user/{ => observability}/grafana-integration.md (96%) rename site/content/en/latest/user/{ => observability}/proxy-observability.md (97%) create mode 100644 site/content/en/latest/user/operations/_index.md rename site/content/en/latest/user/{ => operations}/customize-envoyproxy.md (98%) rename site/content/en/latest/user/{ => operations}/deployment-mode.md (99%) rename site/content/en/latest/user/{ => operations}/egctl.md (99%) create mode 100644 site/content/en/latest/user/security/_index.md rename site/content/en/latest/user/{ => security}/basic-auth.md (92%) rename site/content/en/latest/user/{ => security}/cors.md (90%) rename site/content/en/latest/user/{ => security}/jwt-authentication.md (91%) rename site/content/en/latest/user/{ => security}/oidc.md (92%) rename site/content/en/latest/user/{ => security}/secure-gateways.md (96%) rename site/content/en/latest/user/{ => security}/tls-cert-manager.md (99%) rename site/content/en/latest/user/{ => security}/tls-passthrough.md (91%) rename site/content/en/latest/user/{ => security}/tls-termination.md (96%) create mode 100644 site/content/en/latest/user/traffic/_index.md rename site/content/en/latest/user/{ => traffic}/circuit-breaker.md (96%) rename site/content/en/latest/user/{ => traffic}/client-traffic-policy.md (97%) rename site/content/en/latest/user/{ => traffic}/fault-injection.md (94%) rename site/content/en/latest/user/{ => traffic}/gateway-address.md (93%) rename site/content/en/latest/user/{ => traffic}/gatewayapi-support.md (98%) rename site/content/en/latest/user/{ => traffic}/global-rate-limit.md (99%) rename site/content/en/latest/user/{ => traffic}/grpc-routing.md (98%) rename site/content/en/latest/user/{ => traffic}/http-redirect.md (98%) rename site/content/en/latest/user/{ => traffic}/http-request-headers.md (98%) rename site/content/en/latest/user/{ => traffic}/http-request-mirroring.md (99%) rename site/content/en/latest/user/{ => traffic}/http-response-headers.md (98%) rename site/content/en/latest/user/{ => traffic}/http-routing.md (98%) rename site/content/en/latest/user/{ => traffic}/http-timeouts.md (96%) rename site/content/en/latest/user/{ => traffic}/http-traffic-splitting.md (98%) rename site/content/en/latest/user/{ => traffic}/http-urlrewrite.md (98%) rename site/content/en/latest/user/{ => traffic}/http3.md (100%) rename site/content/en/latest/user/{ => traffic}/local-rate-limit.md (97%) rename site/content/en/latest/user/{ => traffic}/multicluster-service.md (100%) rename site/content/en/latest/user/{ => traffic}/retry.md (87%) rename site/content/en/latest/user/{ => traffic}/tcp-routing.md (98%) rename site/content/en/latest/user/{ => traffic}/udp-routing.md (92%) diff --git a/site/content/en/latest/install/api.md b/site/content/en/latest/install/api.md index 165a91d01e6..a1ab34ca0bf 100644 --- a/site/content/en/latest/install/api.md +++ b/site/content/en/latest/install/api.md @@ -1,7 +1,4 @@ -+++ -title = "gateway-helm" -+++ - +# gateway-helm ![Version: v0.0.0-latest](https://img.shields.io/badge/Version-v0.0.0--latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square) diff --git a/site/content/en/latest/user/extensibility/_index.md b/site/content/en/latest/user/extensibility/_index.md new file mode 100644 index 00000000000..9560b0dd241 --- /dev/null +++ b/site/content/en/latest/user/extensibility/_index.md @@ -0,0 +1,5 @@ +--- +title: "Extensibility" +weight: 4 +description: This section includes User Guides of Extensibility. +--- diff --git a/site/content/en/latest/user/envoy-patch-policy.md b/site/content/en/latest/user/extensibility/envoy-patch-policy.md similarity index 96% rename from site/content/en/latest/user/envoy-patch-policy.md rename to site/content/en/latest/user/extensibility/envoy-patch-policy.md index dc403d57bc0..994436c9473 100644 --- a/site/content/en/latest/user/envoy-patch-policy.md +++ b/site/content/en/latest/user/extensibility/envoy-patch-policy.md @@ -22,7 +22,7 @@ not exposed by Envoy Gateway APIs today. ### Prerequisites -* Follow the steps from the [Quickstart](../quickstart) guide to install Envoy Gateway and the example manifest. +* Follow the steps from the [Quickstart](../../quickstart) guide to install Envoy Gateway and the example manifest. Before proceeding, you should be able to query the example backend using HTTP. ### Enable EnvoyPatchPolicy @@ -233,8 +233,8 @@ across versions for these reasons * Envoy Gateway might alter the xDS translation creating a different xDS output such as changing the `name` field of resources. -[EnvoyPatchPolicy]: ../../api/extension_types#envoypatchpolicy -[EnvoyGateway]: ../../api/extension_types#envoygateway +[EnvoyPatchPolicy]: ../../../api/extension_types#envoypatchpolicy +[EnvoyGateway]: ../../../api/extension_types#envoygateway [JSON Patch]: https://datatracker.ietf.org/doc/html/rfc6902 [xDS]: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/operations/dynamic_configuration [Local Reply Modification]: https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/local_reply diff --git a/site/content/en/latest/user/observability/_index.md b/site/content/en/latest/user/observability/_index.md new file mode 100644 index 00000000000..ed877d4355b --- /dev/null +++ b/site/content/en/latest/user/observability/_index.md @@ -0,0 +1,5 @@ +--- +title: "Observability" +weight: 4 +description: This section includes User Guides of Observability. +--- diff --git a/site/content/en/latest/user/gateway-api-metrics.md b/site/content/en/latest/user/observability/gateway-api-metrics.md similarity index 96% rename from site/content/en/latest/user/gateway-api-metrics.md rename to site/content/en/latest/user/observability/gateway-api-metrics.md index a7764edbfc1..e99a8dee692 100644 --- a/site/content/en/latest/user/gateway-api-metrics.md +++ b/site/content/en/latest/user/observability/gateway-api-metrics.md @@ -7,7 +7,7 @@ The project also provides example dashboard for visualising the metrics using Gr ## Prerequisites -Follow the steps from the [Quickstart Guide](../quickstart) to install Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart Guide](../../quickstart) to install Envoy Gateway and the example manifest. Before proceeding, you should be able to query the example backend using HTTP. Run the following commands to install the metrics stack, with the Gateway API State Metrics configuration, on your kubernetes cluster: diff --git a/site/content/en/latest/user/grafana-integration.md b/site/content/en/latest/user/observability/grafana-integration.md similarity index 96% rename from site/content/en/latest/user/grafana-integration.md rename to site/content/en/latest/user/observability/grafana-integration.md index 3c1aa0a8b6d..b7c58e0d582 100644 --- a/site/content/en/latest/user/grafana-integration.md +++ b/site/content/en/latest/user/observability/grafana-integration.md @@ -7,7 +7,7 @@ This guide shows you how to visualise the metrics exposed to prometheus using gr ## Prerequisites -Follow the steps from the [Quickstart Guide](../quickstart) to install Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart Guide](../../quickstart) to install Envoy Gateway and the example manifest. Before proceeding, you should be able to query the example backend using HTTP. Follow the steps from the [Proxy Observability](../proxy-observability#Metrics) to enable prometheus metrics. diff --git a/site/content/en/latest/user/proxy-observability.md b/site/content/en/latest/user/observability/proxy-observability.md similarity index 97% rename from site/content/en/latest/user/proxy-observability.md rename to site/content/en/latest/user/observability/proxy-observability.md index f9d8f2d5a0d..c521b62cbe9 100644 --- a/site/content/en/latest/user/proxy-observability.md +++ b/site/content/en/latest/user/observability/proxy-observability.md @@ -7,7 +7,7 @@ This guide show you how to config proxy observability, includes metrics, logs, a ## Prerequisites -Follow the steps from the [Quickstart Guide](../quickstart) to install Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart Guide](../../quickstart) to install Envoy Gateway and the example manifest. Before proceeding, you should be able to query the example backend using HTTP. [FluentBit](https://fluentbit.io/) is used to collect logs from the EnvoyProxy instances and forward them to Loki. Install FluentBit: diff --git a/site/content/en/latest/user/operations/_index.md b/site/content/en/latest/user/operations/_index.md new file mode 100644 index 00000000000..0341d46ad0a --- /dev/null +++ b/site/content/en/latest/user/operations/_index.md @@ -0,0 +1,5 @@ +--- +title: "Operations" +weight: 4 +description: This section includes User Guides of Operations. +--- diff --git a/site/content/en/latest/user/customize-envoyproxy.md b/site/content/en/latest/user/operations/customize-envoyproxy.md similarity index 98% rename from site/content/en/latest/user/customize-envoyproxy.md rename to site/content/en/latest/user/operations/customize-envoyproxy.md index 3bc0c0c96d6..5d78247fbbd 100644 --- a/site/content/en/latest/user/customize-envoyproxy.md +++ b/site/content/en/latest/user/operations/customize-envoyproxy.md @@ -8,7 +8,7 @@ Service. To learn more about GatewayClass and ParametersRef, please refer to [Ga ## Installation -Follow the steps from the [Quickstart Guide](../quickstart) to install Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart Guide](../../quickstart) to install Envoy Gateway and the example manifest. Before proceeding, you should be able to query the example backend using HTTP. ## Add GatewayClass ParametersRef @@ -368,5 +368,5 @@ EOF ``` [Gateway API documentation]: https://gateway-api.sigs.k8s.io/ -[EnvoyProxy]: ../../api/extension_types#envoyproxy +[EnvoyProxy]: ../../../api/extension_types#envoyproxy [egctl translate]: ../egctl/#validating-gateway-api-configuration diff --git a/site/content/en/latest/user/deployment-mode.md b/site/content/en/latest/user/operations/deployment-mode.md similarity index 99% rename from site/content/en/latest/user/deployment-mode.md rename to site/content/en/latest/user/operations/deployment-mode.md index 534a55754e8..2a2fa651951 100644 --- a/site/content/en/latest/user/deployment-mode.md +++ b/site/content/en/latest/user/operations/deployment-mode.md @@ -410,6 +410,6 @@ Handling connection for 8889 ``` [GatewayClass]: https://gateway-api.sigs.k8s.io/api-types/gatewayclass/ -[Namespaced deployment mode]: ../../api/extension_types#kuberneteswatchmode +[Namespaced deployment mode]: ../../../api/extension_types#kuberneteswatchmode [issue1231]: https://github.com/envoyproxy/gateway/issues/1231 [issue1117]: https://github.com/envoyproxy/gateway/issues/1117 diff --git a/site/content/en/latest/user/egctl.md b/site/content/en/latest/user/operations/egctl.md similarity index 99% rename from site/content/en/latest/user/egctl.md rename to site/content/en/latest/user/operations/egctl.md index cb361673fd1..80a5f5f7fce 100644 --- a/site/content/en/latest/user/egctl.md +++ b/site/content/en/latest/user/operations/egctl.md @@ -824,7 +824,7 @@ product backend ResolvedRefs True ResolvedRefs [Multi-tenancy]: ../deployment-mode#multi-tenancy -[EnvoyProxy]: ../../api/extension_types#envoyproxy +[EnvoyProxy]: ../../../api/extension_types#envoyproxy ## egctl experimental dashboard diff --git a/site/content/en/latest/user/quickstart.md b/site/content/en/latest/user/quickstart.md index c0850751c75..21a79c1ed5c 100644 --- a/site/content/en/latest/user/quickstart.md +++ b/site/content/en/latest/user/quickstart.md @@ -1,6 +1,7 @@ --- title: "Quickstart" weight: 1 +description: Get started with Envoy Gateway in a few simple steps. --- This guide will help you get started with Envoy Gateway in a few simple steps. diff --git a/site/content/en/latest/user/security/_index.md b/site/content/en/latest/user/security/_index.md new file mode 100644 index 00000000000..f469d0c55a5 --- /dev/null +++ b/site/content/en/latest/user/security/_index.md @@ -0,0 +1,5 @@ +--- +title: "Security" +weight: 2 +description: This section includes User Guides of Security. +--- diff --git a/site/content/en/latest/user/basic-auth.md b/site/content/en/latest/user/security/basic-auth.md similarity index 92% rename from site/content/en/latest/user/basic-auth.md rename to site/content/en/latest/user/security/basic-auth.md index 0f295db76bb..bd16b3dd918 100644 --- a/site/content/en/latest/user/basic-auth.md +++ b/site/content/en/latest/user/security/basic-auth.md @@ -12,7 +12,7 @@ This instantiated resource can be linked to a [Gateway][Gateway], [HTTPRoute][HT ## Prerequisites -Follow the steps from the [Quickstart](../quickstart) guide to install Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart](../../quickstart) guide to install Envoy Gateway and the example manifest. Before proceeding, you should be able to query the example backend using HTTP. ## Configuration @@ -127,7 +127,7 @@ kubectl get securitypolicy/basic-auth-example -o yaml ## Testing -Ensure the `GATEWAY_HOST` environment variable from the [Quickstart](../quickstart) guide is set. If not, follow the +Ensure the `GATEWAY_HOST` environment variable from the [Quickstart](../../quickstart) guide is set. If not, follow the Quickstart instructions to set the variable. ```shell @@ -174,7 +174,7 @@ The request should be allowed and you should see the response from the backend s ## Clean-Up -Follow the steps from the [Quickstart](../quickstart) guide to uninstall Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart](../../quickstart) guide to uninstall Envoy Gateway and the example manifest. Delete the SecurityPolicy and the secret @@ -186,9 +186,9 @@ kubectl delete secret/example-cert ## Next Steps -Checkout the [Developer Guide](../../contributions/develop/) to get involved in the project. +Checkout the [Developer Guide](../../../contributions/develop/) to get involved in the project. -[SecurityPolicy]: ../../design/security-policy/ +[SecurityPolicy]: ../../../design/security-policy/ [http Basic authentication]: https://tools.ietf.org/html/rfc2617 [Gateway]: https://gateway-api.sigs.k8s.io/api-types/gateway [HTTPRoute]: https://gateway-api.sigs.k8s.io/api-types/httproute diff --git a/site/content/en/latest/user/cors.md b/site/content/en/latest/user/security/cors.md similarity index 90% rename from site/content/en/latest/user/cors.md rename to site/content/en/latest/user/security/cors.md index 886d795a66a..184b566afd1 100644 --- a/site/content/en/latest/user/cors.md +++ b/site/content/en/latest/user/security/cors.md @@ -11,7 +11,7 @@ This instantiated resource can be linked to a [Gateway][Gateway], [HTTPRoute][HT ## Prerequisites -Follow the steps from the [Quickstart](../quickstart) guide to install Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart](../../quickstart) guide to install Envoy Gateway and the example manifest. Before proceeding, you should be able to query the example backend using HTTP. ## Configuration @@ -57,7 +57,7 @@ kubectl get securitypolicy/cors-example -o yaml ## Testing -Ensure the `GATEWAY_HOST` environment variable from the [Quickstart](../quickstart) guide is set. If not, follow the +Ensure the `GATEWAY_HOST` environment variable from the [Quickstart](../../quickstart) guide is set. If not, follow the Quickstart instructions to set the variable. ```shell @@ -122,7 +122,7 @@ filter to work. Otherwise, the OPTIONS request won't match the routes and the CO ## Clean-Up -Follow the steps from the [Quickstart](../quickstart) guide to uninstall Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart](../../quickstart) guide to uninstall Envoy Gateway and the example manifest. Delete the SecurityPolicy: @@ -132,9 +132,9 @@ kubectl delete securitypolicy/cors-example ## Next Steps -Checkout the [Developer Guide](../../contributions/develop/) to get involved in the project. +Checkout the [Developer Guide](../../../contributions/develop/) to get involved in the project. -[SecurityPolicy]: ../../design/security-policy/ +[SecurityPolicy]: ../../../design/security-policy/ [cors]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS [Gateway]: https://gateway-api.sigs.k8s.io/api-types/gateway [HTTPRoute]: https://gateway-api.sigs.k8s.io/api-types/httproute diff --git a/site/content/en/latest/user/jwt-authentication.md b/site/content/en/latest/user/security/jwt-authentication.md similarity index 91% rename from site/content/en/latest/user/jwt-authentication.md rename to site/content/en/latest/user/security/jwt-authentication.md index 368b6af9d09..a4897302979 100644 --- a/site/content/en/latest/user/jwt-authentication.md +++ b/site/content/en/latest/user/security/jwt-authentication.md @@ -11,7 +11,7 @@ This instantiated resource can be linked to a [Gateway][Gateway], [HTTPRoute][HT ## Prerequisites -Follow the steps from the [Quickstart](../quickstart) guide to install Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart](../../quickstart) guide to install Envoy Gateway and the example manifest. For GRPC - follow the steps from the [GRPC Routing](../grpc-routing) example. Before proceeding, you should be able to query the example backend using HTTP or GRPC. @@ -71,7 +71,7 @@ kubectl get securitypolicy/jwt-example -o yaml ## Testing -Ensure the `GATEWAY_HOST` environment variable from the [Quickstart](../quickstart) guide is set. If not, follow the +Ensure the `GATEWAY_HOST` environment variable from the [Quickstart](../../quickstart) guide is set. If not, follow the Quickstart instructions to set the variable. ```shell @@ -150,7 +150,7 @@ You should see the below response ## Clean-Up -Follow the steps from the [Quickstart](../quickstart) guide to uninstall Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart](../../quickstart) guide to uninstall Envoy Gateway and the example manifest. Delete the SecurityPolicy: @@ -160,9 +160,9 @@ kubectl delete securitypolicy/jwt-example ## Next Steps -Checkout the [Developer Guide](../../contributions/develop/) to get involved in the project. +Checkout the [Developer Guide](../../../contributions/develop/) to get involved in the project. -[SecurityPolicy]: ../../design/security-policy/ +[SecurityPolicy]: ../../../design/security-policy/ [jwt]: https://tools.ietf.org/html/rfc7519 [jwks]: https://tools.ietf.org/html/rfc7517 [Gateway]: https://gateway-api.sigs.k8s.io/api-types/gateway diff --git a/site/content/en/latest/user/oidc.md b/site/content/en/latest/user/security/oidc.md similarity index 92% rename from site/content/en/latest/user/oidc.md rename to site/content/en/latest/user/security/oidc.md index 6d4deba8efd..adf85206006 100644 --- a/site/content/en/latest/user/oidc.md +++ b/site/content/en/latest/user/security/oidc.md @@ -13,7 +13,7 @@ This instantiated resource can be linked to a [Gateway][Gateway] and [HTTPRoute] ## Prerequisites -Follow the steps from the [Quickstart](../quickstart) guide to install Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart](../../quickstart) guide to install Envoy Gateway and the example manifest. Before proceeding, you should be able to query the example backend using HTTP. OIDC authentication requires the redirect URL to be HTTPS. Follow the [Secure Gateways](../secure-gateways) guide @@ -110,7 +110,7 @@ successfully login, you should see the response from the backend service. ## Clean-Up -Follow the steps from the [Quickstart](../quickstart) guide to uninstall Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart](../../quickstart) guide to uninstall Envoy Gateway and the example manifest. Delete the SecurityPolicy and the secret: @@ -121,10 +121,10 @@ kubectl delete secret/my-app-client-secret ## Next Steps -Checkout the [Developer Guide](../../contributions/develop/) to get involved in the project. +Checkout the [Developer Guide](../../../contributions/develop/) to get involved in the project. [oidc]: https://openid.net/connect/ [google-oidc]: https://developers.google.com/identity/protocols/oauth2/openid-connect -[SecurityPolicy]: ../../design/security-policy/ +[SecurityPolicy]: ../../../design/security-policy/ [Gateway]: https://gateway-api.sigs.k8s.io/api-types/gateway [HTTPRoute]: https://gateway-api.sigs.k8s.io/api-types/httproute diff --git a/site/content/en/latest/user/secure-gateways.md b/site/content/en/latest/user/security/secure-gateways.md similarity index 96% rename from site/content/en/latest/user/secure-gateways.md rename to site/content/en/latest/user/security/secure-gateways.md index 805aeb8b1a6..70a3049289b 100644 --- a/site/content/en/latest/user/secure-gateways.md +++ b/site/content/en/latest/user/security/secure-gateways.md @@ -11,7 +11,7 @@ testing and demonstration purposes only. ## Installation -Follow the steps from the [Quickstart Guide](../quickstart) to install Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart Guide](../../quickstart) to install Envoy Gateway and the example manifest. Before proceeding, you should be able to query the example backend using HTTP. ## TLS Certificates @@ -242,7 +242,7 @@ Lastly, test connectivity using the above [Testing section](#testing). ## Clean-Up -Follow the steps from the [Quickstart Guide](../quickstart) to uninstall Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart Guide](../../quickstart) to uninstall Envoy Gateway and the example manifest. Delete the Secrets: @@ -257,7 +257,7 @@ This section gives a walkthrough to generate RSA and ECDSA derived certificates ## Prerequisites -Follow the steps from the [Quickstart Guide](../quickstart) to install Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart Guide](../../quickstart) to install Envoy Gateway and the example manifest. Before proceeding, you should be able to query the example backend using HTTP. Follow the steps in the [TLS Certificates](../secure-gateways#tls-certificates) section in the guide to generate self-signed RSA derived Server certificate and private key, and configure those in the Gateway listener configuration to terminate HTTPS traffic. @@ -369,7 +369,7 @@ This sections gives a walkthrough to generate multiple certificates correspondin ## Prerequisites -Follow the steps from the [Quickstart Guide](../quickstart) to install Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart Guide](../../quickstart) to install Envoy Gateway and the example manifest. Before proceeding, you should be able to query the example backend using HTTP. Follow the steps in the [TLS Certificates](../secure-gateways#tls-certificates) section in the guide to generate self-signed RSA derived Server certificate and private key, and configure those in the Gateway listener configuration to terminate HTTPS traffic. @@ -450,6 +450,6 @@ Refer to the steps mentioned earlier in the guide under [Testing in clusters wit ## Next Steps -Checkout the [Developer Guide](../../contributions/develop/) to get involved in the project. +Checkout the [Developer Guide](../../../contributions/develop/) to get involved in the project. [ReferenceGrant]: https://gateway-api.sigs.k8s.io/api-types/referencegrant/ diff --git a/site/content/en/latest/user/tls-cert-manager.md b/site/content/en/latest/user/security/tls-cert-manager.md similarity index 99% rename from site/content/en/latest/user/tls-cert-manager.md rename to site/content/en/latest/user/security/tls-cert-manager.md index d3077a86bd0..690a5e02e04 100644 --- a/site/content/en/latest/user/tls-cert-manager.md +++ b/site/content/en/latest/user/security/tls-cert-manager.md @@ -18,7 +18,7 @@ Changing to the Let's Encrypt production environment is straight-forward after t ## Installation -Follow the steps from the [Quickstart Guide](../quickstart) to install Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart Guide](../../quickstart) to install Envoy Gateway and the example manifest. Before proceeding, you should be able to query the example backend using HTTP. ## Deploying cert-manager diff --git a/site/content/en/latest/user/tls-passthrough.md b/site/content/en/latest/user/security/tls-passthrough.md similarity index 91% rename from site/content/en/latest/user/tls-passthrough.md rename to site/content/en/latest/user/security/tls-passthrough.md index 34af20e5dce..f732b71236b 100644 --- a/site/content/en/latest/user/tls-passthrough.md +++ b/site/content/en/latest/user/security/tls-passthrough.md @@ -12,7 +12,7 @@ to terminate the TLS connection, while the Gateway routes the requests to the ap ## Installation -Follow the steps from the [Quickstart Guide](../quickstart) to install Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart Guide](../../quickstart) to install Envoy Gateway and the example manifest. Before proceeding, you should be able to query the example backend using HTTP. ## TLS Certificates @@ -106,7 +106,7 @@ curl -v -HHost:passthrough.example.com --resolve "passthrough.example.com:6443:$ ## Clean-Up -Follow the steps from the [Quickstart Guide](../quickstart) to uninstall Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart Guide](../../quickstart) to uninstall Envoy Gateway and the example manifest. Delete the Secret: @@ -116,4 +116,4 @@ kubectl delete secret/server-certs ## Next Steps -Checkout the [Developer Guide](../../contributions/develop/) to get involved in the project. +Checkout the [Developer Guide](../../../contributions/develop/) to get involved in the project. diff --git a/site/content/en/latest/user/tls-termination.md b/site/content/en/latest/user/security/tls-termination.md similarity index 96% rename from site/content/en/latest/user/tls-termination.md rename to site/content/en/latest/user/security/tls-termination.md index eb0d2d6932c..1c75b40e6db 100644 --- a/site/content/en/latest/user/tls-termination.md +++ b/site/content/en/latest/user/security/tls-termination.md @@ -10,7 +10,7 @@ This guide will walk through the steps required to configure TLS Terminate mode ## Installation -Follow the steps from the [Quickstart Guide](../quickstart) to install Envoy Gateway. +Follow the steps from the [Quickstart Guide](../../quickstart) to install Envoy Gateway. ## TLS Certificates Generate the certificates and keys used by the Gateway to terminate client TLS connections. diff --git a/site/content/en/latest/user/traffic/_index.md b/site/content/en/latest/user/traffic/_index.md new file mode 100644 index 00000000000..87e84e04907 --- /dev/null +++ b/site/content/en/latest/user/traffic/_index.md @@ -0,0 +1,5 @@ +--- +title: "Traffic" +weight: 1 +description: This section includes User Guides of Traffic Management. +--- diff --git a/site/content/en/latest/user/circuit-breaker.md b/site/content/en/latest/user/traffic/circuit-breaker.md similarity index 96% rename from site/content/en/latest/user/circuit-breaker.md rename to site/content/en/latest/user/traffic/circuit-breaker.md index b870b116a13..2a797fc24c4 100644 --- a/site/content/en/latest/user/circuit-breaker.md +++ b/site/content/en/latest/user/traffic/circuit-breaker.md @@ -20,7 +20,7 @@ This instantiated resource can be linked to a [Gateway][], [HTTPRoute][] or [GRP ### Install Envoy Gateway -* Follow the installation step from the [Quickstart Guide](../quickstart) to install Envoy Gateway and sample resources. +* Follow the installation step from the [Quickstart Guide](../../quickstart) to install Envoy Gateway and sample resources. ### Install the hey load testing tool * The `hey` CLI will be used to generate load and measure response times. Follow the installation instruction from the [Hey project] docs. @@ -116,7 +116,7 @@ With the new circuit breaker settings, and due to the slowness of the backend, o * Upstream traffic was limited, alleviating the pressure on the degraded service. [Envoy Circuit Breakers]: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking -[BackendTrafficPolicy]: ../../api/extension_types#backendtrafficpolicy +[BackendTrafficPolicy]: ../../../api/extension_types#backendtrafficpolicy [Gateway]: https://gateway-api.sigs.k8s.io/api-types/gateway/ [HTTPRoute]: https://gateway-api.sigs.k8s.io/api-types/httproute/ [GRPCRoute]: https://gateway-api.sigs.k8s.io/api-types/grpcroute/ diff --git a/site/content/en/latest/user/client-traffic-policy.md b/site/content/en/latest/user/traffic/client-traffic-policy.md similarity index 97% rename from site/content/en/latest/user/client-traffic-policy.md rename to site/content/en/latest/user/traffic/client-traffic-policy.md index 7b7e7938dd2..7b37f8d4338 100644 --- a/site/content/en/latest/user/client-traffic-policy.md +++ b/site/content/en/latest/user/traffic/client-traffic-policy.md @@ -18,7 +18,7 @@ This API was added as a new policy attachment resource that can be applied to Ga ### Prerequisites -* Follow the steps from the [Quickstart](../quickstart) guide to install Envoy Gateway and the example manifest. +* Follow the steps from the [Quickstart](../../quickstart) guide to install Envoy Gateway and the example manifest. Before proceeding, you should be able to query the example backend using HTTP. ### Support TCP keepalive for downstream client @@ -464,5 +464,5 @@ curl -v http://$GATEWAY_HOST/get \ request timeout ``` -[ClientTrafficPolicy]: ../../api/extension_types#clienttrafficpolicy -[BackendTrafficPolicy]: ../../api/extension_types#backendtrafficpolicy +[ClientTrafficPolicy]: ../../../api/extension_types#clienttrafficpolicy +[BackendTrafficPolicy]: ../../../api/extension_types#backendtrafficpolicy diff --git a/site/content/en/latest/user/fault-injection.md b/site/content/en/latest/user/traffic/fault-injection.md similarity index 94% rename from site/content/en/latest/user/fault-injection.md rename to site/content/en/latest/user/traffic/fault-injection.md index 0c2a366447a..c033d12aed3 100644 --- a/site/content/en/latest/user/fault-injection.md +++ b/site/content/en/latest/user/traffic/fault-injection.md @@ -13,7 +13,7 @@ This instantiated resource can be linked to a [Gateway][], [HTTPRoute][] or [GRP ## Prerequisites -Follow the steps from the [Quickstart](../quickstart) guide to install Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart](../../quickstart) guide to install Envoy Gateway and the example manifest. For GRPC - follow the steps from the [GRPC Routing](../grpc-routing) example. Before proceeding, you should be able to query the example backend using HTTP or GRPC. @@ -170,7 +170,7 @@ kubectl get backendtrafficpolicy/fault-injection-abort -o yaml ## Testing -Ensure the `GATEWAY_HOST` environment variable from the [Quickstart](../quickstart) guide is set. If not, follow the +Ensure the `GATEWAY_HOST` environment variable from the [Quickstart](../../quickstart) guide is set. If not, follow the Quickstart instructions to set the variable. ```shell @@ -238,7 +238,7 @@ Error invoking method "yages.Echo/Ping": rpc error: code = Unavailable desc = fa ## Clean-Up -Follow the steps from the [Quickstart](../quickstart) guide to uninstall Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart](../../quickstart) guide to uninstall Envoy Gateway and the example manifest. Delete the BackendTrafficPolicy: @@ -247,7 +247,7 @@ kubectl delete BackendTrafficPolicy/fault-injection-abort ``` [Envoy fault injection]: https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/fault_filter.html -[BackendTrafficPolicy]: ../../api/extension_types#backendtrafficpolicy +[BackendTrafficPolicy]: ../../../api/extension_types#backendtrafficpolicy [Gateway]: https://gateway-api.sigs.k8s.io/api-types/gateway/ [HTTPRoute]: https://gateway-api.sigs.k8s.io/api-types/httproute/ [GRPCRoute]: https://gateway-api.sigs.k8s.io/api-types/grpcroute/ diff --git a/site/content/en/latest/user/gateway-address.md b/site/content/en/latest/user/traffic/gateway-address.md similarity index 93% rename from site/content/en/latest/user/gateway-address.md rename to site/content/en/latest/user/traffic/gateway-address.md index b87b19ec805..d211d315c1a 100644 --- a/site/content/en/latest/user/gateway-address.md +++ b/site/content/en/latest/user/traffic/gateway-address.md @@ -10,7 +10,7 @@ Depending on the Service Type, the addresses of gateway can be used as: ## Prerequisites -Follow the steps from the [Quickstart](../quickstart) to install Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart](../../quickstart) to install Envoy Gateway and the example manifest. ## External IPs @@ -62,4 +62,4 @@ this will __require__ the address to be of type `IPAddress` and the [ServiceType [Addresses]: https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.GatewayAddress [External IPs]: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips [Cluster IP]: https://kubernetes.io/docs/concepts/services-networking/service/#type-clusterip -[ServiceType]: ../../api/extension_types#servicetype +[ServiceType]: ../../../api/extension_types#servicetype diff --git a/site/content/en/latest/user/gatewayapi-support.md b/site/content/en/latest/user/traffic/gatewayapi-support.md similarity index 98% rename from site/content/en/latest/user/gatewayapi-support.md rename to site/content/en/latest/user/traffic/gatewayapi-support.md index a8d27dd6a36..e8d34d43b17 100644 --- a/site/content/en/latest/user/gatewayapi-support.md +++ b/site/content/en/latest/user/traffic/gatewayapi-support.md @@ -94,7 +94,7 @@ these types of cross-namespace references. Envoy Gateway supports the following namespace. - Allowing a Gateway's [SecretObjectReference][] to reference a secret in a different namespace. -[system design]: ../../design/system-design/ +[system design]: ../../../design/system-design/ [Gateway API]: https://gateway-api.sigs.k8s.io/ [GatewayClass]: https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.GatewayClass [parameters reference]: https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.ParametersReference @@ -112,7 +112,7 @@ these types of cross-namespace references. Envoy Gateway supports the following [SecretObjectReference]: https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.SecretObjectReference [rate limiting]: ../rate-limit/ [request authentication]: ../jwt-authentication/ -[EnvoyProxy]: ../../api/extension_types#envoyproxy +[EnvoyProxy]: ../../../api/extension_types#envoyproxy [resolving conflicts]: https://gateway-api.sigs.k8s.io/concepts/guidelines/?h=conflict#conflicts [ExtensionRefs]: https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteFilterType [grpc-filter]: https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1alpha2.GRPCRouteFilter diff --git a/site/content/en/latest/user/global-rate-limit.md b/site/content/en/latest/user/traffic/global-rate-limit.md similarity index 99% rename from site/content/en/latest/user/global-rate-limit.md rename to site/content/en/latest/user/traffic/global-rate-limit.md index 1c44b356b13..6a67a9573fe 100644 --- a/site/content/en/latest/user/global-rate-limit.md +++ b/site/content/en/latest/user/traffic/global-rate-limit.md @@ -27,7 +27,7 @@ has its own 100r/s rate limit bucket. ### Install Envoy Gateway -* Follow the steps from the [Quickstart Guide](../quickstart) to install Envoy Gateway and the HTTPRoute example manifest. +* Follow the steps from the [Quickstart Guide](../../quickstart) to install Envoy Gateway and the HTTPRoute example manifest. Before proceeding, you should be able to query the example backend using HTTP. ### Install Redis @@ -825,7 +825,7 @@ kubectl rollout restart deployment envoy-gateway -n envoy-gateway-system [Global Rate Limiting]: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/other_features/global_rate_limiting [Local rate limiting]: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/other_features/local_rate_limiting -[BackendTrafficPolicy]: ../../api/extension_types#backendtrafficpolicy +[BackendTrafficPolicy]: ../../../api/extension_types#backendtrafficpolicy [Envoy Ratelimit]: https://github.com/envoyproxy/ratelimit [EnvoyGateway]: https://gateway.envoyproxy.io/latest/api/config_types.html#envoygateway [Gateway]: https://gateway-api.sigs.k8s.io/api-types/gateway/ diff --git a/site/content/en/latest/user/grpc-routing.md b/site/content/en/latest/user/traffic/grpc-routing.md similarity index 98% rename from site/content/en/latest/user/grpc-routing.md rename to site/content/en/latest/user/traffic/grpc-routing.md index 5334514b7cc..0d6ccb963be 100644 --- a/site/content/en/latest/user/grpc-routing.md +++ b/site/content/en/latest/user/traffic/grpc-routing.md @@ -7,7 +7,7 @@ To learn more about gRPC routing, refer to the [Gateway API documentation][]. ## Prerequisites -Follow the steps from the [Quickstart](../quickstart) guide to install Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart](../../quickstart) guide to install Envoy Gateway and the example manifest. Before proceeding, you should be able to query the example backend using HTTP. ## Installation diff --git a/site/content/en/latest/user/http-redirect.md b/site/content/en/latest/user/traffic/http-redirect.md similarity index 98% rename from site/content/en/latest/user/http-redirect.md rename to site/content/en/latest/user/traffic/http-redirect.md index 1ef88e53fa3..ac6a3aceb18 100644 --- a/site/content/en/latest/user/http-redirect.md +++ b/site/content/en/latest/user/traffic/http-redirect.md @@ -9,7 +9,7 @@ learn more about HTTP routing, refer to the [Gateway API documentation][]. ## Prerequisites -Follow the steps from the [Quickstart](../quickstart) to install Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart](../../quickstart) to install Envoy Gateway and the example manifest. Before proceeding, you should be able to query the example backend using HTTPS. ## Redirects diff --git a/site/content/en/latest/user/http-request-headers.md b/site/content/en/latest/user/traffic/http-request-headers.md similarity index 98% rename from site/content/en/latest/user/http-request-headers.md rename to site/content/en/latest/user/traffic/http-request-headers.md index 25b675a16d7..af946da719e 100644 --- a/site/content/en/latest/user/http-request-headers.md +++ b/site/content/en/latest/user/traffic/http-request-headers.md @@ -14,7 +14,7 @@ client. ## Prerequisites -Follow the steps from the [Quickstart Guide](../quickstart) to install Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart Guide](../../quickstart) to install Envoy Gateway and the example manifest. Before proceeding, you should be able to query the example backend using HTTP. ## Adding Request Headers diff --git a/site/content/en/latest/user/http-request-mirroring.md b/site/content/en/latest/user/traffic/http-request-mirroring.md similarity index 99% rename from site/content/en/latest/user/http-request-mirroring.md rename to site/content/en/latest/user/traffic/http-request-mirroring.md index ff95375f02c..0398cf3780b 100644 --- a/site/content/en/latest/user/http-request-mirroring.md +++ b/site/content/en/latest/user/traffic/http-request-mirroring.md @@ -244,7 +244,7 @@ EOF Error from server: error when creating "STDIN": admission webhook "validate.gateway.networking.k8s.io" denied the request: spec.rules[0].filters: Invalid value: "RequestMirror": cannot be used multiple times in the same rule ``` -[Quickstart Guide]: ../quickstart/ +[Quickstart Guide]: ../../quickstart/ [Traffic Splitting]: ../http-traffic-splitting/ [HTTPRoute]: https://gateway-api.sigs.k8s.io/api-types/httproute/ [backendRefs]: https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.BackendRef diff --git a/site/content/en/latest/user/http-response-headers.md b/site/content/en/latest/user/traffic/http-response-headers.md similarity index 98% rename from site/content/en/latest/user/http-response-headers.md rename to site/content/en/latest/user/traffic/http-response-headers.md index 76cf33362b4..13efc8af19a 100644 --- a/site/content/en/latest/user/http-response-headers.md +++ b/site/content/en/latest/user/traffic/http-response-headers.md @@ -12,7 +12,7 @@ upstream service. ## Prerequisites -Follow the steps from the [Quickstart Guide](../quickstart) to install Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart Guide](../../quickstart) to install Envoy Gateway and the example manifest. Before proceeding, you should be able to query the example backend using HTTP. ## Adding Response Headers diff --git a/site/content/en/latest/user/http-routing.md b/site/content/en/latest/user/traffic/http-routing.md similarity index 98% rename from site/content/en/latest/user/http-routing.md rename to site/content/en/latest/user/traffic/http-routing.md index d5bae431c4d..82d3609f91f 100644 --- a/site/content/en/latest/user/http-routing.md +++ b/site/content/en/latest/user/traffic/http-routing.md @@ -9,7 +9,7 @@ Services. To learn more about HTTP routing, refer to the [Gateway API documentat ## Prerequisites -Follow the steps from the [Quickstart](../quickstart) guide to install Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart](../../quickstart) guide to install Envoy Gateway and the example manifest. Before proceeding, you should be able to query the example backend using HTTP. ## Installation diff --git a/site/content/en/latest/user/http-timeouts.md b/site/content/en/latest/user/traffic/http-timeouts.md similarity index 96% rename from site/content/en/latest/user/http-timeouts.md rename to site/content/en/latest/user/traffic/http-timeouts.md index a23e1fa5b69..c3abc192611 100644 --- a/site/content/en/latest/user/http-timeouts.md +++ b/site/content/en/latest/user/traffic/http-timeouts.md @@ -12,7 +12,7 @@ __Note:__ The Request duration must be >= BackendRequest duration ## Installation -Follow the steps from the [Quickstart Guide](../quickstart) to install Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart Guide](../../quickstart) to install Envoy Gateway and the example manifest. Before proceeding, you should be able to query the example backend using HTTP. ## Verification diff --git a/site/content/en/latest/user/http-traffic-splitting.md b/site/content/en/latest/user/traffic/http-traffic-splitting.md similarity index 98% rename from site/content/en/latest/user/http-traffic-splitting.md rename to site/content/en/latest/user/traffic/http-traffic-splitting.md index abc4a550ae3..ef240753ad8 100644 --- a/site/content/en/latest/user/http-traffic-splitting.md +++ b/site/content/en/latest/user/traffic/http-traffic-splitting.md @@ -8,7 +8,7 @@ with status code `500` for all requests that would have been sent to that backen ## Installation -Follow the steps from the [Quickstart Guide](../quickstart) to install Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart Guide](../../quickstart) to install Envoy Gateway and the example manifest. Before proceeding, you should be able to query the example backend using HTTP. ## Single backendRef diff --git a/site/content/en/latest/user/http-urlrewrite.md b/site/content/en/latest/user/traffic/http-urlrewrite.md similarity index 98% rename from site/content/en/latest/user/http-urlrewrite.md rename to site/content/en/latest/user/traffic/http-urlrewrite.md index 945a24a7a44..062f6086392 100644 --- a/site/content/en/latest/user/http-urlrewrite.md +++ b/site/content/en/latest/user/traffic/http-urlrewrite.md @@ -7,7 +7,7 @@ used on a Route rule. This MUST NOT be used on the same Route rule as a HTTPRequ ## Prerequisites -Follow the steps from the [Quickstart Guide](../quickstart) to install Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart Guide](../../quickstart) to install Envoy Gateway and the example manifest. Before proceeding, you should be able to query the example backend using HTTP. ## Rewrite URL Prefix Path diff --git a/site/content/en/latest/user/http3.md b/site/content/en/latest/user/traffic/http3.md similarity index 100% rename from site/content/en/latest/user/http3.md rename to site/content/en/latest/user/traffic/http3.md diff --git a/site/content/en/latest/user/local-rate-limit.md b/site/content/en/latest/user/traffic/local-rate-limit.md similarity index 97% rename from site/content/en/latest/user/local-rate-limit.md rename to site/content/en/latest/user/traffic/local-rate-limit.md index 633d198015e..822e2dd5e56 100644 --- a/site/content/en/latest/user/local-rate-limit.md +++ b/site/content/en/latest/user/traffic/local-rate-limit.md @@ -28,7 +28,7 @@ has its own 100r/s rate limit bucket. ### Install Envoy Gateway -* Follow the steps from the [Quickstart Guide](../quickstart) to install Envoy Gateway and the HTTPRoute example manifest. +* Follow the steps from the [Quickstart Guide](../../quickstart) to install Envoy Gateway and the HTTPRoute example manifest. Before proceeding, you should be able to query the example backend using HTTP. ## Rate Limit Specific User @@ -276,7 +276,7 @@ you should use [Global Rate Limiting][]. [Global Rate Limiting]: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/other_features/global_rate_limiting [Local rate limiting]: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/other_features/local_rate_limiting -[BackendTrafficPolicy]: ../../api/extension_types#backendtrafficpolicy +[BackendTrafficPolicy]: ../../../api/extension_types#backendtrafficpolicy [Gateway]: https://gateway-api.sigs.k8s.io/api-types/gateway/ [HTTPRoute]: https://gateway-api.sigs.k8s.io/api-types/httproute/ [GRPCRoute]: https://gateway-api.sigs.k8s.io/api-types/grpcroute/ diff --git a/site/content/en/latest/user/multicluster-service.md b/site/content/en/latest/user/traffic/multicluster-service.md similarity index 100% rename from site/content/en/latest/user/multicluster-service.md rename to site/content/en/latest/user/traffic/multicluster-service.md diff --git a/site/content/en/latest/user/retry.md b/site/content/en/latest/user/traffic/retry.md similarity index 87% rename from site/content/en/latest/user/retry.md rename to site/content/en/latest/user/traffic/retry.md index 7a553f84f56..ad40202a107 100644 --- a/site/content/en/latest/user/retry.md +++ b/site/content/en/latest/user/traffic/retry.md @@ -9,13 +9,13 @@ Envoy Gateway supports the following retry settings: - **RetryOn**: specifies the retry trigger condition. - **PerRetryPolicy**: is the retry policy to be applied per retry attempt. -Envoy Gateway introduces a new CRD called [BackendTrafficPolicy](../../api/extension_types#backendtrafficpolicy) that allows the user to describe their desired retry settings. This instantiated resource can be linked to a [Gateway](https://gateway-api.sigs.k8s.io/api-types/gateway/), [HTTPRoute](https://gateway-api.sigs.k8s.io/api-types/httproute/) or [GRPCRoute](https://gateway-api.sigs.k8s.io/api-types/grpcroute/) resource. +Envoy Gateway introduces a new CRD called [BackendTrafficPolicy](../../../api/extension_types#backendtrafficpolicy) that allows the user to describe their desired retry settings. This instantiated resource can be linked to a [Gateway](https://gateway-api.sigs.k8s.io/api-types/gateway/), [HTTPRoute](https://gateway-api.sigs.k8s.io/api-types/httproute/) or [GRPCRoute](https://gateway-api.sigs.k8s.io/api-types/grpcroute/) resource. **Note**: There are distinct circuit breaker counters for each `BackendReference` in an `xRoute` rule. Even if a `BackendTrafficPolicy` targets a `Gateway`, each `BackendReference` in that gateway still has separate circuit breaker counter. ## Prerequisites -Follow the installation step from the [Quickstart Guide](../quickstart) to install Envoy Gateway and sample resources. +Follow the installation step from the [Quickstart Guide](../../quickstart) to install Envoy Gateway and sample resources. ## Test and customize retry settings diff --git a/site/content/en/latest/user/tcp-routing.md b/site/content/en/latest/user/traffic/tcp-routing.md similarity index 98% rename from site/content/en/latest/user/tcp-routing.md rename to site/content/en/latest/user/traffic/tcp-routing.md index 4928432f24b..854522c7b98 100644 --- a/site/content/en/latest/user/tcp-routing.md +++ b/site/content/en/latest/user/traffic/tcp-routing.md @@ -8,7 +8,7 @@ HTTP routing, refer to the [Gateway API documentation][]. ## Installation -Follow the steps from the [Quickstart](../quickstart) guide to install Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart](../../quickstart) guide to install Envoy Gateway and the example manifest. Before proceeding, you should be able to query the example backend using HTTP. ## Configuration diff --git a/site/content/en/latest/user/udp-routing.md b/site/content/en/latest/user/traffic/udp-routing.md similarity index 92% rename from site/content/en/latest/user/udp-routing.md rename to site/content/en/latest/user/traffic/udp-routing.md index 6cd4c83ffb2..521d0b41acc 100644 --- a/site/content/en/latest/user/udp-routing.md +++ b/site/content/en/latest/user/traffic/udp-routing.md @@ -12,7 +12,7 @@ For additional information, refer to Envoy's [UDP proxy documentation][]. ## Prerequisites -Follow the steps from the [Quickstart](../quickstart) guide to install Envoy Gateway and the example manifest. +Follow the steps from the [Quickstart](../../quickstart) guide to install Envoy Gateway and the example manifest. Before proceeding, you should be able to query the example backend using HTTP. ## Installation @@ -128,7 +128,7 @@ _udp.foo.bar.com. 0 IN SRV 0 0 42376 . ## Clean-Up -Follow the steps from the [Quickstart Guide](../quickstart) to uninstall Envoy Gateway. +Follow the steps from the [Quickstart Guide](../../quickstart) to uninstall Envoy Gateway. Delete the CoreDNS example manifest and the UDPRoute: @@ -141,7 +141,7 @@ kubectl delete udproute/coredns ## Next Steps -Checkout the [Developer Guide](../../contributions/develop/) to get involved in the project. +Checkout the [Developer Guide](../../../contributions/develop/) to get involved in the project. [UDPRoute]: https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.UDPRoute [UDP proxy documentation]: https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/udp_filters/udp_proxy From b7da243aad48a471bb61d9e89d00aed5b4b720fc Mon Sep 17 00:00:00 2001 From: Xunzhuo Date: Thu, 7 Mar 2024 12:01:55 +0800 Subject: [PATCH 3/5] Fix gen check (#2814) * fix: gen-check error Signed-off-by: bitliu * run lint for docs Signed-off-by: bitliu --------- Signed-off-by: bitliu Signed-off-by: phantooom --- .github/workflows/build_and_test.yaml | 1 - site/content/en/latest/install/api.md | 5 ++++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml index 540ec319b6e..258b1f4f99a 100644 --- a/.github/workflows/build_and_test.yaml +++ b/.github/workflows/build_and_test.yaml @@ -12,7 +12,6 @@ on: - "release/v*" paths-ignore: - "**/*.png" - - 'site/**' permissions: contents: read diff --git a/site/content/en/latest/install/api.md b/site/content/en/latest/install/api.md index a1ab34ca0bf..165a91d01e6 100644 --- a/site/content/en/latest/install/api.md +++ b/site/content/en/latest/install/api.md @@ -1,4 +1,7 @@ -# gateway-helm ++++ +title = "gateway-helm" ++++ + ![Version: v0.0.0-latest](https://img.shields.io/badge/Version-v0.0.0--latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square) From fd6282f579547f96aecedacf3e8336dc4fda901e Mon Sep 17 00:00:00 2001 From: Dennis Zhou Date: Thu, 7 Mar 2024 15:41:17 +0800 Subject: [PATCH 4/5] refactor: set instead of map for mergeGateways (#2803) * refactor:set[T] instead of map[T]bool Signed-off-by: Dennis Zhou * fix lint Signed-off-by: Dennis Zhou --------- Signed-off-by: Dennis Zhou Co-authored-by: Xunzhuo Signed-off-by: phantooom --- internal/cmd/egctl/translate.go | 17 +++--- internal/gatewayapi/backendtrafficpolicy.go | 41 ++++++------- .../gatewayapi/backendtrafficpolicy_test.go | 58 +++++++++++++++++++ internal/gatewayapi/runner/runner.go | 22 ++----- internal/ir/xds.go | 29 +++++----- internal/provider/kubernetes/controller.go | 11 +++- internal/provider/kubernetes/predicates.go | 8 +-- .../provider/kubernetes/predicates_test.go | 9 +-- 8 files changed, 120 insertions(+), 75 deletions(-) diff --git a/internal/cmd/egctl/translate.go b/internal/cmd/egctl/translate.go index a97c83261b7..c8c3d51d24a 100644 --- a/internal/cmd/egctl/translate.go +++ b/internal/cmd/egctl/translate.go @@ -27,6 +27,7 @@ import ( v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/util/sets" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2" @@ -849,21 +850,19 @@ func kubernetesYAMLToResources(str string, addMissingResources bool) (*gatewayap if provided, found := providedServiceMap[key]; !found { resources.Services = append(resources.Services, service) } else { - providedPorts := map[string]bool{} + providedPorts := sets.NewString() for _, port := range provided.Spec.Ports { - providedPorts[fmt.Sprintf("%s-%d", port.Protocol, port.Port)] = true + portKey := fmt.Sprintf("%s-%d", port.Protocol, port.Port) + providedPorts.Insert(portKey) } for _, port := range service.Spec.Ports { - protocol := port.Protocol - port := port.Port - name := fmt.Sprintf("%s-%d", protocol, port) - - if _, found := providedPorts[name]; !found { + name := fmt.Sprintf("%s-%d", port.Protocol, port.Port) + if !providedPorts.Has(name) { servicePort := v1.ServicePort{ Name: name, - Protocol: protocol, - Port: port, + Protocol: port.Protocol, + Port: port.Port, } provided.Spec.Ports = append(provided.Spec.Ports, servicePort) } diff --git a/internal/gatewayapi/backendtrafficpolicy.go b/internal/gatewayapi/backendtrafficpolicy.go index ecabbfef29b..f57f17e5726 100644 --- a/internal/gatewayapi/backendtrafficpolicy.go +++ b/internal/gatewayapi/backendtrafficpolicy.go @@ -825,14 +825,15 @@ func (t *Translator) buildHTTPActiveHealthChecker(h *egv1a1.HTTPActiveHealthChec *irHTTP.Method = strings.ToUpper(*irHTTP.Method) } - var irStatuses []ir.HTTPStatus // deduplicate http statuses - statusSet := make(map[egv1a1.HTTPStatus]bool, len(h.ExpectedStatuses)) + statusSet := sets.NewInt() for _, r := range h.ExpectedStatuses { - if _, ok := statusSet[r]; !ok { - statusSet[r] = true - irStatuses = append(irStatuses, ir.HTTPStatus(r)) - } + statusSet.Insert(int(r)) + } + irStatuses := make([]ir.HTTPStatus, 0, statusSet.Len()) + + for _, r := range statusSet.List() { + irStatuses = append(irStatuses, ir.HTTPStatus(r)) } irHTTP.ExpectedStatuses = irStatuses @@ -1158,27 +1159,27 @@ func (t *Translator) buildRetry(policy *egv1a1.BackendTrafficPolicy) *ir.Retry { } func makeIrStatusSet(in []egv1a1.HTTPStatus) []ir.HTTPStatus { - var irStatuses []ir.HTTPStatus - // deduplicate http statuses - statusSet := make(map[egv1a1.HTTPStatus]bool, len(in)) + statusSet := sets.NewInt() for _, r := range in { - if _, ok := statusSet[r]; !ok { - statusSet[r] = true - irStatuses = append(irStatuses, ir.HTTPStatus(r)) - } + statusSet.Insert(int(r)) + } + irStatuses := make([]ir.HTTPStatus, 0, statusSet.Len()) + + for _, r := range statusSet.List() { + irStatuses = append(irStatuses, ir.HTTPStatus(r)) } return irStatuses } func makeIrTriggerSet(in []egv1a1.TriggerEnum) []ir.TriggerEnum { - var irTriggers []ir.TriggerEnum - // deduplicate http statuses - triggerSet := make(map[egv1a1.TriggerEnum]bool, len(in)) + triggerSet := sets.NewString() for _, r := range in { - if _, ok := triggerSet[r]; !ok { - triggerSet[r] = true - irTriggers = append(irTriggers, ir.TriggerEnum(r)) - } + triggerSet.Insert(string(r)) + } + irTriggers := make([]ir.TriggerEnum, 0, triggerSet.Len()) + + for _, r := range triggerSet.List() { + irTriggers = append(irTriggers, ir.TriggerEnum(r)) } return irTriggers } diff --git a/internal/gatewayapi/backendtrafficpolicy_test.go b/internal/gatewayapi/backendtrafficpolicy_test.go index df943a2032b..d40d1e68c76 100644 --- a/internal/gatewayapi/backendtrafficpolicy_test.go +++ b/internal/gatewayapi/backendtrafficpolicy_test.go @@ -7,9 +7,13 @@ package gatewayapi import ( "math" + "reflect" "testing" "github.com/stretchr/testify/require" + + egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" + "github.com/envoyproxy/gateway/internal/ir" ) func TestInt64ToUint32(t *testing.T) { @@ -50,3 +54,57 @@ func TestInt64ToUint32(t *testing.T) { }) } } + +func TestMakeIrStatusSet(t *testing.T) { + tests := []struct { + name string + in []egv1a1.HTTPStatus + want []ir.HTTPStatus + }{ + { + name: "no duplicates", + in: []egv1a1.HTTPStatus{200, 404}, + want: []ir.HTTPStatus{200, 404}, + }, + { + name: "with duplicates", + in: []egv1a1.HTTPStatus{200, 404, 200}, + want: []ir.HTTPStatus{200, 404}, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := makeIrStatusSet(tt.in); !reflect.DeepEqual(got, tt.want) { + t.Errorf("makeIrStatusSet() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestMakeIrTriggerSet(t *testing.T) { + tests := []struct { + name string + in []egv1a1.TriggerEnum + want []ir.TriggerEnum + }{ + { + name: "no duplicates", + in: []egv1a1.TriggerEnum{"5xx", "reset"}, + want: []ir.TriggerEnum{"5xx", "reset"}, + }, + { + name: "with duplicates", + in: []egv1a1.TriggerEnum{"5xx", "reset", "5xx"}, + want: []ir.TriggerEnum{"5xx", "reset"}, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := makeIrTriggerSet(tt.in); !reflect.DeepEqual(got, tt.want) { + t.Errorf("makeIrTriggerSet() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/internal/gatewayapi/runner/runner.go b/internal/gatewayapi/runner/runner.go index 2b34b8ad33f..13f2c6b9d08 100644 --- a/internal/gatewayapi/runner/runner.go +++ b/internal/gatewayapi/runner/runner.go @@ -10,6 +10,7 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" + "k8s.io/apimachinery/pkg/util/sets" v1 "sigs.k8s.io/gateway-api/apis/v1" "github.com/envoyproxy/gateway/api/v1alpha1" @@ -356,23 +357,10 @@ func (r *Runner) deleteAllStatusKeys() { // based on the difference between the current keys and the // new keys parameters passed to the function. func getIRKeysToDelete(curKeys, newKeys []string) []string { - var delKeys []string - remaining := make(map[string]bool) + curSet := sets.NewString(curKeys...) + newSet := sets.NewString(newKeys...) - // Add all current keys to the remaining map - for _, key := range curKeys { - remaining[key] = true - } - - // Delete newKeys from the remaining map - // to get keys that need to be deleted - for _, key := range newKeys { - delete(remaining, key) - } - - for key := range remaining { - delKeys = append(delKeys, key) - } + delSet := curSet.Difference(newSet) - return delKeys + return delSet.List() } diff --git a/internal/ir/xds.go b/internal/ir/xds.go index 4bd51d37c0a..7d1af7c0602 100644 --- a/internal/ir/xds.go +++ b/internal/ir/xds.go @@ -16,6 +16,7 @@ import ( apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/validation" "sigs.k8s.io/yaml" @@ -714,53 +715,49 @@ func (h HTTPRoute) Validate() error { } } if len(h.AddRequestHeaders) > 0 { - occurred := map[string]bool{} + occurred := sets.NewString() for _, header := range h.AddRequestHeaders { if err := header.Validate(); err != nil { errs = errors.Join(errs, err) } - if !occurred[header.Name] { - occurred[header.Name] = true - } else { + if occurred.Has(header.Name) { errs = errors.Join(errs, ErrAddHeaderDuplicate) break } + occurred.Insert(header.Name) } } if len(h.RemoveRequestHeaders) > 0 { - occurred := map[string]bool{} + occurred := sets.NewString() for _, header := range h.RemoveRequestHeaders { - if !occurred[header] { - occurred[header] = true - } else { + if occurred.Has(header) { errs = errors.Join(errs, ErrRemoveHeaderDuplicate) break } + occurred.Insert(header) } } if len(h.AddResponseHeaders) > 0 { - occurred := map[string]bool{} + occurred := sets.NewString() for _, header := range h.AddResponseHeaders { if err := header.Validate(); err != nil { errs = errors.Join(errs, err) } - if !occurred[header.Name] { - occurred[header.Name] = true - } else { + if occurred.Has(header.Name) { errs = errors.Join(errs, ErrAddHeaderDuplicate) break } + occurred.Insert(header.Name) } } if len(h.RemoveResponseHeaders) > 0 { - occurred := map[string]bool{} + occurred := sets.NewString() for _, header := range h.RemoveResponseHeaders { - if !occurred[header] { - occurred[header] = true - } else { + if occurred.Has(header) { errs = errors.Join(errs, ErrRemoveHeaderDuplicate) break } + occurred.Insert(header) } } if h.LoadBalancer != nil { diff --git a/internal/provider/kubernetes/controller.go b/internal/provider/kubernetes/controller.go index 5e66e0e6a7b..fb3ade2bcff 100644 --- a/internal/provider/kubernetes/controller.go +++ b/internal/provider/kubernetes/controller.go @@ -18,6 +18,7 @@ import ( "k8s.io/apimachinery/pkg/fields" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" + "k8s.io/apimachinery/pkg/util/sets" "k8s.io/client-go/discovery" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller" @@ -51,7 +52,7 @@ type gatewayAPIReconciler struct { namespace string namespaceLabel *metav1.LabelSelector envoyGateway *egv1a1.EnvoyGateway - mergeGateways map[string]bool + mergeGateways sets.Set[string] resources *message.ProviderResources extGVKs []schema.GroupVersionKind } @@ -87,7 +88,7 @@ func newGatewayAPIController(mgr manager.Manager, cfg *config.Server, su status. extGVKs: extGVKs, store: newProviderStore(), envoyGateway: cfg.EnvoyGateway, - mergeGateways: map[string]bool{}, + mergeGateways: sets.New[string](), } if byNamespaceSelector { @@ -356,7 +357,11 @@ func (r *gatewayAPIReconciler) Reconcile(ctx context.Context, _ reconcile.Reques } if gwcResource.EnvoyProxy != nil && gwcResource.EnvoyProxy.Spec.MergeGateways != nil { - r.mergeGateways[acceptedGC.Name] = *gwcResource.EnvoyProxy.Spec.MergeGateways + if *gwcResource.EnvoyProxy.Spec.MergeGateways { + r.mergeGateways.Insert(acceptedGC.Name) + } else { + r.mergeGateways.Delete(acceptedGC.Name) + } } if err := r.updateStatusForGatewayClass(ctx, acceptedGC, true, string(gwapiv1.GatewayClassReasonAccepted), status.MsgValidGatewayClass); err != nil { diff --git a/internal/provider/kubernetes/predicates.go b/internal/provider/kubernetes/predicates.go index f77b46ea99a..3585a2913ae 100644 --- a/internal/provider/kubernetes/predicates.go +++ b/internal/provider/kubernetes/predicates.go @@ -238,7 +238,7 @@ func (r *gatewayAPIReconciler) validateServiceForReconcile(obj client.Object) bo // Merged gateways will have only this label, update status of all Gateways under found GatewayClass. gcName, ok := labels[gatewayapi.OwningGatewayClassLabel] - if ok && r.mergeGateways[gcName] { + if ok && r.mergeGateways.Has(gcName) { if err := r.updateStatusForGatewaysUnderGatewayClass(ctx, gcName); err != nil { r.log.Info("no Gateways found under GatewayClass", "name", gcName) return false @@ -390,7 +390,7 @@ func (r *gatewayAPIReconciler) validateDeploymentForReconcile(obj client.Object) // Merged gateways will have only this label, update status of all Gateways under found GatewayClass. gcName, ok := labels[gatewayapi.OwningGatewayClassLabel] - if ok && r.mergeGateways[gcName] { + if ok && r.mergeGateways.Has(gcName) { if err := r.updateStatusForGatewaysUnderGatewayClass(ctx, gcName); err != nil { r.log.Info("no Gateways found under GatewayClass", "name", gcName) return false @@ -406,7 +406,7 @@ func (r *gatewayAPIReconciler) validateDeploymentForReconcile(obj client.Object) func (r *gatewayAPIReconciler) envoyDeploymentForGateway(ctx context.Context, gateway *gwapiv1.Gateway) (*appsv1.Deployment, error) { key := types.NamespacedName{ Namespace: r.namespace, - Name: infraName(gateway, r.mergeGateways[string(gateway.Spec.GatewayClassName)]), + Name: infraName(gateway, r.mergeGateways.Has(string(gateway.Spec.GatewayClassName))), } deployment := new(appsv1.Deployment) if err := r.client.Get(ctx, key, deployment); err != nil { @@ -422,7 +422,7 @@ func (r *gatewayAPIReconciler) envoyDeploymentForGateway(ctx context.Context, ga func (r *gatewayAPIReconciler) envoyServiceForGateway(ctx context.Context, gateway *gwapiv1.Gateway) (*corev1.Service, error) { key := types.NamespacedName{ Namespace: r.namespace, - Name: infraName(gateway, r.mergeGateways[string(gateway.Spec.GatewayClassName)]), + Name: infraName(gateway, r.mergeGateways.Has(string(gateway.Spec.GatewayClassName))), } svc := new(corev1.Service) if err := r.client.Get(ctx, key, svc); err != nil { diff --git a/internal/provider/kubernetes/predicates_test.go b/internal/provider/kubernetes/predicates_test.go index cd88d7b7100..f923eef8a26 100644 --- a/internal/provider/kubernetes/predicates_test.go +++ b/internal/provider/kubernetes/predicates_test.go @@ -13,6 +13,7 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + "k8s.io/apimachinery/pkg/util/sets" "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" fakeclient "sigs.k8s.io/controller-runtime/pkg/client/fake" @@ -556,9 +557,7 @@ func TestValidateServiceForReconcile(t *testing.T) { r := gatewayAPIReconciler{ classController: v1alpha1.GatewayControllerName, log: logger, - mergeGateways: map[string]bool{ - "test-mg": true, - }, + mergeGateways: sets.New[string]("test-mg"), } for _, tc := range testCases { @@ -653,9 +652,7 @@ func TestValidateDeploymentForReconcile(t *testing.T) { r := gatewayAPIReconciler{ classController: v1alpha1.GatewayControllerName, log: logger, - mergeGateways: map[string]bool{ - "test-mg": true, - }, + mergeGateways: sets.New[string]("test-mg"), } for _, tc := range testCases { From 436c3ffdff45ff71bb196f085e3d63b4655854f0 Mon Sep 17 00:00:00 2001 From: zou rui Date: Thu, 7 Mar 2024 23:48:20 +0800 Subject: [PATCH 5/5] Update site/content/en/latest/user/security/basic-auth.md Co-authored-by: Huabing Zhao Signed-off-by: zou rui --- site/content/en/latest/user/security/basic-auth.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site/content/en/latest/user/security/basic-auth.md b/site/content/en/latest/user/security/basic-auth.md index aca135b489d..be165d2e0e2 100644 --- a/site/content/en/latest/user/security/basic-auth.md +++ b/site/content/en/latest/user/security/basic-auth.md @@ -71,7 +71,7 @@ kubectl patch gateway eg --type=json --patch '[{ ### Create a .htpasswd file First, create a [.htpasswd][.htpasswd] file with the username and password you want to use for authentication. -Note: We recommend users to enable HTTPS when using Basic Authentication. +Note: Please always use HTTPS with Basic Authentication. This prevents credentials from being transmitted in plain text. The input password won't be saved, instead, a hash will be generated and saved in the output file. When a request tries to access protected resources, the password in the "Authorization" HTTP header will be hashed and compared with the