Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

api: ext-proc timeout, fail-open, backendRefs #3087

Merged
merged 14 commits into from
Apr 16, 2024
Merged

api: ext-proc timeout, fail-open, backendRefs #3087

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
455b9f2
extend extproc api
guydc Apr 2, 2024
d1660ee
fix metadata options
guydc Apr 3, 2024
1272fff
Merge branch 'main' into api-extproc
guydc Apr 8, 2024
6c5c97d
Merge branch 'main' into api-extproc
guydc Apr 9, 2024
6b32788
Merge branch 'main' into api-extproc
guydc Apr 10, 2024
9d6fa29
rm attributes, metadata and processing mode
guydc Apr 10, 2024
418e835
rm enums
guydc Apr 10, 2024
d407e1c
rm unrealted CEL
guydc Apr 10, 2024
d582360
Merge branch 'main' into api-extproc
guydc Apr 11, 2024
e75eb79
Merge branch 'main' into api-extproc
zirain Apr 12, 2024
1e0652d
sort imports, add optional plural backendRefs
guydc Apr 12, 2024
6210da0
Merge branch 'main' into api-extproc
guydc Apr 12, 2024
da182e8
fix gen
guydc Apr 12, 2024
ba5e689
merge
guydc Apr 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 14 additions & 1 deletion api/v1alpha1/ext_proc_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,21 @@ import (
//
// ExtProc defines the configuration for External Processing filter.
type ExtProc struct {
// Service defines the configuration of the external processing service
// BackendRef defines the configuration of the external processing service
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

plan on deleting backendRef in a follow up PR ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nvm this is a API PR

BackendRef ExtProcBackendRef `json:"backendRef"`

// MessageTimeout is the timeout for a response to be returned from the external processor
// Default: 200ms
//
// +optional
MessageTimeout *gwapiv1.Duration `json:"messageTimeout,omitempty"`

// FailOpen defines if requests or responses that cannot be processed due to connectivity to the
// external processor are terminated or passed-through.
// Default: false
//
// +optional
FailOpen *bool `json:"failOpen,omitempty"`
}

// ExtProcService defines the gRPC External Processing service using the envoy grpc client
Expand Down
10 changes: 10 additions & 0 deletions api/v1alpha1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

14 changes: 13 additions & 1 deletion charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ spec:
filter.
properties:
backendRef:
description: Service defines the configuration of the external
description: BackendRef defines the configuration of the external
processing service
properties:
group:
Expand Down Expand Up @@ -134,6 +134,18 @@ spec:
- message: Must have port for Service reference
rule: '(size(self.group) == 0 && self.kind == ''Service'')
? has(self.port) : true'
failOpen:
description: |-
FailOpen defines if requests or responses that cannot be processed due to connectivity to the
external processor are terminated or passed-through.
Default: false
type: boolean
messageTimeout:
description: |-
MessageTimeout is the timeout for a response to be returned from the external processor
Default: 200ms
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
type: string
required:
- backendRef
type: object
Expand Down
4 changes: 3 additions & 1 deletion site/content/en/latest/api/extension_types.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1018,7 +1018,9 @@ _Appears in:_

| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `backendRef` | _[ExtProcBackendRef](#extprocbackendref)_ | true | Service defines the configuration of the external processing service |
| `backendRef` | _[ExtProcBackendRef](#extprocbackendref)_ | true | BackendRef defines the configuration of the external processing service |
| `messageTimeout` | _[Duration](#duration)_ | false | MessageTimeout is the timeout for a response to be returned from the external processor<br />Default: 200ms |
| `failOpen` | _boolean_ | false | FailOpen defines if requests or responses that cannot be processed due to connectivity to the<br />external processor are terminated or passed-through.<br />Default: false |


#### ExtProcBackendRef
Expand Down
81 changes: 81 additions & 0 deletions test/cel-validation/envoyextensionpolicy_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ package celvalidation
import (
"context"
"fmt"
"k8s.io/utils/ptr"
gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sort the imports please

"strings"
"testing"
"time"
Expand Down Expand Up @@ -151,6 +153,85 @@ func TestEnvoyExtensionPolicyTarget(t *testing.T) {
"spec.targetRef: Invalid value: \"object\": this policy does not yet support the sectionName field",
},
},

// ExtProc
{
desc: "ExtProc with BackendRef",
mutate: func(sp *egv1a1.EnvoyExtensionPolicy) {
sp.Spec = egv1a1.EnvoyExtensionPolicySpec{
ExtProc: []egv1a1.ExtProc{
{
BackendRef: egv1a1.ExtProcBackendRef{
BackendObjectReference: gwapiv1.BackendObjectReference{
Name: "grpc-proc-service",
Port: ptr.To(gwapiv1.PortNumber(80)),
},
},
},
},
TargetRef: gwapiv1a2.PolicyTargetReferenceWithSectionName{
PolicyTargetReference: gwapiv1a2.PolicyTargetReference{
Group: "gateway.networking.k8s.io",
Kind: "Gateway",
Name: "eg",
},
},
}
},
wantErrors: []string{},
},
{
desc: "ExtProc with invalid BackendRef Group",
mutate: func(sp *egv1a1.EnvoyExtensionPolicy) {
sp.Spec = egv1a1.EnvoyExtensionPolicySpec{
ExtProc: []egv1a1.ExtProc{
{
BackendRef: egv1a1.ExtProcBackendRef{
BackendObjectReference: gwapiv1.BackendObjectReference{
Group: ptr.To(gwapiv1.Group("unsupported")),
Name: "grpc-proc-service",
Port: ptr.To(gwapiv1.PortNumber(80)),
},
},
},
},
TargetRef: gwapiv1a2.PolicyTargetReferenceWithSectionName{
PolicyTargetReference: gwapiv1a2.PolicyTargetReference{
Group: "gateway.networking.k8s.io",
Kind: "Gateway",
Name: "eg",
},
},
}
},
wantErrors: []string{"spec.extProc[0]: Invalid value: \"object\": group is invalid, only the core API group (specified by omitting the group field or setting it to an empty string) is supported"},
},
{
desc: "ExtProc with invalid BackendRef Kind",
mutate: func(sp *egv1a1.EnvoyExtensionPolicy) {
sp.Spec = egv1a1.EnvoyExtensionPolicySpec{
ExtProc: []egv1a1.ExtProc{
{
BackendRef: egv1a1.ExtProcBackendRef{
BackendObjectReference: gwapiv1.BackendObjectReference{
Kind: ptr.To(gwapiv1.Kind("unsupported")),
Name: "grpc-proc-service",
Port: ptr.To(gwapiv1.PortNumber(80)),
},
},
},
},
TargetRef: gwapiv1a2.PolicyTargetReferenceWithSectionName{
PolicyTargetReference: gwapiv1a2.PolicyTargetReference{
Group: "gateway.networking.k8s.io",
Kind: "Gateway",
Name: "eg",
},
},
}
},
wantErrors: []string{"spec.extProc[0]: Invalid value: \"object\": kind is invalid, only Service (specified by omitting the kind field or setting it to 'Service') is supported"},
},
}

for _, tc := range cases {
Expand Down