Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[pull] main from envoyproxy:main #39

Merged
merged 134 commits into from
Feb 23, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
134 commits
Select commit Hold shift + click to select a range
cf83f5b
chore: enable testifylint linter (#2436)
mmorel-35 Jan 13, 2024
dfa0d8f
fix: add validation for envoy gateway watch mode field and update doc…
shawnh2 Jan 13, 2024
4499c19
update OSSF Scorecard badge link (#2438)
mmorel-35 Jan 14, 2024
a8d34b6
api: Support connection timeouts in BackendTrafficPolicy (#2411)
guydc Jan 16, 2024
50fbec2
build(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0 (#2441)
dependabot[bot] Jan 16, 2024
a68f491
build(deps): bump actions/deploy-pages from 4.0.2 to 4.0.3 (#2442)
dependabot[bot] Jan 16, 2024
e0c20da
build(deps): bump actions/download-artifact from 4.1.0 to 4.1.1 (#2443)
dependabot[bot] Jan 16, 2024
96904a6
build(deps): bump github/codeql-action from 3.22.12 to 3.23.0 (#2444)
dependabot[bot] Jan 16, 2024
5782d21
build(deps): bump github.com/prometheus/common from 0.45.0 to 0.46.0 …
dependabot[bot] Jan 16, 2024
5c98592
build(deps): bump github.com/evanphx/json-patch/v5 from 5.7.0 to 5.8.…
dependabot[bot] Jan 16, 2024
e2c0157
Fix handling the error when parsing the http request timeout for proc…
zhlsunshine Jan 16, 2024
9ed8b20
Replace the net.ParseIP with netip.ParseAddr for IP address parsing. …
zhlsunshine Jan 16, 2024
3ac045d
fix(helm): remove referencepolicies from EG RBAC (#2448)
shahar-h Jan 16, 2024
9081d82
feat: JWT extractFrom headers and params (#2434)
ardikabs Jan 16, 2024
f4ed899
fix(helm): remove kube-rbac-proxy leftovers (#2450)
shahar-h Jan 17, 2024
ffeabe1
feat(helm): support resources configuration for certgen job (#2338)
shahar-h Jan 17, 2024
2a26475
chore: bump golang.org/x/net for tools (#2455)
arkodg Jan 17, 2024
b0ae46c
fix(helm): remove unused RBAC verbs (#2457)
shahar-h Jan 17, 2024
5150839
Fix the description for BackendTrafficPolicy (#2460)
soulxu Jan 18, 2024
20b8497
chore: bump golang.org/x/sys for tools (#2461)
arkodg Jan 18, 2024
3510eda
feat(cors): Allowed more wildcard options (#2453)
jaynis Jan 20, 2024
2002f4c
build(deps): bump the k8s-io group with 4 updates (#2469)
dependabot[bot] Jan 22, 2024
3aab4dc
build(deps): bump go.opentelemetry.io/otel/metric from 1.21.0 to 1.22…
dependabot[bot] Jan 22, 2024
4ec4e68
build(deps): bump go.opentelemetry.io/otel/sdk/metric from 1.21.0 to …
dependabot[bot] Jan 22, 2024
3c5037e
build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/…
dependabot[bot] Jan 22, 2024
562dc29
build(deps): bump github/codeql-action from 3.23.0 to 3.23.1 (#2476)
dependabot[bot] Jan 22, 2024
e66f8e0
Correct word spelling (#2478)
xiandan-erizo Jan 22, 2024
0ac8c64
build(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0 (#2475)
dependabot[bot] Jan 22, 2024
d0c12eb
Use go standard errors instead of multierror (#2464)
mmorel-35 Jan 22, 2024
50db4a0
feat: Add secret resource support for EnvoyPatchPolicy (#2466)
soulxu Jan 23, 2024
f2b62b2
chore: fix lint (#2484)
zirain Jan 23, 2024
9b6e45e
api: downstream client CACert validation (#2483)
arkodg Jan 23, 2024
95f4c10
LogoutPath nil pointer fix (#2485)
xiandan-erizo Jan 23, 2024
9359b78
testifylint: enable bool-compare, compares, require-error (#2486)
mmorel-35 Jan 23, 2024
45c03a2
fix: fix checkObjectNamespaceLabels func param type (#2477)
ShyunnY Jan 23, 2024
e4e2b68
api: Add support for enabling Trailers in HTTP/1.1 (#2487)
liorokman Jan 24, 2024
914b48c
API: add `From` field to JSONPatchOperation (#2467)
soulxu Jan 24, 2024
c86681c
simplify checkObjectNamespaceLabels (#2480)
deszhou Jan 24, 2024
daa2c23
update CORS docs (#2493)
zhaohuabing Jan 24, 2024
100d310
feat: support Envoy extra args (#2489)
shahar-h Jan 24, 2024
8ce7914
feat: Implement enabling HTTP/1.1 trailers (#2492)
liorokman Jan 24, 2024
e58d1c9
docs: add user guide for EnvoyProxy extraArgs (#2498)
shahar-h Jan 25, 2024
8503398
bump controller-runtime (#2499)
zirain Jan 25, 2024
668dfb5
api: Support preserving header letter-case on HTTP/1 (#2501)
liorokman Jan 25, 2024
e168ef9
feat: support LabelSelector type for NamespaceSelectors (#2494)
deszhou Jan 26, 2024
8aa432c
Trigger a reconcile of SecurityPolicy when OIDC or Basic Auth secrets…
zhaohuabing Jan 26, 2024
0bd88fe
api: add compressor/decompressor support (#2474)
soulxu Jan 26, 2024
2feae69
chore: fix lint (#2514)
zirain Jan 27, 2024
52c18f3
Set status when EnvoyPatchPolicy is disabled (#2504)
soulxu Jan 27, 2024
b33f09b
feat: Implement preserving header letter cases (#2506)
liorokman Jan 27, 2024
93361a6
bug: fix printable for ir xds (#2512)
arkodg Jan 27, 2024
796a093
bug: skip backendRefs with weight set to 0 (#2515)
arkodg Jan 27, 2024
6572fd3
chore: Cleanups for HTTP1Settings (#2517)
liorokman Jan 27, 2024
05562f0
build(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 (#2523)
dependabot[bot] Jan 29, 2024
496f6e1
build(deps): bump codecov/codecov-action from 3.1.4 to 3.1.5 (#2525)
dependabot[bot] Jan 29, 2024
c460bdb
build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/…
dependabot[bot] Jan 29, 2024
fcd8148
build(deps): bump go.opentelemetry.io/proto/otlp from 1.0.0 to 1.1.0 …
dependabot[bot] Jan 29, 2024
ae78a8f
build(deps): bump github.com/evanphx/json-patch/v5 from 5.8.0 to 5.9.…
dependabot[bot] Jan 29, 2024
6113426
build(deps): bump github.com/bufbuild/buf from 1.28.1 to 1.29.0 in /t…
dependabot[bot] Jan 29, 2024
cbb9b90
build(deps): bump github/codeql-action from 3.23.1 to 3.23.2 (#2524)
dependabot[bot] Jan 29, 2024
8d19d77
build(deps): bump github.com/tsaarni/certyaml from 0.9.2 to 0.9.3 (#2…
dependabot[bot] Jan 29, 2024
b8cbee2
build(deps): bump google.golang.org/grpc from 1.60.1 to 1.61.0 (#2528)
dependabot[bot] Jan 29, 2024
f1a0a42
feat(translator): Implement BTP Timeout API (#2454)
guydc Jan 29, 2024
236cba5
api: support upstream max requests per connection (#2513)
guydc Jan 30, 2024
241e838
api: support for external authz (#2435)
zhaohuabing Jan 30, 2024
b090182
feat(translator): implement max requests per connection (#2539)
guydc Jan 31, 2024
fb8d48c
api: move healthCheck to healthCheck.active (#2540)
arkodg Jan 31, 2024
3e99199
chore: update api doc (#2542)
zirain Jan 31, 2024
0676f04
docs: improve api type members (#2544)
zirain Feb 1, 2024
fb87c57
docs: show required for API doc (#2547)
zirain Feb 1, 2024
464fed9
docs: fix PolicyTargetReferenceWithSectionName hyperlink (#2548)
zirain Feb 1, 2024
1754679
chore: remove duplicate (#2538)
deszhou Feb 2, 2024
ca4657c
use BackendObjectReference to represent the ext auth service (#2553)
zhaohuabing Feb 2, 2024
e3994ec
feat: Support Client IP Detection using XFF on ClientTrafficPolicy (#…
davidalger Feb 3, 2024
86c67d2
fix: LoadBalancerIP validation to prevent trailing period (#2563)
davidalger Feb 5, 2024
567d484
build(deps): bump github/codeql-action from 3.23.2 to 3.24.0 (#2559)
dependabot[bot] Feb 5, 2024
9ae27f1
build(deps): bump go.opentelemetry.io/otel/exporters/prometheus from …
dependabot[bot] Feb 5, 2024
861c3cd
build(deps): bump github.com/miekg/dns from 1.1.57 to 1.1.58 (#2561)
dependabot[bot] Feb 5, 2024
4ab017d
build(deps): bump sigs.k8s.io/kind from 0.20.0 to 0.21.0 in /tools/sr…
dependabot[bot] Feb 5, 2024
f21f9ff
feat: add support for `egctl x status` (#2550)
shawnh2 Feb 6, 2024
3f37499
refactor: reconstruct the judgment of OwningGatewayLabels (#2555)
ShyunnY Feb 6, 2024
9b37f59
fix: Envoy rejects XDS at runtime losing all routes on restart (#2576)
davidalger Feb 8, 2024
a33c505
fix: Deprecated field error when using RequestHeaderModifier filter (…
davidalger Feb 8, 2024
dc4a8d3
ext auth impl (#2537)
zhaohuabing Feb 8, 2024
151ae6a
api: Add support for enabling HTTP/1.0 and HTTP/0.9 (#2534)
liorokman Feb 8, 2024
c3a2bd9
api: making the value optional for JSONPatchOperation (#2522)
soulxu Feb 8, 2024
d44f4be
e2e: Add an e2e test for the header case-preserving feature (#2516)
liorokman Feb 8, 2024
53c9758
Disable appending Server header by default (#2500)
liorokman Feb 9, 2024
5acc233
feat: Add support for HTTP/1.0 and HTTP/0.9 (#2577)
liorokman Feb 9, 2024
bb59484
fix: when service type = clusterIP set the address to service.cluster…
ShyunnY Feb 12, 2024
2c1b946
feat(translator): Implement BTP TCPKeepAlive (#2581)
guydc Feb 12, 2024
da092e0
feat: add support for Passive Health Checks (Outlier Detection) (#2556)
deszhou Feb 12, 2024
6884f8d
add liorokman & guydc as reviewers (#2583)
arkodg Feb 13, 2024
988d4ed
feat: Suppress 'X-Envoy' headers and pass-through the upstream 'Serve…
liorokman Feb 13, 2024
446997b
bug: fix merge race (#2604)
arkodg Feb 13, 2024
765903a
feat: downstream mTLS (#2490)
arkodg Feb 14, 2024
b97e5ab
chore: fix failed test case introduced by #2490 (#2608)
shawnh2 Feb 14, 2024
e4b88aa
build(deps): bump go.opentelemetry.io/otel from 1.22.0 to 1.23.1 (#2595)
dependabot[bot] Feb 15, 2024
475adb7
build(deps): bump github.com/golangci/golangci-lint from 1.55.2 to 1.…
dependabot[bot] Feb 15, 2024
ce4f2ed
build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/…
dependabot[bot] Feb 15, 2024
737a6ee
build(deps): bump actions/setup-node from 4.0.1 to 4.0.2 (#2588)
dependabot[bot] Feb 15, 2024
fe88e9a
build(deps): bump yamllint from 1.33.0 to 1.34.0 in /tools/src/yamlli…
dependabot[bot] Feb 15, 2024
35e646d
add a catch-all route if needed (#2586)
zhaohuabing Feb 15, 2024
c6696d9
build(deps): bump sigs.k8s.io/controller-runtime from 0.17.0 to 0.17.…
dependabot[bot] Feb 15, 2024
114c3bd
build(deps): bump actions/upload-pages-artifact from 3.0.0 to 3.0.1 (…
dependabot[bot] Feb 15, 2024
07b6c95
build(deps): bump actions/deploy-pages from 4.0.3 to 4.0.4 (#2589)
dependabot[bot] Feb 15, 2024
b2bfdbf
build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 (#2587)
dependabot[bot] Feb 15, 2024
ac02437
fix: ensure ANDed matches for ratelimit rules (#2607)
shawnh2 Feb 15, 2024
1775624
feat: Support Client IP Detection using Custom Header (#2566)
davidalger Feb 16, 2024
cc88e9c
bug: Fix merge race (#2628)
arkodg Feb 16, 2024
f7df0e2
use ADS cache to ensure the rule order (#2634)
zetaab Feb 17, 2024
a5125bf
feat: support multiple GatewayClass per controller (#2298)
cnvergence Feb 17, 2024
199f50c
api: Support Timeouts in ClientTrafficPolicy (#2605)
yaelSchechter Feb 18, 2024
56a0178
doc: update gateway-address doc (#2638)
shawnh2 Feb 19, 2024
c8ca4fa
build(deps): bump github.com/golangci/golangci-lint from 1.56.1 to 1.…
dependabot[bot] Feb 19, 2024
7063031
build(deps): bump distroless/static from `112a87f` to `6a3500b` in /t…
dependabot[bot] Feb 19, 2024
511b4c0
build(deps): bump actions/download-artifact from 4.1.1 to 4.1.2 (#2650)
dependabot[bot] Feb 19, 2024
2df19d6
build(deps): bump sigs.k8s.io/kind from 0.21.0 to 0.22.0 in /tools/sr…
dependabot[bot] Feb 19, 2024
dea8bc0
build(deps): bump yamllint from 1.34.0 to 1.35.1 in /tools/src/yamlli…
dependabot[bot] Feb 19, 2024
2d090f1
build(deps): bump google.golang.org/grpc from 1.61.0 to 1.61.1 (#2644)
dependabot[bot] Feb 19, 2024
6227b8c
build(deps): bump the k8s-io group with 6 updates (#2643)
dependabot[bot] Feb 19, 2024
90b21b6
build(deps): bump github.com/prometheus/common from 0.46.0 to 0.47.0 …
dependabot[bot] Feb 19, 2024
a86ee92
build(deps): bump github/codeql-action from 3.24.0 to 3.24.3 (#2651)
dependabot[bot] Feb 19, 2024
d410da0
build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/…
dependabot[bot] Feb 19, 2024
8edc180
build(deps): bump sigs.k8s.io/controller-runtime from 0.17.1 to 0.17.…
dependabot[bot] Feb 19, 2024
a928482
chore: Update Envoy proxy image to envoy:distroless-dev in main (#2640)
davidalger Feb 19, 2024
cf46fbe
chore: remove invalid multiple GatewayClass e2e test (#2655)
cnvergence Feb 19, 2024
579b3b4
bug: fix deletion of all gatewayclasses (#2659)
arkodg Feb 20, 2024
5e78542
fix: match mergedGateways irKey for ClientTrafficPolicy (#2662)
cnvergence Feb 20, 2024
7ab3da6
Fix: requests not matching defined routes trigger per-route filters (…
zhaohuabing Feb 20, 2024
4c79ef9
api: support retry on in BackendTrafficPolicy (#2657)
guydc Feb 21, 2024
c30d037
feat(translator): implement timeout in ClientTrafficPolicy (#2667)
yaelSchechter Feb 22, 2024
5a0baf0
feat: add all resource type support for `egctl x status` (#2573)
shawnh2 Feb 22, 2024
fc7d6bc
Add suffix for oauth cookies (#2664)
zhaohuabing Feb 22, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
10 changes: 5 additions & 5 deletions .github/workflows/build_and_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ jobs:
- name: Run Coverage Tests
run: make go.test.coverage
- name: Upload coverage to Codecov
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # v3.1.5
with:
fail_ci_if_error: true
files: ./coverage.xml
Expand All @@ -70,7 +70,7 @@ jobs:
run: make build-multiarch PLATFORMS="linux_amd64 linux_arm64"

- name: Upload EG Binaries
uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: envoy-gateway
path: bin/
Expand All @@ -86,7 +86,7 @@ jobs:
- uses: ./tools/github-actions/setup-deps

- name: Download EG Binaries
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with:
name: envoy-gateway
path: bin/
Expand Down Expand Up @@ -114,7 +114,7 @@ jobs:
- uses: ./tools/github-actions/setup-deps

- name: Download EG Binaries
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with:
name: envoy-gateway
path: bin/
Expand All @@ -139,7 +139,7 @@ jobs:
- uses: ./tools/github-actions/setup-deps

- name: Download EG Binaries
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with:
name: envoy-gateway
path: bin/
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,14 +36,14 @@ jobs:
- uses: ./tools/github-actions/setup-deps

- name: Initialize CodeQL
uses: github/codeql-action/init@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
uses: github/codeql-action/init@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3
with:
languages: ${{ matrix.language }}

- name: Autobuild
uses: github/codeql-action/autobuild@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
uses: github/codeql-action/autobuild@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
uses: github/codeql-action/analyze@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3
with:
category: "/language:${{matrix.language}}"
6 changes: 3 additions & 3 deletions .github/workflows/docs.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ jobs:
extended: true

- name: Setup Node
uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.1.0
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.1.0
with:
node-version: '18'

Expand All @@ -59,7 +59,7 @@ jobs:

# Upload docs for GitHub Pages
- name: Upload GitHub Pages artifact
uses: actions/upload-pages-artifact@0252fc4ba7626f0298f0cf00902a25c6afc77fa8 # v3.0.0
uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
with:
# Path of the directory containing the static assets.
path: site/public
Expand All @@ -86,4 +86,4 @@ jobs:
steps:
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@7a9bd943aa5e5175aeb8502edcc6c1c02d398e10 # v4.0.2
uses: actions/deploy-pages@decdde0ac072f6dcbe43649d82d9c635fff5b4e4 # v4.0.4
2 changes: 1 addition & 1 deletion .github/workflows/experimental_conformance.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ jobs:
run: make experimental-conformance

- name: Upload Conformance Report
uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: conformance-report-k8s-${{ matrix.version }}
path: ./test/conformance/conformance-report-k8s-${{ matrix.version }}.yaml
4 changes: 2 additions & 2 deletions .github/workflows/scorecard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,13 +33,13 @@ jobs:
publish_results: true

- name: "Upload artifact"
uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: SARIF file
path: results.sarif
retention-days: 5

- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
uses: github/codeql-action/upload-sarif@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3
with:
sarif_file: results.sarif
2 changes: 2 additions & 0 deletions OWNERS
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,5 @@ reviewers:
- tanujd11
- cnvergence
- shawnh2
- guydc
- liorokman
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Envoy Gateway

[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/envoyproxy/gateway/badge)](https://api.securityscorecards.dev/projects/github.com/envoyproxy/gateway)
[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/envoyproxy/gateway/badge)](https://securityscorecards.dev/viewer/?uri=github.com/envoyproxy/gateway)
[![Build and Test](https://github.com/envoyproxy/gateway/actions/workflows/build_and_test.yaml/badge.svg)](https://github.com/envoyproxy/gateway/actions/workflows/build_and_test.yaml)
[![codecov](https://codecov.io/gh/envoyproxy/gateway/branch/main/graph/badge.svg)](https://codecov.io/gh/envoyproxy/gateway)

Expand Down
17 changes: 16 additions & 1 deletion api/v1alpha1/backendtrafficpolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ const (
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
//
// BackendTrafficPolicy allows the user to configure the behavior of the connection
// between the downstream client and Envoy Proxy listener.
// between the Envoy Proxy listener and the backend service.
type BackendTrafficPolicy struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Expand Down Expand Up @@ -81,6 +81,21 @@ type BackendTrafficPolicySpec struct {
//
// +optional
CircuitBreaker *CircuitBreaker `json:"circuitBreaker,omitempty"`

// Retry provides more advanced usage, allowing users to customize the number of retries, retry fallback strategy, and retry triggering conditions.
// If not set, retry will be disabled.
// +optional
Retry *Retry `json:"retry,omitempty"`

// Timeout settings for the backend connections.
//
// +optional
Timeout *Timeout `json:"timeout,omitempty"`

// The compression config for the http streams.
//
// +optional
Compression []*Compression `json:"compression,omitempty"`
}

// BackendTrafficPolicyStatus defines the state of BackendTrafficPolicy
Expand Down
8 changes: 8 additions & 0 deletions api/v1alpha1/circuitbreaker_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,4 +30,12 @@ type CircuitBreaker struct {
// +kubebuilder:default=1024
// +optional
MaxParallelRequests *int64 `json:"maxParallelRequests,omitempty"`

// The maximum number of requests that Envoy will make over a single connection to the referenced backend defined within a xRoute rule.
// Default: unlimited.
//
// +kubebuilder:validation:Minimum=0
// +kubebuilder:validation:Maximum=4294967295
// +optional
MaxRequestsPerConnection *int64 `json:"maxRequestsPerConnection,omitempty"`
}
103 changes: 97 additions & 6 deletions api/v1alpha1/clienttrafficpolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -53,19 +53,17 @@ type ClientTrafficPolicySpec struct {
//
// +optional
TCPKeepalive *TCPKeepalive `json:"tcpKeepalive,omitempty"`
// SuppressEnvoyHeaders configures the Envoy Router filter to suppress the "x-envoy-'
// headers from both requests and responses.
// By default these headers are added to both requests and responses.
//
// +optional
SuppressEnvoyHeaders *bool `json:"suppressEnvoyHeaders,omitempty"`
// EnableProxyProtocol interprets the ProxyProtocol header and adds the
// Client Address into the X-Forwarded-For header.
// Note Proxy Protocol must be present when this field is set, else the connection
// is closed.
//
// +optional
EnableProxyProtocol *bool `json:"enableProxyProtocol,omitempty"`
// ClientIPDetectionSettings provides configuration for determining the original client IP address for requests.
//
// +optional
ClientIPDetection *ClientIPDetectionSettings `json:"clientIPDetection,omitempty"`
// HTTP3 provides HTTP/3 configuration on the listener.
//
// +optional
Expand All @@ -78,12 +76,105 @@ type ClientTrafficPolicySpec struct {
//
// +optional
Path *PathSettings `json:"path,omitempty"`
// HTTP1 provides HTTP/1 configuration on the listener.
//
// +optional
HTTP1 *HTTP1Settings `json:"http1,omitempty"`
// HeaderSettings provides configuration for header management.
//
// +optional
Headers *HeaderSettings `json:"headers,omitempty"`
// Timeout settings for the client connections.
//
// +optional
Timeout *ClientTimeout `json:"timeout,omitempty"`
}

// HeaderSettings providess configuration options for headers on the listener.
type HeaderSettings struct {
// EnableEnvoyHeaders configures Envoy Proxy to add the "X-Envoy-" headers to requests
// and responses.
// +optional
EnableEnvoyHeaders *bool `json:"enableEnvoyHeaders,omitempty"`
}

// ClientIPDetectionSettings provides configuration for determining the original client IP address for requests.
//
// +kubebuilder:validation:XValidation:rule="!(has(self.xForwardedFor) && has(self.customHeader))",message="customHeader cannot be used in conjunction with xForwardedFor"
type ClientIPDetectionSettings struct {
// XForwardedForSettings provides configuration for using X-Forwarded-For headers for determining the client IP address.
//
// +optional
XForwardedFor *XForwardedForSettings `json:"xForwardedFor,omitempty"`
// CustomHeader provides configuration for determining the client IP address for a request based on
// a trusted custom HTTP header. This uses the the custom_header original IP detection extension.
// Refer to https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/original_ip_detection/custom_header/v3/custom_header.proto
// for more details.
//
// +optional
CustomHeader *CustomHeaderExtensionSettings `json:"customHeader,omitempty"`
}

// XForwardedForSettings provides configuration for using X-Forwarded-For headers for determining the client IP address.
type XForwardedForSettings struct {
// NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP
// headers to trust when determining the origin client's IP address.
// Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for
// for more details.
//
// +optional
NumTrustedHops *uint32 `json:"numTrustedHops,omitempty"`
}

// CustomHeader provides configuration for determining the client IP address for a request based on
// a trusted custom HTTP header. This uses the the custom_header original IP detection extension.
// Refer to https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/original_ip_detection/custom_header/v3/custom_header.proto
// for more details.
type CustomHeaderExtensionSettings struct {
// Name of the header containing the original downstream remote address, if present.
//
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=255
// +kubebuilder:validation:Pattern="^[A-Za-z0-9-]+$"
//
Name string `json:"name"`
// FailClosed is a switch used to control the flow of traffic when client IP detection
// fails. If set to true, the listener will respond with 403 Forbidden when the client
// IP address cannot be determined.
//
// +optional
FailClosed *bool `json:"failClosed,omitempty"`
}

// HTTP3Settings provides HTTP/3 configuration on the listener.
type HTTP3Settings struct {
}

// HTTP1Settings provides HTTP/1 configuration on the listener.
type HTTP1Settings struct {
// EnableTrailers defines if HTTP/1 trailers should be proxied by Envoy.
// +optional
EnableTrailers *bool `json:"enableTrailers,omitempty"`
// PreserveHeaderCase defines if Envoy should preserve the letter case of headers.
// By default, Envoy will lowercase all the headers.
// +optional
PreserveHeaderCase *bool `json:"preserveHeaderCase,omitempty"`
// HTTP10 turns on support for HTTP/1.0 and HTTP/0.9 requests.
// +optional
HTTP10 *HTTP10Settings `json:"http10,omitempty"`
}

// HTTP10Settings provides HTTP/1.0 configuration on the listener.
type HTTP10Settings struct {
// UseDefaultHost defines if the HTTP/1.0 request is missing the Host header,
// then the hostname associated with the listener should be injected into the
// request.
// If this is not set and an HTTP/1.0 request arrives without a host, then
// it will be rejected.
// +optional
UseDefaultHost *bool `json:"useDefaultHost,omitempty"`
}

// ClientTrafficPolicyStatus defines the state of ClientTrafficPolicy
type ClientTrafficPolicyStatus struct {
// Conditions describe the current conditions of the ClientTrafficPolicy.
Expand Down
31 changes: 31 additions & 0 deletions api/v1alpha1/compression_types.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
// Copyright Envoy Gateway Authors
// SPDX-License-Identifier: Apache-2.0
// The full text of the Apache license is available in the LICENSE file at
// the root of the repo.

package v1alpha1

// CompressorType defines the types of compressor library supported by Envoy Gateway.
//
// +kubebuilder:validation:Enum=Gzip
type CompressorType string

// GzipCompressor defines the config for the Gzip compressor.
// The default values can be found here:
// https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/compression/gzip/compressor/v3/gzip.proto#extension-envoy-compression-gzip-compressor
type GzipCompressor struct {
}

// Compression defines the config of enabling compression.
// This can help reduce the bandwidth at the expense of higher CPU.
type Compression struct {
// CompressorType defines the compressor type to use for compression.
//
// +required
Type CompressorType `json:"type"`

// The configuration for GZIP compressor.
//
// +optional
Gzip *GzipCompressor `json:"gzip,omitempty"`
}
11 changes: 7 additions & 4 deletions api/v1alpha1/cors_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,19 +8,22 @@ package v1alpha1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

// Origin is defined by the scheme (protocol), hostname (domain), and port of
// the URL used to access it. The hostname can be “precise” which is just the
// domain name or “wildcard” which is a domain name prefixed with a single
// wildcard label such as “*.example.com”.
// the URL used to access it. The hostname can be "precise" which is just the
// domain name or "wildcard" which is a domain name prefixed with a single
// wildcard label such as "*.example.com".
// In addition to that a single wildcard (with or without scheme) can be
// configured to match any origin.
//
// For example, the following are valid origins:
// - https://foo.example.com
// - https://*.example.com
// - http://foo.example.com:8080
// - http://*.example.com:8080
// - https://*
//
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=253
// +kubebuilder:validation:Pattern=`^https?:\/\/(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(:[0-9]+)?$`
// +kubebuilder:validation:Pattern=`^(\*|https?:\/\/(\*|(\*\.)?(([\w-]+\.?)+)?[\w-]+)(:\d{1,5})?)$`
type Origin string

// CORS defines the configuration for Cross-Origin Resource Sharing (CORS).
Expand Down
17 changes: 8 additions & 9 deletions api/v1alpha1/envoygateway_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -200,9 +200,9 @@ const (
// KubernetesWatchModeTypeNamespaces indicates that the namespace watch mode is used.
KubernetesWatchModeTypeNamespaces = "Namespaces"

// KubernetesWatchModeTypeNamespaceSelectors indicates that namespaceSelectors watch
// KubernetesWatchModeTypeNamespaceSelector indicates that namespaceSelector watch
// mode is used.
KubernetesWatchModeTypeNamespaceSelectors = "NamespaceSelectors"
KubernetesWatchModeTypeNamespaceSelector = "NamespaceSelector"
)

// KubernetesWatchModeType defines the type of KubernetesWatchMode
Expand All @@ -211,22 +211,21 @@ type KubernetesWatchModeType string
// KubernetesWatchMode holds the configuration for which input resources to watch and reconcile.
type KubernetesWatchMode struct {
// Type indicates what watch mode to use. KubernetesWatchModeTypeNamespaces and
// KubernetesWatchModeTypeNamespaceSelectors are currently supported
// KubernetesWatchModeTypeNamespaceSelector are currently supported
// By default, when this field is unset or empty, Envoy Gateway will watch for input namespaced resources
// from all namespaces.
Type KubernetesWatchModeType `json:"type,omitempty"`

// Namespaces holds the list of namespaces that Envoy Gateway will watch for namespaced scoped
// resources such as Gateway, HTTPRoute and Service.
// Note that Envoy Gateway will continue to reconcile relevant cluster scoped resources such as
// GatewayClass that it is linked to. Precisely one of Namespaces and NamespaceSelectors must be set
// GatewayClass that it is linked to. Precisely one of Namespaces and NamespaceSelector must be set.
Namespaces []string `json:"namespaces,omitempty"`

// NamespaceSelectors holds a list of labels that namespaces have to have in order to be watched.
// Note this doesn't set the informer to watch the namespaces with the given labels. Informer still
// watches all namespaces. But the events for objects whois namespce have no given labels
// will be filtered out. Precisely one of Namespaces and NamespaceSelectors must be set
NamespaceSelectors []string `json:"namespaceSelectors,omitempty"`
// NamespaceSelector holds the label selector used to dynamically select namespaces.
// Envoy Gateway will watch for namespaces matching the specified label selector.
// Precisely one of Namespaces and NamespaceSelector must be set.
NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"`
}

// KubernetesDeployMode holds configuration for how to deploy managed resources such as the Envoy Proxy
Expand Down
Loading
Loading