diff --git a/api/v1alpha1/backendtrafficpolicy_types.go b/api/v1alpha1/backendtrafficpolicy_types.go
index a8c39e9dfcce..80e4561507e5 100644
--- a/api/v1alpha1/backendtrafficpolicy_types.go
+++ b/api/v1alpha1/backendtrafficpolicy_types.go
@@ -114,6 +114,11 @@ type BackendTrafficPolicySpec struct {
//
// +optional
DNS *DNS `json:"dns,omitempty"`
+
+ // HTTP2 provides HTTP/2 configuration for backend connections.
+ //
+ // +optional
+ HTTP2 *HTTP2Settings `json:"http2,omitempty"`
}
// +kubebuilder:object:root=true
diff --git a/api/v1alpha1/clienttrafficpolicy_types.go b/api/v1alpha1/clienttrafficpolicy_types.go
index 397535ebf439..347eb9463531 100644
--- a/api/v1alpha1/clienttrafficpolicy_types.go
+++ b/api/v1alpha1/clienttrafficpolicy_types.go
@@ -6,7 +6,6 @@
package v1alpha1
import (
- "k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
)
@@ -289,30 +288,6 @@ type HTTP10Settings struct {
UseDefaultHost *bool `json:"useDefaultHost,omitempty"`
}
-// HTTP2Settings provides HTTP/2 configuration on the listener.
-type HTTP2Settings struct {
- // InitialStreamWindowSize sets the initial window size for HTTP/2 streams.
- // If not set, the default value is 64 KiB(64*1024).
- //
- // +kubebuilder:validation:XValidation:rule="type(self) == string ? self.matches(r\"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\") : type(self) == int",message="initialStreamWindowSize must be of the format \"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\""
- // +optional
- InitialStreamWindowSize *resource.Quantity `json:"initialStreamWindowSize,omitempty"`
-
- // InitialConnectionWindowSize sets the initial window size for HTTP/2 connections.
- // If not set, the default value is 1 MiB.
- //
- // +kubebuilder:validation:XValidation:rule="type(self) == string ? self.matches(r\"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\") : type(self) == int",message="initialConnectionWindowSize must be of the format \"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\""
- // +optional
- InitialConnectionWindowSize *resource.Quantity `json:"initialConnectionWindowSize,omitempty"`
-
- // MaxConcurrentStreams sets the maximum number of concurrent streams allowed per connection.
- // If not set, the default value is 100.
- // +kubebuilder:validation:Minimum=1
- // +kubebuilder:validation:Maximum=2147483647
- // +optional
- MaxConcurrentStreams *uint32 `json:"maxConcurrentStreams,omitempty"`
-}
-
// HealthCheckSettings provides HealthCheck configuration on the HTTP/HTTPS listener.
type HealthCheckSettings struct {
// Path specifies the HTTP path to match on for health check requests.
diff --git a/api/v1alpha1/connection_types.go b/api/v1alpha1/connection_types.go
index 758a22fddc70..ff24c8edd4d0 100644
--- a/api/v1alpha1/connection_types.go
+++ b/api/v1alpha1/connection_types.go
@@ -17,6 +17,7 @@ type ClientConnection struct {
// +optional
ConnectionLimit *ConnectionLimit `json:"connectionLimit,omitempty"`
// BufferLimit provides configuration for the maximum buffer size in bytes for each incoming connection.
+ // BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
// For example, 20Mi, 1Gi, 256Ki etc.
// Note that when the suffix is not provided, the value is interpreted as bytes.
// Default: 32768 bytes.
@@ -24,11 +25,21 @@ type ClientConnection struct {
// +kubebuilder:validation:XValidation:rule="type(self) == string ? self.matches(r\"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\") : type(self) == int",message="bufferLimit must be of the format \"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\""
// +optional
BufferLimit *resource.Quantity `json:"bufferLimit,omitempty"`
+ // SocketBufferLimit provides configuration for the maximum buffer size in bytes for each incoming socket.
+ // SocketBufferLimit applies to socket streaming channel between TCP/IP stacks, it's in kernel space.
+ // For example, 20Mi, 1Gi, 256Ki etc.
+ // Note that when the suffix is not provided, the value is interpreted as bytes.
+ //
+ // +kubebuilder:validation:XValidation:rule="type(self) == string ? self.matches(r\"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\") : type(self) == int",message="socketBufferLimit must be of the format \"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\""
+ // +optional
+ // +notImplementedHide
+ SocketBufferLimit *resource.Quantity `json:"socketBufferLimit,omitempty"`
}
// BackendConnection allows users to configure connection-level settings of backend
type BackendConnection struct {
// BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
+ // BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
// If unspecified, an implementation defined default is applied (32768 bytes).
// For example, 20Mi, 1Gi, 256Ki etc.
// Note: that when the suffix is not provided, the value is interpreted as bytes.
@@ -36,6 +47,16 @@ type BackendConnection struct {
// +kubebuilder:validation:XValidation:rule="type(self) == string ? self.matches(r\"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\") : type(self) == int",message="BufferLimit must be of the format \"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\""
// +optional
BufferLimit *resource.Quantity `json:"bufferLimit,omitempty"`
+ // SocketBufferLimit provides configuration for the maximum buffer size in bytes for each socket
+ // to backend.
+ // SocketBufferLimit applies to socket streaming channel between TCP/IP stacks, it's in kernel space.
+ // For example, 20Mi, 1Gi, 256Ki etc.
+ // Note that when the suffix is not provided, the value is interpreted as bytes.
+ //
+ // +kubebuilder:validation:XValidation:rule="type(self) == string ? self.matches(r\"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\") : type(self) == int",message="socketBufferLimit must be of the format \"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\""
+ // +optional
+ // +notImplementedHide
+ SocketBufferLimit *resource.Quantity `json:"socketBufferLimit,omitempty"`
}
type ConnectionLimit struct {
diff --git a/api/v1alpha1/shared_types.go b/api/v1alpha1/shared_types.go
index 6ad310859bc8..c151fcd8b170 100644
--- a/api/v1alpha1/shared_types.go
+++ b/api/v1alpha1/shared_types.go
@@ -10,6 +10,7 @@ import (
autoscalingv2 "k8s.io/api/autoscaling/v2"
corev1 "k8s.io/api/core/v1"
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+ "k8s.io/apimachinery/pkg/api/resource"
gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
)
@@ -478,3 +479,41 @@ type BackendRef struct {
// A CIDR can be an IPv4 address range such as "192.168.1.0/24" or an IPv6 address range such as "2001:0db8:11a3:09d7::/64".
// +kubebuilder:validation:Pattern=`((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([0-9]+))|((([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))\/([0-9]+))`
type CIDR string
+
+type InvalidMessageAction string
+
+const (
+ InvalidMessageActionTerminateConnection InvalidMessageAction = "TerminateConnection"
+ InvalidMessageActionTerminateStream InvalidMessageAction = "TerminateStream"
+)
+
+// HTTP2Settings provides HTTP/2 configuration for listeners and backends.
+type HTTP2Settings struct {
+ // InitialStreamWindowSize sets the initial window size for HTTP/2 streams.
+ // If not set, the default value is 64 KiB(64*1024).
+ //
+ // +kubebuilder:validation:XValidation:rule="type(self) == string ? self.matches(r\"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\") : type(self) == int",message="initialStreamWindowSize must be of the format \"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\""
+ // +optional
+ InitialStreamWindowSize *resource.Quantity `json:"initialStreamWindowSize,omitempty"`
+
+ // InitialConnectionWindowSize sets the initial window size for HTTP/2 connections.
+ // If not set, the default value is 1 MiB.
+ //
+ // +kubebuilder:validation:XValidation:rule="type(self) == string ? self.matches(r\"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\") : type(self) == int",message="initialConnectionWindowSize must be of the format \"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\""
+ // +optional
+ InitialConnectionWindowSize *resource.Quantity `json:"initialConnectionWindowSize,omitempty"`
+
+ // MaxConcurrentStreams sets the maximum number of concurrent streams allowed per connection.
+ // If not set, the default value is 100.
+ // +kubebuilder:validation:Minimum=1
+ // +kubebuilder:validation:Maximum=2147483647
+ // +optional
+ MaxConcurrentStreams *uint32 `json:"maxConcurrentStreams,omitempty"`
+
+ // OnInvalidMessage determines if Envoy will terminate the connection or just the offending stream in the event of HTTP messaging error
+ // It's recommended for L2 Envoy deployments to set this value to TerminateStream.
+ // https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/level_two
+ // Default: TerminateConnection
+ // +optional
+ OnInvalidMessage *InvalidMessageAction `json:"onInvalidMessage,omitempty"`
+}
diff --git a/api/v1alpha1/validation/envoygateway_validate.go b/api/v1alpha1/validation/envoygateway_validate.go
index 91d61bcc80d2..8d7c97dc94ae 100644
--- a/api/v1alpha1/validation/envoygateway_validate.go
+++ b/api/v1alpha1/validation/envoygateway_validate.go
@@ -6,115 +6,172 @@
package validation
import (
- "errors"
"fmt"
"net/url"
- gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
-
egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
)
// ValidateEnvoyGateway validates the provided EnvoyGateway.
func ValidateEnvoyGateway(eg *egv1a1.EnvoyGateway) error {
- switch {
- case eg == nil:
- return errors.New("envoy gateway config is unspecified")
- case eg.Gateway == nil:
- return errors.New("gateway is unspecified")
- case len(eg.Gateway.ControllerName) == 0:
- return errors.New("gateway controllerName is unspecified")
- case eg.Provider == nil:
- return errors.New("provider is unspecified")
- case eg.Provider.Type != egv1a1.ProviderTypeKubernetes:
- return fmt.Errorf("unsupported provider %v", eg.Provider.Type)
- case eg.Provider.Kubernetes != nil && eg.Provider.Kubernetes.Watch != nil:
- watch := eg.Provider.Kubernetes.Watch
- switch watch.Type {
- case egv1a1.KubernetesWatchModeTypeNamespaces:
- if len(watch.Namespaces) == 0 {
- return errors.New("namespaces should be specified when envoy gateway watch mode is 'Namespaces'")
- }
- case egv1a1.KubernetesWatchModeTypeNamespaceSelector:
- if watch.NamespaceSelector == nil {
- return errors.New("namespaceSelector should be specified when envoy gateway watch mode is 'NamespaceSelector'")
- }
- default:
- return errors.New("envoy gateway watch mode invalid, should be 'Namespaces' or 'NamespaceSelector'")
- }
- case eg.Logging != nil && len(eg.Logging.Level) != 0:
- level := eg.Logging.Level
- for component, logLevel := range level {
- switch component {
- case egv1a1.LogComponentGatewayDefault,
- egv1a1.LogComponentProviderRunner,
- egv1a1.LogComponentGatewayAPIRunner,
- egv1a1.LogComponentXdsTranslatorRunner,
- egv1a1.LogComponentXdsServerRunner,
- egv1a1.LogComponentInfrastructureRunner,
- egv1a1.LogComponentGlobalRateLimitRunner:
- switch logLevel {
- case egv1a1.LogLevelDebug, egv1a1.LogLevelError, egv1a1.LogLevelWarn, egv1a1.LogLevelInfo:
- default:
- return errors.New("envoy gateway logging level invalid. valid options: info/debug/warn/error")
- }
- default:
- return errors.New("envoy gateway logging components invalid. valid options: system/provider/gateway-api/xds-translator/xds-server/infrastructure")
- }
- }
- case eg.RateLimit != nil:
- if eg.RateLimit.Backend.Type != egv1a1.RedisBackendType {
- return fmt.Errorf("unsupported ratelimit backend %v", eg.RateLimit.Backend.Type)
- }
- if eg.RateLimit.Backend.Redis == nil || eg.RateLimit.Backend.Redis.URL == "" {
- return fmt.Errorf("empty ratelimit redis settings")
+ if eg == nil {
+ return fmt.Errorf("envoy gateway config is unspecified")
+ }
+
+ if eg.Gateway == nil {
+ return fmt.Errorf("gateway is unspecified")
+ }
+
+ if len(eg.Gateway.ControllerName) == 0 {
+ return fmt.Errorf("gateway controllerName is unspecified")
+ }
+
+ if eg.Provider == nil {
+ return fmt.Errorf("provider is unspecified")
+ }
+
+ switch eg.Provider.Type {
+ case egv1a1.ProviderTypeKubernetes:
+ if err := validateEnvoyGatewayKubernetesProvider(eg.Provider.Kubernetes); err != nil {
+ return err
}
- if _, err := url.Parse(eg.RateLimit.Backend.Redis.URL); err != nil {
- return fmt.Errorf("unknown ratelimit redis url format: %w", err)
+ default:
+ return fmt.Errorf("unsupported provider type")
+ }
+
+ if err := validateEnvoyGatewayLogging(eg.Logging); err != nil {
+ return err
+ }
+
+ if err := validateEnvoyGatewayRateLimit(eg.RateLimit); err != nil {
+ return err
+ }
+
+ if err := validateEnvoyGatewayExtensionManager(eg.ExtensionManager); err != nil {
+ return err
+ }
+
+ if err := validateEnvoyGatewayTelemetry(eg.Telemetry); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func validateEnvoyGatewayKubernetesProvider(provider *egv1a1.EnvoyGatewayKubernetesProvider) error {
+ if provider == nil || provider.Watch == nil {
+ return nil
+ }
+
+ watch := provider.Watch
+ switch watch.Type {
+ case egv1a1.KubernetesWatchModeTypeNamespaces:
+ if len(watch.Namespaces) == 0 {
+ return fmt.Errorf("namespaces should be specified when envoy gateway watch mode is 'Namespaces'")
}
- case eg.ExtensionManager != nil:
- if eg.ExtensionManager.Hooks == nil || eg.ExtensionManager.Hooks.XDSTranslator == nil {
- return fmt.Errorf("registered extension has no hooks specified")
+ case egv1a1.KubernetesWatchModeTypeNamespaceSelector:
+ if watch.NamespaceSelector == nil {
+ return fmt.Errorf("namespaceSelector should be specified when envoy gateway watch mode is 'NamespaceSelector'")
}
+ default:
+ return fmt.Errorf("envoy gateway watch mode invalid, should be 'Namespaces' or 'NamespaceSelector'")
+ }
+ return nil
+}
- if len(eg.ExtensionManager.Hooks.XDSTranslator.Pre) == 0 && len(eg.ExtensionManager.Hooks.XDSTranslator.Post) == 0 {
- return fmt.Errorf("registered extension has no hooks specified")
- }
+func validateEnvoyGatewayLogging(logging *egv1a1.EnvoyGatewayLogging) error {
+ if logging == nil || len(logging.Level) == 0 {
+ return nil
+ }
- if eg.ExtensionManager.Service == nil {
- return fmt.Errorf("extension service config is empty")
+ for component, logLevel := range logging.Level {
+ switch component {
+ case egv1a1.LogComponentGatewayDefault,
+ egv1a1.LogComponentProviderRunner,
+ egv1a1.LogComponentGatewayAPIRunner,
+ egv1a1.LogComponentXdsTranslatorRunner,
+ egv1a1.LogComponentXdsServerRunner,
+ egv1a1.LogComponentInfrastructureRunner,
+ egv1a1.LogComponentGlobalRateLimitRunner:
+ switch logLevel {
+ case egv1a1.LogLevelDebug, egv1a1.LogLevelError, egv1a1.LogLevelWarn, egv1a1.LogLevelInfo:
+ default:
+ return fmt.Errorf("envoy gateway logging level invalid. valid options: info/debug/warn/error")
+ }
+ default:
+ return fmt.Errorf("envoy gateway logging components invalid. valid options: system/provider/gateway-api/xds-translator/xds-server/infrastructure")
}
+ }
+ return nil
+}
- switch {
- case eg.ExtensionManager.Service.Host == "" && eg.ExtensionManager.Service.FQDN == nil && eg.ExtensionManager.Service.Unix == nil && eg.ExtensionManager.Service.IP == nil:
- return fmt.Errorf("extension service must contain a configured target")
+func validateEnvoyGatewayRateLimit(rateLimit *egv1a1.RateLimit) error {
+ if rateLimit == nil {
+ return nil
+ }
+ if rateLimit.Backend.Type != egv1a1.RedisBackendType {
+ return fmt.Errorf("unsupported ratelimit backend %v", rateLimit.Backend.Type)
+ }
+ if rateLimit.Backend.Redis == nil || rateLimit.Backend.Redis.URL == "" {
+ return fmt.Errorf("empty ratelimit redis settings")
+ }
+ if _, err := url.Parse(rateLimit.Backend.Redis.URL); err != nil {
+ return fmt.Errorf("unknown ratelimit redis url format: %w", err)
+ }
+ return nil
+}
- case eg.ExtensionManager.Service.FQDN != nil && (eg.ExtensionManager.Service.IP != nil || eg.ExtensionManager.Service.Unix != nil || eg.ExtensionManager.Service.Host != ""),
- eg.ExtensionManager.Service.IP != nil && (eg.ExtensionManager.Service.FQDN != nil || eg.ExtensionManager.Service.Unix != nil || eg.ExtensionManager.Service.Host != ""),
- eg.ExtensionManager.Service.Unix != nil && (eg.ExtensionManager.Service.IP != nil || eg.ExtensionManager.Service.FQDN != nil || eg.ExtensionManager.Service.Host != ""):
+func validateEnvoyGatewayExtensionManager(extensionManager *egv1a1.ExtensionManager) error {
+ if extensionManager == nil {
+ return nil
+ }
- return fmt.Errorf("only one backend target can be configured for the extension manager")
+ if extensionManager.Hooks == nil || extensionManager.Hooks.XDSTranslator == nil {
+ return fmt.Errorf("registered extension has no hooks specified")
+ }
- }
+ if len(extensionManager.Hooks.XDSTranslator.Pre) == 0 && len(extensionManager.Hooks.XDSTranslator.Post) == 0 {
+ return fmt.Errorf("registered extension has no hooks specified")
+ }
- if eg.ExtensionManager.Service.TLS != nil {
- certificateRefKind := eg.ExtensionManager.Service.TLS.CertificateRef.Kind
+ if extensionManager.Service == nil {
+ return fmt.Errorf("extension service config is empty")
+ }
- if certificateRefKind == nil {
- return fmt.Errorf("certificateRef empty in extension service server TLS settings")
- }
+ switch {
+ case extensionManager.Service.Host == "" && extensionManager.Service.FQDN == nil && extensionManager.Service.Unix == nil && extensionManager.Service.IP == nil:
+ return fmt.Errorf("extension service must contain a configured target")
- if *certificateRefKind != gwapiv1.Kind("Secret") {
- return fmt.Errorf("unsupported extension server TLS certificateRef %v", certificateRefKind)
- }
+ case extensionManager.Service.FQDN != nil && (extensionManager.Service.IP != nil || extensionManager.Service.Unix != nil || extensionManager.Service.Host != ""),
+ extensionManager.Service.IP != nil && (extensionManager.Service.FQDN != nil || extensionManager.Service.Unix != nil || extensionManager.Service.Host != ""),
+ extensionManager.Service.Unix != nil && (extensionManager.Service.IP != nil || extensionManager.Service.FQDN != nil || extensionManager.Service.Host != ""):
+ return fmt.Errorf("only one backend target can be configured for the extension manager")
+ }
+
+ if extensionManager.Service.TLS != nil {
+ certificateRefKind := extensionManager.Service.TLS.CertificateRef.Kind
+
+ if certificateRefKind == nil {
+ return fmt.Errorf("certificateRef empty in extension service server TLS settings")
}
- case eg.Telemetry != nil:
- if eg.Telemetry.Metrics != nil {
- for _, sink := range eg.Telemetry.Metrics.Sinks {
- if sink.Type == egv1a1.MetricSinkTypeOpenTelemetry {
- if sink.OpenTelemetry == nil {
- return fmt.Errorf("OpenTelemetry is required when sink Type is OpenTelemetry")
- }
+
+ if *certificateRefKind != "Secret" {
+ return fmt.Errorf("unsupported extension server TLS certificateRef %v", certificateRefKind)
+ }
+ }
+ return nil
+}
+
+func validateEnvoyGatewayTelemetry(telemetry *egv1a1.EnvoyGatewayTelemetry) error {
+ if telemetry == nil {
+ return nil
+ }
+
+ if telemetry.Metrics != nil {
+ for _, sink := range telemetry.Metrics.Sinks {
+ if sink.Type == egv1a1.MetricSinkTypeOpenTelemetry {
+ if sink.OpenTelemetry == nil {
+ return fmt.Errorf("OpenTelemetry is required when sink Type is OpenTelemetry")
}
}
}
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
index e6c4da29aeee..b5bac63fc50c 100644
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@@ -260,6 +260,11 @@ func (in *BackendConnection) DeepCopyInto(out *BackendConnection) {
x := (*in).DeepCopy()
*out = &x
}
+ if in.SocketBufferLimit != nil {
+ in, out := &in.SocketBufferLimit, &out.SocketBufferLimit
+ x := (*in).DeepCopy()
+ *out = &x
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendConnection.
@@ -574,6 +579,11 @@ func (in *BackendTrafficPolicySpec) DeepCopyInto(out *BackendTrafficPolicySpec)
*out = new(DNS)
(*in).DeepCopyInto(*out)
}
+ if in.HTTP2 != nil {
+ in, out := &in.HTTP2, &out.HTTP2
+ *out = new(HTTP2Settings)
+ (*in).DeepCopyInto(*out)
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendTrafficPolicySpec.
@@ -715,6 +725,11 @@ func (in *ClientConnection) DeepCopyInto(out *ClientConnection) {
x := (*in).DeepCopy()
*out = &x
}
+ if in.SocketBufferLimit != nil {
+ in, out := &in.SocketBufferLimit, &out.SocketBufferLimit
+ x := (*in).DeepCopy()
+ *out = &x
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientConnection.
@@ -2448,6 +2463,11 @@ func (in *HTTP2Settings) DeepCopyInto(out *HTTP2Settings) {
*out = new(uint32)
**out = **in
}
+ if in.OnInvalidMessage != nil {
+ in, out := &in.OnInvalidMessage, &out.OnInvalidMessage
+ *out = new(InvalidMessageAction)
+ **out = **in
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTP2Settings.
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml
index 2ddf8c841cca..d94bd0fa0d33 100644
--- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml
+++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml
@@ -128,6 +128,7 @@ spec:
- type: string
description: |-
BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
+ BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
If unspecified, an implementation defined default is applied (32768 bytes).
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
@@ -137,6 +138,22 @@ spec:
- message: BufferLimit must be of the format "^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$"
rule: 'type(self) == string ? self.matches(r"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$")
: type(self) == int'
+ socketBufferLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ SocketBufferLimit provides configuration for the maximum buffer size in bytes for each socket
+ to backend.
+ SocketBufferLimit applies to socket streaming channel between TCP/IP stacks, it's in kernel space.
+ For example, 20Mi, 1Gi, 256Ki etc.
+ Note that when the suffix is not provided, the value is interpreted as bytes.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ x-kubernetes-validations:
+ - message: socketBufferLimit must be of the format "^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$"
+ rule: 'type(self) == string ? self.matches(r"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$")
+ : type(self) == int'
type: object
dns:
description: DNS includes dns resolution settings.
@@ -436,6 +453,51 @@ spec:
type: boolean
type: object
type: object
+ http2:
+ description: HTTP2 provides HTTP/2 configuration for backend connections.
+ properties:
+ initialConnectionWindowSize:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ InitialConnectionWindowSize sets the initial window size for HTTP/2 connections.
+ If not set, the default value is 1 MiB.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ x-kubernetes-validations:
+ - message: initialConnectionWindowSize must be of the format "^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$"
+ rule: 'type(self) == string ? self.matches(r"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$")
+ : type(self) == int'
+ initialStreamWindowSize:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ InitialStreamWindowSize sets the initial window size for HTTP/2 streams.
+ If not set, the default value is 64 KiB(64*1024).
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ x-kubernetes-validations:
+ - message: initialStreamWindowSize must be of the format "^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$"
+ rule: 'type(self) == string ? self.matches(r"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$")
+ : type(self) == int'
+ maxConcurrentStreams:
+ description: |-
+ MaxConcurrentStreams sets the maximum number of concurrent streams allowed per connection.
+ If not set, the default value is 100.
+ format: int32
+ maximum: 2147483647
+ minimum: 1
+ type: integer
+ onInvalidMessage:
+ description: |-
+ OnInvalidMessage determines if Envoy will terminate the connection or just the offending stream in the event of HTTP messaging error
+ It's recommended for L2 Envoy deployments to set this value to TerminateStream.
+ https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/level_two
+ Default: TerminateConnection
+ type: string
+ type: object
loadBalancer:
description: |-
LoadBalancer policy to apply when routing traffic from the gateway to
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
index 48cfb9f3aad2..43443bf28cc3 100644
--- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
+++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
@@ -103,6 +103,7 @@ spec:
- type: string
description: |-
BufferLimit provides configuration for the maximum buffer size in bytes for each incoming connection.
+ BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
For example, 20Mi, 1Gi, 256Ki etc.
Note that when the suffix is not provided, the value is interpreted as bytes.
Default: 32768 bytes.
@@ -131,6 +132,21 @@ spec:
minimum: 0
type: integer
type: object
+ socketBufferLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ SocketBufferLimit provides configuration for the maximum buffer size in bytes for each incoming socket.
+ SocketBufferLimit applies to socket streaming channel between TCP/IP stacks, it's in kernel space.
+ For example, 20Mi, 1Gi, 256Ki etc.
+ Note that when the suffix is not provided, the value is interpreted as bytes.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ x-kubernetes-validations:
+ - message: socketBufferLimit must be of the format "^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$"
+ rule: 'type(self) == string ? self.matches(r"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$")
+ : type(self) == int'
type: object
enableProxyProtocol:
description: |-
@@ -300,6 +316,13 @@ spec:
maximum: 2147483647
minimum: 1
type: integer
+ onInvalidMessage:
+ description: |-
+ OnInvalidMessage determines if Envoy will terminate the connection or just the offending stream in the event of HTTP messaging error
+ It's recommended for L2 Envoy deployments to set this value to TerminateStream.
+ https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/level_two
+ Default: TerminateConnection
+ type: string
type: object
http3:
description: HTTP3 provides HTTP/3 configuration on the listener.
diff --git a/go.mod b/go.mod
index 21c1953f3d3f..e66adb8a3db9 100644
--- a/go.mod
+++ b/go.mod
@@ -21,7 +21,7 @@ require (
github.com/go-logr/zapr v1.3.0
github.com/gogo/protobuf v1.3.2
github.com/golang/protobuf v1.5.4
- github.com/google/cel-go v0.20.1
+ github.com/google/cel-go v0.21.0
github.com/google/go-cmp v0.6.0
github.com/google/go-containerregistry v0.20.1
github.com/grafana/tempo v1.5.0
diff --git a/go.sum b/go.sum
index 6328c42f3794..ed3fe16fab66 100644
--- a/go.sum
+++ b/go.sum
@@ -597,8 +597,8 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
-github.com/google/cel-go v0.20.1 h1:nDx9r8S3L4pE61eDdt8igGj8rf5kjYR3ILxWIpWNi84=
-github.com/google/cel-go v0.20.1/go.mod h1:kWcIzTsPX0zmQ+H3TirHstLLf9ep5QTsZBN9u4dOYLg=
+github.com/google/cel-go v0.21.0 h1:cl6uW/gxN+Hy50tNYvI691+sXxioCnstFzLp2WO4GCI=
+github.com/google/cel-go v0.21.0/go.mod h1:rHUlWCcBKgyEk+eV03RPdZUekPp6YcJwV0FxuUksYxc=
github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
diff --git a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml
index 86df2f9de4c9..4f2d2892174f 100644
--- a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml
+++ b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml
@@ -804,7 +804,9 @@ xds:
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
- cluster:
'@type': type.googleapis.com/envoy.config.cluster.v3.Cluster
circuitBreakers:
@@ -918,7 +920,7 @@ xds:
resourceApiVersion: V3
routeConfigName: default/eg/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: default/eg/http
drainType: MODIFY_ONLY
@@ -986,7 +988,7 @@ xds:
resourceApiVersion: V3
routeConfigName: default/eg/grpc
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-8080
useRemoteAddress: true
name: default/eg/grpc
drainType: MODIFY_ONLY
@@ -1028,7 +1030,7 @@ xds:
{"start_time":"%START_TIME%","method":"%REQ(:METHOD)%","x-envoy-origin-path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","response_code_details":"%RESPONSE_CODE_DETAILS%","connection_termination_details":"%CONNECTION_TERMINATION_DETAILS%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","duration":"%DURATION%","x-envoy-upstream-service-time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","x-forwarded-for":"%REQ(X-FORWARDED-FOR)%","user-agent":"%REQ(USER-AGENT)%","x-request-id":"%REQ(X-REQUEST-ID)%",":authority":"%REQ(:AUTHORITY)%","upstream_host":"%UPSTREAM_HOST%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","requested_server_name":"%REQUESTED_SERVER_NAME%","route_name":"%ROUTE_NAME%"}
path: /dev/stdout
cluster: tcproute/default/backend/rule/-1
- statPrefix: tcp
+ statPrefix: tcp-1234
name: tcproute/default/backend
name: default/eg/tcp
perConnectionBufferLimitBytes: 32768
@@ -1071,7 +1073,7 @@ xds:
{"start_time":"%START_TIME%","method":"%REQ(:METHOD)%","x-envoy-origin-path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","response_code_details":"%RESPONSE_CODE_DETAILS%","connection_termination_details":"%CONNECTION_TERMINATION_DETAILS%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","duration":"%DURATION%","x-envoy-upstream-service-time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","x-forwarded-for":"%REQ(X-FORWARDED-FOR)%","user-agent":"%REQ(USER-AGENT)%","x-request-id":"%REQ(X-REQUEST-ID)%",":authority":"%REQ(:AUTHORITY)%","upstream_host":"%UPSTREAM_HOST%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","requested_server_name":"%REQUESTED_SERVER_NAME%","route_name":"%ROUTE_NAME%"}
path: /dev/stdout
cluster: tlsroute/default/backend/rule/-1
- statPrefix: passthrough
+ statPrefix: tls-passthrough-8443
name: tlsroute/default/backend
listenerFilters:
- name: envoy.filters.listener.tls_inspector
diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json
index 14d29a32be20..aa5af9908071 100644
--- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json
+++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json
@@ -504,7 +504,10 @@
"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
"@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
"explicitHttpConfig": {
- "http2ProtocolOptions": {}
+ "http2ProtocolOptions": {
+ "initialConnectionWindowSize": 1048576,
+ "initialStreamWindowSize": 65536
+ }
}
}
}
@@ -681,7 +684,7 @@
"routeConfigName": "default/eg/http"
},
"serverHeaderTransformation": "PASS_THROUGH",
- "statPrefix": "http",
+ "statPrefix": "http-10080",
"useRemoteAddress": true
}
}
@@ -787,7 +790,7 @@
"routeConfigName": "default/eg/grpc"
},
"serverHeaderTransformation": "PASS_THROUGH",
- "statPrefix": "http",
+ "statPrefix": "http-8080",
"useRemoteAddress": true
}
}
@@ -854,7 +857,7 @@
}
],
"cluster": "tcproute/default/backend/rule/-1",
- "statPrefix": "tcp"
+ "statPrefix": "tcp-1234"
}
}
],
@@ -925,7 +928,7 @@
}
],
"cluster": "tlsroute/default/backend/rule/-1",
- "statPrefix": "passthrough"
+ "statPrefix": "tls-passthrough-8443"
}
}
],
diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml
index a8fb322e28b0..1c53aef7e900 100644
--- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml
+++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml
@@ -285,7 +285,9 @@ xds:
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
- cluster:
'@type': type.googleapis.com/envoy.config.cluster.v3.Cluster
circuitBreakers:
@@ -399,7 +401,7 @@ xds:
resourceApiVersion: V3
routeConfigName: default/eg/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: default/eg/http
drainType: MODIFY_ONLY
@@ -467,7 +469,7 @@ xds:
resourceApiVersion: V3
routeConfigName: default/eg/grpc
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-8080
useRemoteAddress: true
name: default/eg/grpc
drainType: MODIFY_ONLY
@@ -509,7 +511,7 @@ xds:
{"start_time":"%START_TIME%","method":"%REQ(:METHOD)%","x-envoy-origin-path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","response_code_details":"%RESPONSE_CODE_DETAILS%","connection_termination_details":"%CONNECTION_TERMINATION_DETAILS%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","duration":"%DURATION%","x-envoy-upstream-service-time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","x-forwarded-for":"%REQ(X-FORWARDED-FOR)%","user-agent":"%REQ(USER-AGENT)%","x-request-id":"%REQ(X-REQUEST-ID)%",":authority":"%REQ(:AUTHORITY)%","upstream_host":"%UPSTREAM_HOST%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","requested_server_name":"%REQUESTED_SERVER_NAME%","route_name":"%ROUTE_NAME%"}
path: /dev/stdout
cluster: tcproute/default/backend/rule/-1
- statPrefix: tcp
+ statPrefix: tcp-1234
name: tcproute/default/backend
name: default/eg/tcp
perConnectionBufferLimitBytes: 32768
@@ -552,7 +554,7 @@ xds:
{"start_time":"%START_TIME%","method":"%REQ(:METHOD)%","x-envoy-origin-path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","response_code_details":"%RESPONSE_CODE_DETAILS%","connection_termination_details":"%CONNECTION_TERMINATION_DETAILS%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","duration":"%DURATION%","x-envoy-upstream-service-time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","x-forwarded-for":"%REQ(X-FORWARDED-FOR)%","user-agent":"%REQ(USER-AGENT)%","x-request-id":"%REQ(X-REQUEST-ID)%",":authority":"%REQ(:AUTHORITY)%","upstream_host":"%UPSTREAM_HOST%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","requested_server_name":"%REQUESTED_SERVER_NAME%","route_name":"%ROUTE_NAME%"}
path: /dev/stdout
cluster: tlsroute/default/backend/rule/-1
- statPrefix: passthrough
+ statPrefix: tls-passthrough-8443
name: tlsroute/default/backend
listenerFilters:
- name: envoy.filters.listener.tls_inspector
diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.cluster.yaml b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.cluster.yaml
index 3d9bce8ad213..c9f782804a46 100644
--- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.cluster.yaml
+++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.cluster.yaml
@@ -44,7 +44,9 @@ xds:
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
- cluster:
'@type': type.googleapis.com/envoy.config.cluster.v3.Cluster
circuitBreakers:
diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.listener.yaml b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.listener.yaml
index c151e22c7ccb..5a0c626162a8 100644
--- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.listener.yaml
+++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.listener.yaml
@@ -56,7 +56,7 @@ xds:
resourceApiVersion: V3
routeConfigName: default/eg/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: default/eg/http
drainType: MODIFY_ONLY
@@ -124,7 +124,7 @@ xds:
resourceApiVersion: V3
routeConfigName: default/eg/grpc
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-8080
useRemoteAddress: true
name: default/eg/grpc
drainType: MODIFY_ONLY
@@ -166,7 +166,7 @@ xds:
{"start_time":"%START_TIME%","method":"%REQ(:METHOD)%","x-envoy-origin-path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","response_code_details":"%RESPONSE_CODE_DETAILS%","connection_termination_details":"%CONNECTION_TERMINATION_DETAILS%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","duration":"%DURATION%","x-envoy-upstream-service-time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","x-forwarded-for":"%REQ(X-FORWARDED-FOR)%","user-agent":"%REQ(USER-AGENT)%","x-request-id":"%REQ(X-REQUEST-ID)%",":authority":"%REQ(:AUTHORITY)%","upstream_host":"%UPSTREAM_HOST%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","requested_server_name":"%REQUESTED_SERVER_NAME%","route_name":"%ROUTE_NAME%"}
path: /dev/stdout
cluster: tcproute/default/backend/rule/-1
- statPrefix: tcp
+ statPrefix: tcp-1234
name: tcproute/default/backend
name: default/eg/tcp
perConnectionBufferLimitBytes: 32768
@@ -209,7 +209,7 @@ xds:
{"start_time":"%START_TIME%","method":"%REQ(:METHOD)%","x-envoy-origin-path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","response_code_details":"%RESPONSE_CODE_DETAILS%","connection_termination_details":"%CONNECTION_TERMINATION_DETAILS%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","duration":"%DURATION%","x-envoy-upstream-service-time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","x-forwarded-for":"%REQ(X-FORWARDED-FOR)%","user-agent":"%REQ(USER-AGENT)%","x-request-id":"%REQ(X-REQUEST-ID)%",":authority":"%REQ(:AUTHORITY)%","upstream_host":"%UPSTREAM_HOST%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","requested_server_name":"%REQUESTED_SERVER_NAME%","route_name":"%ROUTE_NAME%"}
path: /dev/stdout
cluster: tlsroute/default/backend/rule/-1
- statPrefix: passthrough
+ statPrefix: tls-passthrough-8443
name: tlsroute/default/backend
listenerFilters:
- name: envoy.filters.listener.tls_inspector
diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json
index 3d786413e600..f58e4d6932f9 100644
--- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json
+++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json
@@ -537,7 +537,7 @@
"routeConfigName": "envoy-gateway-system/eg/http"
},
"serverHeaderTransformation": "PASS_THROUGH",
- "statPrefix": "http",
+ "statPrefix": "http-10080",
"useRemoteAddress": true
}
}
diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml
index 9f54fcc5d1bc..121d5b6e16e6 100644
--- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml
+++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml
@@ -317,7 +317,7 @@ xds:
resourceApiVersion: V3
routeConfigName: envoy-gateway-system/eg/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway-system/eg/http
drainType: MODIFY_ONLY
diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml
index 3d2efd91270c..692be7fec9eb 100644
--- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml
+++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml
@@ -73,7 +73,7 @@ xds:
resourceApiVersion: V3
routeConfigName: envoy-gateway-system/eg/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway-system/eg/http
drainType: MODIFY_ONLY
diff --git a/internal/cmd/egctl/testdata/translate/out/no-service-cluster-ip.all.yaml b/internal/cmd/egctl/testdata/translate/out/no-service-cluster-ip.all.yaml
index 73ea76b01e60..854b6b3388b6 100644
--- a/internal/cmd/egctl/testdata/translate/out/no-service-cluster-ip.all.yaml
+++ b/internal/cmd/egctl/testdata/translate/out/no-service-cluster-ip.all.yaml
@@ -262,7 +262,7 @@ xds:
resourceApiVersion: V3
routeConfigName: envoy-gateway-system/eg/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway-system/eg/http
drainType: MODIFY_ONLY
diff --git a/internal/gatewayapi/backendtrafficpolicy.go b/internal/gatewayapi/backendtrafficpolicy.go
index 65d4404dfb91..120918a8f6a0 100644
--- a/internal/gatewayapi/backendtrafficpolicy.go
+++ b/internal/gatewayapi/backendtrafficpolicy.go
@@ -296,6 +296,7 @@ func (t *Translator) translateBackendTrafficPolicyForRoute(policy *egv1a1.Backen
rt *ir.Retry
bc *ir.BackendConnection
ds *ir.DNS
+ h2 *ir.HTTP2Settings
err, errs error
)
@@ -350,6 +351,13 @@ func (t *Translator) translateBackendTrafficPolicyForRoute(policy *egv1a1.Backen
}
}
+ if policy.Spec.HTTP2 != nil {
+ if h2, err = buildIRHTTP2Settings(policy.Spec.HTTP2); err != nil {
+ err = perr.WithMessage(err, "HTTP2")
+ errs = errors.Join(errs, err)
+ }
+ }
+
if policy.Spec.DNS != nil {
ds = t.translateDNS(policy)
}
@@ -405,6 +413,7 @@ func (t *Translator) translateBackendTrafficPolicyForRoute(policy *egv1a1.Backen
TCPKeepalive: ka,
Retry: rt,
BackendConnection: bc,
+ HTTP2: h2,
}
r.DNS = ds
@@ -441,6 +450,7 @@ func (t *Translator) translateBackendTrafficPolicyForGateway(policy *egv1a1.Back
ka *ir.TCPKeepalive
rt *ir.Retry
ds *ir.DNS
+ h2 *ir.HTTP2Settings
err, errs error
)
@@ -487,6 +497,12 @@ func (t *Translator) translateBackendTrafficPolicyForGateway(policy *egv1a1.Back
errs = errors.Join(errs, err)
}
}
+ if policy.Spec.HTTP2 != nil {
+ if h2, err = buildIRHTTP2Settings(policy.Spec.HTTP2); err != nil {
+ err = perr.WithMessage(err, "HTTP2")
+ errs = errors.Join(errs, err)
+ }
+ }
if policy.Spec.DNS != nil {
ds = t.translateDNS(policy)
@@ -587,6 +603,7 @@ func (t *Translator) translateBackendTrafficPolicyForGateway(policy *egv1a1.Back
FaultInjection: fi,
TCPKeepalive: ka,
Retry: rt,
+ HTTP2: h2,
}
if r.DNS == nil {
diff --git a/internal/gatewayapi/clienttrafficpolicy.go b/internal/gatewayapi/clienttrafficpolicy.go
index 8462a0545c06..1d7e8e89a84d 100644
--- a/internal/gatewayapi/clienttrafficpolicy.go
+++ b/internal/gatewayapi/clienttrafficpolicy.go
@@ -28,11 +28,7 @@ import (
const (
// Use an invalid string to represent all sections (listeners) within a Gateway
- AllSections = "/"
- MinHTTP2InitialStreamWindowSize = 65535 // https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-http2protocoloptions-initial-stream-window-size
- MaxHTTP2InitialStreamWindowSize = 2147483647 // https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-http2protocoloptions-initial-stream-window-size
- MinHTTP2InitialConnectionWindowSize = MinHTTP2InitialStreamWindowSize
- MaxHTTP2InitialConnectionWindowSize = MaxHTTP2InitialStreamWindowSize
+ AllSections = "/"
)
func hasSectionName(target *gwapiv1a2.LocalPolicyTargetReferenceWithSectionName) bool {
diff --git a/internal/gatewayapi/http.go b/internal/gatewayapi/http.go
new file mode 100644
index 000000000000..95b0cd6310e4
--- /dev/null
+++ b/internal/gatewayapi/http.go
@@ -0,0 +1,73 @@
+// Copyright Envoy Gateway Authors
+// SPDX-License-Identifier: Apache-2.0
+// The full text of the Apache license is available in the LICENSE file at
+// the root of the repo.
+
+package gatewayapi
+
+import (
+ "errors"
+ "fmt"
+
+ "k8s.io/utils/ptr"
+
+ egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
+ "github.com/envoyproxy/gateway/internal/ir"
+)
+
+const (
+ MinHTTP2InitialStreamWindowSize = 65535 // https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-http2protocoloptions-initial-stream-window-size
+ MaxHTTP2InitialStreamWindowSize = 2147483647 // https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-http2protocoloptions-initial-stream-window-size
+ MinHTTP2InitialConnectionWindowSize = MinHTTP2InitialStreamWindowSize
+ MaxHTTP2InitialConnectionWindowSize = MaxHTTP2InitialStreamWindowSize
+)
+
+func buildIRHTTP2Settings(http2Settings *egv1a1.HTTP2Settings) (*ir.HTTP2Settings, error) {
+ var (
+ http2 = &ir.HTTP2Settings{}
+ errs error
+ )
+
+ if http2Settings.InitialStreamWindowSize != nil {
+ initialStreamWindowSize, ok := http2Settings.InitialStreamWindowSize.AsInt64()
+ switch {
+ case !ok:
+ errs = errors.Join(errs, fmt.Errorf("invalid InitialStreamWindowSize value %s", http2Settings.InitialStreamWindowSize.String()))
+ case initialStreamWindowSize < MinHTTP2InitialStreamWindowSize || initialStreamWindowSize > MaxHTTP2InitialStreamWindowSize:
+ errs = errors.Join(errs, fmt.Errorf("InitialStreamWindowSize value %s is out of range, must be between %d and %d",
+ http2Settings.InitialStreamWindowSize.String(),
+ MinHTTP2InitialStreamWindowSize,
+ MaxHTTP2InitialStreamWindowSize))
+ default:
+ http2.InitialStreamWindowSize = ptr.To(uint32(initialStreamWindowSize))
+ }
+ }
+
+ if http2Settings.InitialConnectionWindowSize != nil {
+ initialConnectionWindowSize, ok := http2Settings.InitialConnectionWindowSize.AsInt64()
+ switch {
+ case !ok:
+ errs = errors.Join(errs, fmt.Errorf("invalid InitialConnectionWindowSize value %s", http2Settings.InitialConnectionWindowSize.String()))
+ case initialConnectionWindowSize < MinHTTP2InitialConnectionWindowSize || initialConnectionWindowSize > MaxHTTP2InitialConnectionWindowSize:
+ errs = errors.Join(errs, fmt.Errorf("InitialConnectionWindowSize value %s is out of range, must be between %d and %d",
+ http2Settings.InitialConnectionWindowSize.String(),
+ MinHTTP2InitialConnectionWindowSize,
+ MaxHTTP2InitialConnectionWindowSize))
+ default:
+ http2.InitialConnectionWindowSize = ptr.To(uint32(initialConnectionWindowSize))
+ }
+ }
+
+ http2.MaxConcurrentStreams = http2Settings.MaxConcurrentStreams
+
+ if http2Settings.OnInvalidMessage != nil {
+ switch *http2Settings.OnInvalidMessage {
+ case egv1a1.InvalidMessageActionTerminateStream:
+ http2.ResetStreamOnError = ptr.To(true)
+ case egv1a1.InvalidMessageActionTerminateConnection:
+ http2.ResetStreamOnError = ptr.To(false)
+ }
+ }
+
+ return http2, errs
+}
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-http2.in.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-http2.in.yaml
new file mode 100644
index 000000000000..f89621941997
--- /dev/null
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-http2.in.yaml
@@ -0,0 +1,95 @@
+gateways:
+ - apiVersion: gateway.networking.k8s.io/v1
+ kind: Gateway
+ metadata:
+ namespace: envoy-gateway
+ name: gateway-1
+ spec:
+ gatewayClassName: envoy-gateway-class
+ listeners:
+ - name: http
+ protocol: HTTP
+ port: 80
+ allowedRoutes:
+ namespaces:
+ from: All
+ - apiVersion: gateway.networking.k8s.io/v1
+ kind: Gateway
+ metadata:
+ namespace: envoy-gateway
+ name: gateway-2
+ spec:
+ gatewayClassName: envoy-gateway-class
+ listeners:
+ - name: http
+ protocol: HTTP
+ port: 80
+ allowedRoutes:
+ namespaces:
+ from: All
+grpcRoutes:
+ - apiVersion: gateway.networking.k8s.io/v1alpha2
+ kind: GRPCRoute
+ metadata:
+ namespace: default
+ name: grpcroute-1
+ spec:
+ parentRefs:
+ - namespace: envoy-gateway
+ name: gateway-1
+ sectionName: http
+ rules:
+ - backendRefs:
+ - name: service-1
+ port: 8080
+httpRoutes:
+ - apiVersion: gateway.networking.k8s.io/v1
+ kind: HTTPRoute
+ metadata:
+ namespace: default
+ name: httproute-1
+ spec:
+ hostnames:
+ - gateway.envoyproxy.io
+ parentRefs:
+ - namespace: envoy-gateway
+ name: gateway-2
+ sectionName: http
+ rules:
+ - matches:
+ - path:
+ value: "/"
+ backendRefs:
+ - name: service-1
+ port: 8080
+backendTrafficPolicies:
+ - apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: BackendTrafficPolicy
+ metadata:
+ namespace: envoy-gateway
+ name: policy-for-gateway
+ spec:
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-1
+ http2:
+ initialStreamWindowSize: 2Mi
+ initialConnectionWindowSize: 1Gi
+ maxConcurrentStreams: 500
+ onInvalidMessage: TerminateConnection
+ - apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: BackendTrafficPolicy
+ metadata:
+ namespace: default
+ name: policy-for-route
+ spec:
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ name: httproute-1
+ http2:
+ initialStreamWindowSize: 1Mi
+ initialConnectionWindowSize: 500Mi
+ maxConcurrentStreams: 200
+ onInvalidMessage: TerminateStream
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-http2.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-http2.out.yaml
new file mode 100644
index 000000000000..35dbb164bf1a
--- /dev/null
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-http2.out.yaml
@@ -0,0 +1,336 @@
+backendTrafficPolicies:
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: BackendTrafficPolicy
+ metadata:
+ creationTimestamp: null
+ name: policy-for-route
+ namespace: default
+ spec:
+ http2:
+ initialConnectionWindowSize: 500Mi
+ initialStreamWindowSize: 1Mi
+ maxConcurrentStreams: 200
+ onInvalidMessage: TerminateStream
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ name: httproute-1
+ status:
+ ancestors:
+ - ancestorRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-2
+ namespace: envoy-gateway
+ sectionName: http
+ conditions:
+ - lastTransitionTime: null
+ message: Policy has been accepted.
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: BackendTrafficPolicy
+ metadata:
+ creationTimestamp: null
+ name: policy-for-gateway
+ namespace: envoy-gateway
+ spec:
+ http2:
+ initialConnectionWindowSize: 1Gi
+ initialStreamWindowSize: 2Mi
+ maxConcurrentStreams: 500
+ onInvalidMessage: TerminateConnection
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-1
+ status:
+ ancestors:
+ - ancestorRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-1
+ namespace: envoy-gateway
+ conditions:
+ - lastTransitionTime: null
+ message: Policy has been accepted.
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+gateways:
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: Gateway
+ metadata:
+ creationTimestamp: null
+ name: gateway-1
+ namespace: envoy-gateway
+ spec:
+ gatewayClassName: envoy-gateway-class
+ listeners:
+ - allowedRoutes:
+ namespaces:
+ from: All
+ name: http
+ port: 80
+ protocol: HTTP
+ status:
+ listeners:
+ - attachedRoutes: 1
+ conditions:
+ - lastTransitionTime: null
+ message: Sending translated listener configuration to the data plane
+ reason: Programmed
+ status: "True"
+ type: Programmed
+ - lastTransitionTime: null
+ message: Listener has been successfully translated
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: Listener references have been resolved
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ name: http
+ supportedKinds:
+ - group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ - group: gateway.networking.k8s.io
+ kind: GRPCRoute
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: Gateway
+ metadata:
+ creationTimestamp: null
+ name: gateway-2
+ namespace: envoy-gateway
+ spec:
+ gatewayClassName: envoy-gateway-class
+ listeners:
+ - allowedRoutes:
+ namespaces:
+ from: All
+ name: http
+ port: 80
+ protocol: HTTP
+ status:
+ listeners:
+ - attachedRoutes: 1
+ conditions:
+ - lastTransitionTime: null
+ message: Sending translated listener configuration to the data plane
+ reason: Programmed
+ status: "True"
+ type: Programmed
+ - lastTransitionTime: null
+ message: Listener has been successfully translated
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: Listener references have been resolved
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ name: http
+ supportedKinds:
+ - group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ - group: gateway.networking.k8s.io
+ kind: GRPCRoute
+grpcRoutes:
+- apiVersion: gateway.networking.k8s.io/v1alpha2
+ kind: GRPCRoute
+ metadata:
+ creationTimestamp: null
+ name: grpcroute-1
+ namespace: default
+ spec:
+ parentRefs:
+ - name: gateway-1
+ namespace: envoy-gateway
+ sectionName: http
+ rules:
+ - backendRefs:
+ - name: service-1
+ port: 8080
+ status:
+ parents:
+ - conditions:
+ - lastTransitionTime: null
+ message: Route is accepted
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: Resolved all the Object references for the Route
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+ parentRef:
+ name: gateway-1
+ namespace: envoy-gateway
+ sectionName: http
+httpRoutes:
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: HTTPRoute
+ metadata:
+ creationTimestamp: null
+ name: httproute-1
+ namespace: default
+ spec:
+ hostnames:
+ - gateway.envoyproxy.io
+ parentRefs:
+ - name: gateway-2
+ namespace: envoy-gateway
+ sectionName: http
+ rules:
+ - backendRefs:
+ - name: service-1
+ port: 8080
+ matches:
+ - path:
+ value: /
+ status:
+ parents:
+ - conditions:
+ - lastTransitionTime: null
+ message: Route is accepted
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: Resolved all the Object references for the Route
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+ parentRef:
+ name: gateway-2
+ namespace: envoy-gateway
+ sectionName: http
+infraIR:
+ envoy-gateway/gateway-1:
+ proxy:
+ listeners:
+ - address: null
+ name: envoy-gateway/gateway-1/http
+ ports:
+ - containerPort: 10080
+ name: http-80
+ protocol: HTTP
+ servicePort: 80
+ metadata:
+ labels:
+ gateway.envoyproxy.io/owning-gateway-name: gateway-1
+ gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway
+ name: envoy-gateway/gateway-1
+ envoy-gateway/gateway-2:
+ proxy:
+ listeners:
+ - address: null
+ name: envoy-gateway/gateway-2/http
+ ports:
+ - containerPort: 10080
+ name: http-80
+ protocol: HTTP
+ servicePort: 80
+ metadata:
+ labels:
+ gateway.envoyproxy.io/owning-gateway-name: gateway-2
+ gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway
+ name: envoy-gateway/gateway-2
+xdsIR:
+ envoy-gateway/gateway-1:
+ accessLog:
+ text:
+ - path: /dev/stdout
+ http:
+ - address: 0.0.0.0
+ hostnames:
+ - '*'
+ isHTTP2: true
+ metadata:
+ kind: Gateway
+ name: gateway-1
+ namespace: envoy-gateway
+ sectionName: http
+ name: envoy-gateway/gateway-1/http
+ path:
+ escapedSlashesAction: UnescapeAndRedirect
+ mergeSlashes: true
+ port: 10080
+ routes:
+ - destination:
+ name: grpcroute/default/grpcroute-1/rule/0
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 7.7.7.7
+ port: 8080
+ protocol: GRPC
+ weight: 1
+ hostname: '*'
+ isHTTP2: true
+ metadata:
+ kind: GRPCRoute
+ name: grpcroute-1
+ namespace: default
+ name: grpcroute/default/grpcroute-1/rule/0/match/-1/*
+ traffic:
+ http2:
+ initialConnectionWindowSize: 2097152
+ initialStreamWindowSize: 1073741824
+ maxConcurrentStreams: 500
+ resetStreamOnError: false
+ envoy-gateway/gateway-2:
+ accessLog:
+ text:
+ - path: /dev/stdout
+ http:
+ - address: 0.0.0.0
+ hostnames:
+ - '*'
+ isHTTP2: false
+ metadata:
+ kind: Gateway
+ name: gateway-2
+ namespace: envoy-gateway
+ sectionName: http
+ name: envoy-gateway/gateway-2/http
+ path:
+ escapedSlashesAction: UnescapeAndRedirect
+ mergeSlashes: true
+ port: 10080
+ routes:
+ - destination:
+ name: httproute/default/httproute-1/rule/0
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 7.7.7.7
+ port: 8080
+ protocol: HTTP
+ weight: 1
+ hostname: gateway.envoyproxy.io
+ isHTTP2: false
+ metadata:
+ kind: HTTPRoute
+ name: httproute-1
+ namespace: default
+ name: httproute/default/httproute-1/rule/0/match/0/gateway_envoyproxy_io
+ pathMatch:
+ distinct: false
+ name: ""
+ prefix: /
+ traffic:
+ http2:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 524288000
+ maxConcurrentStreams: 200
+ resetStreamOnError: true
diff --git a/internal/ir/xds.go b/internal/ir/xds.go
index 30031ac5c155..6d66c74b5945 100644
--- a/internal/ir/xds.go
+++ b/internal/ir/xds.go
@@ -456,6 +456,8 @@ type HTTP2Settings struct {
InitialConnectionWindowSize *uint32 `json:"initialStreamWindowSize,omitempty" yaml:"initialStreamWindowSize,omitempty"`
// MaxConcurrentStreams is the maximum number of concurrent streams that can be opened on a connection.
MaxConcurrentStreams *uint32 `json:"maxConcurrentStreams,omitempty" yaml:"maxConcurrentStreams,omitempty"`
+ // ResetStreamOnError determines if a stream or connection is reset on messaging error.
+ ResetStreamOnError *bool `json:"resetStreamOnError,omitempty" yaml:"resetStreamOnError,omitempty"`
}
// HealthCheckSettings provides HealthCheck configuration on the HTTP/HTTPS listener.
@@ -629,6 +631,9 @@ type TrafficFeatures struct {
Retry *Retry `json:"retry,omitempty" yaml:"retry,omitempty"`
// settings of upstream connection
BackendConnection *BackendConnection `json:"backendConnection,omitempty" yaml:"backendConnection,omitempty"`
+ // HTTP2 provides HTTP/2 configuration for clusters
+ // +optional
+ HTTP2 *HTTP2Settings `json:"http2,omitempty" yaml:"http2,omitempty"`
}
func (b *TrafficFeatures) Validate() error {
diff --git a/internal/ir/zz_generated.deepcopy.go b/internal/ir/zz_generated.deepcopy.go
index 55fd5d9332ae..56563fbae84c 100644
--- a/internal/ir/zz_generated.deepcopy.go
+++ b/internal/ir/zz_generated.deepcopy.go
@@ -1050,6 +1050,11 @@ func (in *HTTP2Settings) DeepCopyInto(out *HTTP2Settings) {
*out = new(uint32)
**out = **in
}
+ if in.ResetStreamOnError != nil {
+ in, out := &in.ResetStreamOnError, &out.ResetStreamOnError
+ *out = new(bool)
+ **out = **in
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTP2Settings.
@@ -2958,6 +2963,11 @@ func (in *TrafficFeatures) DeepCopyInto(out *TrafficFeatures) {
*out = new(BackendConnection)
(*in).DeepCopyInto(*out)
}
+ if in.HTTP2 != nil {
+ in, out := &in.HTTP2, &out.HTTP2
+ *out = new(HTTP2Settings)
+ (*in).DeepCopyInto(*out)
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficFeatures.
diff --git a/internal/xds/translator/cluster.go b/internal/xds/translator/cluster.go
index 9a7819a597f6..697736dbc4dd 100644
--- a/internal/xds/translator/cluster.go
+++ b/internal/xds/translator/cluster.go
@@ -48,6 +48,7 @@ type xdsClusterArgs struct {
circuitBreaker *ir.CircuitBreaker
healthCheck *ir.HealthCheck
http1Settings *ir.HTTP1Settings
+ http2Settings *ir.HTTP2Settings
timeout *ir.Timeout
tcpkeepalive *ir.TCPKeepalive
metrics *ir.Metrics
@@ -515,13 +516,15 @@ func buildTypedExtensionProtocolOptions(args *xdsClusterArgs) map[string]*anypb.
protocolOptions.UpstreamProtocolOptions = &httpv3.HttpProtocolOptions_UseDownstreamProtocolConfig{
UseDownstreamProtocolConfig: &httpv3.HttpProtocolOptions_UseDownstreamHttpConfig{
HttpProtocolOptions: http1opts,
- Http2ProtocolOptions: &corev3.Http2ProtocolOptions{},
+ Http2ProtocolOptions: buildHTTP2Settings(args.http2Settings),
},
}
case requiresHTTP2Options:
protocolOptions.UpstreamProtocolOptions = &httpv3.HttpProtocolOptions_ExplicitHttpConfig_{
ExplicitHttpConfig: &httpv3.HttpProtocolOptions_ExplicitHttpConfig{
- ProtocolConfig: &httpv3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{},
+ ProtocolConfig: &httpv3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{
+ Http2ProtocolOptions: buildHTTP2Settings(args.http2Settings),
+ },
},
}
case requiresHTTP1Options:
@@ -664,6 +667,7 @@ func buildBackandConnectionBufferLimitBytes(bc *ir.BackendConnection) *wrappers.
type ExtraArgs struct {
metrics *ir.Metrics
http1Settings *ir.HTTP1Settings
+ http2Settings *ir.HTTP2Settings
}
type clusterArgs interface {
@@ -721,6 +725,7 @@ func (httpRoute *HTTPRouteTranslator) asClusterArgs(extra *ExtraArgs) *xdsCluste
endpointType: buildEndpointType(httpRoute.Destination.Settings),
metrics: extra.metrics,
http1Settings: extra.http1Settings,
+ http2Settings: extra.http2Settings,
useClientProtocol: ptr.Deref(httpRoute.UseClientProtocol, false),
}
@@ -742,3 +747,33 @@ func (httpRoute *HTTPRouteTranslator) asClusterArgs(extra *ExtraArgs) *xdsCluste
return clusterArgs
}
+
+func buildHTTP2Settings(opts *ir.HTTP2Settings) *corev3.Http2ProtocolOptions {
+ if opts == nil {
+ opts = &ir.HTTP2Settings{}
+ }
+
+ // defaults based on https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/edge
+ out := &corev3.Http2ProtocolOptions{
+ InitialStreamWindowSize: &wrapperspb.UInt32Value{
+ Value: ptr.Deref(opts.InitialStreamWindowSize, http2InitialStreamWindowSize),
+ },
+ InitialConnectionWindowSize: &wrapperspb.UInt32Value{
+ Value: ptr.Deref(opts.InitialConnectionWindowSize, http2InitialConnectionWindowSize),
+ },
+ }
+
+ if opts.MaxConcurrentStreams != nil {
+ out.MaxConcurrentStreams = &wrapperspb.UInt32Value{
+ Value: *opts.MaxConcurrentStreams,
+ }
+ }
+
+ if opts.ResetStreamOnError != nil {
+ out.OverrideStreamErrorOnInvalidHttpMessage = &wrapperspb.BoolValue{
+ Value: *opts.ResetStreamOnError,
+ }
+ }
+
+ return out
+}
diff --git a/internal/xds/translator/listener.go b/internal/xds/translator/listener.go
index ee1f5c7d1336..0812010ade1f 100644
--- a/internal/xds/translator/listener.go
+++ b/internal/xds/translator/listener.go
@@ -7,6 +7,8 @@ package translator
import (
"errors"
+ "strconv"
+ "strings"
xdscore "github.com/cncf/xds/go/xds/core/v3"
matcher "github.com/cncf/xds/go/xds/type/matcher/v3"
@@ -84,7 +86,7 @@ func http2ProtocolOptions(opts *ir.HTTP2Settings) *corev3.Http2ProtocolOptions {
opts = &ir.HTTP2Settings{}
}
- return &corev3.Http2ProtocolOptions{
+ out := &corev3.Http2ProtocolOptions{
MaxConcurrentStreams: &wrapperspb.UInt32Value{
Value: ptr.Deref(opts.MaxConcurrentStreams, http2MaxConcurrentStreamsLimit),
},
@@ -95,6 +97,14 @@ func http2ProtocolOptions(opts *ir.HTTP2Settings) *corev3.Http2ProtocolOptions {
Value: ptr.Deref(opts.InitialConnectionWindowSize, http2InitialConnectionWindowSize),
},
}
+
+ if opts.ResetStreamOnError != nil {
+ out.OverrideStreamErrorOnInvalidHttpMessage = &wrapperspb.BoolValue{
+ Value: *opts.ResetStreamOnError,
+ }
+ }
+
+ return out
}
func xffNumTrustedHops(clientIPDetection *ir.ClientIPDetectionSettings) uint32 {
@@ -226,6 +236,9 @@ func (t *Translator) addHCMToXDSListener(xdsListener *listenerv3.Listener, irLis
statPrefix = "http"
}
+ // Append port to the statPrefix.
+ statPrefix = strings.Join([]string{statPrefix, strconv.Itoa(int(irListener.Port))}, "-")
+
// Client IP detection
useRemoteAddress := true
originalIPDetectionExtensions := originalIPDetectionExtensions(irListener.ClientIPDetection)
@@ -403,13 +416,16 @@ func addXdsTCPFilterChain(xdsListener *listenerv3.Listener, irRoute *ir.TCPRoute
isTLSTerminate := irRoute.TLS != nil && irRoute.TLS.Terminate != nil
statPrefix := "tcp"
if isTLSPassthrough {
- statPrefix = "passthrough"
+ statPrefix = "tls-passthrough"
}
if isTLSTerminate {
- statPrefix = "terminate"
+ statPrefix = "tls-terminate"
}
+ // Append port to the statPrefix.
+ statPrefix = strings.Join([]string{statPrefix, strconv.Itoa(int(xdsListener.Address.GetSocketAddress().GetPortValue()))}, "-")
+
mgr := &tcpv3.TcpProxy{
AccessLog: buildXdsAccessLog(accesslog, false),
StatPrefix: statPrefix,
diff --git a/internal/xds/translator/route.go b/internal/xds/translator/route.go
index 2b9c75a2e916..8a56e9e42b10 100644
--- a/internal/xds/translator/route.go
+++ b/internal/xds/translator/route.go
@@ -401,7 +401,10 @@ func buildXdsURLRewriteAction(destName string, urlRewrite *ir.URLRewrite, pathMa
if useRegexRewriteForPrefixMatchReplace(pathMatch, *urlRewrite.Path.PrefixMatchReplace) {
routeAction.RegexRewrite = prefix2RegexRewrite(*pathMatch.Prefix)
} else {
- routeAction.PrefixRewrite = *urlRewrite.Path.PrefixMatchReplace
+ // remove trailing / to fix #3989
+ // when the pathMath.Prefix has suffix / but EG has removed it,
+ // and the urlRewrite.Path.PrefixMatchReplace suffix with / the upstream will get unwanted /
+ routeAction.PrefixRewrite = strings.TrimSuffix(*urlRewrite.Path.PrefixMatchReplace, "/")
}
}
}
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.yaml
new file mode 100644
index 000000000000..97d0b5457cd7
--- /dev/null
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.yaml
@@ -0,0 +1,27 @@
+name: "http-route"
+http:
+- name: "first-listener"
+ address: "0.0.0.0"
+ port: 10080
+ hostnames:
+ - "*"
+ path:
+ mergeSlashes: true
+ escapedSlashesAction: UnescapeAndRedirect
+ routes:
+ - name: "rewrite-route"
+ pathMatch:
+ prefix: "/origin/"
+ hostname: gateway.envoyproxy.io
+ headerMatches:
+ - name: ":authority"
+ exact: gateway.envoyproxy.io
+ destination:
+ name: "rewrite-route-dest"
+ settings:
+ - endpoints:
+ - host: "1.2.3.4"
+ port: 50000
+ urlRewrite:
+ path:
+ prefixMatchReplace: /rewrite/
diff --git a/internal/xds/translator/testdata/in/xds-ir/http2-route.yaml b/internal/xds/translator/testdata/in/xds-ir/http2-route.yaml
index f3dc12c5aae0..5d2710809180 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http2-route.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http2-route.yaml
@@ -28,3 +28,59 @@ http:
- host: "1.2.3.4"
port: 50000
protocol: GRPC
+ traffic:
+ http2:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 524288000
+ maxConcurrentStreams: 200
+ resetStreamOnError: true
+ - name: "second-route"
+ hostname: "*"
+ pathMatch:
+ name: "test"
+ exact: "bar/foo"
+ destination:
+ name: "second-route-dest"
+ settings:
+ - endpoints:
+ - host: "1.2.3.4"
+ port: 50000
+ protocol: GRPC
+ traffic:
+ http2: {}
+ - name: "third-route-use-client"
+ hostname: "*"
+ pathMatch:
+ name: "test"
+ exact: "bar/bar"
+ destination:
+ name: "third-route-dest"
+ settings:
+ - endpoints:
+ - host: "1.2.3.4"
+ port: 50000
+ protocol: HTTP
+ useClientProtocol: true
+ traffic:
+ http2:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 524288000
+ maxConcurrentStreams: 200
+ resetStreamOnError: false
+ - name: "fourth-route-not-http2"
+ hostname: "*"
+ pathMatch:
+ name: "test"
+ exact: "foo/foo"
+ destination:
+ name: "fourth-route-dest"
+ settings:
+ - endpoints:
+ - host: "1.2.3.4"
+ port: 50000
+ traffic:
+ http2:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 524288000
+ maxConcurrentStreams: 200
+ resetStreamOnError: true
diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.listeners.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.listeners.yaml
index 3d5d41d69ffd..cbb8238986c9 100644
--- a/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.listeners.yaml
+++ b/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-1/http1
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway/gateway-1/http1
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/http-route-extension-filter.listeners.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/http-route-extension-filter.listeners.yaml
index 2f7f43464c04..e40dcfab7e4b 100644
--- a/internal/xds/translator/testdata/out/extension-xds-ir/http-route-extension-filter.listeners.yaml
+++ b/internal/xds/translator/testdata/out/extension-xds-ir/http-route-extension-filter.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: extension-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: extension-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/http-route.listeners.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/http-route.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/extension-xds-ir/http-route.listeners.yaml
+++ b/internal/xds/translator/testdata/out/extension-xds-ir/http-route.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/listener-policy.listeners.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/listener-policy.listeners.yaml
index 759e1ffb8573..17ca0e60e448 100644
--- a/internal/xds/translator/testdata/out/extension-xds-ir/listener-policy.listeners.yaml
+++ b/internal/xds/translator/testdata/out/extension-xds-ir/listener-policy.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: policyextension-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10081
useRemoteAddress: true
name: policyextension-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-als-tcp.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-als-tcp.clusters.yaml
index 18b309bb74d5..9603f302b734 100755
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-als-tcp.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-als-tcp.clusters.yaml
@@ -19,4 +19,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.clusters.yaml
index b8874bf24f91..6d040000dbbe 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.clusters.yaml
@@ -46,4 +46,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.listeners.yaml
index 2ccfca8ce50e..cb390f213f15 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.listeners.yaml
@@ -176,7 +176,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.clusters.yaml
index cbf453a1f17b..ea9ef9405ee2 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.clusters.yaml
@@ -50,4 +50,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.listeners.yaml
index 8e582b05b7e7..04b183a28851 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.listeners.yaml
@@ -137,7 +137,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.clusters.yaml
index b8874bf24f91..6d040000dbbe 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.clusters.yaml
@@ -46,4 +46,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.listeners.yaml
index 4bc751c2ecac..2ebf9f68a486 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.listeners.yaml
@@ -221,7 +221,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.clusters.yaml
index b8874bf24f91..6d040000dbbe 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.clusters.yaml
@@ -46,4 +46,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.listeners.yaml
index 0bca441a443f..972bd4682b96 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.listeners.yaml
@@ -212,7 +212,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.clusters.yaml
index 6ba4705c13f7..d9c561cee48a 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.clusters.yaml
@@ -36,7 +36,9 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
- circuitBreakers:
thresholds:
- maxRetries: 1024
@@ -68,4 +70,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.listeners.yaml
index 4eec559618ed..d715eeac8c83 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.listeners.yaml
@@ -169,7 +169,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog.clusters.yaml
index 6ba4705c13f7..d9c561cee48a 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog.clusters.yaml
@@ -36,7 +36,9 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
- circuitBreakers:
thresholds:
- maxRetries: 1024
@@ -68,4 +70,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog.listeners.yaml
index 16609de576c5..748055a4755f 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog.listeners.yaml
@@ -169,7 +169,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/authorization.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/authorization.listeners.yaml
index 0fa87744bf1b..40b9a52ec49c 100644
--- a/internal/xds/translator/testdata/out/xds-ir/authorization.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/authorization.listeners.yaml
@@ -30,7 +30,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-1/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway/gateway-1/http
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/backend-buffer-limit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/backend-buffer-limit.listeners.yaml
index a7a16c3b3e9a..df10f0a95c5a 100644
--- a/internal/xds/translator/testdata/out/xds-ir/backend-buffer-limit.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/backend-buffer-limit.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
@@ -44,7 +44,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tcp-route-dest
- statPrefix: tcp
+ statPrefix: tcp-10081
name: tcp-route-dest
name: second-listener
perConnectionBufferLimitBytes: 1500
diff --git a/internal/xds/translator/testdata/out/xds-ir/basic-auth.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/basic-auth.listeners.yaml
index 4127a7acbf3e..2e7dbd6cd55c 100644
--- a/internal/xds/translator/testdata/out/xds-ir/basic-auth.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/basic-auth.listeners.yaml
@@ -33,7 +33,7 @@
resourceApiVersion: V3
routeConfigName: default/gateway-1/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: default/gateway-1/http
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/circuit-breaker.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/circuit-breaker.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/circuit-breaker.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/circuit-breaker.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/client-buffer-limit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/client-buffer-limit.listeners.yaml
index 095074165f38..1ea06ebb07e9 100644
--- a/internal/xds/translator/testdata/out/xds-ir/client-buffer-limit.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/client-buffer-limit.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
@@ -44,7 +44,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tcp-route-dest
- statPrefix: tcp
+ statPrefix: tcp-10081
name: tcp-route-dest
name: second-listener
perConnectionBufferLimitBytes: 1500
diff --git a/internal/xds/translator/testdata/out/xds-ir/client-ip-detection.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/client-ip-detection.listeners.yaml
index 21f93d68a49b..47b25f2a79f1 100644
--- a/internal/xds/translator/testdata/out/xds-ir/client-ip-detection.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/client-ip-detection.listeners.yaml
@@ -25,7 +25,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-8081
useRemoteAddress: true
xffNumTrustedHops: 2
name: first-listener
@@ -65,7 +65,7 @@
resourceApiVersion: V3
routeConfigName: second-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-8082
useRemoteAddress: false
name: second-listener
drainType: MODIFY_ONLY
@@ -106,7 +106,7 @@
resourceApiVersion: V3
routeConfigName: third-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-8083
useRemoteAddress: false
name: third-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/client-timeout.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/client-timeout.listeners.yaml
index 2d1a3e61e383..3e4fa111bccd 100644
--- a/internal/xds/translator/testdata/out/xds-ir/client-timeout.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/client-timeout.listeners.yaml
@@ -29,7 +29,7 @@
routeConfigName: first-listener
requestTimeout: 5s
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
@@ -47,7 +47,7 @@
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: second-route-dest
idleTimeout: 1200s
- statPrefix: tcp
+ statPrefix: tcp-10081
name: second-route
name: second-listener
perConnectionBufferLimitBytes: 32768
diff --git a/internal/xds/translator/testdata/out/xds-ir/cors.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/cors.listeners.yaml
index e8299cdce425..baac8ead6b3d 100644
--- a/internal/xds/translator/testdata/out/xds-ir/cors.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/cors.listeners.yaml
@@ -30,7 +30,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.listeners.yaml
index 5f54802ba050..ffaab04f70e1 100644
--- a/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.listeners.yaml
@@ -118,7 +118,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-1/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway/gateway-1/http
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-auth.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-auth.clusters.yaml
index cf4fbc9b2740..e478c2054cdc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ext-auth.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ext-auth.clusters.yaml
@@ -70,7 +70,9 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
- circuitBreakers:
thresholds:
- maxRetries: 1024
diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-auth.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-auth.listeners.yaml
index c8b861fe1a70..f387ff8da8ec 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ext-auth.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ext-auth.listeners.yaml
@@ -62,7 +62,7 @@
resourceApiVersion: V3
routeConfigName: default/gateway-1/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: default/gateway-1/http
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-proc.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-proc.clusters.yaml
index 08b38495e691..6ea0615cb319 100755
--- a/internal/xds/translator/testdata/out/xds-ir/ext-proc.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ext-proc.clusters.yaml
@@ -53,7 +53,9 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
- circuitBreakers:
thresholds:
- maxRetries: 1024
@@ -75,7 +77,9 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
- circuitBreakers:
thresholds:
- maxRetries: 1024
@@ -97,7 +101,9 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
- circuitBreakers:
thresholds:
- maxRetries: 1024
@@ -119,4 +125,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-proc.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-proc.listeners.yaml
index 8e85e79cf9e7..9f76729fd783 100755
--- a/internal/xds/translator/testdata/out/xds-ir/ext-proc.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ext-proc.listeners.yaml
@@ -91,7 +91,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-1/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway/gateway-1/http
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/fault-injection.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/fault-injection.listeners.yaml
index e74a1df42873..0ea771b2bd1d 100644
--- a/internal/xds/translator/testdata/out/xds-ir/fault-injection.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/fault-injection.listeners.yaml
@@ -30,7 +30,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/headers-with-preserve-x-request-id.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/headers-with-preserve-x-request-id.listeners.yaml
index c6a46e0f9c15..1ad2086d20b6 100644
--- a/internal/xds/translator/testdata/out/xds-ir/headers-with-preserve-x-request-id.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/headers-with-preserve-x-request-id.listeners.yaml
@@ -26,7 +26,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-8081
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
@@ -59,7 +59,7 @@
resourceApiVersion: V3
routeConfigName: second-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-8082
useRemoteAddress: true
name: second-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/headers-with-underscores-action.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/headers-with-underscores-action.listeners.yaml
index 2a31352ab37d..a0b19ef7b8b7 100644
--- a/internal/xds/translator/testdata/out/xds-ir/headers-with-underscores-action.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/headers-with-underscores-action.listeners.yaml
@@ -25,7 +25,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-8081
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
@@ -57,7 +57,7 @@
resourceApiVersion: V3
routeConfigName: second-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-8082
useRemoteAddress: true
name: second-listener
drainType: MODIFY_ONLY
@@ -90,7 +90,7 @@
resourceApiVersion: V3
routeConfigName: third-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-8083
useRemoteAddress: true
name: third-listener
drainType: MODIFY_ONLY
@@ -123,7 +123,7 @@
resourceApiVersion: V3
routeConfigName: fourth-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-8084
useRemoteAddress: true
name: fourth-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/health-check.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/health-check.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/health-check.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/health-check.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-endpoint-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-endpoint-stats.listeners.yaml
index 7400b59665ad..fe7d2da356b8 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-endpoint-stats.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-endpoint-stats.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: listener-enable-endpoint-stats
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: listener-enable-endpoint-stats
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-health-check.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-health-check.listeners.yaml
index 048ff7cd4a5f..f11b0c1c3007 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-health-check.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-health-check.listeners.yaml
@@ -35,7 +35,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.clusters.yaml
index 5de1d1cce34d..f8cfa834cdde 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.clusters.yaml
@@ -19,5 +19,7 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
useDownstreamProtocolConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
httpProtocolOptions: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.listeners.yaml
index c5665623154b..a1964fb2306d 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-1/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway/gateway-1/http
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-mirror.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-mirror.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-mirror.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-mirror.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-matches.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-matches.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-matches.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-matches.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-mirrors.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-mirrors.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-mirrors.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-mirrors.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-partial-invalid.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-partial-invalid.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-partial-invalid.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-partial-invalid.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-redirect.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-redirect.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-redirect.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-redirect.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-regex.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-regex.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-regex.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-regex.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-headers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-headers.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-headers.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-headers.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-remove-headers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-remove-headers.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-remove-headers.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-remove-headers.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-response-remove-headers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-response-remove-headers.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-response-remove-headers.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-response-remove-headers.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-root-path-url-prefix.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-root-path-url-prefix.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-root-path-url-prefix.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-root-path-url-prefix.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.clusters.yaml
new file mode 100644
index 000000000000..027db39fb295
--- /dev/null
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.clusters.yaml
@@ -0,0 +1,17 @@
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ dnsLookupFamily: V4_ONLY
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: rewrite-route-dest
+ lbPolicy: LEAST_REQUEST
+ name: rewrite-route-dest
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ type: EDS
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.endpoints.yaml
new file mode 100644
index 000000000000..256dda09089f
--- /dev/null
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.endpoints.yaml
@@ -0,0 +1,12 @@
+- clusterName: rewrite-route-dest
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 1.2.3.4
+ portValue: 50000
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: rewrite-route-dest/backend/0
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.listeners.yaml
new file mode 100644
index 000000000000..586f3fa82dfc
--- /dev/null
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.listeners.yaml
@@ -0,0 +1,35 @@
+- address:
+ socketAddress:
+ address: 0.0.0.0
+ portValue: 10080
+ defaultFilterChain:
+ filters:
+ - name: envoy.filters.network.http_connection_manager
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+ commonHttpProtocolOptions:
+ headersWithUnderscoresAction: REJECT_REQUEST
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
+ maxConcurrentStreams: 100
+ httpFilters:
+ - name: envoy.filters.http.router
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+ suppressEnvoyHeaders: true
+ mergeSlashes: true
+ normalizePath: true
+ pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT
+ rds:
+ configSource:
+ ads: {}
+ resourceApiVersion: V3
+ routeConfigName: first-listener
+ serverHeaderTransformation: PASS_THROUGH
+ statPrefix: http-10080
+ useRemoteAddress: true
+ name: first-listener
+ drainType: MODIFY_ONLY
+ name: first-listener
+ perConnectionBufferLimitBytes: 32768
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.routes.yaml
new file mode 100644
index 000000000000..84bc70f04bd2
--- /dev/null
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.routes.yaml
@@ -0,0 +1,19 @@
+- ignorePortInHostMatching: true
+ name: first-listener
+ virtualHosts:
+ - domains:
+ - gateway.envoyproxy.io
+ name: first-listener/gateway_envoyproxy_io
+ routes:
+ - match:
+ headers:
+ - name: :authority
+ stringMatch:
+ exact: gateway.envoyproxy.io
+ pathSeparatedPrefix: /origin
+ name: rewrite-route
+ route:
+ cluster: rewrite-route-dest
+ prefixRewrite: /rewrite
+ upgradeConfigs:
+ - upgradeType: websocket
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-fullpath.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-fullpath.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-fullpath.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-fullpath.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-host.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-host.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-host.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-host.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-prefix.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-prefix.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-prefix.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-prefix.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-timeout.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-timeout.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-timeout.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-timeout.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-uds-ip.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-uds-ip.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-uds-ip.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-uds-ip.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-with-filters.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-with-filters.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-with-filters.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-with-filters.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-invalid-backend.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-invalid-backend.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-invalid-backend.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-invalid-backend.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-clientcert.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-clientcert.listeners.yaml
index ff5431da7476..0f567a3db50e 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-clientcert.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-clientcert.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-btls/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway/gateway-btls/http
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tls-system-truststore.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tls-system-truststore.listeners.yaml
index ff5431da7476..0f567a3db50e 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tls-system-truststore.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tls-system-truststore.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-btls/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway/gateway-btls/http
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle-multiple-certs.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle-multiple-certs.listeners.yaml
index b227eccb031e..d887b321dc52 100755
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle-multiple-certs.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle-multiple-certs.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-btls/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway/gateway-btls/http
drainType: MODIFY_ONLY
@@ -62,7 +62,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-btls-2/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10081
useRemoteAddress: true
name: envoy-gateway/gateway-btls-2/http
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle.listeners.yaml
index ff5431da7476..0f567a3db50e 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-btls/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway/gateway-btls/http
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http1-preserve-case.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http1-preserve-case.listeners.yaml
index 60f8750a290f..b3fa2acefdb2 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http1-preserve-case.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http1-preserve-case.listeners.yaml
@@ -33,7 +33,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
@@ -75,7 +75,7 @@
resourceApiVersion: V3
routeConfigName: second-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10081
useRemoteAddress: true
name: second-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http1-trailers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http1-trailers.listeners.yaml
index d6cb3b5d2c6f..f6b29f1548e7 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http1-trailers.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http1-trailers.listeners.yaml
@@ -29,7 +29,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http10.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http10.listeners.yaml
index 5eded6a4653c..8affd1661ba0 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http10.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http10.listeners.yaml
@@ -30,7 +30,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http2-route.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http2-route.clusters.yaml
index 6086cfbb86f8..05cf41776c6b 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http2-route.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http2-route.clusters.yaml
@@ -19,4 +19,76 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 524288000
+ initialStreamWindowSize: 1048576
+ maxConcurrentStreams: 200
+ overrideStreamErrorOnInvalidHttpMessage: true
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ dnsLookupFamily: V4_ONLY
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: second-route-dest
+ lbPolicy: LEAST_REQUEST
+ name: second-route-dest
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ type: EDS
+ typedExtensionProtocolOptions:
+ envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+ '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+ explicitHttpConfig:
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ dnsLookupFamily: V4_ONLY
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: third-route-dest
+ lbPolicy: LEAST_REQUEST
+ name: third-route-dest
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ type: EDS
+ typedExtensionProtocolOptions:
+ envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+ '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+ useDownstreamProtocolConfig:
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 524288000
+ initialStreamWindowSize: 1048576
+ maxConcurrentStreams: 200
+ overrideStreamErrorOnInvalidHttpMessage: false
+ httpProtocolOptions: {}
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ dnsLookupFamily: V4_ONLY
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: fourth-route-dest
+ lbPolicy: LEAST_REQUEST
+ name: fourth-route-dest
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ type: EDS
diff --git a/internal/xds/translator/testdata/out/xds-ir/http2-route.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/http2-route.endpoints.yaml
index 3b3f2d09076e..f185af17da75 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http2-route.endpoints.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http2-route.endpoints.yaml
@@ -10,3 +10,39 @@
loadBalancingWeight: 1
locality:
region: first-route-dest/backend/0
+- clusterName: second-route-dest
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 1.2.3.4
+ portValue: 50000
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: second-route-dest/backend/0
+- clusterName: third-route-dest
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 1.2.3.4
+ portValue: 50000
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: third-route-dest/backend/0
+- clusterName: fourth-route-dest
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 1.2.3.4
+ portValue: 50000
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: fourth-route-dest/backend/0
diff --git a/internal/xds/translator/testdata/out/xds-ir/http2-route.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http2-route.listeners.yaml
index f7ab1ba34a08..3780fc90f94d 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http2-route.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http2-route.listeners.yaml
@@ -35,7 +35,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http2-route.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/http2-route.routes.yaml
index a32852fcd881..4fdedfabf672 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http2-route.routes.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http2-route.routes.yaml
@@ -20,3 +20,24 @@
cluster: first-route-dest
upgradeConfigs:
- upgradeType: websocket
+ - match:
+ path: bar/foo
+ name: second-route
+ route:
+ cluster: second-route-dest
+ upgradeConfigs:
+ - upgradeType: websocket
+ - match:
+ path: bar/bar
+ name: third-route-use-client
+ route:
+ cluster: third-route-dest
+ upgradeConfigs:
+ - upgradeType: websocket
+ - match:
+ path: foo/foo
+ name: fourth-route-not-http2
+ route:
+ cluster: fourth-route-dest
+ upgradeConfigs:
+ - upgradeType: websocket
diff --git a/internal/xds/translator/testdata/out/xds-ir/http2.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http2.listeners.yaml
index 1d2cc2574ae4..6c4250c78db4 100755
--- a/internal/xds/translator/testdata/out/xds-ir/http2.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http2.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http3.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http3.listeners.yaml
index fdfdb3bbdf59..c19612475661 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http3.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http3.listeners.yaml
@@ -31,7 +31,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-1/tls
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10443
useRemoteAddress: true
name: envoy-gateway/gateway-1/tls
transportSocket:
@@ -81,7 +81,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-1/tls
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10443
useRemoteAddress: true
name: envoy-gateway/gateway-1/tls
transportSocket:
diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-missing-resource.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-missing-resource.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-missing-resource.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-missing-resource.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch.listeners.yaml
index dbc5b4b25a24..08b5d410df50 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jsonpatch.listeners.yaml
@@ -40,7 +40,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10080
useRemoteAddress: true
name: first-listener
transportSocket:
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.listeners.yaml
index 1f89b694bb6e..e251ecac0403 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.listeners.yaml
@@ -55,7 +55,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml
index 5803c41968cc..bd76886759bc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml
@@ -112,7 +112,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.listeners.yaml
index 367f5fa529fe..a79d197ba5e4 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.listeners.yaml
@@ -89,7 +89,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-optional.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-optional.listeners.yaml
index a4303573e3e2..de1f56ed4d41 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-optional.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-optional.listeners.yaml
@@ -58,7 +58,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.clusters.yaml
index d4e9db34e33a..e75a68919d1f 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.clusters.yaml
@@ -119,4 +119,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.listeners.yaml
index 4e52213f3afa..3f55977b503e 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.listeners.yaml
@@ -58,7 +58,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.listeners.yaml
index b1ccf1a70cdf..3406eeda2faa 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.listeners.yaml
@@ -48,7 +48,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.listeners.yaml
index 66faa2596619..9a7954f89702 100644
--- a/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
@@ -43,7 +43,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.connection_limit.v3.ConnectionLimit
maxConnections: "5"
- statPrefix: http
+ statPrefix: http-10081
- name: envoy.filters.network.http_connection_manager
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
@@ -67,7 +67,7 @@
resourceApiVersion: V3
routeConfigName: second-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10081
useRemoteAddress: true
name: second-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-proxy-protocol.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-proxy-protocol.listeners.yaml
index d8ea3aaf802b..3a981aca3093 100644
--- a/internal/xds/translator/testdata/out/xds-ir/listener-proxy-protocol.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/listener-proxy-protocol.listeners.yaml
@@ -31,7 +31,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10080
useRemoteAddress: true
name: first-listener
transportSocket:
@@ -71,7 +71,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tls-route-dest
- statPrefix: tcp
+ statPrefix: tcp-10081
name: tcp-route-dest
listenerFilters:
- name: envoy.filters.listener.proxy_protocol
diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.listeners.yaml
index 610086b57abb..79e4d5a82d08 100644
--- a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
@@ -67,7 +67,7 @@
resourceApiVersion: V3
routeConfigName: second-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10081
useRemoteAddress: true
name: second-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/load-balancer.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/load-balancer.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/load-balancer.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/load-balancer.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.listeners.yaml
index 0f578bca0159..01049c90267c 100644
--- a/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.listeners.yaml
@@ -31,7 +31,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/metrics-virtual-host.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/metrics-virtual-host.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/metrics-virtual-host.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/metrics-virtual-host.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/mixed-tls-jwt-authn.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/mixed-tls-jwt-authn.listeners.yaml
index f81185b04b4a..b1a9e2c3720e 100644
--- a/internal/xds/translator/testdata/out/xds-ir/mixed-tls-jwt-authn.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/mixed-tls-jwt-authn.listeners.yaml
@@ -28,7 +28,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10080
useRemoteAddress: true
name: first-listener
transportSocket:
diff --git a/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port-with-different-filters.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port-with-different-filters.listeners.yaml
index 2242bb6a8a79..9612460ed7a5 100755
--- a/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port-with-different-filters.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port-with-different-filters.listeners.yaml
@@ -55,7 +55,7 @@
resourceApiVersion: V3
routeConfigName: default/gateway-1/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: default/gateway-1/http
drainType: MODIFY_ONLY
@@ -159,7 +159,7 @@
resourceApiVersion: V3
routeConfigName: default/gateway-1/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: default/gateway-1/http
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port.listeners.yaml
index 181bb255cdbd..a1731a1de8cb 100644
--- a/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: third-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: third-listener
drainType: MODIFY_ONLY
@@ -59,7 +59,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10080
useRemoteAddress: true
name: first-listener
transportSocket:
@@ -102,7 +102,7 @@
resourceApiVersion: V3
routeConfigName: second-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10080
useRemoteAddress: true
name: second-listener
transportSocket:
@@ -126,7 +126,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tcp-route-dest
- statPrefix: passthrough
+ statPrefix: tls-passthrough-10080
name: fifth-route
- filterChainMatch:
serverNames:
@@ -136,7 +136,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tls-route-dest
- statPrefix: passthrough
+ statPrefix: tls-passthrough-10080
name: sixth-route
listenerFilters:
- name: envoy.filters.listener.tls_inspector
diff --git a/internal/xds/translator/testdata/out/xds-ir/multiple-simple-tcp-route-same-port.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/multiple-simple-tcp-route-same-port.listeners.yaml
index 962a960656f6..73bc084eda1d 100644
--- a/internal/xds/translator/testdata/out/xds-ir/multiple-simple-tcp-route-same-port.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/multiple-simple-tcp-route-same-port.listeners.yaml
@@ -9,35 +9,35 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tcp-route-simple-dest
- statPrefix: tcp
+ statPrefix: tcp-10080
name: tcp-route-simple
- filters:
- name: envoy.filters.network.tcp_proxy
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tcp-route-simple-1-dest
- statPrefix: tcp
+ statPrefix: tcp-10080
name: tcp-route-simple-1
- filters:
- name: envoy.filters.network.tcp_proxy
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tcp-route-simple-2-dest
- statPrefix: tcp
+ statPrefix: tcp-10080
name: tcp-route-simple-2
- filters:
- name: envoy.filters.network.tcp_proxy
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tcp-route-simple-3-dest
- statPrefix: tcp
+ statPrefix: tcp-10080
name: tcp-route-simple-3
- filters:
- name: envoy.filters.network.tcp_proxy
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tcp-route-simple-4-dest
- statPrefix: tcp
+ statPrefix: tcp-10080
name: tcp-route-simple-4
name: tcp-listener-simple
perConnectionBufferLimitBytes: 32768
diff --git a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.listeners.yaml
index 8471bb28b4f9..e10f6a9ed5be 100644
--- a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.listeners.yaml
@@ -28,7 +28,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10001
useRemoteAddress: true
name: first-listener
transportSocket:
@@ -87,7 +87,7 @@
resourceApiVersion: V3
routeConfigName: second-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10002
useRemoteAddress: true
name: second-listener
transportSocket:
@@ -148,7 +148,7 @@
serverHeaderTransformation: PASS_THROUGH
setCurrentClientCertDetails:
subject: true
- statPrefix: https
+ statPrefix: https-10003
useRemoteAddress: true
name: third-listener
transportSocket:
@@ -211,7 +211,7 @@
dns: true
subject: true
uri: true
- statPrefix: https
+ statPrefix: https-10004
useRemoteAddress: true
name: fourth-listener
transportSocket:
@@ -276,7 +276,7 @@
dns: true
subject: true
uri: true
- statPrefix: https
+ statPrefix: https-10005
useRemoteAddress: true
name: fifth-listener
transportSocket:
diff --git a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate.listeners.yaml
index 6b3b6acded4a..5f1f73721265 100644
--- a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate.listeners.yaml
@@ -28,7 +28,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10001
useRemoteAddress: true
name: first-listener
transportSocket:
@@ -87,7 +87,7 @@
resourceApiVersion: V3
routeConfigName: second-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10002
useRemoteAddress: true
name: second-listener
transportSocket:
@@ -146,7 +146,7 @@
resourceApiVersion: V3
routeConfigName: third-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10003
useRemoteAddress: true
name: third-listener
transportSocket:
@@ -205,7 +205,7 @@
resourceApiVersion: V3
routeConfigName: fourth-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10004
useRemoteAddress: true
name: fourth-listener
transportSocket:
@@ -264,7 +264,7 @@
resourceApiVersion: V3
routeConfigName: fifth-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10005
useRemoteAddress: true
name: fifth-listener
transportSocket:
diff --git a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-required-client-certificate-disabled.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-required-client-certificate-disabled.listeners.yaml
index 5c396e30fe3b..75430179b51d 100644
--- a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-required-client-certificate-disabled.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-required-client-certificate-disabled.listeners.yaml
@@ -28,7 +28,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10080
useRemoteAddress: true
name: first-listener
transportSocket:
@@ -67,7 +67,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tls-terminate-dest
- statPrefix: terminate
+ statPrefix: tls-terminate-10081
name: tls-route-terminate
transportSocket:
name: envoy.transport_sockets.tls
diff --git a/internal/xds/translator/testdata/out/xds-ir/mutual-tls.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/mutual-tls.listeners.yaml
index b1bdae764ff4..2448feb80bec 100644
--- a/internal/xds/translator/testdata/out/xds-ir/mutual-tls.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/mutual-tls.listeners.yaml
@@ -28,7 +28,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10080
useRemoteAddress: true
name: first-listener
transportSocket:
@@ -67,7 +67,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tls-terminate-dest
- statPrefix: terminate
+ statPrefix: tls-terminate-10081
name: tls-route-terminate
transportSocket:
name: envoy.transport_sockets.tls
diff --git a/internal/xds/translator/testdata/out/xds-ir/oidc.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/oidc.listeners.yaml
index a182efcbd8c7..bc4956b285ad 100644
--- a/internal/xds/translator/testdata/out/xds-ir/oidc.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/oidc.listeners.yaml
@@ -117,7 +117,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/path-settings.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/path-settings.listeners.yaml
index 836cbde04b6b..4934acbee1e8 100644
--- a/internal/xds/translator/testdata/out/xds-ir/path-settings.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/path-settings.listeners.yaml
@@ -26,7 +26,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/proxy-protocol-upstream.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/proxy-protocol-upstream.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/proxy-protocol-upstream.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/proxy-protocol-upstream.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.clusters.yaml
index bd23f61ee21e..45e8e0898cec 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.clusters.yaml
@@ -93,4 +93,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.listeners.yaml
index 4e74648095d7..3486155cda8c 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.listeners.yaml
@@ -37,7 +37,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.clusters.yaml
index 9f9bc9f1dffe..0ba1749076af 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.clusters.yaml
@@ -93,4 +93,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.listeners.yaml
index 7840bfa0104e..b1d7de26ff97 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.listeners.yaml
@@ -36,7 +36,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.clusters.yaml
index 21ea06816118..a3c9b6623c91 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.clusters.yaml
@@ -101,4 +101,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.listeners.yaml
index 4e74648095d7..3486155cda8c 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.listeners.yaml
@@ -37,7 +37,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.clusters.yaml
index 33fc01336b88..427f6d15340b 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.clusters.yaml
@@ -110,4 +110,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.listeners.yaml
index 4e74648095d7..3486155cda8c 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.listeners.yaml
@@ -37,7 +37,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit.clusters.yaml
index 9f9bc9f1dffe..0ba1749076af 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit.clusters.yaml
@@ -93,4 +93,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit.listeners.yaml
index 4e74648095d7..3486155cda8c 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit.listeners.yaml
@@ -37,7 +37,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/retry-partial-invalid.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/retry-partial-invalid.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/retry-partial-invalid.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/retry-partial-invalid.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/simple-tls.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/simple-tls.listeners.yaml
index 30b2c8f660ea..51c022c26f3b 100644
--- a/internal/xds/translator/testdata/out/xds-ir/simple-tls.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/simple-tls.listeners.yaml
@@ -28,7 +28,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10080
useRemoteAddress: true
name: first-listener
transportSocket:
diff --git a/internal/xds/translator/testdata/out/xds-ir/suppress-envoy-headers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/suppress-envoy-headers.listeners.yaml
index 4111a2f7c1eb..0598759f7765 100644
--- a/internal/xds/translator/testdata/out/xds-ir/suppress-envoy-headers.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/suppress-envoy-headers.listeners.yaml
@@ -30,7 +30,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10080
useRemoteAddress: true
name: first-listener
transportSocket:
diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-route-complex.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-route-complex.listeners.yaml
index a02d5e7cfe3d..a6072e34b20d 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tcp-route-complex.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tcp-route-complex.listeners.yaml
@@ -14,7 +14,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tcp-route-complex-dest
- statPrefix: passthrough
+ statPrefix: tls-passthrough-10080
name: tcp-route-complex
listenerFilters:
- name: envoy.filters.listener.tls_inspector
diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-route-simple.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-route-simple.listeners.yaml
index 10d02ab47e32..1bed88c68823 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tcp-route-simple.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tcp-route-simple.listeners.yaml
@@ -9,7 +9,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tcp-route-simple-dest
- statPrefix: tcp
+ statPrefix: tcp-10080
name: tcp-route-simple
name: tcp-listener-simple
perConnectionBufferLimitBytes: 32768
diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-route-tls-terminate.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-route-tls-terminate.listeners.yaml
index c3726babf212..cc74c19ed918 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tcp-route-tls-terminate.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tcp-route-tls-terminate.listeners.yaml
@@ -9,7 +9,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tls-terminate-dest
- statPrefix: terminate
+ statPrefix: tls-terminate-10080
name: tls-route-terminate
transportSocket:
name: envoy.transport_sockets.tls
@@ -33,7 +33,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tls-terminate-hostname-dest
- statPrefix: terminate
+ statPrefix: tls-terminate-10080
name: tls-terminate-hostname
transportSocket:
name: envoy.transport_sockets.tls
diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-route-weighted-backend.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-route-weighted-backend.listeners.yaml
index 0736b9321515..f38ddc66108f 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tcp-route-weighted-backend.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tcp-route-weighted-backend.listeners.yaml
@@ -14,7 +14,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tcp-route-weighted-backend-dest
- statPrefix: passthrough
+ statPrefix: tls-passthrough-10080
name: tcp-route-weighted-backend
listenerFilters:
- name: envoy.filters.listener.tls_inspector
diff --git a/internal/xds/translator/testdata/out/xds-ir/timeout.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/timeout.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/timeout.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/timeout.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/tls-route-passthrough.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tls-route-passthrough.listeners.yaml
index be0e5ea7e828..5d20f1779347 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tls-route-passthrough.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tls-route-passthrough.listeners.yaml
@@ -12,7 +12,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tls-passthrough-foo-dest
- statPrefix: passthrough
+ statPrefix: tls-passthrough-10080
name: tls-route-passthrough-foo
listenerFilters:
- name: envoy.filters.listener.tls_inspector
@@ -34,7 +34,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tls-passthrough-bar-dest
- statPrefix: passthrough
+ statPrefix: tls-passthrough-10081
name: tls-route-passthrough-bar
listenerFilters:
- name: envoy.filters.listener.tls_inspector
diff --git a/internal/xds/translator/testdata/out/xds-ir/tls-with-ciphers-versions-alpn.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tls-with-ciphers-versions-alpn.listeners.yaml
index f3f8deebcb7e..d5c31c5021a7 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tls-with-ciphers-versions-alpn.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tls-with-ciphers-versions-alpn.listeners.yaml
@@ -31,7 +31,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10080
useRemoteAddress: true
name: first-listener
transportSocket:
@@ -88,7 +88,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tls-terminate-dest
- statPrefix: terminate
+ statPrefix: tls-terminate-10081
name: tls-route-terminate
transportSocket:
name: envoy.transport_sockets.tls
diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.clusters.yaml
index 0936f4b459a4..9e7469dd2785 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.clusters.yaml
@@ -50,4 +50,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.listeners.yaml
index 760955a8da0c..dcfd967ecb8b 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
tracing:
clientSampling:
value: 100
diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.listeners.yaml
index 25b3e9e4d405..e169de7eb0d7 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
tracing:
clientSampling:
value: 100
diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing.clusters.yaml
index 35bc81158da0..dce48b2c083c 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tracing.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tracing.clusters.yaml
@@ -46,4 +46,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing.listeners.yaml
index 7e5a19bcca1b..3f76ab8e616a 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tracing.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tracing.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
tracing:
clientSampling:
value: 100
diff --git a/internal/xds/translator/testdata/out/xds-ir/upstream-tcpkeepalive.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/upstream-tcpkeepalive.listeners.yaml
index 67922c7444fd..586f3fa82dfc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/upstream-tcpkeepalive.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/upstream-tcpkeepalive.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/wasm.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/wasm.listeners.yaml
index e5ecdbb81565..c04f247fd686 100755
--- a/internal/xds/translator/testdata/out/xds-ir/wasm.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/wasm.listeners.yaml
@@ -105,7 +105,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-1/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway/gateway-1/http
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/translator.go b/internal/xds/translator/translator.go
index 861e36ca8f1c..9fa5e7009861 100644
--- a/internal/xds/translator/translator.go
+++ b/internal/xds/translator/translator.go
@@ -450,13 +450,19 @@ func (t *Translator) addRouteToRouteConfig(
vHost.Routes = append(vHost.Routes, xdsRoute)
if httpRoute.Destination != nil {
+ ea := &ExtraArgs{
+ metrics: metrics,
+ http1Settings: httpListener.HTTP1,
+ }
+
+ if httpRoute.Traffic != nil && httpRoute.Traffic.HTTP2 != nil {
+ ea.http2Settings = httpRoute.Traffic.HTTP2
+ }
+
if err = processXdsCluster(
tCtx,
&HTTPRouteTranslator{httpRoute},
- &ExtraArgs{
- metrics: metrics,
- http1Settings: httpListener.HTTP1,
- },
+ ea,
); err != nil {
errs = errors.Join(errs, err)
}
diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md
index d9a6b39ee663..40b28f39d4a8 100644
--- a/site/content/en/latest/api/extension_types.md
+++ b/site/content/en/latest/api/extension_types.md
@@ -288,7 +288,7 @@ _Appears in:_
| Field | Type | Required | Description |
| --- | --- | --- | --- |
-| `bufferLimit` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
If unspecified, an implementation defined default is applied (32768 bytes).
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes. |
+| `bufferLimit` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
If unspecified, an implementation defined default is applied (32768 bytes).
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes. |
#### BackendEndpoint
@@ -461,6 +461,7 @@ _Appears in:_
| `timeout` | _[Timeout](#timeout)_ | false | Timeout settings for the backend connections. |
| `connection` | _[BackendConnection](#backendconnection)_ | false | Connection includes backend connection settings. |
| `dns` | _[DNS](#dns)_ | false | DNS includes dns resolution settings. |
+| `http2` | _[HTTP2Settings](#http2settings)_ | false | HTTP2 provides HTTP/2 configuration for backend connections. |
#### BasicAuth
@@ -568,7 +569,7 @@ _Appears in:_
| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `connectionLimit` | _[ConnectionLimit](#connectionlimit)_ | false | ConnectionLimit defines limits related to connections |
-| `bufferLimit` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | BufferLimit provides configuration for the maximum buffer size in bytes for each incoming connection.
For example, 20Mi, 1Gi, 256Ki etc.
Note that when the suffix is not provided, the value is interpreted as bytes.
Default: 32768 bytes. |
+| `bufferLimit` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | BufferLimit provides configuration for the maximum buffer size in bytes for each incoming connection.
BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
For example, 20Mi, 1Gi, 256Ki etc.
Note that when the suffix is not provided, the value is interpreted as bytes.
Default: 32768 bytes. |
#### ClientIPDetectionSettings
@@ -1790,9 +1791,10 @@ _Appears in:_
-HTTP2Settings provides HTTP/2 configuration on the listener.
+HTTP2Settings provides HTTP/2 configuration for listeners and backends.
_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
- [ClientTrafficPolicySpec](#clienttrafficpolicyspec)
| Field | Type | Required | Description |
@@ -1800,6 +1802,7 @@ _Appears in:_
| `initialStreamWindowSize` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | InitialStreamWindowSize sets the initial window size for HTTP/2 streams.
If not set, the default value is 64 KiB(64*1024). |
| `initialConnectionWindowSize` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | InitialConnectionWindowSize sets the initial window size for HTTP/2 connections.
If not set, the default value is 1 MiB. |
| `maxConcurrentStreams` | _integer_ | false | MaxConcurrentStreams sets the maximum number of concurrent streams allowed per connection.
If not set, the default value is 100. |
+| `onInvalidMessage` | _[InvalidMessageAction](#invalidmessageaction)_ | false | OnInvalidMessage determines if Envoy will terminate the connection or just the offending stream in the event of HTTP messaging error
It's recommended for L2 Envoy deployments to set this value to TerminateStream.
https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/level_two
Default: TerminateConnection |
#### HTTP3Settings
@@ -2048,6 +2051,21 @@ _Appears in:_
| `Host` | InfrastructureProviderTypeHost defines the "Host" provider.
|
+#### InvalidMessageAction
+
+_Underlying type:_ _string_
+
+
+
+_Appears in:_
+- [HTTP2Settings](#http2settings)
+
+| Value | Description |
+| ----- | ----------- |
+| `TerminateConnection` | |
+| `TerminateStream` | |
+
+
#### JSONPatchOperation
diff --git a/site/content/zh/latest/api/extension_types.md b/site/content/zh/latest/api/extension_types.md
index d9a6b39ee663..40b28f39d4a8 100644
--- a/site/content/zh/latest/api/extension_types.md
+++ b/site/content/zh/latest/api/extension_types.md
@@ -288,7 +288,7 @@ _Appears in:_
| Field | Type | Required | Description |
| --- | --- | --- | --- |
-| `bufferLimit` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
If unspecified, an implementation defined default is applied (32768 bytes).
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes. |
+| `bufferLimit` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
If unspecified, an implementation defined default is applied (32768 bytes).
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes. |
#### BackendEndpoint
@@ -461,6 +461,7 @@ _Appears in:_
| `timeout` | _[Timeout](#timeout)_ | false | Timeout settings for the backend connections. |
| `connection` | _[BackendConnection](#backendconnection)_ | false | Connection includes backend connection settings. |
| `dns` | _[DNS](#dns)_ | false | DNS includes dns resolution settings. |
+| `http2` | _[HTTP2Settings](#http2settings)_ | false | HTTP2 provides HTTP/2 configuration for backend connections. |
#### BasicAuth
@@ -568,7 +569,7 @@ _Appears in:_
| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `connectionLimit` | _[ConnectionLimit](#connectionlimit)_ | false | ConnectionLimit defines limits related to connections |
-| `bufferLimit` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | BufferLimit provides configuration for the maximum buffer size in bytes for each incoming connection.
For example, 20Mi, 1Gi, 256Ki etc.
Note that when the suffix is not provided, the value is interpreted as bytes.
Default: 32768 bytes. |
+| `bufferLimit` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | BufferLimit provides configuration for the maximum buffer size in bytes for each incoming connection.
BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
For example, 20Mi, 1Gi, 256Ki etc.
Note that when the suffix is not provided, the value is interpreted as bytes.
Default: 32768 bytes. |
#### ClientIPDetectionSettings
@@ -1790,9 +1791,10 @@ _Appears in:_
-HTTP2Settings provides HTTP/2 configuration on the listener.
+HTTP2Settings provides HTTP/2 configuration for listeners and backends.
_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
- [ClientTrafficPolicySpec](#clienttrafficpolicyspec)
| Field | Type | Required | Description |
@@ -1800,6 +1802,7 @@ _Appears in:_
| `initialStreamWindowSize` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | InitialStreamWindowSize sets the initial window size for HTTP/2 streams.
If not set, the default value is 64 KiB(64*1024). |
| `initialConnectionWindowSize` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | InitialConnectionWindowSize sets the initial window size for HTTP/2 connections.
If not set, the default value is 1 MiB. |
| `maxConcurrentStreams` | _integer_ | false | MaxConcurrentStreams sets the maximum number of concurrent streams allowed per connection.
If not set, the default value is 100. |
+| `onInvalidMessage` | _[InvalidMessageAction](#invalidmessageaction)_ | false | OnInvalidMessage determines if Envoy will terminate the connection or just the offending stream in the event of HTTP messaging error
It's recommended for L2 Envoy deployments to set this value to TerminateStream.
https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/level_two
Default: TerminateConnection |
#### HTTP3Settings
@@ -2048,6 +2051,21 @@ _Appears in:_
| `Host` | InfrastructureProviderTypeHost defines the "Host" provider.
|
+#### InvalidMessageAction
+
+_Underlying type:_ _string_
+
+
+
+_Appears in:_
+- [HTTP2Settings](#http2settings)
+
+| Value | Description |
+| ----- | ----------- |
+| `TerminateConnection` | |
+| `TerminateStream` | |
+
+
#### JSONPatchOperation
diff --git a/site/hugo.toml b/site/hugo.toml
index ce169c84f3bc..90dddd05e263 100644
--- a/site/hugo.toml
+++ b/site/hugo.toml
@@ -134,9 +134,6 @@ github_branch= "main"
# Google Custom Search Engine ID. Remove or comment out to disable search.
# gcs_engine_id = "d72aa9b2712488cc3"
-# Enable Algolia DocSearch
-algolia_docsearch = false
-
# Enable Lunr.js offline search
offlineSearch = true
@@ -148,7 +145,7 @@ prism_syntax_highlighting = false
# Set to true to disable breadcrumb navigation.
breadcrumb_disable = false
# Set to true to disable the About link in the site footer
-footer_about_disable = false
+footer_about_enable = true
# Set to false if you don't want to display a logo (/assets/icons/logo.svg) in the top navbar
navbar_logo = true
# Set to true if you don't want the top navbar to be translucent when over a `block/cover`, like on the homepage.
diff --git a/site/layouts/_default/_markup/render-heading.html b/site/layouts/_default/_markup/render-heading.html
new file mode 100644
index 000000000000..7f8e97424d66
--- /dev/null
+++ b/site/layouts/_default/_markup/render-heading.html
@@ -0,0 +1 @@
+{{ template "_default/_markup/td-render-heading.html" . }}
diff --git a/test/e2e/tests/connection_limit.go b/test/e2e/tests/connection_limit.go
index 97594c97774b..d27b087ba53c 100644
--- a/test/e2e/tests/connection_limit.go
+++ b/test/e2e/tests/connection_limit.go
@@ -84,7 +84,7 @@ var ConnectionLimitTest = suite.ConformanceTest{
}
}
- prefix := "http"
+ prefix := "http-10080"
gtwName := "connection-limit-gateway"
promQL := fmt.Sprintf(`envoy_connection_limit_limited_connections{envoy_connection_limit_prefix="%s",gateway_envoyproxy_io_owning_gateway_name="%s"}`, prefix, gtwName)