merge from main

Signed-off-by: Ronnie Personal <76408835+Ronnie-personal@users.noreply.github.com>
envoyproxy · Aug 31, 2023 · 219949f · 219949f
2 parents c1b816c + a324513
commit 219949f
Show file tree

Hide file tree

Showing 161 changed files with 2,553 additions and 841 deletions.
diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml
@@ -76,7 +76,7 @@ jobs:
     needs: [build]
     strategy:
       matrix:
-        version: [ v1.25.8, v1.26.3, v1.27.0 ]
+        version: [ v1.26.6, v1.27.3, v1.28.0 ]
     steps:
     - uses: actions/checkout@v3
     - uses: ./tools/github-actions/setup-deps
@@ -104,7 +104,7 @@ jobs:
     needs: [build]
     strategy:
       matrix:
-        version: [ v1.25.8, v1.26.3, v1.27.0 ]
+        version: [ v1.26.6, v1.27.3, v1.28.0 ]
     steps:
     - uses: actions/checkout@v3
     - uses: ./tools/github-actions/setup-deps

diff --git a/.github/workflows/retest.yaml b/.github/workflows/retest.yaml
@@ -22,6 +22,6 @@ jobs:
       pull-requests: write
       actions: write
     steps:
-    - uses: envoyproxy/toolshed/gh-actions/retest@actions-v0.0.15
+    - uses: envoyproxy/toolshed/gh-actions/retest@actions-v0.0.17
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/api/config/v1alpha1/metric_types.go b/api/config/v1alpha1/metric_types.go
@@ -10,6 +10,9 @@ type ProxyMetrics struct {
 	Prometheus *PrometheusProvider `json:"prometheus,omitempty"`
 	// Sinks defines the metric sinks where metrics are sent to.
 	Sinks []MetricSink `json:"sinks,omitempty"`
+	// Matches defines configuration for selecting specific metrics instead of generating all metrics stats
+	// that are enabled by default. This helps reduce CPU and memory overhead in Envoy.
+	Matches []Match `json:"matches,omitempty"`
 }
 
 type MetricSinkType string
@@ -29,6 +32,23 @@ type MetricSink struct {
 	OpenTelemetry *OpenTelemetrySink `json:"openTelemetry,omitempty"`
 }
 
+// Match defines the stats match configuration.
+type Match struct {
+	// MatcherType defines the stats matcher type
+	//
+	// +kubebuilder:validation:Enum=RegularExpression;Prefix;Suffix
+	Type  MatcherType `json:"type"`
+	Value string      `json:"value"`
+}
+
+type MatcherType string
+
+const (
+	Prefix            MatcherType = "Prefix"
+	RegularExpression MatcherType = "RegularExpression"
+	Suffix            MatcherType = "Suffix"
+)
+
 type OpenTelemetrySink struct {
 	// Host define the service hostname.
 	Host string `json:"host"`

diff --git a/api/config/v1alpha1/shared_types.go b/api/config/v1alpha1/shared_types.go
@@ -172,6 +172,11 @@ type KubernetesServiceSpec struct {
 	// +optional
 	Type *ServiceType `json:"type,omitempty"`
 
+	// LoadBalancerClass, when specified, allows for choosing the LoadBalancer provider
+	// implementation if more than one are available or is otherwise expected to be specified
+	// +optional
+	LoadBalancerClass *string `json:"loadBalancerClass,omitempty"`
+
 	// TODO: Expose config as use cases are better understood, e.g. labels.
 }
 

diff --git a/api/config/v1alpha1/zz_generated.deepcopy.go b/api/config/v1alpha1/zz_generated.deepcopy.go
diff --git a/charts/gateway-helm/crds/gatewayapi-crds.yaml b/charts/gateway-helm/crds/gatewayapi-crds.yaml
diff --git a/charts/gateway-helm/crds/generated/config.gateway.envoyproxy.io_envoyproxies.yaml b/charts/gateway-helm/crds/generated/config.gateway.envoyproxy.io_envoyproxies.yaml
@@ -433,8 +433,9 @@ spec:
                                           be used. The profile must be preconfigured
                                           on the node to work. Must be a descending
                                           path, relative to the kubelet's configured
-                                          seccomp profile location. Must only be set
-                                          if type is "Localhost".
+                                          seccomp profile location. Must be set if
+                                          type is "Localhost". Must NOT be set for
+                                          any other type.
                                         type: string
                                       type:
                                         description: "type indicates which kind of
@@ -471,17 +472,12 @@ spec:
                                       hostProcess:
                                         description: HostProcess determines if a container
                                           should be run as a 'Host Process' container.
-                                          This field is alpha-level and will only
-                                          be honored by components that enable the
-                                          WindowsHostProcessContainers feature flag.
-                                          Setting this field without the feature flag
-                                          will result in errors when validating the
-                                          Pod. All of a Pod's containers must have
-                                          the same effective HostProcess value (it
-                                          is not allowed to have a mix of HostProcess
-                                          containers and non-HostProcess containers).  In
-                                          addition, if HostProcess is true then HostNetwork
-                                          must also be set to true.
+                                          All of a Pod's containers must have the
+                                          same effective HostProcess value (it is
+                                          not allowed to have a mix of HostProcess
+                                          containers and non-HostProcess containers).
+                                          In addition, if HostProcess is true then
+                                          HostNetwork must also be set to true.
                                         type: boolean
                                       runAsUserName:
                                         description: The UserName in Windows to run
@@ -1696,8 +1692,9 @@ spec:
                                           be used. The profile must be preconfigured
                                           on the node to work. Must be a descending
                                           path, relative to the kubelet's configured
-                                          seccomp profile location. Must only be set
-                                          if type is "Localhost".
+                                          seccomp profile location. Must be set if
+                                          type is "Localhost". Must NOT be set for
+                                          any other type.
                                         type: string
                                       type:
                                         description: "type indicates which kind of
@@ -1772,17 +1769,12 @@ spec:
                                       hostProcess:
                                         description: HostProcess determines if a container
                                           should be run as a 'Host Process' container.
-                                          This field is alpha-level and will only
-                                          be honored by components that enable the
-                                          WindowsHostProcessContainers feature flag.
-                                          Setting this field without the feature flag
-                                          will result in errors when validating the
-                                          Pod. All of a Pod's containers must have
-                                          the same effective HostProcess value (it
-                                          is not allowed to have a mix of HostProcess
-                                          containers and non-HostProcess containers).  In
-                                          addition, if HostProcess is true then HostNetwork
-                                          must also be set to true.
+                                          All of a Pod's containers must have the
+                                          same effective HostProcess value (it is
+                                          not allowed to have a mix of HostProcess
+                                          containers and non-HostProcess containers).
+                                          In addition, if HostProcess is true then
+                                          HostNetwork must also be set to true.
                                         type: boolean
                                       runAsUserName:
                                         description: The UserName in Windows to run
@@ -3807,6 +3799,12 @@ spec:
                             description: Annotations that should be appended to the
                               service. By default, no annotations are appended.
                             type: object
+                          loadBalancerClass:
+                            description: LoadBalancerClass, when specified, allows
+                              for choosing the LoadBalancer provider implementation
+                              if more than one are available or is otherwise expected
+                              to be specified
+                            type: string
                           type:
                             default: LoadBalancer
                             description: Type determines how the Service is exposed.
@@ -3941,6 +3939,28 @@ spec:
                     description: Metrics defines metrics configuration for managed
                       proxies.
                     properties:
+                      matches:
+                        description: Matches defines configuration for selecting specific
+                          metrics instead of generating all metrics stats that are
+                          enabled by default. This helps reduce CPU and memory overhead
+                          in Envoy.
+                        items:
+                          description: Match defines the stats match configuration.
+                          properties:
+                            type:
+                              description: MatcherType defines the stats matcher type
+                              enum:
+                              - RegularExpression
+                              - Prefix
+                              - Suffix
+                              type: string
+                            value:
+                              type: string
+                          required:
+                          - type
+                          - value
+                          type: object
+                        type: array
                       prometheus:
                         description: Prometheus defines the configuration for Admin
                           endpoint `/stats/prometheus`.

diff --git a/charts/gateway-helm/templates/_rbac.tpl b/charts/gateway-helm/templates/_rbac.tpl
@@ -19,6 +19,7 @@ All cluster scoped resources for Envoy Gateway RBAC.
 - {{ include "eg.rbac.cluster.basic" . | nindent 2 | trim }}
 - {{ include "eg.rbac.cluster.gateway.networking" . | nindent 2 | trim }}
 - {{ include "eg.rbac.cluster.gateway.networking.status" . | nindent 2 | trim }}
+- {{ include "eg.rbac.cluster.multiclusterservices" . | nindent 2 | trim }}
 {{- end }}
 
 {{/*
@@ -158,6 +159,18 @@ verbs:
 - watch
 {{- end }}
 
+
+{{- define "eg.rbac.cluster.multiclusterservices" -}}
+apiGroups:
+- multicluster.x-k8s.io
+resources:
+- serviceimports
+verbs:
+- get
+- list
+- watch
+{{- end }}
+
 {{- define "eg.rbac.cluster.gateway.networking.status" -}}
 apiGroups:
 - gateway.networking.k8s.io

diff --git a/docs/latest/api/config_types.md b/docs/latest/api/config_types.md
@@ -550,6 +550,7 @@ _Appears in:_
 | --- | --- |
 | `annotations` _object (keys:string, values:string)_ | Annotations that should be appended to the service. By default, no annotations are appended. |
 | `type` _[ServiceType](#servicetype)_ | Type determines how the Service is exposed. Defaults to LoadBalancer. Valid options are ClusterIP, LoadBalancer and NodePort. "LoadBalancer" means a service will be exposed via an external load balancer (if the cloud provider supports it). "ClusterIP" means a service will only be accessible inside the cluster, via the cluster IP. "NodePort" means a service will be exposed on a static Port on all Nodes of the cluster. |
+| `loadBalancerClass` _string_ | LoadBalancerClass, when specified, allows for choosing the LoadBalancer provider implementation if more than one are available or is otherwise expected to be specified |
 
 
 ## KubernetesWatchMode
@@ -603,6 +604,32 @@ _Appears in:_
 
 
 
+## Match
+
+
+
+Match defines the stats match configuration.
+
+_Appears in:_
+- [ProxyMetrics](#proxymetrics)
+
+| Field | Description |
+| --- | --- |
+| `type` _[MatcherType](#matchertype)_ | MatcherType defines the stats matcher type |
+| `value` _string_ |  |
+
+
+## MatcherType
+
+_Underlying type:_ `string`
+
+
+
+_Appears in:_
+- [Match](#match)
+
+
+
 ## MetricSink
 
 
@@ -809,6 +836,7 @@ _Appears in:_
 | --- | --- |
 | `prometheus` _[PrometheusProvider](#prometheusprovider)_ | Prometheus defines the configuration for Admin endpoint `/stats/prometheus`. |
 | `sinks` _[MetricSink](#metricsink) array_ | Sinks defines the metric sinks where metrics are sent to. |
+| `matches` _[Match](#match) array_ | Matches defines configuration for selecting specific metrics instead of generating all metrics stats that are enabled by default. This helps reduce CPU and memory overhead in Envoy. |
 
 
 ## ProxyTelemetry

diff --git a/docs/latest/design/accesslog.md b/docs/latest/design/accesslog.md
@@ -133,7 +133,7 @@ metadata:
 spec:
   telemetry:
     accessLog:
-      disabled: true
+      disable: true
 ```
 
 2. The following is an example with text format access log.

diff --git a/docs/latest/intro/compatibility.rst b/docs/latest/intro/compatibility.rst
@@ -18,7 +18,7 @@ and the Gateway API actually compiled into each Envoy Gateway release.
 +--------------------------+---------------------+---------------------+---------------------+----------------------------+
 | v0.2.0                   | **v1.23-latest**    |                     |  **v0.5.1**         | v1.24                      |
 +--------------------------+---------------------+---------------------+---------------------+----------------------------+
-| latest                   | **dev-latest**      |   **master**        |  **v0.7.1**         | v1.25, v1.26, v1.27        |
+| latest                   | **dev-latest**      |   **master**        |  **v0.8.0**         | v1.26, v1.27, v1.28        |
 +--------------------------+---------------------+---------------------+---------------------+----------------------------+
 
 .. note::

diff --git a/docs/latest/user/proxy-observability.md b/docs/latest/user/proxy-observability.md
@@ -93,7 +93,7 @@ Verify logs from loki:
 curl -s "http://$LOKI_IP:3100/loki/api/v1/query_range" --data-urlencode "query={job=\"fluentbit\"}" | jq '.data.result[0].values'
 ```
 
-If you want to disable it, set the `telemetry.accesslog.disabled` to `true` in the `EnvoyProxy` CRD.
+If you want to disable it, set the `telemetry.accesslog.disable` to `true` in the `EnvoyProxy` CRD.
 
 ```shell
 kubectl apply -f https://raw.githubusercontent.com/envoyproxy/gateway/latest/examples/kubernetes/accesslog/disable-accesslog.yaml
@@ -130,4 +130,4 @@ curl -s "http://$TEMPO_IP:3100/api/search" --data-urlencode "q={ component=envoy
 
 ```shell
 curl -s "http://$TEMPO_IP:3100/api/traces/<trace_id>" | jq
-```
+```
diff --git a/docs/v0.5.0/design/accesslog.md b/docs/v0.5.0/design/accesslog.md
@@ -133,7 +133,7 @@ metadata:
 spec:
   telemetry:
     accessLog:
-      disabled: true
+      disable: true
 ```
 
 2. The following is an example with text format access log.

diff --git a/docs/v0.5.0/user/proxy-observability.md b/docs/v0.5.0/user/proxy-observability.md
@@ -93,7 +93,7 @@ Verify logs from loki:
 curl -s "http://$LOKI_IP:3100/loki/api/v1/query_range" --data-urlencode "query={job=\"fluentbit\"}" | jq '.data.result[0].values'
 ```
 
-If you want to disable it, set the `telemetry.accesslog.disabled` to `true` in the `EnvoyProxy` CRD.
+If you want to disable it, set the `telemetry.accesslog.disable` to `true` in the `EnvoyProxy` CRD.
 
 ```shell
 kubectl apply -f https://raw.githubusercontent.com/envoyproxy/gateway/latest/examples/kubernetes/accesslog/disable-accesslog.yaml
@@ -130,4 +130,4 @@ curl -s "http://$TEMPO_IP:3100/api/search" --data-urlencode "q={ component=envoy
 
 ```shell
 curl -s "http://$TEMPO_IP:3100/api/traces/<trace_id>" | jq
-```
+```
diff --git a/examples/kubernetes/accesslog/disable-accesslog.yaml b/examples/kubernetes/accesslog/disable-accesslog.yaml
@@ -18,4 +18,4 @@ metadata:
 spec:
   telemetry:
     accessLog:
-      disabled: true
+      disable: true
diff --git a/examples/kubernetes/tracing/default.yaml b/examples/kubernetes/tracing/default.yaml
@@ -23,6 +23,7 @@ spec:
       provider:
         host: otel-collector.monitoring.svc.cluster.local
         port: 4317
+        type: OpenTelemetry
       customTags:
         # This is an example of using a literal as a tag value
         key1: