Skip to content

Commit

Permalink
Merge branch 'main' of github.com:envoyproxy/gateway into egctl-statu…
Browse files Browse the repository at this point in the history
…s-policy
  • Loading branch information
shawnh2 committed Apr 15, 2024
2 parents 8a4ac5d + 9f00be3 commit 3a50f08
Show file tree
Hide file tree
Showing 579 changed files with 25,536 additions and 13,404 deletions.
4 changes: 4 additions & 0 deletions .github/codecov.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,7 @@ coverage:
target: 60%
threshold: 5%
if_ci_failed: error
ignore:
- "cmd"
- "**/*.pb.go"
- "**/zz_generated.deepcopy.go"
2 changes: 2 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ updates:
ignore:
# skip to update retest, because it won't work with the latest version
- dependency-name: "envoyproxy/toolshed/gh-actions/retest"
# skip until https://github.com/codecov/feedback/issues/112 is resolved
- dependency-name: "codecov/codecov-action"
- package-ecosystem: github-actions
directory: /tools/github-actions/setup-deps
schedule:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/build_and_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ jobs:
- name: Upload coverage to Codecov
uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # v3.1.5
with:
fail_ci_if_error: true
fail_ci_if_error: false
files: ./coverage.xml
name: codecov-envoy-gateway
verbose: true
Expand Down
5 changes: 3 additions & 2 deletions .github/workflows/cherrypick.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@ on:
types: ["closed"]

permissions:
contents: read
pull-requests: write
contents: write

jobs:
cherry_pick_release_v1_0:
Expand All @@ -19,7 +20,7 @@ jobs:
with:
fetch-depth: 0
- name: Cherry pick into release/v1.0
uses: carloscastrojumo/github-cherry-pick-action@a145da1b8142e752d3cbc11aaaa46a535690f0c5 # v1.0.9
uses: carloscastrojumo/github-cherry-pick-action@503773289f4a459069c832dc628826685b75b4b3 # v1.0.10
with:
branch: release/v1.0
title: "[release/v1.0] {old_title}"
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,14 +36,14 @@ jobs:
- uses: ./tools/github-actions/setup-deps

- name: Initialize CodeQL
uses: github/codeql-action/init@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7
uses: github/codeql-action/init@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
with:
languages: ${{ matrix.language }}

- name: Autobuild
uses: github/codeql-action/autobuild@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7
uses: github/codeql-action/autobuild@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7
uses: github/codeql-action/analyze@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
with:
category: "/language:${{matrix.language}}"
16 changes: 14 additions & 2 deletions .github/workflows/docs.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,14 @@ on:
- "release/v*"
paths:
- 'site/**'
- 'tools/make/docs.mk'
pull_request:
branches:
- "main"
- "release/v*"
paths:
- 'site/**'
- 'tools/make/docs.mk'

permissions:
contents: read
Expand All @@ -25,12 +27,20 @@ jobs:
with:
ref: ${{ github.event.pull_request.head.sha }}

- uses: ./tools/github-actions/setup-deps

- name: Run markdown linter
uses: nosborn/github-action-markdown-cli@9b5e871c11cc0649c5ac2526af22e23525fa344d # v3.3.0
with:
files: site/content/*
config_file: ".github/markdown_lint_config.json"

- name: Install linkinator
run: npm install -g linkinator@6.0.4

- name: Check links
run: make docs docs-check-links

docs-build:
runs-on: ubuntu-latest
needs: docs-lint
Expand All @@ -43,8 +53,10 @@ jobs:
submodules: true
ref: ${{ github.event.pull_request.head.sha }}

- uses: ./tools/github-actions/setup-deps

- name: Setup Hugo
uses: peaceiris/actions-hugo@16361eb4acea8698b220b76c0d4e84e1fd22c61d # v2.6.0
uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0
with:
hugo-version: 'latest'
extended: true
Expand Down Expand Up @@ -86,4 +98,4 @@ jobs:
steps:
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@decdde0ac072f6dcbe43649d82d9c635fff5b4e4 # v4.0.4
uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5
2 changes: 1 addition & 1 deletion .github/workflows/scorecard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,6 @@ jobs:
retention-days: 5

- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7
uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
with:
sarif_file: results.sarif
10 changes: 10 additions & 0 deletions ADOPTERS.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,3 +41,13 @@ If you would like to be included in this table, please submit a PR to this file
* Status: production
* (Option) https://tetrate.io/wp-content/uploads/2023/03/tetrate-logo-dark.svg
* (Option) Description:

## Airspace Link
* Organizatioin: Airspace Link
* Website: https://airspacelink.com/
* Category: End User
* Environments: Azure
* Use Cases:
- Airspace Link is using Envoy Gateway to route all public APIs to Kubernetes clusters, developers are manipulating routes descriptions using agnostic manifest files, which are then automatically provisioned using Envoy Gateway.
* Status: production
* Logo: https://airhub.airspacelink.com/images/asl-flat-logo.png
1 change: 0 additions & 1 deletion OWNERS
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ reviewers:

- chauhanshubham
- kflynn
- LanceEa
- tmsnan
- tanujd11
- cnvergence
Expand Down
11 changes: 6 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,14 @@

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or
Kubernetes-based application gateway.
[Gateway API](https://gateway-api.sigs.k8s.io) resources are used to dynamically provision and configure the managed Envoy Proxies.

## Documentation

* [Blog][blog] introducing Envoy Gateway.
* [Goals](GOALS.md)
* [Quickstart](https://gateway.envoyproxy.io/latest/user/quickstart/) to use Envoy Gateway in a few simple steps.
* [Roadmap](https://gateway.envoyproxy.io/latest/contributions/roadmap/)
* [Quickstart](https://gateway.envoyproxy.io/latest/tasks/quickstart/) to use Envoy Gateway in a few simple steps.
* [Roadmap](https://gateway.envoyproxy.io/contributions/roadmap/)

## Contact

Expand All @@ -21,9 +22,9 @@ Kubernetes-based application gateway.

## Contributing

* [Code of conduct](https://gateway.envoyproxy.io/latest/contributions/code_of_conduct/)
* [Contributing guide](https://gateway.envoyproxy.io/latest/contributions/contributing/)
* [Developer guide](https://gateway.envoyproxy.io/latest/contributions/develop/)
* [Code of conduct](/CODE_OF_CONDUCT)
* [Contributing guide](https://gateway.envoyproxy.io/contributions/contributing/)
* [Developer guide](https://gateway.envoyproxy.io/contributions/develop/)

## Community Meeting

Expand Down
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
v1.0.0
v1.0.1
81 changes: 78 additions & 3 deletions api/v1alpha1/accesslogging_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,10 @@ type ProxyAccessLogFormat struct {
type ProxyAccessLogSinkType string

const (
// ProxyAccessLogSinkTypeALS defines the gRPC Access Log Service (ALS) sink.
// The service must implement the Envoy gRPC Access Log Service streaming API:
// https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/accesslog/v3/als.proto
ProxyAccessLogSinkTypeALS ProxyAccessLogSinkType = "ALS"
// ProxyAccessLogSinkTypeFile defines the file accesslog sink.
ProxyAccessLogSinkTypeFile ProxyAccessLogSinkType = "File"
// ProxyAccessLogSinkTypeOpenTelemetry defines the OpenTelemetry accesslog sink.
Expand All @@ -71,13 +75,17 @@ const (
// ProxyAccessLogSink defines the sink of accesslog.
// +union
//
// +kubebuilder:validation:XValidation:rule="self.type == 'ALS' ? has(self.als) : !has(self.als)",message="If AccessLogSink type is ALS, als field needs to be set."
// +kubebuilder:validation:XValidation:rule="self.type == 'File' ? has(self.file) : !has(self.file)",message="If AccessLogSink type is File, file field needs to be set."
// +kubebuilder:validation:XValidation:rule="self.type == 'OpenTelemetry' ? has(self.openTelemetry) : !has(self.openTelemetry)",message="If AccessLogSink type is OpenTelemetry, openTelemetry field needs to be set."
type ProxyAccessLogSink struct {
// Type defines the type of accesslog sink.
// +kubebuilder:validation:Enum=File;OpenTelemetry
// +kubebuilder:validation:Enum=ALS;File;OpenTelemetry
// +unionDiscriminator
Type ProxyAccessLogSinkType `json:"type,omitempty"`
// ALS defines the gRPC Access Log Service (ALS) sink.
// +optional
ALS *ALSEnvoyProxyAccessLog `json:"als,omitempty"`
// File defines the file accesslog sink.
// +optional
File *FileEnvoyProxyAccessLog `json:"file,omitempty"`
Expand All @@ -86,22 +94,89 @@ type ProxyAccessLogSink struct {
OpenTelemetry *OpenTelemetryEnvoyProxyAccessLog `json:"openTelemetry,omitempty"`
}

type ALSEnvoyProxyAccessLogType string

const (
// ALSEnvoyProxyAccessLogTypeHTTP defines the HTTP access log type and will populate StreamAccessLogsMessage.http_logs.
ALSEnvoyProxyAccessLogTypeHTTP ALSEnvoyProxyAccessLogType = "HTTP"
// ALSEnvoyProxyAccessLogTypeTCP defines the TCP access log type and will populate StreamAccessLogsMessage.tcp_logs.
ALSEnvoyProxyAccessLogTypeTCP ALSEnvoyProxyAccessLogType = "TCP"
)

// ALSEnvoyProxyAccessLog defines the gRPC Access Log Service (ALS) sink.
// The service must implement the Envoy gRPC Access Log Service streaming API:
// https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/accesslog/v3/als.proto
// Access log format information is passed in the form of gRPC metadata when the
// stream is established. Specifically, the following metadata is passed:
//
// - `x-accesslog-text` - The access log format string when a Text format is used.
// - `x-accesslog-attr` - JSON encoded key/value pairs when a JSON format is used.
//
// +kubebuilder:validation:XValidation:rule="self.type == 'HTTP' || !has(self.http)",message="The http field may only be set when type is HTTP."
type ALSEnvoyProxyAccessLog struct {
// BackendRefs references a Kubernetes object that represents the gRPC service to which
// the access logs will be sent. Currently only Service is supported.
//
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:MaxItems=1
// +kubebuilder:validation:XValidation:message="BackendRefs only supports Service kind.",rule="self.all(f, f.kind == 'Service')"
BackendRefs []BackendRef `json:"backendRefs"`
// LogName defines the friendly name of the access log to be returned in
// StreamAccessLogsMessage.Identifier. This allows the access log server
// to differentiate between different access logs coming from the same Envoy.
// +optional
// +kubebuilder:validation:MinLength=1
LogName *string `json:"logName,omitempty"`
// Type defines the type of accesslog. Supported types are "HTTP" and "TCP".
// +kubebuilder:validation:Enum=HTTP;TCP
Type ALSEnvoyProxyAccessLogType `json:"type"`
// HTTP defines additional configuration specific to HTTP access logs.
// +optional
HTTP *ALSEnvoyProxyHTTPAccessLogConfig `json:"http,omitempty"`
}

type ALSEnvoyProxyHTTPAccessLogConfig struct {
// RequestHeaders defines request headers to include in log entries sent to the access log service.
// +optional
RequestHeaders []string `json:"requestHeaders,omitempty"`
// ResponseHeaders defines response headers to include in log entries sent to the access log service.
// +optional
ResponseHeaders []string `json:"responseHeaders,omitempty"`
// ResponseTrailers defines response trailers to include in log entries sent to the access log service.
// +optional
ResponseTrailers []string `json:"responseTrailers,omitempty"`
}

type FileEnvoyProxyAccessLog struct {
// Path defines the file path used to expose envoy access log(e.g. /dev/stdout).
// +kubebuilder:validation:MinLength=1
Path string `json:"path,omitempty"`
}

// TODO: consider reuse ExtensionService?
// OpenTelemetryEnvoyProxyAccessLog defines the OpenTelemetry access log sink.
//
// +kubebuilder:validation:XValidation:message="host or backendRefs needs to be set",rule="has(self.host) || self.backendRefs.size() > 0"
type OpenTelemetryEnvoyProxyAccessLog struct {
// Host define the extension service hostname.
Host string `json:"host"`
// Deprecated: Use BackendRef instead.
//
// +optional
Host *string `json:"host,omitempty"`
// Port defines the port the extension service is exposed on.
// Deprecated: Use BackendRef instead.
//
// +optional
// +kubebuilder:validation:Minimum=0
// +kubebuilder:default=4317
Port int32 `json:"port,omitempty"`
// BackendRefs references a Kubernetes object that represents the
// backend server to which the accesslog will be sent.
// Only service Kind is supported for now.
//
// +optional
// +kubebuilder:validation:MaxItems=1
// +kubebuilder:validation:XValidation:message="only support Service kind.",rule="self.all(f, f.kind == 'Service')"
BackendRefs []BackendRef `json:"backendRefs,omitempty"`
// Resources is a set of labels that describe the source of a log entry, including envoy node info.
// It's recommended to follow [semantic conventions](https://opentelemetry.io/docs/reference/specification/resource/semantic_conventions/).
// +optional
Expand Down
1 change: 1 addition & 0 deletions api/v1alpha1/backendtrafficpolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ type BackendTrafficPolicySpec struct {
// The compression config for the http streams.
//
// +optional
// +notImplementedHide
Compression []*Compression `json:"compression,omitempty"`
}

Expand Down
22 changes: 22 additions & 0 deletions api/v1alpha1/clienttrafficpolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -99,8 +99,30 @@ type HeaderSettings struct {
// and responses.
// +optional
EnableEnvoyHeaders *bool `json:"enableEnvoyHeaders,omitempty"`

// WithUnderscoresAction configures the action to take when an HTTP header with underscores
// is encountered. The default action is to reject the request.
// +optional
WithUnderscoresAction *WithUnderscoresAction `json:"withUnderscoresAction,omitempty"`
}

// WithUnderscoresAction configures the action to take when an HTTP header with underscores
// is encountered.
// +kubebuilder:validation:Enum=Allow;RejectRequest;DropHeader
type WithUnderscoresAction string

const (
// WithUnderscoresActionAllow allows headers with underscores to be passed through.
WithUnderscoresActionAllow WithUnderscoresAction = "Allow"
// WithUnderscoresActionRejectRequest rejects the client request. HTTP/1 requests are rejected with
// the 400 status. HTTP/2 requests end with the stream reset.
WithUnderscoresActionRejectRequest WithUnderscoresAction = "RejectRequest"
// WithUnderscoresActionDropHeader drops the client header with name containing underscores. The header
// is dropped before the filter chain is invoked and as such filters will not see
// dropped headers.
WithUnderscoresActionDropHeader WithUnderscoresAction = "DropHeader"
)

// ClientIPDetectionSettings provides configuration for determining the original client IP address for requests.
//
// +kubebuilder:validation:XValidation:rule="!(has(self.xForwardedFor) && has(self.customHeader))",message="customHeader cannot be used in conjunction with xForwardedFor"
Expand Down
20 changes: 15 additions & 5 deletions api/v1alpha1/connection_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,24 +5,34 @@

package v1alpha1

import gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
import (
"k8s.io/apimachinery/pkg/api/resource"
gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
)

// Connection allows users to configure connection-level settings
type Connection struct {
// Limit defines limits related to connections
// ConnectionLimit defines limits related to connections
//
// +optional
Limit *ConnectionLimit `json:"limit,omitempty"`
ConnectionLimit *ConnectionLimit `json:"connectionLimit,omitempty"`
// BufferLimit provides configuration for the maximum buffer size in bytes for each incoming connection.
// For example, 20Mi, 1Gi, 256Ki etc.
// Note that when the suffix is not provided, the value is interpreted as bytes.
// Default: 32768 bytes.
//
// +kubebuilder:validation:XValidation:rule="type(self) == string ? self.matches(r\"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\") : type(self) == int",message="bufferLimit must be of the format \"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\""
// +optional
BufferLimit *resource.Quantity `json:"bufferLimit,omitempty"`
}

type ConnectionLimit struct {
// Value of the maximum concurrent connections limit.
// When the limit is reached, incoming connections will be closed after the CloseDelay duration.
// Default: unlimited.
//
// +optional
// +kubebuilder:validation:Minimum=0
Value *int64 `json:"value,omitempty"`
Value int64 `json:"value,omitempty"`

// CloseDelay defines the delay to use before closing connections that are rejected
// once the limit value is reached.
Expand Down
Loading

0 comments on commit 3a50f08

Please sign in to comment.