Merge remote-tracking branch 'upstream/main' into oidc-doc

envoyproxy · Mar 10, 2024 · ac4c0cc · ac4c0cc
2 parents 06da176 + 69010d2
commit ac4c0cc
Show file tree

Hide file tree

Showing 225 changed files with 6,382 additions and 982 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -32,6 +32,9 @@ updates:
       k8s.io:
         patterns:
           - "k8s.io/*"
+      go.opentelemetry.io:
+        patterns:
+          - "go.opentelemetry.io/*"
   - package-ecosystem: pip
     directory: /tools/src/codespell
     schedule:

diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml
@@ -80,7 +80,7 @@ jobs:
     needs: [build]
     strategy:
       matrix:
-        version: [ v1.27.3, v1.28.0, v1.29.0 ]
+        version: [ v1.26.14, v1.27.11, v1.28.7, v1.29.2 ]
     steps:
     - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.1
     - uses: ./tools/github-actions/setup-deps
@@ -108,7 +108,7 @@ jobs:
     needs: [build]
     strategy:
       matrix:
-        version: [ v1.27.3, v1.28.0, v1.29.0 ]
+        version: [ v1.26.14, v1.27.11, v1.28.7, v1.29.2 ]
     steps:
     - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.1
     - uses: ./tools/github-actions/setup-deps

diff --git a/.github/workflows/cherrypick.yaml b/.github/workflows/cherrypick.yaml
@@ -9,23 +9,23 @@ permissions:
   contents: read
 
 jobs:
-  cherry_pick_release_v0_6:
+  cherry_pick_release_v1_0:
     runs-on: ubuntu-22.04
-    name: Cherry pick into release-v0.6
-    if: ${{ contains(github.event.pull_request.labels.*.name, 'cherrypick/release-v0.6') && github.event.pull_request.merged == true }}
+    name: Cherry pick into release-v1.0
+    if: ${{ contains(github.event.pull_request.labels.*.name, 'cherrypick/release-v1.0') && github.event.pull_request.merged == true }}
     steps:
       - name: Checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.1
         with:
           fetch-depth: 0
-      - name: Cherry pick into release/v0.6
+      - name: Cherry pick into release/v1.0
         uses: carloscastrojumo/github-cherry-pick-action@a145da1b8142e752d3cbc11aaaa46a535690f0c5  # v1.0.9
         with:
-          branch: release/v0.6
-          title: "[release/v0.6] {old_title}"
-          body: "Cherry picking #{old_pull_request_id} onto release/v0.6"
+          branch: release/v1.0
+          title: "[release/v1.0] {old_title}"
+          body: "Cherry picking #{old_pull_request_id} onto release/v1.0"
           labels: |
-            cherrypick/release-v0.6
+            cherrypick/release-v1.0
           # put release manager here
           reviewers: |
-            arkodg
+            Xunzhuo
diff --git a/.github/workflows/experimental_conformance.yaml b/.github/workflows/experimental_conformance.yaml
@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        version: [ v1.26.6, v1.27.3, v1.28.0 ]
+        version: [ v1.26.14, v1.27.11, v1.28.7, v1.29.2 ]
     steps:
     - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.1
     - uses: ./tools/github-actions/setup-deps

diff --git a/.gitignore b/.gitignore
@@ -31,3 +31,6 @@ vendor/
 
 # values.yaml file is generated from its template counterpart.
 charts/gateway-helm/values.yaml
+
+# VIM
+.*.swp
diff --git a/OWNERS b/OWNERS
@@ -15,6 +15,7 @@ maintainers:
 - zirain
 - qicz
 - zhaohuabing
+- guydc
 
 reviewers:
 
@@ -25,5 +26,4 @@ reviewers:
 - tanujd11
 - cnvergence
 - shawnh2
-- guydc
 - liorokman
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-v0.6.0
+v1.0.0-rc.1
diff --git a/api/v1alpha1/kubernetes_helpers.go b/api/v1alpha1/kubernetes_helpers.go
@@ -17,12 +17,6 @@ import (
 	"k8s.io/utils/ptr"
 )
 
-// DefaultKubernetesDeploymentReplicas returns the default replica settings.
-func DefaultKubernetesDeploymentReplicas() *int32 {
-	repl := int32(DefaultDeploymentReplicas)
-	return &repl
-}
-
 // DefaultKubernetesDeploymentStrategy returns the default deployment strategy settings.
 func DefaultKubernetesDeploymentStrategy() *appv1.DeploymentStrategy {
 	return &appv1.DeploymentStrategy{
@@ -38,7 +32,6 @@ func DefaultKubernetesContainerImage(image string) *string {
 // DefaultKubernetesDeployment returns a new KubernetesDeploymentSpec with default settings.
 func DefaultKubernetesDeployment(image string) *KubernetesDeploymentSpec {
 	return &KubernetesDeploymentSpec{
-		Replicas:  DefaultKubernetesDeploymentReplicas(),
 		Strategy:  DefaultKubernetesDeploymentStrategy(),
 		Pod:       DefaultKubernetesPod(),
 		Container: DefaultKubernetesContainer(image),
@@ -96,10 +89,6 @@ func GetKubernetesServiceExternalTrafficPolicy(serviceExternalTrafficPolicy Serv
 
 // defaultKubernetesDeploymentSpec fill a default KubernetesDeploymentSpec if unspecified.
 func (deployment *KubernetesDeploymentSpec) defaultKubernetesDeploymentSpec(image string) {
-	if deployment.Replicas == nil {
-		deployment.Replicas = DefaultKubernetesDeploymentReplicas()
-	}
-
 	if deployment.Strategy == nil {
 		deployment.Strategy = DefaultKubernetesDeploymentStrategy()
 	}
@@ -121,6 +110,7 @@ func (deployment *KubernetesDeploymentSpec) defaultKubernetesDeploymentSpec(imag
 	}
 }
 
+// setDefault fill a default HorizontalPodAutoscalerSpec if unspecified
 func (hpa *KubernetesHorizontalPodAutoscalerSpec) setDefault() {
 	if len(hpa.Metrics) == 0 {
 		hpa.Metrics = DefaultEnvoyProxyHpaMetrics()

diff --git a/api/v1alpha1/shared_types.go b/api/v1alpha1/shared_types.go
@@ -126,10 +126,6 @@ type KubernetesPodSpec struct {
 	// +optional
 	Volumes []corev1.Volume `json:"volumes,omitempty"`
 
-	// HostNetwork, If this is set to true, the pod will use host's network namespace.
-	// +optional
-	HostNetwork bool `json:"hostNetwork,omitempty"`
-
 	// ImagePullSecrets is an optional list of references to secrets
 	// in the same namespace to use for pulling any of the images used by this PodSpec.
 	// If specified, these secrets will be passed to individual puller implementations for them to use.
@@ -348,6 +344,8 @@ const (
 )
 
 // KubernetesHorizontalPodAutoscalerSpec defines Kubernetes Horizontal Pod Autoscaler settings of Envoy Proxy Deployment.
+// When HPA is enabled, it is recommended that the value in `KubernetesDeploymentSpec.replicas` be removed, otherwise
+// Envoy Gateway will revert back to this value every time reconciliation occurs.
 // See k8s.io.autoscaling.v2.HorizontalPodAutoScalerSpec.
 //
 // +kubebuilder:validation:XValidation:message="maxReplicas cannot be less than minReplicas",rule="!has(self.minReplicas) || self.maxReplicas >= self.minReplicas"

diff --git a/api/v1alpha1/validation/envoygateway_validate_test.go b/api/v1alpha1/validation/envoygateway_validate_test.go
@@ -668,8 +668,7 @@ func TestEnvoyGatewayProvider(t *testing.T) {
 
 	envoyGatewayProvider.Kubernetes = &v1alpha1.EnvoyGatewayKubernetesProvider{
 		RateLimitDeployment: &v1alpha1.KubernetesDeploymentSpec{
-			Replicas: nil,
-			Pod:      nil,
+			Pod: nil,
 			Container: &v1alpha1.KubernetesContainerSpec{
 				Resources:       nil,
 				SecurityContext: nil,
@@ -684,8 +683,6 @@ func TestEnvoyGatewayProvider(t *testing.T) {
 
 	assert.NotNil(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment)
 	assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment, v1alpha1.DefaultKubernetesDeployment(v1alpha1.DefaultRateLimitImage))
-	assert.NotNil(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Replicas)
-	assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Replicas, v1alpha1.DefaultKubernetesDeploymentReplicas())
 	assert.NotNil(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Pod)
 	assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Pod, v1alpha1.DefaultKubernetesPod())
 	assert.NotNil(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container)

diff --git a/api/v1alpha1/validation/envoyproxy_validate.go b/api/v1alpha1/validation/envoyproxy_validate.go
@@ -9,17 +9,15 @@ import (
 	"errors"
 	"fmt"
 	"net/netip"
-	"reflect"
 
 	bootstrapv3 "github.com/envoyproxy/go-control-plane/envoy/config/bootstrap/v3"
 	clusterv3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
 	"github.com/google/go-cmp/cmp"
-	"google.golang.org/protobuf/encoding/protojson"
 	"google.golang.org/protobuf/testing/protocmp"
 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
-	"sigs.k8s.io/yaml"
 
 	egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
+	"github.com/envoyproxy/gateway/internal/utils/proto"
 	"github.com/envoyproxy/gateway/internal/xds/bootstrap"
 	_ "github.com/envoyproxy/gateway/internal/xds/extensions" // register the generated types to support protojson unmarshalling
 )
@@ -140,42 +138,33 @@ func validateService(spec *egv1a1.EnvoyProxySpec) []error {
 }
 
 func validateBootstrap(boostrapConfig *egv1a1.ProxyBootstrap) error {
+	// Validate user bootstrap config
 	defaultBootstrap := &bootstrapv3.Bootstrap{}
 	// TODO: need validate when enable prometheus?
 	defaultBootstrapStr, err := bootstrap.GetRenderedBootstrapConfig(nil)
 	if err != nil {
 		return err
 	}
+	if err := proto.FromYAML([]byte(defaultBootstrapStr), defaultBootstrap); err != nil {
+		return fmt.Errorf("unable to unmarshal default bootstrap: %w", err)
+	}
+	if err := defaultBootstrap.Validate(); err != nil {
+		return fmt.Errorf("default bootstrap validation failed: %w", err)
+	}
 
+	// Validate user bootstrap config
 	userBootstrapStr, err := bootstrap.ApplyBootstrapConfig(boostrapConfig, defaultBootstrapStr)
 	if err != nil {
 		return err
 	}
-
-	jsonData, err := yaml.YAMLToJSON([]byte(userBootstrapStr))
-	if err != nil {
-		return fmt.Errorf("unable to convert user bootstrap to json: %w", err)
-	}
-
 	userBootstrap := &bootstrapv3.Bootstrap{}
-	if err := protojson.Unmarshal(jsonData, userBootstrap); err != nil {
-		return fmt.Errorf("unable to unmarshal user bootstrap: %w", err)
+	if err := proto.FromYAML([]byte(userBootstrapStr), userBootstrap); err != nil {
+		return fmt.Errorf("failed to parse default bootstrap config: %w", err)
 	}
-
-	// Call Validate method
 	if err := userBootstrap.Validate(); err != nil {
 		return fmt.Errorf("validation failed for user bootstrap: %w", err)
 	}
 
-	jsonData, err = yaml.YAMLToJSON([]byte(defaultBootstrapStr))
-	if err != nil {
-		return fmt.Errorf("unable to convert default bootstrap to json: %w", err)
-	}
-
-	if err := protojson.Unmarshal(jsonData, defaultBootstrap); err != nil {
-		return fmt.Errorf("unable to unmarshal default bootstrap: %w", err)
-	}
-
 	// Ensure dynamic resources config is same
 	if userBootstrap.DynamicResources == nil ||
 		cmp.Diff(userBootstrap.DynamicResources, defaultBootstrap.DynamicResources, protocmp.Transform()) != "" {
@@ -196,9 +185,8 @@ func validateBootstrap(boostrapConfig *egv1a1.ProxyBootstrap) error {
 			break
 		}
 	}
-
-	// nolint // Circumvents this error "Error: copylocks: call of reflect.DeepEqual copies lock value:"
-	if userXdsCluster == nil || !reflect.DeepEqual(*userXdsCluster.LoadAssignment, *defaultXdsCluster.LoadAssignment) {
+	if userXdsCluster == nil ||
+		cmp.Diff(userXdsCluster.LoadAssignment, defaultXdsCluster.LoadAssignment, protocmp.Transform()) != "" {
 		return fmt.Errorf("xds_cluster's loadAssigntment cannot be modified")
 	}
 

diff --git a/api/v1alpha1/validation/envoyproxy_validate_test.go b/api/v1alpha1/validation/envoyproxy_validate_test.go
@@ -599,8 +599,6 @@ func TestEnvoyProxyProvider(t *testing.T) {
 
 	assert.NotNil(t, envoyProxyProvider.Kubernetes.EnvoyDeployment)
 	assert.Equal(t, envoyProxyProvider.Kubernetes.EnvoyDeployment, egv1a1.DefaultKubernetesDeployment(egv1a1.DefaultEnvoyProxyImage))
-	assert.NotNil(t, envoyProxyProvider.Kubernetes.EnvoyDeployment.Replicas)
-	assert.Equal(t, envoyProxyProvider.Kubernetes.EnvoyDeployment.Replicas, egv1a1.DefaultKubernetesDeploymentReplicas())
 	assert.NotNil(t, envoyProxyProvider.Kubernetes.EnvoyDeployment.Pod)
 	assert.Equal(t, envoyProxyProvider.Kubernetes.EnvoyDeployment.Pod, egv1a1.DefaultKubernetesPod())
 	assert.NotNil(t, envoyProxyProvider.Kubernetes.EnvoyDeployment.Container)

diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml
@@ -3282,10 +3282,6 @@ spec:
                                   should be appended to the pods. By default, no pod
                                   annotations are appended.
                                 type: object
-                              hostNetwork:
-                                description: HostNetwork, If this is set to true,
-                                  the pod will use host's network namespace.
-                                type: boolean
                               imagePullSecrets:
                                 description: 'ImagePullSecrets is an optional list
                                   of references to secrets in the same namespace to

diff --git a/go.mod b/go.mod
@@ -3,6 +3,7 @@ module github.com/envoyproxy/gateway
 go 1.21
 
 require (
+	fortio.org/fortio v1.63.3
 	github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa
 	github.com/davecgh/go-spew v1.1.1
 	github.com/envoyproxy/go-control-plane v0.12.0
@@ -20,7 +21,7 @@ require (
 	github.com/prometheus/common v0.49.0
 	github.com/spf13/cobra v1.8.0
 	github.com/spf13/pflag v1.0.5
-	github.com/stretchr/testify v1.8.4
+	github.com/stretchr/testify v1.9.0
 	github.com/telepresenceio/watchable v0.0.0-20220726211108-9bb86f92afa7
 	github.com/tsaarni/certyaml v0.9.3
 	go.opentelemetry.io/otel v1.24.0
@@ -31,10 +32,10 @@ require (
 	go.opentelemetry.io/otel/sdk/metric v1.24.0
 	go.opentelemetry.io/proto/otlp v1.1.0
 	go.uber.org/zap v1.27.0
-	golang.org/x/exp v0.0.0-20231006140011-7918f672742d
-	golang.org/x/sys v0.17.0
-	google.golang.org/grpc v1.62.0
-	google.golang.org/protobuf v1.32.0
+	golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb
+	golang.org/x/sys v0.18.0
+	google.golang.org/grpc v1.62.1
+	google.golang.org/protobuf v1.33.0
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/api v0.29.2
 	k8s.io/apiextensions-apiserver v0.29.2
@@ -49,6 +50,14 @@ require (
 	sigs.k8s.io/yaml v1.4.0
 )
 
+require (
+	fortio.org/dflag v1.7.0 // indirect
+	fortio.org/log v1.12.0 // indirect
+	fortio.org/sets v1.0.3 // indirect
+	fortio.org/struct2env v0.4.0 // indirect
+	fortio.org/version v1.0.3 // indirect
+)
+
 require (
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
@@ -107,10 +116,10 @@ require (
 	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/mod v0.14.0 // indirect
-	golang.org/x/net v0.21.0
+	golang.org/x/net v0.22.0
 	golang.org/x/oauth2 v0.17.0 // indirect
 	golang.org/x/sync v0.6.0 // indirect
-	golang.org/x/term v0.17.0 // indirect
+	golang.org/x/term v0.18.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.17.0 // indirect
-Original file line number
+Diff line change
@@ Expand Up / @@ -31,3 +31,6 @@ vendor/ @@
     # values.yaml file is generated from its template counterpart.
     charts/gateway-helm/values.yaml
+    # VIM
+    .*.swp