diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
index 93818e1e5bf..bfb1c380621 100644
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@@ -1445,10 +1445,12 @@ func (in *EnvoyProxySpec) DeepCopyInto(out *EnvoyProxySpec) {
*out = new(ShutdownConfig)
(*in).DeepCopyInto(*out)
}
- if in.FilterPriority != nil {
- in, out := &in.FilterPriority, &out.FilterPriority
- *out = make([]FilterPriority, len(*in))
- copy(*out, *in)
+ if in.FilterOrder != nil {
+ in, out := &in.FilterOrder, &out.FilterOrder
+ *out = make([]FilterPosition, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
}
}
@@ -1741,16 +1743,26 @@ func (in *FileEnvoyProxyAccessLog) DeepCopy() *FileEnvoyProxyAccessLog {
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *FilterPriority) DeepCopyInto(out *FilterPriority) {
+func (in *FilterPosition) DeepCopyInto(out *FilterPosition) {
*out = *in
+ if in.Before != nil {
+ in, out := &in.Before, &out.Before
+ *out = new(EnvoyFilter)
+ **out = **in
+ }
+ if in.After != nil {
+ in, out := &in.After, &out.After
+ *out = new(EnvoyFilter)
+ **out = **in
+ }
}
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FilterPriority.
-func (in *FilterPriority) DeepCopy() *FilterPriority {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FilterPosition.
+func (in *FilterPosition) DeepCopy() *FilterPosition {
if in == nil {
return nil
}
- out := new(FilterPriority)
+ out := new(FilterPosition)
in.DeepCopyInto(out)
return out
}
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml
index 630cba16dd3..e998bad37c2 100644
--- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml
+++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml
@@ -85,23 +85,82 @@ spec:
items:
type: string
type: array
- filterPriority:
- description: FilterPriority defines the order of filters in the Envoy
- proxy's HTTP filter chain.
+ filterOrder:
+ description: |-
+ FilterOrder defines the order of filters in the Envoy proxy's HTTP filter chain.
+ If unspecified, the default filter order is applied.
+ Default filter order is:
+
+
+ - envoy.filters.http.fault
+
+
+ - envoy.filters.http.cors
+
+
+ - envoy.filters.http.ext_authz
+
+
+ - envoy.filters.http.basic_authn
+
+
+ - envoy.filters.http.oauth2
+
+
+ - envoy.filters.http.jwt_authn
+
+
+ - envoy.filters.http.ext_proc
+
+
+ - envoy.filters.http.wasm
+
+
+ - envoy.filters.http.local_ratelimit
+
+
+ - envoy.filters.http.ratelimit
+
+
+ - envoy.filters.http.router
items:
- description: "FilterPriority defines the order of filters in the
- Envoy proxy's HTTP filter chain. The filter with the lower value
- is put before those with higher values in the filter chain. If
- unspecified, the default priority of filters is applied. Default
- priority of filters: \n - envoy.filters.http.cors 0
- \n - envoy.filters.http.ext_authz 100 \n - envoy.filters.http.basic_authn
- \ 200 \n - envoy.filters.http.oauth2 300 \n
- - envoy.filters.http.jwt_authn 400 \n - envoy.filters.http.fault
- \ 500 \n - envoy.filters.http.local_ratelimit 600
- \n - envoy.filters.http.ratelimit 700"
+ description: FilterPosition defines the position of an Envoy HTTP
+ filter in the filter chain.
properties:
+ after:
+ description: |-
+ After defines the filter that should come after the filter.
+ Only one of Before or After must be set.
+ enum:
+ - envoy.filters.http.cors
+ - envoy.filters.http.ext_authz
+ - envoy.filters.http.basic_authn
+ - envoy.filters.http.oauth2
+ - envoy.filters.http.jwt_authn
+ - envoy.filters.http.fault
+ - envoy.filters.http.local_ratelimit
+ - envoy.filters.http.ratelimit
+ - envoy.filters.http.wasm
+ - envoy.filters.http.ext_proc
+ type: string
+ before:
+ description: |-
+ Before defines the filter that should come before the filter.
+ Only one of Before or After must be set.
+ enum:
+ - envoy.filters.http.cors
+ - envoy.filters.http.ext_authz
+ - envoy.filters.http.basic_authn
+ - envoy.filters.http.oauth2
+ - envoy.filters.http.jwt_authn
+ - envoy.filters.http.fault
+ - envoy.filters.http.local_ratelimit
+ - envoy.filters.http.ratelimit
+ - envoy.filters.http.wasm
+ - envoy.filters.http.ext_proc
+ type: string
filter:
- description: Filter defines an Envoy Filter type.
+ description: Name of the filter.
enum:
- envoy.filters.http.cors
- envoy.filters.http.ext_authz
@@ -111,15 +170,11 @@ spec:
- envoy.filters.http.fault
- envoy.filters.http.local_ratelimit
- envoy.filters.http.ratelimit
+ - envoy.filters.http.wasm
+ - envoy.filters.http.ext_proc
type: string
- priority:
- description: Priority defines the priority for the specific
- Envoy Filter.
- format: int32
- type: integer
required:
- filter
- - priority
type: object
type: array
logging:
diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md
index 8efd7a93d8d..210e5ca3fca 100644
--- a/site/content/en/latest/api/extension_types.md
+++ b/site/content/en/latest/api/extension_types.md
@@ -572,7 +572,7 @@ _Underlying type:_ _string_
EnvoyFilter defines the type of Envoy HTTP filter.
_Appears in:_
-- [FilterPriority](#filterpriority)
+- [FilterPosition](#filterposition)
@@ -1006,7 +1006,7 @@ _Appears in:_
| `extraArgs` | _string array_ | false | ExtraArgs defines additional command line options that are provided to Envoy.
More info: https://www.envoyproxy.io/docs/envoy/latest/operations/cli#command-line-options
Note: some command line options are used internally(e.g. --log-level) so they cannot be provided here. |
| `mergeGateways` | _boolean_ | false | MergeGateways defines if Gateway resources should be merged onto the same Envoy Proxy Infrastructure.
Setting this field to true would merge all Gateway Listeners under the parent Gateway Class.
This means that the port, protocol and hostname tuple must be unique for every listener.
If a duplicate listener is detected, the newer listener (based on timestamp) will be rejected and its status will be updated with a "Accepted=False" condition. |
| `shutdown` | _[ShutdownConfig](#shutdownconfig)_ | false | Shutdown defines configuration for graceful envoy shutdown process. |
-| `filterPriority` | _[FilterPriority](#filterpriority) array_ | false | FilterPriority defines the order of filters in the Envoy proxy's HTTP filter chain. |
+| `filterOrder` | _[FilterPosition](#filterposition) array_ | false | FilterOrder defines the order of filters in the Envoy proxy's HTTP filter chain.
If unspecified, the default filter order is applied.
Default filter order is:
- envoy.filters.http.fault
- envoy.filters.http.cors
- envoy.filters.http.ext_authz
- envoy.filters.http.basic_authn
- envoy.filters.http.oauth2
- envoy.filters.http.jwt_authn
- envoy.filters.http.ext_proc
- envoy.filters.http.wasm
- envoy.filters.http.local_ratelimit
- envoy.filters.http.ratelimit
- envoy.filters.http.router |
@@ -1210,28 +1210,21 @@ _Appears in:_
| `path` | _string_ | true | Path defines the file path used to expose envoy access log(e.g. /dev/stdout). |
-#### FilterPriority
+#### FilterPosition
-FilterPriority defines the order of filters in the Envoy proxy's HTTP filter chain. The filter with the lower value is put before those with higher values in the filter chain. If unspecified, the default priority of filters is applied. Default priority of filters:
- - envoy.filters.http.cors 0
- - envoy.filters.http.ext_authz 100
- - envoy.filters.http.basic_authn 200
- - envoy.filters.http.oauth2 300
- - envoy.filters.http.jwt_authn 400
- - envoy.filters.http.fault 500
- - envoy.filters.http.local_ratelimit 600
- - envoy.filters.http.ratelimit 700
+FilterPosition defines the position of an Envoy HTTP filter in the filter chain.
_Appears in:_
- [EnvoyProxySpec](#envoyproxyspec)
| Field | Type | Required | Description |
| --- | --- | --- | --- |
-| `filter` | _[EnvoyFilter](#envoyfilter)_ | true | Filter defines an Envoy Filter type. |
-| `priority` | _integer_ | true | Priority defines the priority for the specific Envoy Filter. |
+| `filter` | _[EnvoyFilter](#envoyfilter)_ | true | Name of the filter. |
+| `before` | _[EnvoyFilter](#envoyfilter)_ | true | Before defines the filter that should come before the filter.
Only one of Before or After must be set. |
+| `after` | _[EnvoyFilter](#envoyfilter)_ | true | After defines the filter that should come after the filter.
Only one of Before or After must be set. |
#### GRPCExtAuthService