Merge branch 'main' into add-exp-conformance

envoyproxy · Aug 11, 2023 · b104778 · b104778
2 parents 02c4b24 + f466430
commit b104778
Show file tree

Hide file tree

Showing 42 changed files with 182 additions and 57 deletions.
diff --git a/OWNERS b/OWNERS
@@ -11,9 +11,9 @@ maintainers:
 
 - AliceProxy
 - arkodg
-- skriss
 - Xunzhuo
 - zirain
+- qicz
 
 reviewers:
 

diff --git a/charts/gateway-helm/values.tmpl.yaml b/charts/gateway-helm/values.tmpl.yaml
@@ -14,7 +14,7 @@ deployment:
   kubeRbacProxy:
     image:
       repository: gcr.io/kubebuilder/kube-rbac-proxy
-      tag: v0.11.0
+      tag: v0.14.1
     resources:
       limits:
         cpu: 500m

diff --git a/docs/latest/design/roadmap.md b/docs/latest/design/roadmap.md
@@ -49,12 +49,14 @@ contributing to the project.
 
 ### [v0.5.0][v0.5.0]: Observability and Scale
 
-- Observability for control plane and data plane [Issue #701][701]. 
-- Compute and document Envoy Gateway performance [Issue #1365][1365].
+- Observability for data plane [Issue #699][699].
 - Allow users to configure xDS Resources [Issue #24][24].
 
 ### [v0.6.0][v0.6.0]: Preparation for GA
 
+- Observability for control plane [Issue #700][700].
+- Compute and document Envoy Gateway performance [Issue #1365][1365].
+- Add TrafficPolicy APIs for advanced features [Issue #1492][1492].
 - Envoy Gateway meets readiness criteria [Issue #1160][1160]. 
 
 [issue]: https://github.com/envoyproxy/gateway/issues
@@ -82,7 +84,9 @@ contributing to the project.
 [643]: https://github.com/envoyproxy/gateway/issues/643
 [670]: https://github.com/envoyproxy/gateway/issues/670
 [675]: https://github.com/envoyproxy/gateway/issues/675
-[701]: https://github.com/envoyproxy/gateway/issues/701
+[699]: https://github.com/envoyproxy/gateway/issues/699
+[700]: https://github.com/envoyproxy/gateway/issues/700
 [707]: https://github.com/envoyproxy/gateway/issues/707
 [1160]: https://github.com/envoyproxy/gateway/issues/1160
 [1365]: https://github.com/envoyproxy/gateway/issues/1365
+[1492]: https://github.com/envoyproxy/gateway/issues/1492
diff --git a/docs/latest/dev/CODEOWNERS.md b/docs/latest/dev/CODEOWNERS.md
@@ -4,12 +4,13 @@
 
 - @AliceProxy
 - @arkodg
-- @skriss
 - @Xunzhuo
-- @youngnick
 - @zirain
+- @qicz
 
 ## Emeritus Maintainers
 
 - @danehans
 - @alexgervais
+- @skriss
+- @youngnick
diff --git a/docs/v0.5.0/design/roadmap.md b/docs/v0.5.0/design/roadmap.md
@@ -49,12 +49,14 @@ contributing to the project.
 
 ### [v0.5.0][v0.5.0]: Observability and Scale
 
-- Observability for control plane and data plane [Issue #701][701]. 
-- Compute and document Envoy Gateway performance [Issue #1365][1365].
+- Observability for data plane [Issue #699][699].
 - Allow users to configure xDS Resources [Issue #24][24].
 
 ### [v0.6.0][v0.6.0]: Preparation for GA
 
+- Observability for control plane [Issue #700][700].
+- Compute and document Envoy Gateway performance [Issue #1365][1365].
+- Add TrafficPolicy APIs for advanced features [Issue #1492][1492].
 - Envoy Gateway meets readiness criteria [Issue #1160][1160]. 
 
 [issue]: https://github.com/envoyproxy/gateway/issues
@@ -82,7 +84,9 @@ contributing to the project.
 [643]: https://github.com/envoyproxy/gateway/issues/643
 [670]: https://github.com/envoyproxy/gateway/issues/670
 [675]: https://github.com/envoyproxy/gateway/issues/675
-[701]: https://github.com/envoyproxy/gateway/issues/701
+[699]: https://github.com/envoyproxy/gateway/issues/699
+[700]: https://github.com/envoyproxy/gateway/issues/700
 [707]: https://github.com/envoyproxy/gateway/issues/707
 [1160]: https://github.com/envoyproxy/gateway/issues/1160
 [1365]: https://github.com/envoyproxy/gateway/issues/1365
+[1492]: https://github.com/envoyproxy/gateway/issues/1492
diff --git a/internal/cmd/egctl/testdata/translate/out/authn-single-route-single-match-to-xds.all.json b/internal/cmd/egctl/testdata/translate/out/authn-single-route-single-match-to-xds.all.json
@@ -62,6 +62,12 @@
               "clusters": [
                 {
                   "connectTimeout": "10s",
+                  "http2ProtocolOptions": {
+                    "connectionKeepalive": {
+                      "interval": "30s",
+                      "timeout": "5s"
+                    }
+                  },
                   "loadAssignment": {
                     "clusterName": "xds_cluster",
                     "endpoints": [

diff --git a/internal/cmd/egctl/testdata/translate/out/authn-single-route-single-match-to-xds.all.yaml b/internal/cmd/egctl/testdata/translate/out/authn-single-route-single-match-to-xds.all.yaml
@@ -38,6 +38,10 @@ xds:
         staticResources:
           clusters:
           - connectTimeout: 10s
+            http2ProtocolOptions:
+              connectionKeepalive:
+                interval: 30s
+                timeout: 5s
             loadAssignment:
               clusterName: xds_cluster
               endpoints:

diff --git a/...al/cmd/egctl/testdata/translate/out/authn-single-route-single-match-to-xds.bootstrap.yaml b/...al/cmd/egctl/testdata/translate/out/authn-single-route-single-match-to-xds.bootstrap.yaml
@@ -37,6 +37,10 @@ xds:
       staticResources:
         clusters:
         - connectTimeout: 10s
+          http2ProtocolOptions:
+            connectionKeepalive:
+              interval: 30s
+              timeout: 5s
           loadAssignment:
             clusterName: xds_cluster
             endpoints:

diff --git a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml
@@ -75,6 +75,10 @@ envoyProxy:
                 http2_protocol_options: {}
           name: xds_cluster
           type: STRICT_DNS
+          http2_protocol_options:
+            connection_keepalive:
+              interval: 30s
+              timeout: 5s
           transport_socket:
             name: envoy.transport_sockets.tls
             typed_config:
@@ -460,6 +464,10 @@ xds:
         staticResources:
           clusters:
           - connectTimeout: 10s
+            http2ProtocolOptions:
+              connectionKeepalive:
+                interval: 30s
+                timeout: 5s
             loadAssignment:
               clusterName: xds_cluster
               endpoints:

diff --git a/internal/cmd/egctl/testdata/translate/out/envoy-patch-policy.all.yaml b/internal/cmd/egctl/testdata/translate/out/envoy-patch-policy.all.yaml
@@ -38,6 +38,10 @@ xds:
         staticResources:
           clusters:
           - connectTimeout: 10s
+            http2ProtocolOptions:
+              connectionKeepalive:
+                interval: 30s
+                timeout: 5s
             loadAssignment:
               clusterName: xds_cluster
               endpoints:

diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json
@@ -62,6 +62,12 @@
               "clusters": [
                 {
                   "connectTimeout": "10s",
+                  "http2ProtocolOptions": {
+                    "connectionKeepalive": {
+                      "interval": "30s",
+                      "timeout": "5s"
+                    }
+                  },
                   "loadAssignment": {
                     "clusterName": "xds_cluster",
                     "endpoints": [

diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml
@@ -38,6 +38,10 @@ xds:
         staticResources:
           clusters:
           - connectTimeout: 10s
+            http2ProtocolOptions:
+              connectionKeepalive:
+                interval: 30s
+                timeout: 5s
             loadAssignment:
               clusterName: xds_cluster
               endpoints:

diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.bootstrap.yaml b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.bootstrap.yaml
@@ -37,6 +37,10 @@ xds:
       staticResources:
         clusters:
         - connectTimeout: 10s
+          http2ProtocolOptions:
+            connectionKeepalive:
+              interval: 30s
+              timeout: 5s
           loadAssignment:
             clusterName: xds_cluster
             endpoints:

diff --git a/.../egctl/testdata/translate/out/rate-limit-filter-single-route-single-match-to-xds.all.json b/.../egctl/testdata/translate/out/rate-limit-filter-single-route-single-match-to-xds.all.json
@@ -62,6 +62,12 @@
               "clusters": [
                 {
                   "connectTimeout": "10s",
+                  "http2ProtocolOptions": {
+                    "connectionKeepalive": {
+                      "interval": "30s",
+                      "timeout": "5s"
+                    }
+                  },
                   "loadAssignment": {
                     "clusterName": "xds_cluster",
                     "endpoints": [

diff --git a/.../egctl/testdata/translate/out/rate-limit-filter-single-route-single-match-to-xds.all.yaml b/.../egctl/testdata/translate/out/rate-limit-filter-single-route-single-match-to-xds.all.yaml
@@ -38,6 +38,10 @@ xds:
         staticResources:
           clusters:
           - connectTimeout: 10s
+            http2ProtocolOptions:
+              connectionKeepalive:
+                interval: 30s
+                timeout: 5s
             loadAssignment:
               clusterName: xds_cluster
               endpoints:

diff --git a/.../testdata/translate/out/rate-limit-filter-single-route-single-match-to-xds.bootstrap.yaml b/.../testdata/translate/out/rate-limit-filter-single-route-single-match-to-xds.bootstrap.yaml
@@ -37,6 +37,10 @@ xds:
       staticResources:
         clusters:
         - connectTimeout: 10s
+          http2ProtocolOptions:
+            connectionKeepalive:
+              interval: 30s
+              timeout: 5s
           loadAssignment:
             clusterName: xds_cluster
             endpoints:

diff --git a/internal/gatewayapi/route.go b/internal/gatewayapi/route.go
@@ -509,6 +509,24 @@ func (t *Translator) processHTTPRouteParentRefListener(route RouteContext, route
 			}
 
 			for _, routeRoute := range routeRoutes {
+				// If the redirect port is not set, the final redirect port must be derived.
+				if routeRoute.Redirect != nil && routeRoute.Redirect.Port == nil {
+					redirectPort := uint32(listener.Port)
+					// If redirect scheme is not-empty, the redirect post must be the
+					// well-known port associated with the redirect scheme.
+					if scheme := routeRoute.Redirect.Scheme; scheme != nil {
+						switch strings.ToLower(*scheme) {
+						case "http":
+							redirectPort = 80
+						case "https":
+							redirectPort = 443
+						}
+					}
+					// If the redirect scheme does not have a well-known port, or
+					// if the redirect scheme is empty, the redirect port must be the Gateway Listener port.
+					routeRoute.Redirect.Port = &redirectPort
+				}
+
 				hostRoute := &ir.HTTPRoute{
 					Name:                  fmt.Sprintf("%s-%s", routeRoute.Name, host),
 					PathMatch:             routeRoute.PathMatch,

diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml
@@ -127,6 +127,6 @@ xdsIR:
           path:
             fullReplace: /redirected
             prefixMatchReplace: null
-          port: null
+          port: 443
           scheme: https
           statusCode: 301
diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml
@@ -123,6 +123,6 @@ xdsIR:
         redirect:
           hostname: redirected.com
           path: null
-          port: null
+          port: 443
           scheme: https
           statusCode: 301
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/configmap.yaml b/internal/infrastructure/kubernetes/proxy/testdata/configmap.yaml
@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/managed-by: envoy-gateway
     gateway.envoyproxy.io/owning-gateway-name: default
     gateway.envoyproxy.io/owning-gateway-namespace: default
-  name: envoy-default-64656661
+  name: envoy-default-37a8eec1
   namespace: envoy-gateway-system
 data:
   xds-certificate.json: '{"resources":[{"@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret","name":"xds_certificate","tls_certificate":{"certificate_chain":{"filename":"/certs/tls.crt"},"private_key":{"filename":"/certs/tls.key"}}}]}'

diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml
@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/managed-by: envoy-gateway
     gateway.envoyproxy.io/owning-gateway-name: default
     gateway.envoyproxy.io/owning-gateway-namespace: default
-  name: envoy-default-64656661
+  name: envoy-default-37a8eec1
   namespace: envoy-gateway-system
 spec:
   replicas: 1
@@ -84,7 +84,7 @@ spec:
       dnsPolicy: ClusterFirst
       restartPolicy: Always
       schedulerName: default-scheduler
-      serviceAccountName: envoy-default-64656661
+      serviceAccountName: envoy-default-37a8eec1
       terminationGracePeriodSeconds: 300
       volumes:
         - name: certs
@@ -98,7 +98,7 @@ spec:
                 path: xds-trusted-ca.json
               - key: xds-certificate.json
                 path: xds-certificate.json
-            name: envoy-default-64656661
+            name: envoy-default-37a8eec1
             optional: false
           name: sds
   revisionHistoryLimit: 10

diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml
@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/managed-by: envoy-gateway
     gateway.envoyproxy.io/owning-gateway-name: default
     gateway.envoyproxy.io/owning-gateway-namespace: default
-  name: envoy-default-64656661
+  name: envoy-default-37a8eec1
   namespace: envoy-gateway-system
 spec:
   replicas: 1
@@ -85,7 +85,7 @@ spec:
       dnsPolicy: ClusterFirst
       restartPolicy: Always
       schedulerName: default-scheduler
-      serviceAccountName: envoy-default-64656661
+      serviceAccountName: envoy-default-37a8eec1
       terminationGracePeriodSeconds: 300
       volumes:
         - name: certs
@@ -99,7 +99,7 @@ spec:
                 path: xds-trusted-ca.json
               - key: xds-certificate.json
                 path: xds-certificate.json
-            name: envoy-default-64656661
+            name: envoy-default-37a8eec1
             optional: false
           name: sds
   revisionHistoryLimit: 10

diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml
@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/managed-by: envoy-gateway
     gateway.envoyproxy.io/owning-gateway-name: default
     gateway.envoyproxy.io/owning-gateway-namespace: default
-  name: envoy-default-64656661
+  name: envoy-default-37a8eec1
   namespace: envoy-gateway-system
 spec:
   replicas: 2
@@ -109,6 +109,10 @@ spec:
                         http2_protocol_options: {}
                   name: xds_cluster
                   type: STRICT_DNS
+                  http2_protocol_options:
+                    connection_keepalive:
+                      interval: 30s
+                      timeout: 5s
                   transport_socket:
                     name: envoy.transport_sockets.tls
                     typed_config:
@@ -190,7 +194,7 @@ spec:
       dnsPolicy: ClusterFirst
       restartPolicy: Always
       schedulerName: default-scheduler
-      serviceAccountName: envoy-default-64656661
+      serviceAccountName: envoy-default-37a8eec1
       terminationGracePeriodSeconds: 300
       securityContext:
         runAsUser: 1000
@@ -206,7 +210,7 @@ spec:
                 path: xds-trusted-ca.json
               - key: xds-certificate.json
                 path: xds-certificate.json
-            name: envoy-default-64656661
+            name: envoy-default-37a8eec1
             optional: false
           name: sds
   revisionHistoryLimit: 10
-Original file line number
+Diff line change
@@ Expand Up / @@ -11,9 +11,9 @@ maintainers: @@
     - AliceProxy
     - arkodg
-    - skriss
     - Xunzhuo
     - zirain
+    - qicz
     reviewers:
@@ Expand Down @@