From e70bd329494f83a17ec8f2e07f527d75623b1796 Mon Sep 17 00:00:00 2001 From: Lior Okman Date: Mon, 15 Apr 2024 09:50:01 +0300 Subject: [PATCH 01/14] docs: Generate enum documentation (#3186) * Update crd-ref-tool to enable generating documentation for enums. Update the template used for crd-ref-tool to generate the enum documentation. Signed-off-by: Lior Okman * Removed an uneeded extra blank line that was breaking up the members table in the template. Signed-off-by: Lior Okman --------- Signed-off-by: Lior Okman --- site/content/en/latest/api/extension_types.md | 465 ++++++++++++------ tools/crd-ref-docs/templates/type.tpl | 9 +- tools/src/crd-ref-docs/go.mod | 28 +- tools/src/crd-ref-docs/go.sum | 28 ++ 4 files changed, 369 insertions(+), 161 deletions(-) diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index d8b5d11689b..e45d3ca0a9e 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -38,6 +38,11 @@ ALPNProtocol specifies the protocol to be negotiated using ALPN _Appears in:_ - [TLSSettings](#tlssettings) +| Value | Description | +| ----- | ----------- | +| `http/1.0` | HTTPProtocolVersion1_0 specifies that HTTP/1.0 should be negotiable with ALPN
| +| `http/1.1` | HTTPProtocolVersion1_1 specifies that HTTP/1.1 should be negotiable with ALPN
| +| `h2` | HTTPProtocolVersion2 specifies that HTTP/2 should be negotiable with ALPN
| #### ALSEnvoyProxyAccessLog @@ -104,7 +109,6 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `timeout` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#duration-v1-meta)_ | false | Timeout defines the time to wait for a health check response. | | `interval` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#duration-v1-meta)_ | false | Interval defines the time between active health checks. | | `unhealthyThreshold` | _integer_ | false | UnhealthyThreshold defines the number of unhealthy health checks required before a backend host is marked unhealthy. | @@ -113,6 +117,7 @@ _Appears in:_ | `http` | _[HTTPActiveHealthChecker](#httpactivehealthchecker)_ | false | HTTP defines the configuration of http health checker.
It's required while the health checker type is HTTP. | | `tcp` | _[TCPActiveHealthChecker](#tcpactivehealthchecker)_ | false | TCP defines the configuration of tcp health checker.
It's required while the health checker type is TCP. | + #### ActiveHealthCheckPayload @@ -125,11 +130,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `type` | _[ActiveHealthCheckPayloadType](#activehealthcheckpayloadtype)_ | true | Type defines the type of the payload. | | `text` | _string_ | false | Text payload in plain text. | | `binary` | _integer array_ | false | Binary payload base64 encoded. | + #### ActiveHealthCheckPayloadType _Underlying type:_ _string_ @@ -139,6 +144,10 @@ ActiveHealthCheckPayloadType is the type of the payload. _Appears in:_ - [ActiveHealthCheckPayload](#activehealthcheckpayload) +| Value | Description | +| ----- | ----------- | +| `Text` | ActiveHealthCheckPayloadTypeText defines the Text type payload.
| +| `Binary` | ActiveHealthCheckPayloadTypeBinary defines the Binary type payload.
| #### ActiveHealthCheckerType @@ -150,6 +159,10 @@ ActiveHealthCheckerType is the type of health checker. _Appears in:_ - [ActiveHealthCheck](#activehealthcheck) +| Value | Description | +| ----- | ----------- | +| `HTTP` | ActiveHealthCheckerTypeHTTP defines the HTTP type of health checking.
| +| `TCP` | ActiveHealthCheckerTypeTCP defines the TCP type of health checking.
| #### BackOffPolicy @@ -163,10 +176,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `baseInterval` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#duration-v1-meta)_ | true | BaseInterval is the base interval between retries. | | `maxInterval` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#duration-v1-meta)_ | false | MaxInterval is the maximum interval between retries. This parameter is optional, but must be greater than or equal to the base_interval if set.
The default is 10 times the base_interval | + #### BackendRef @@ -181,13 +194,13 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `group` | _[Group](#group)_ | false | Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred. | | `kind` | _[Kind](#kind)_ | false | Kind is the Kubernetes resource kind of the referent. For example
"Service".

Defaults to "Service" when not specified.

ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.

Support: Core (Services with a type other than ExternalName)

Support: Implementation-specific (Services with type ExternalName) | | `name` | _[ObjectName](#objectname)_ | true | Name is the name of the referent. | | `namespace` | _[Namespace](#namespace)_ | false | Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.

Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.

Support: Core | | `port` | _[PortNumber](#portnumber)_ | false | Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field. | + #### BackendTrafficPolicy @@ -202,10 +215,10 @@ _Appears in:_ | --- | --- | --- | --- | | `apiVersion` | _string_ | |`gateway.envoyproxy.io/v1alpha1` | `kind` | _string_ | |`BackendTrafficPolicy` - | `metadata` | _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#objectmeta-v1-meta)_ | true | Refer to Kubernetes API documentation for fields of `metadata`. | | `spec` | _[BackendTrafficPolicySpec](#backendtrafficpolicyspec)_ | true | spec defines the desired state of BackendTrafficPolicy. | + #### BackendTrafficPolicyList @@ -218,10 +231,10 @@ BackendTrafficPolicyList contains a list of BackendTrafficPolicy resources. | --- | --- | --- | --- | | `apiVersion` | _string_ | |`gateway.envoyproxy.io/v1alpha1` | `kind` | _string_ | |`BackendTrafficPolicyList` - | `metadata` | _[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#listmeta-v1-meta)_ | true | Refer to Kubernetes API documentation for fields of `metadata`. | | `items` | _[BackendTrafficPolicy](#backendtrafficpolicy) array_ | true | | + #### BackendTrafficPolicySpec @@ -233,7 +246,6 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `targetRef` | _[PolicyTargetReferenceWithSectionName](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1alpha2.PolicyTargetReferenceWithSectionName)_ | true | targetRef is the name of the resource this policy
is being attached to.
This Policy and the TargetRef MUST be in the same namespace
for this Policy to have effect and be applied to the Gateway. | | `rateLimit` | _[RateLimitSpec](#ratelimitspec)_ | false | RateLimit allows the user to limit the number of incoming requests
to a predefined value based on attributes within the traffic flow. | | `loadBalancer` | _[LoadBalancer](#loadbalancer)_ | false | LoadBalancer policy to apply when routing traffic from the gateway to
the backend endpoints | @@ -245,6 +257,7 @@ _Appears in:_ | `retry` | _[Retry](#retry)_ | false | Retry provides more advanced usage, allowing users to customize the number of retries, retry fallback strategy, and retry triggering conditions.
If not set, retry will be disabled. | | `timeout` | _[Timeout](#timeout)_ | false | Timeout settings for the backend connections. | + #### BasicAuth @@ -256,9 +269,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `users` | _[SecretObjectReference](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.SecretObjectReference)_ | true | The Kubernetes secret which contains the username-password pairs in
htpasswd format, used to verify user credentials in the "Authorization"
header.

This is an Opaque secret. The username-password pairs should be stored in
the key ".htpasswd". As the key name indicates, the value needs to be the
htpasswd format, for example: "user1:{SHA}hashed_user1_password".
Right now, only SHA hash algorithm is supported.
Reference to https://httpd.apache.org/docs/2.4/programs/htpasswd.html
for more details.

Note: The secret must be in the same namespace as the SecurityPolicy. | + #### BootstrapType _Underlying type:_ _string_ @@ -268,6 +281,10 @@ BootstrapType defines the types of bootstrap supported by Envoy Gateway. _Appears in:_ - [ProxyBootstrap](#proxybootstrap) +| Value | Description | +| ----- | ----------- | +| `Merge` | Merge merges the provided bootstrap with the default one. The provided bootstrap can add or override a value
within a map, or add a new value to a list.
Please note that the provided bootstrap can't override a value within a list.
| +| `Replace` | Replace replaces the default bootstrap with the provided one.
| #### CORS @@ -281,7 +298,6 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `allowOrigins` | _[Origin](#origin) array_ | true | AllowOrigins defines the origins that are allowed to make requests. | | `allowMethods` | _string array_ | true | AllowMethods defines the methods that are allowed to make requests. | | `allowHeaders` | _string array_ | true | AllowHeaders defines the headers that are allowed to be sent with requests. | @@ -289,6 +305,7 @@ _Appears in:_ | `maxAge` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#duration-v1-meta)_ | true | MaxAge defines how long the results of a preflight request can be cached. | | `allowCredentials` | _boolean_ | true | AllowCredentials indicates whether a request can include user credentials
like cookies, authentication headers, or TLS client certificates. | + #### CircuitBreaker @@ -300,13 +317,13 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `maxConnections` | _integer_ | false | The maximum number of connections that Envoy will establish to the referenced backend defined within a xRoute rule. | | `maxPendingRequests` | _integer_ | false | The maximum number of pending requests that Envoy will queue to the referenced backend defined within a xRoute rule. | | `maxParallelRequests` | _integer_ | false | The maximum number of parallel requests that Envoy will make to the referenced backend defined within a xRoute rule. | | `maxParallelRetries` | _integer_ | false | The maximum number of parallel retries that Envoy will make to the referenced backend defined within a xRoute rule. | | `maxRequestsPerConnection` | _integer_ | false | The maximum number of requests that Envoy will make over a single connection to the referenced backend defined within a xRoute rule.
Default: unlimited. | + #### ClaimToHeader @@ -318,10 +335,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `header` | _string_ | true | Header defines the name of the HTTP request header that the JWT Claim will be saved into. | | `claim` | _string_ | true | Claim is the JWT Claim that should be saved into the header : it can be a nested claim of type
(eg. "claim.nested.key", "sub"). The nested claim name must use dot "."
to separate the JSON name path. | + #### ClientIPDetectionSettings @@ -333,10 +350,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `xForwardedFor` | _[XForwardedForSettings](#xforwardedforsettings)_ | false | XForwardedForSettings provides configuration for using X-Forwarded-For headers for determining the client IP address. | | `customHeader` | _[CustomHeaderExtensionSettings](#customheaderextensionsettings)_ | false | CustomHeader provides configuration for determining the client IP address for a request based on
a trusted custom HTTP header. This uses the the custom_header original IP detection extension.
Refer to https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/original_ip_detection/custom_header/v3/custom_header.proto
for more details. | + #### ClientTimeout @@ -348,9 +365,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `http` | _[HTTPClientTimeout](#httpclienttimeout)_ | false | Timeout settings for HTTP. | + #### ClientTrafficPolicy @@ -365,10 +382,10 @@ _Appears in:_ | --- | --- | --- | --- | | `apiVersion` | _string_ | |`gateway.envoyproxy.io/v1alpha1` | `kind` | _string_ | |`ClientTrafficPolicy` - | `metadata` | _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#objectmeta-v1-meta)_ | true | Refer to Kubernetes API documentation for fields of `metadata`. | | `spec` | _[ClientTrafficPolicySpec](#clienttrafficpolicyspec)_ | true | Spec defines the desired state of ClientTrafficPolicy. | + #### ClientTrafficPolicyList @@ -381,10 +398,10 @@ ClientTrafficPolicyList contains a list of ClientTrafficPolicy resources. | --- | --- | --- | --- | | `apiVersion` | _string_ | |`gateway.envoyproxy.io/v1alpha1` | `kind` | _string_ | |`ClientTrafficPolicyList` - | `metadata` | _[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#listmeta-v1-meta)_ | true | Refer to Kubernetes API documentation for fields of `metadata`. | | `items` | _[ClientTrafficPolicy](#clienttrafficpolicy) array_ | true | | + #### ClientTrafficPolicySpec @@ -396,7 +413,6 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `targetRef` | _[PolicyTargetReferenceWithSectionName](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1alpha2.PolicyTargetReferenceWithSectionName)_ | true | TargetRef is the name of the Gateway resource this policy
is being attached to.
This Policy and the TargetRef MUST be in the same namespace
for this Policy to have effect and be applied to the Gateway.
TargetRef | | `tcpKeepalive` | _[TCPKeepalive](#tcpkeepalive)_ | false | TcpKeepalive settings associated with the downstream client connection.
If defined, sets SO_KEEPALIVE on the listener socket to enable TCP Keepalives.
Disabled by default. | | `enableProxyProtocol` | _boolean_ | false | EnableProxyProtocol interprets the ProxyProtocol header and adds the
Client Address into the X-Forwarded-For header.
Note Proxy Protocol must be present when this field is set, else the connection
is closed. | @@ -409,6 +425,7 @@ _Appears in:_ | `timeout` | _[ClientTimeout](#clienttimeout)_ | false | Timeout settings for the client connections. | | `connection` | _[Connection](#connection)_ | false | Connection includes client connection settings. | + #### ClientValidationContext @@ -422,9 +439,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `caCertificateRefs` | _[SecretObjectReference](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.SecretObjectReference) array_ | false | CACertificateRefs contains one or more references to
Kubernetes objects that contain TLS certificates of
the Certificate Authorities that can be used
as a trust anchor to validate the certificates presented by the client.

A single reference to a Kubernetes ConfigMap or a Kubernetes Secret,
with the CA certificate in a key named `ca.crt` is currently supported.

References to a resource in different namespace are invalid UNLESS there
is a ReferenceGrant in the target namespace that allows the certificate
to be attached. | + #### Compression @@ -437,10 +454,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `type` | _[CompressorType](#compressortype)_ | true | CompressorType defines the compressor type to use for compression. | | `gzip` | _[GzipCompressor](#gzipcompressor)_ | false | The configuration for GZIP compressor. | + #### CompressorType _Underlying type:_ _string_ @@ -463,10 +480,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `connectionLimit` | _[ConnectionLimit](#connectionlimit)_ | false | ConnectionLimit defines limits related to connections | | `bufferLimit` | _[Quantity](#quantity)_ | false | BufferLimit provides configuration for the maximum buffer size in bytes for each incoming connection.
For example, 20Mi, 1Gi, 256Ki etc.
Note that when the suffix is not provided, the value is interpreted as bytes.
Default: 32768 bytes. | + #### ConnectionLimit @@ -478,10 +495,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `value` | _integer_ | true | Value of the maximum concurrent connections limit.
When the limit is reached, incoming connections will be closed after the CloseDelay duration.
Default: unlimited. | | `closeDelay` | _[Duration](#duration)_ | false | CloseDelay defines the delay to use before closing connections that are rejected
once the limit value is reached.
Default: none. | + #### ConsistentHash @@ -494,9 +511,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `type` | _[ConsistentHashType](#consistenthashtype)_ | true | | + #### ConsistentHashType _Underlying type:_ _string_ @@ -506,6 +523,9 @@ ConsistentHashType defines the type of input to hash on. _Appears in:_ - [ConsistentHash](#consistenthash) +| Value | Description | +| ----- | ----------- | +| `SourceIP` | SourceIPConsistentHashType hashes based on the source IP address.
| #### CustomHeaderExtensionSettings @@ -522,10 +542,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `name` | _string_ | true | Name of the header containing the original downstream remote address, if present. | | `failClosed` | _boolean_ | false | FailClosed is a switch used to control the flow of traffic when client IP detection
fails. If set to true, the listener will respond with 403 Forbidden when the client
IP address cannot be determined. | + #### CustomTag @@ -537,12 +557,12 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `type` | _[CustomTagType](#customtagtype)_ | true | Type defines the type of custom tag. | | `literal` | _[LiteralCustomTag](#literalcustomtag)_ | true | Literal adds hard-coded value to each span.
It's required when the type is "Literal". | | `environment` | _[EnvironmentCustomTag](#environmentcustomtag)_ | true | Environment adds value from environment variable to each span.
It's required when the type is "Environment". | | `requestHeader` | _[RequestHeaderCustomTag](#requestheadercustomtag)_ | true | RequestHeader adds value from request header to each span.
It's required when the type is "RequestHeader". | + #### CustomTagType _Underlying type:_ _string_ @@ -552,6 +572,11 @@ _Underlying type:_ _string_ _Appears in:_ - [CustomTag](#customtag) +| Value | Description | +| ----- | ----------- | +| `Literal` | CustomTagTypeLiteral adds hard-coded value to each span.
| +| `Environment` | CustomTagTypeEnvironment adds value from environment variable to each span.
| +| `RequestHeader` | CustomTagTypeRequestHeader adds value from request header to each span.
| #### EnvironmentCustomTag @@ -565,10 +590,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `name` | _string_ | true | Name defines the name of the environment variable which to extract the value from. | | `defaultValue` | _string_ | false | DefaultValue defines the default value to use if the environment variable is not set. | + #### EnvoyExtensionPolicy @@ -582,10 +607,10 @@ _Appears in:_ | --- | --- | --- | --- | | `apiVersion` | _string_ | |`gateway.envoyproxy.io/v1alpha1` | `kind` | _string_ | |`EnvoyExtensionPolicy` - | `metadata` | _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#objectmeta-v1-meta)_ | true | Refer to Kubernetes API documentation for fields of `metadata`. | | `spec` | _[EnvoyExtensionPolicySpec](#envoyextensionpolicyspec)_ | true | Spec defines the desired state of EnvoyExtensionPolicy. | + #### EnvoyExtensionPolicyList @@ -598,10 +623,10 @@ EnvoyExtensionPolicyList contains a list of EnvoyExtensionPolicy resources. | --- | --- | --- | --- | | `apiVersion` | _string_ | |`gateway.envoyproxy.io/v1alpha1` | `kind` | _string_ | |`EnvoyExtensionPolicyList` - | `metadata` | _[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#listmeta-v1-meta)_ | true | Refer to Kubernetes API documentation for fields of `metadata`. | | `items` | _[EnvoyExtensionPolicy](#envoyextensionpolicy) array_ | true | | + #### EnvoyExtensionPolicySpec @@ -613,11 +638,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `targetRef` | _[PolicyTargetReferenceWithSectionName](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1alpha2.PolicyTargetReferenceWithSectionName)_ | true | TargetRef is the name of the Gateway resource this policy
is being attached to.
This Policy and the TargetRef MUST be in the same namespace
for this Policy to have effect and be applied to the Gateway.
TargetRef | | `wasm` | _[Wasm](#wasm) array_ | false | WASM is a list of Wasm extensions to be loaded by the Gateway.
Order matters, as the extensions will be loaded in the order they are
defined in this list. | | `extProc` | _[ExtProc](#extproc) array_ | true | ExtProc is an ordered list of external processing filters
that should added to the envoy filter chain | + #### EnvoyGateway @@ -630,7 +655,6 @@ EnvoyGateway is the schema for the envoygateways API. | --- | --- | --- | --- | | `apiVersion` | _string_ | |`gateway.envoyproxy.io/v1alpha1` | `kind` | _string_ | |`EnvoyGateway` - | `gateway` | _[Gateway](#gateway)_ | false | Gateway defines desired Gateway API specific configuration. If unset,
default configuration parameters will apply. | | `provider` | _[EnvoyGatewayProvider](#envoygatewayprovider)_ | false | Provider defines the desired provider and provider-specific configuration.
If unspecified, the Kubernetes provider is used with default configuration
parameters. | | `logging` | _[EnvoyGatewayLogging](#envoygatewaylogging)_ | false | Logging defines logging parameters for Envoy Gateway. | @@ -640,6 +664,7 @@ EnvoyGateway is the schema for the envoygateways API. | `extensionManager` | _[ExtensionManager](#extensionmanager)_ | false | ExtensionManager defines an extension manager to register for the Envoy Gateway Control Plane. | | `extensionApis` | _[ExtensionAPISettings](#extensionapisettings)_ | false | ExtensionAPIs defines the settings related to specific Gateway API Extensions
implemented by Envoy Gateway | + #### EnvoyGatewayAdmin @@ -652,11 +677,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `address` | _[EnvoyGatewayAdminAddress](#envoygatewayadminaddress)_ | false | Address defines the address of Envoy Gateway Admin Server. | | `enableDumpConfig` | _boolean_ | false | EnableDumpConfig defines if enable dump config in Envoy Gateway logs. | | `enablePprof` | _boolean_ | false | EnablePprof defines if enable pprof in Envoy Gateway Admin Server. | + #### EnvoyGatewayAdminAddress @@ -668,10 +693,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `port` | _integer_ | false | Port defines the port the admin server is exposed on. | | `host` | _string_ | false | Host defines the admin server hostname. | + #### EnvoyGatewayCustomProvider @@ -683,10 +708,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `resource` | _[EnvoyGatewayResourceProvider](#envoygatewayresourceprovider)_ | true | Resource defines the desired resource provider.
This provider is used to specify the provider to be used
to retrieve the resource configurations such as Gateway API
resources | | `infrastructure` | _[EnvoyGatewayInfrastructureProvider](#envoygatewayinfrastructureprovider)_ | true | Infrastructure defines the desired infrastructure provider.
This provider is used to specify the provider to be used
to provide an environment to deploy the out resources like
the Envoy Proxy data plane. | + #### EnvoyGatewayFileResourceProvider @@ -698,9 +723,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `paths` | _string array_ | true | Paths are the paths to a directory or file containing the resource configuration.
Recursive sub directories are not currently supported. | + #### EnvoyGatewayHostInfrastructureProvider @@ -723,10 +748,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `type` | _[InfrastructureProviderType](#infrastructureprovidertype)_ | true | Type is the type of infrastructure providers to use. Supported types are "Host". | | `host` | _[EnvoyGatewayHostInfrastructureProvider](#envoygatewayhostinfrastructureprovider)_ | false | Host defines the configuration of the Host provider. Host provides runtime
deployment of the data plane as a child process on the host environment. | + #### EnvoyGatewayKubernetesProvider @@ -738,13 +763,13 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `rateLimitDeployment` | _[KubernetesDeploymentSpec](#kubernetesdeploymentspec)_ | false | RateLimitDeployment defines the desired state of the Envoy ratelimit deployment resource.
If unspecified, default settings for the managed Envoy ratelimit deployment resource
are applied. | | `watch` | _[KubernetesWatchMode](#kuberneteswatchmode)_ | false | Watch holds configuration of which input resources should be watched and reconciled. | | `deploy` | _[KubernetesDeployMode](#kubernetesdeploymode)_ | false | Deploy holds configuration of how output managed resources such as the Envoy Proxy data plane
should be deployed | | `overwriteControlPlaneCerts` | _boolean_ | false | OverwriteControlPlaneCerts updates the secrets containing the control plane certs, when set. | | `leaderElection` | _[LeaderElection](#leaderelection)_ | false | LeaderElection specifies the configuration for leader election.
If it's not set up, leader election will be active by default, using Kubernetes' standard settings. | + #### EnvoyGatewayLogComponent _Underlying type:_ _string_ @@ -754,6 +779,15 @@ EnvoyGatewayLogComponent defines a component that supports a configured logging _Appears in:_ - [EnvoyGatewayLogging](#envoygatewaylogging) +| Value | Description | +| ----- | ----------- | +| `default` | LogComponentGatewayDefault defines the "default"-wide logging component. When specified,
all other logging components are ignored.
| +| `provider` | LogComponentProviderRunner defines the "provider" runner component.
| +| `gateway-api` | LogComponentGatewayAPIRunner defines the "gateway-api" runner component.
| +| `xds-translator` | LogComponentXdsTranslatorRunner defines the "xds-translator" runner component.
| +| `xds-server` | LogComponentXdsServerRunner defines the "xds-server" runner component.
| +| `infrastructure` | LogComponentInfrastructureRunner defines the "infrastructure" runner component.
| +| `global-ratelimit` | LogComponentGlobalRateLimitRunner defines the "global-ratelimit" runner component.
| #### EnvoyGatewayLogging @@ -768,9 +802,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `level` | _object (keys:[EnvoyGatewayLogComponent](#envoygatewaylogcomponent), values:[LogLevel](#loglevel))_ | true | Level is the logging level. If unspecified, defaults to "info".
EnvoyGatewayLogComponent options: default/provider/gateway-api/xds-translator/xds-server/infrastructure/global-ratelimit.
LogLevel options: debug/info/error/warn. | + #### EnvoyGatewayMetricSink @@ -783,10 +817,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `type` | _[MetricSinkType](#metricsinktype)_ | true | Type defines the metric sink type.
EG control plane currently supports OpenTelemetry. | | `openTelemetry` | _[EnvoyGatewayOpenTelemetrySink](#envoygatewayopentelemetrysink)_ | true | OpenTelemetry defines the configuration for OpenTelemetry sink.
It's required if the sink type is OpenTelemetry. | + #### EnvoyGatewayMetrics @@ -798,10 +832,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `sinks` | _[EnvoyGatewayMetricSink](#envoygatewaymetricsink) array_ | true | Sinks defines the metric sinks where metrics are sent to. | | `prometheus` | _[EnvoyGatewayPrometheusProvider](#envoygatewayprometheusprovider)_ | true | Prometheus defines the configuration for prometheus endpoint. | + #### EnvoyGatewayOpenTelemetrySink @@ -813,11 +847,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `host` | _string_ | true | Host define the sink service hostname. | | `protocol` | _string_ | true | Protocol define the sink service protocol. | | `port` | _integer_ | false | Port defines the port the sink service is exposed on. | + #### EnvoyGatewayPrometheusProvider @@ -829,9 +863,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `disable` | _boolean_ | true | Disable defines if disables the prometheus metrics in pull mode. | + #### EnvoyGatewayProvider @@ -844,11 +878,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `type` | _[ProviderType](#providertype)_ | true | Type is the type of provider to use. Supported types are "Kubernetes". | | `kubernetes` | _[EnvoyGatewayKubernetesProvider](#envoygatewaykubernetesprovider)_ | false | Kubernetes defines the configuration of the Kubernetes provider. Kubernetes
provides runtime configuration via the Kubernetes API. | | `custom` | _[EnvoyGatewayCustomProvider](#envoygatewaycustomprovider)_ | false | Custom defines the configuration for the Custom provider. This provider
allows you to define a specific resource provider and a infrastructure
provider. | + #### EnvoyGatewayResourceProvider @@ -860,10 +894,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `type` | _[ResourceProviderType](#resourceprovidertype)_ | true | Type is the type of resource provider to use. Supported types are "File". | | `file` | _[EnvoyGatewayFileResourceProvider](#envoygatewayfileresourceprovider)_ | false | File defines the configuration of the File provider. File provides runtime
configuration defined by one or more files. | + #### EnvoyGatewaySpec @@ -875,7 +909,6 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `gateway` | _[Gateway](#gateway)_ | false | Gateway defines desired Gateway API specific configuration. If unset,
default configuration parameters will apply. | | `provider` | _[EnvoyGatewayProvider](#envoygatewayprovider)_ | false | Provider defines the desired provider and provider-specific configuration.
If unspecified, the Kubernetes provider is used with default configuration
parameters. | | `logging` | _[EnvoyGatewayLogging](#envoygatewaylogging)_ | false | Logging defines logging parameters for Envoy Gateway. | @@ -885,6 +918,7 @@ _Appears in:_ | `extensionManager` | _[ExtensionManager](#extensionmanager)_ | false | ExtensionManager defines an extension manager to register for the Envoy Gateway Control Plane. | | `extensionApis` | _[ExtensionAPISettings](#extensionapisettings)_ | false | ExtensionAPIs defines the settings related to specific Gateway API Extensions
implemented by Envoy Gateway | + #### EnvoyGatewayTelemetry @@ -898,9 +932,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `metrics` | _[EnvoyGatewayMetrics](#envoygatewaymetrics)_ | true | Metrics defines metrics configuration for envoy gateway. | + #### EnvoyJSONPatchConfig @@ -913,11 +947,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `type` | _[EnvoyResourceType](#envoyresourcetype)_ | true | Type is the typed URL of the Envoy xDS Resource | | `name` | _string_ | true | Name is the name of the resource | | `operation` | _[JSONPatchOperation](#jsonpatchoperation)_ | true | Patch defines the JSON Patch Operation | + #### EnvoyPatchPolicy @@ -932,10 +966,10 @@ _Appears in:_ | --- | --- | --- | --- | | `apiVersion` | _string_ | |`gateway.envoyproxy.io/v1alpha1` | `kind` | _string_ | |`EnvoyPatchPolicy` - | `metadata` | _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#objectmeta-v1-meta)_ | true | Refer to Kubernetes API documentation for fields of `metadata`. | | `spec` | _[EnvoyPatchPolicySpec](#envoypatchpolicyspec)_ | true | Spec defines the desired state of EnvoyPatchPolicy. | + #### EnvoyPatchPolicyList @@ -948,10 +982,10 @@ EnvoyPatchPolicyList contains a list of EnvoyPatchPolicy resources. | --- | --- | --- | --- | | `apiVersion` | _string_ | |`gateway.envoyproxy.io/v1alpha1` | `kind` | _string_ | |`EnvoyPatchPolicyList` - | `metadata` | _[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#listmeta-v1-meta)_ | true | Refer to Kubernetes API documentation for fields of `metadata`. | | `items` | _[EnvoyPatchPolicy](#envoypatchpolicy) array_ | true | | + #### EnvoyPatchPolicySpec @@ -963,12 +997,12 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `type` | _[EnvoyPatchType](#envoypatchtype)_ | true | Type decides the type of patch.
Valid EnvoyPatchType values are "JSONPatch". | | `jsonPatches` | _[EnvoyJSONPatchConfig](#envoyjsonpatchconfig) array_ | false | JSONPatch defines the JSONPatch configuration. | | `targetRef` | _[PolicyTargetReference](#policytargetreference)_ | true | TargetRef is the name of the Gateway API resource this policy
is being attached to.
By default attaching to Gateway is supported and
when mergeGateways is enabled it should attach to GatewayClass.
This Policy and the TargetRef MUST be in the same namespace
for this Policy to have effect and be applied to the Gateway
TargetRef | | `priority` | _integer_ | true | Priority of the EnvoyPatchPolicy.
If multiple EnvoyPatchPolicies are applied to the same
TargetRef, they will be applied in the ascending order of
the priority i.e. int32.min has the highest priority and
int32.max has the lowest priority.
Defaults to 0. | + #### EnvoyPatchType _Underlying type:_ _string_ @@ -978,6 +1012,9 @@ EnvoyPatchType specifies the types of Envoy patching mechanisms. _Appears in:_ - [EnvoyPatchPolicySpec](#envoypatchpolicyspec) +| Value | Description | +| ----- | ----------- | +| `JSONPatch` | JSONPatchEnvoyPatchType allows the user to patch the generated xDS resources using JSONPatch semantics.
For more details on the semantics, please refer to https://datatracker.ietf.org/doc/html/rfc6902
| #### EnvoyProxy @@ -992,10 +1029,10 @@ EnvoyProxy is the schema for the envoyproxies API. | --- | --- | --- | --- | | `apiVersion` | _string_ | |`gateway.envoyproxy.io/v1alpha1` | `kind` | _string_ | |`EnvoyProxy` - | `metadata` | _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#objectmeta-v1-meta)_ | true | Refer to Kubernetes API documentation for fields of `metadata`. | | `spec` | _[EnvoyProxySpec](#envoyproxyspec)_ | true | EnvoyProxySpec defines the desired state of EnvoyProxy. | + #### EnvoyProxyKubernetesProvider @@ -1008,11 +1045,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `envoyDeployment` | _[KubernetesDeploymentSpec](#kubernetesdeploymentspec)_ | false | EnvoyDeployment defines the desired state of the Envoy deployment resource.
If unspecified, default settings for the managed Envoy deployment resource
are applied. | | `envoyService` | _[KubernetesServiceSpec](#kubernetesservicespec)_ | false | EnvoyService defines the desired state of the Envoy service resource.
If unspecified, default settings for the managed Envoy service resource
are applied. | | `envoyHpa` | _[KubernetesHorizontalPodAutoscalerSpec](#kuberneteshorizontalpodautoscalerspec)_ | false | EnvoyHpa defines the Horizontal Pod Autoscaler settings for Envoy Proxy Deployment.
Once the HPA is being set, Replicas field from EnvoyDeployment will be ignored. | + #### EnvoyProxyProvider @@ -1024,10 +1061,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `type` | _[ProviderType](#providertype)_ | true | Type is the type of resource provider to use. A resource provider provides
infrastructure resources for running the data plane, e.g. Envoy proxy, and
optional auxiliary control planes. Supported types are "Kubernetes". | | `kubernetes` | _[EnvoyProxyKubernetesProvider](#envoyproxykubernetesprovider)_ | false | Kubernetes defines the desired state of the Kubernetes resource provider.
Kubernetes provides infrastructure resources for running the data plane,
e.g. Envoy proxy. If unspecified and type is "Kubernetes", default settings
for managed Kubernetes resources are applied. | + #### EnvoyProxySpec @@ -1039,7 +1076,6 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `provider` | _[EnvoyProxyProvider](#envoyproxyprovider)_ | false | Provider defines the desired resource provider and provider-specific configuration.
If unspecified, the "Kubernetes" resource provider is used with default configuration
parameters. | | `logging` | _[ProxyLogging](#proxylogging)_ | true | Logging defines logging parameters for managed proxies. | | `telemetry` | _[ProxyTelemetry](#proxytelemetry)_ | false | Telemetry defines telemetry parameters for managed proxies. | @@ -1051,6 +1087,7 @@ _Appears in:_ + #### EnvoyResourceType _Underlying type:_ _string_ @@ -1060,6 +1097,12 @@ EnvoyResourceType specifies the type URL of the Envoy resource. _Appears in:_ - [EnvoyJSONPatchConfig](#envoyjsonpatchconfig) +| Value | Description | +| ----- | ----------- | +| `type.googleapis.com/envoy.config.listener.v3.Listener` | ListenerEnvoyResourceType defines the Type URL of the Listener resource
| +| `type.googleapis.com/envoy.config.route.v3.RouteConfiguration` | RouteConfigurationEnvoyResourceType defines the Type URL of the RouteConfiguration resource
| +| `type.googleapis.com/envoy.config.cluster.v3.Cluster` | ClusterEnvoyResourceType defines the Type URL of the Cluster resource
| +| `type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment` | ClusterLoadAssignmentEnvoyResourceType defines the Type URL of the ClusterLoadAssignment resource
| #### ExtAuth @@ -1073,12 +1116,12 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `grpc` | _[GRPCExtAuthService](#grpcextauthservice)_ | true | GRPC defines the gRPC External Authorization service.
Either GRPCService or HTTPService must be specified,
and only one of them can be provided. | | `http` | _[HTTPExtAuthService](#httpextauthservice)_ | true | HTTP defines the HTTP External Authorization service.
Either GRPCService or HTTPService must be specified,
and only one of them can be provided. | | `headersToExtAuth` | _string array_ | false | HeadersToExtAuth defines the client request headers that will be included
in the request to the external authorization service.
Note: If not specified, the default behavior for gRPC and HTTP external
authorization services is different due to backward compatibility reasons.
All headers will be included in the check request to a gRPC authorization server.
Only the following headers will be included in the check request to an HTTP
authorization server: Host, Method, Path, Content-Length, and Authorization.
And these headers will always be included to the check request to an HTTP
authorization server by default, no matter whether they are specified
in HeadersToExtAuth or not. | | `failOpen` | _boolean_ | false | FailOpen is a switch used to control the behavior when a response from the External Authorization service cannot be obtained.
If FailOpen is set to true, the system allows the traffic to pass through.
Otherwise, if it is set to false or not set (defaulting to false),
the system blocks the traffic and returns a HTTP 5xx error, reflecting a fail-closed approach.
This setting determines whether to prioritize accessibility over strict security in case of authorization service failure. | + #### ExtProc @@ -1090,9 +1133,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `backendRef` | _[ExtProcBackendRef](#extprocbackendref)_ | true | Service defines the configuration of the external processing service | + #### ExtProcBackendRef @@ -1106,13 +1149,13 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `group` | _[Group](#group)_ | false | Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred. | | `kind` | _[Kind](#kind)_ | false | Kind is the Kubernetes resource kind of the referent. For example
"Service".

Defaults to "Service" when not specified.

ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.

Support: Core (Services with a type other than ExternalName)

Support: Implementation-specific (Services with type ExternalName) | | `name` | _[ObjectName](#objectname)_ | true | Name is the name of the referent. | | `namespace` | _[Namespace](#namespace)_ | false | Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.

Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.

Support: Core | | `port` | _[PortNumber](#portnumber)_ | false | Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field. | + #### ExtensionAPISettings @@ -1125,9 +1168,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `enableEnvoyPatchPolicy` | _boolean_ | true | EnableEnvoyPatchPolicy enables Envoy Gateway to
reconcile and implement the EnvoyPatchPolicy resources. | + #### ExtensionHooks @@ -1139,9 +1182,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `xdsTranslator` | _[XDSTranslatorHooks](#xdstranslatorhooks)_ | true | XDSTranslator defines all the supported extension hooks for the xds-translator runner | + #### ExtensionManager @@ -1155,11 +1198,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `resources` | _[GroupVersionKind](#groupversionkind) array_ | false | Resources defines the set of K8s resources the extension will handle. | | `hooks` | _[ExtensionHooks](#extensionhooks)_ | true | Hooks defines the set of hooks the extension supports | | `service` | _[ExtensionService](#extensionservice)_ | true | Service defines the configuration of the extension service that the Envoy
Gateway Control Plane will call through extension hooks. | + #### ExtensionService @@ -1171,11 +1214,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `host` | _string_ | true | Host define the extension service hostname. | | `port` | _integer_ | false | Port defines the port the extension service is exposed on. | | `tls` | _[ExtensionTLS](#extensiontls)_ | false | TLS defines TLS configuration for communication between Envoy Gateway and
the extension service. | + #### ExtensionTLS @@ -1187,9 +1230,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `certificateRef` | _[SecretObjectReference](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.SecretObjectReference)_ | true | CertificateRef contains a references to objects (Kubernetes objects or otherwise) that
contains a TLS certificate and private keys. These certificates are used to
establish a TLS handshake to the extension server.

CertificateRef can only reference a Kubernetes Secret at this time. | + #### FaultInjection @@ -1202,10 +1245,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `delay` | _[FaultInjectionDelay](#faultinjectiondelay)_ | false | If specified, a delay will be injected into the request. | | `abort` | _[FaultInjectionAbort](#faultinjectionabort)_ | false | If specified, the request will be aborted if it meets the configuration criteria. | + #### FaultInjectionAbort @@ -1217,11 +1260,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `httpStatus` | _integer_ | false | StatusCode specifies the HTTP status code to be returned | | `grpcStatus` | _integer_ | false | GrpcStatus specifies the GRPC status code to be returned | | `percentage` | _float_ | false | Percentage specifies the percentage of requests to be aborted. Default 100%, if set 0, no requests will be aborted. Accuracy to 0.0001%. | + #### FaultInjectionDelay @@ -1233,10 +1276,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `fixedDelay` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#duration-v1-meta)_ | true | FixedDelay specifies the fixed delay duration | | `percentage` | _float_ | false | Percentage specifies the percentage of requests to be delayed. Default 100%, if set 0, no requests will be delayed. Accuracy to 0.0001%. | + #### FileEnvoyProxyAccessLog @@ -1248,9 +1291,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `path` | _string_ | true | Path defines the file path used to expose envoy access log(e.g. /dev/stdout). | + #### GRPCExtAuthService @@ -1264,9 +1307,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `backendRef` | _[BackendObjectReference](#backendobjectreference)_ | true | BackendRef references a Kubernetes object that represents the
backend server to which the authorization request will be sent.
Only service Kind is supported for now. | + #### Gateway @@ -1279,9 +1322,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `controllerName` | _string_ | false | ControllerName defines the name of the Gateway API controller. If unspecified,
defaults to "gateway.envoyproxy.io/gatewayclass-controller". See the following
for additional details:
https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.GatewayClass | + #### GlobalRateLimit @@ -1293,9 +1336,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `rules` | _[RateLimitRule](#ratelimitrule) array_ | true | Rules are a list of RateLimit selectors and limits. Each rule and its
associated limit is applied in a mutually exclusive way. If a request
matches multiple rules, each of their associated limits get applied, so a
single request might increase the rate limit counters for multiple rules
if selected. The rate limit service will return a logical OR of the individual
rate limit decisions of all matching rules. For example, if a request
matches two rules, one rate limited and one not, the final decision will be
to rate limit the request. | + #### GroupVersionKind @@ -1308,11 +1351,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `group` | _string_ | true | | | `version` | _string_ | true | | | `kind` | _string_ | true | | + #### GzipCompressor @@ -1337,9 +1380,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `useDefaultHost` | _boolean_ | false | UseDefaultHost defines if the HTTP/1.0 request is missing the Host header,
then the hostname associated with the listener should be injected into the
request.
If this is not set and an HTTP/1.0 request arrives without a host, then
it will be rejected. | + #### HTTP1Settings @@ -1351,11 +1394,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `enableTrailers` | _boolean_ | false | EnableTrailers defines if HTTP/1 trailers should be proxied by Envoy. | | `preserveHeaderCase` | _boolean_ | false | PreserveHeaderCase defines if Envoy should preserve the letter case of headers.
By default, Envoy will lowercase all the headers. | | `http10` | _[HTTP10Settings](#http10settings)_ | false | HTTP10 turns on support for HTTP/1.0 and HTTP/0.9 requests. | + #### HTTP3Settings @@ -1378,12 +1421,12 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `path` | _string_ | true | Path defines the HTTP path that will be requested during health checking. | | `method` | _string_ | false | Method defines the HTTP method used for health checking.
Defaults to GET | | `expectedStatuses` | _[HTTPStatus](#httpstatus) array_ | false | ExpectedStatuses defines a list of HTTP response statuses considered healthy.
Defaults to 200 only | | `expectedResponse` | _[ActiveHealthCheckPayload](#activehealthcheckpayload)_ | false | ExpectedResponse defines a list of HTTP expected responses to match. | + #### HTTPClientTimeout @@ -1395,10 +1438,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `requestReceivedTimeout` | _[Duration](#duration)_ | false | RequestReceivedTimeout is the duration envoy waits for the complete request reception. This timer starts upon request
initiation and stops when either the last byte of the request is sent upstream or when the response begins. | | `idleTimeout` | _[Duration](#duration)_ | false | IdleTimeout for an HTTP connection. Idle time is defined as a period in which there are no active requests in the connection.
Default: 1 hour. | + #### HTTPExtAuthService @@ -1410,11 +1453,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `backendRef` | _[BackendObjectReference](#backendobjectreference)_ | true | BackendRef references a Kubernetes object that represents the
backend server to which the authorization request will be sent.
Only service Kind is supported for now. | | `path` | _string_ | true | Path is the path of the HTTP External Authorization service.
If path is specified, the authorization request will be sent to that path,
or else the authorization request will be sent to the root path. | | `headersToBackend` | _string array_ | false | HeadersToBackend are the authorization response headers that will be added
to the original client request before sending it to the backend server.
Note that coexisting headers will be overridden.
If not specified, no authorization response headers will be added to the
original client request. | + #### HTTPStatus _Underlying type:_ _integer_ @@ -1438,10 +1481,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `connectionIdleTimeout` | _[Duration](#duration)_ | false | The idle timeout for an HTTP connection. Idle time is defined as a period in which there are no active requests in the connection.
Default: 1 hour. | | `maxConnectionDuration` | _[Duration](#duration)_ | false | The maximum duration of an HTTP connection.
Default: unlimited. | + #### HTTPWasmCodeSource @@ -1453,11 +1496,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `url` | _string_ | true | URL is the URL containing the wasm code. | + #### HeaderMatchType _Underlying type:_ _string_ @@ -1468,6 +1511,11 @@ Valid HeaderMatchType values are "Exact", "RegularExpression", and "Distinct". _Appears in:_ - [HeaderMatch](#headermatch) +| Value | Description | +| ----- | ----------- | +| `Exact` | HeaderMatchExact matches the exact value of the Value field against the value of
the specified HTTP Header.
| +| `RegularExpression` | HeaderMatchRegularExpression matches a regular expression against the value of the
specified HTTP Header. The regex string must adhere to the syntax documented in
https://github.com/google/re2/wiki/Syntax.
| +| `Distinct` | HeaderMatchDistinct matches any and all possible unique values encountered in the
specified HTTP Header. Note that each unique value will receive its own rate limit
bucket.
Note: This is only supported for Global Rate Limits.
| #### HeaderSettings @@ -1481,10 +1529,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `enableEnvoyHeaders` | _boolean_ | false | EnableEnvoyHeaders configures Envoy Proxy to add the "X-Envoy-" headers to requests
and responses. | | `withUnderscoresAction` | _[WithUnderscoresAction](#withunderscoresaction)_ | false | WithUnderscoresAction configures the action to take when an HTTP header with underscores
is encountered. The default action is to reject the request. | + #### HealthCheck @@ -1497,10 +1545,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `active` | _[ActiveHealthCheck](#activehealthcheck)_ | false | Active health check configuration | | `passive` | _[PassiveHealthCheck](#passivehealthcheck)_ | false | Passive passive check configuration | + #### ImageWasmCodeSource @@ -1512,10 +1560,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `url` | _string_ | true | URL is the URL of the OCI image. | | `pullSecret` | _[SecretObjectReference](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.SecretObjectReference)_ | true | PullSecretRef is a reference to the secret containing the credentials to pull the image. | + #### InfrastructureProviderType _Underlying type:_ _string_ @@ -1525,6 +1573,9 @@ InfrastructureProviderType defines the types of custom infrastructure providers _Appears in:_ - [EnvoyGatewayInfrastructureProvider](#envoygatewayinfrastructureprovider) +| Value | Description | +| ----- | ----------- | +| `Host` | InfrastructureProviderTypeHost defines the "Host" provider.
| #### JSONPatchOperation @@ -1539,12 +1590,12 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `op` | _[JSONPatchOperationType](#jsonpatchoperationtype)_ | true | Op is the type of operation to perform | | `path` | _string_ | true | Path is the location of the target document/field where the operation will be performed
Refer to https://datatracker.ietf.org/doc/html/rfc6901 for more details. | | `from` | _string_ | false | From is the source location of the value to be copied or moved. Only valid
for move or copy operations
Refer to https://datatracker.ietf.org/doc/html/rfc6901 for more details. | | `value` | _[JSON](#json)_ | false | Value is the new value of the path location. The value is only used by
the `add` and `replace` operations. | + #### JSONPatchOperationType _Underlying type:_ _string_ @@ -1567,9 +1618,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `providers` | _[JWTProvider](#jwtprovider) array_ | true | Providers defines the JSON Web Token (JWT) authentication provider type.
When multiple JWT providers are specified, the JWT is considered valid if
any of the providers successfully validate the JWT. For additional details,
see https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/jwt_authn_filter.html. | + #### JWTExtractor @@ -1583,11 +1634,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `headers` | _[JWTHeaderExtractor](#jwtheaderextractor) array_ | false | Headers represents a list of HTTP request headers to extract the JWT token from. | | `cookies` | _string array_ | false | Cookies represents a list of cookie names to extract the JWT token from. | | `params` | _string array_ | false | Params represents a list of query parameters to extract the JWT token from. | + #### JWTHeaderExtractor @@ -1599,10 +1650,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `name` | _string_ | true | Name is the HTTP header name to retrieve the token | | `valuePrefix` | _string_ | false | ValuePrefix is the prefix that should be stripped before extracting the token.
The format would be used by Envoy like "{ValuePrefix}".
For example, "Authorization: Bearer ", then the ValuePrefix="Bearer " with a space at the end. | + #### JWTProvider @@ -1614,7 +1665,6 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `name` | _string_ | true | Name defines a unique name for the JWT provider. A name can have a variety of forms,
including RFC1123 subdomains, RFC 1123 labels, or RFC 1035 labels. | | `issuer` | _string_ | false | Issuer is the principal that issued the JWT and takes the form of a URL or email address.
For additional details, see https://tools.ietf.org/html/rfc7519#section-4.1.1 for
URL format and https://rfc-editor.org/rfc/rfc5322.html for email format. If not provided,
the JWT issuer is not checked. | | `audiences` | _string array_ | false | Audiences is a list of JWT audiences allowed access. For additional details, see
https://tools.ietf.org/html/rfc7519#section-4.1.3. If not provided, JWT audiences
are not checked. | @@ -1623,6 +1673,7 @@ _Appears in:_ | `recomputeRoute` | _boolean_ | false | RecomputeRoute clears the route cache and recalculates the routing decision.
This field must be enabled if the headers generated from the claim are used for
route matching decisions. If the recomputation selects a new route, features targeting
the new matched route will be applied. | | `extractFrom` | _[JWTExtractor](#jwtextractor)_ | false | ExtractFrom defines different ways to extract the JWT token from HTTP request.
If empty, it defaults to extract JWT token from the Authorization HTTP request header using Bearer schema
or access_token from query parameters. | + #### KubernetesContainerSpec @@ -1634,13 +1685,13 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `env` | _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#envvar-v1-core) array_ | false | List of environment variables to set in the container. | | `resources` | _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#resourcerequirements-v1-core)_ | false | Resources required by this container.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | | `securityContext` | _[SecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#securitycontext-v1-core)_ | false | SecurityContext defines the security options the container should be run with.
If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | | `image` | _string_ | false | Image specifies the EnvoyProxy container image to be used, instead of the default image. | | `volumeMounts` | _[VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#volumemount-v1-core) array_ | false | VolumeMounts are volumes to mount into the container's filesystem.
Cannot be updated. | + #### KubernetesDeployMode @@ -1665,7 +1716,6 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `patch` | _[KubernetesPatchSpec](#kubernetespatchspec)_ | false | Patch defines how to perform the patch operation to deployment | | `replicas` | _integer_ | false | Replicas is the number of desired pods. Defaults to 1. | | `strategy` | _[DeploymentStrategy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#deploymentstrategy-v1-apps)_ | false | The deployment strategy to use to replace existing pods with new ones. | @@ -1673,6 +1723,7 @@ _Appears in:_ | `container` | _[KubernetesContainerSpec](#kubernetescontainerspec)_ | false | Container defines the desired specification of main container. | | `initContainers` | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#container-v1-core) array_ | false | List of initialization containers belonging to the pod.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | + #### KubernetesHorizontalPodAutoscalerSpec @@ -1687,12 +1738,12 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `minReplicas` | _integer_ | false | minReplicas is the lower limit for the number of replicas to which the autoscaler
can scale down. It defaults to 1 replica. | | `maxReplicas` | _integer_ | true | maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up.
It cannot be less that minReplicas. | | `metrics` | _[MetricSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#metricspec-v2-autoscaling) array_ | false | metrics contains the specifications for which to use to calculate the
desired replica count (the maximum replica count across all metrics will
be used).
If left empty, it defaults to being based on CPU utilization with average on 80% usage. | | `behavior` | _[HorizontalPodAutoscalerBehavior](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#horizontalpodautoscalerbehavior-v2-autoscaling)_ | false | behavior configures the scaling behavior of the target
in both Up and Down directions (scaleUp and scaleDown fields respectively).
If not set, the default HPAScalingRules for scale up and scale down are used.
See k8s.io.autoscaling.v2.HorizontalPodAutoScalerBehavior. | + #### KubernetesPatchSpec @@ -1705,10 +1756,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `type` | _[MergeType](#mergetype)_ | false | Type is the type of merge operation to perform

By default, StrategicMerge is used as the patch type. | | `value` | _[JSON](#json)_ | true | Object contains the raw configuration for merged object | + #### KubernetesPodSpec @@ -1720,7 +1771,6 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `annotations` | _object (keys:string, values:string)_ | false | Annotations are the annotations that should be appended to the pods.
By default, no pod annotations are appended. | | `labels` | _object (keys:string, values:string)_ | false | Labels are the additional labels that should be tagged to the pods.
By default, no additional pod labels are tagged. | | `securityContext` | _[PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#podsecuritycontext-v1-core)_ | false | SecurityContext holds pod-level security attributes and common container settings.
Optional: Defaults to empty. See type description for default values of each field. | @@ -1731,6 +1781,7 @@ _Appears in:_ | `nodeSelector` | _object (keys:string, values:string)_ | false | NodeSelector is a selector which must be true for the pod to fit on a node.
Selector which must match a node's labels for the pod to be scheduled on that node.
More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | | `topologySpreadConstraints` | _[TopologySpreadConstraint](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#topologyspreadconstraint-v1-core) array_ | false | TopologySpreadConstraints describes how a group of pods ought to spread across topology
domains. Scheduler will schedule pods in a way which abides by the constraints.
All topologySpreadConstraints are ANDed. | + #### KubernetesServiceSpec @@ -1742,7 +1793,6 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `annotations` | _object (keys:string, values:string)_ | false | Annotations that should be appended to the service.
By default, no annotations are appended. | | `type` | _[ServiceType](#servicetype)_ | false | Type determines how the Service is exposed. Defaults to LoadBalancer.
Valid options are ClusterIP, LoadBalancer and NodePort.
"LoadBalancer" means a service will be exposed via an external load balancer (if the cloud provider supports it).
"ClusterIP" means a service will only be accessible inside the cluster, via the cluster IP.
"NodePort" means a service will be exposed on a static Port on all Nodes of the cluster. | | `loadBalancerClass` | _string_ | false | LoadBalancerClass, when specified, allows for choosing the LoadBalancer provider
implementation if more than one are available or is otherwise expected to be specified | @@ -1751,6 +1801,7 @@ _Appears in:_ | `externalTrafficPolicy` | _[ServiceExternalTrafficPolicy](#serviceexternaltrafficpolicy)_ | false | ExternalTrafficPolicy determines the externalTrafficPolicy for the Envoy Service. Valid options
are Local and Cluster. Default is "Local". "Local" means traffic will only go to pods on the node
receiving the traffic. "Cluster" means connections are loadbalanced to all pods in the cluster. | | `patch` | _[KubernetesPatchSpec](#kubernetespatchspec)_ | false | Patch defines how to perform the patch operation to the service | + #### KubernetesWatchMode @@ -1762,11 +1813,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `type` | _[KubernetesWatchModeType](#kuberneteswatchmodetype)_ | true | Type indicates what watch mode to use. KubernetesWatchModeTypeNamespaces and
KubernetesWatchModeTypeNamespaceSelector are currently supported
By default, when this field is unset or empty, Envoy Gateway will watch for input namespaced resources
from all namespaces. | | `namespaces` | _string array_ | true | Namespaces holds the list of namespaces that Envoy Gateway will watch for namespaced scoped
resources such as Gateway, HTTPRoute and Service.
Note that Envoy Gateway will continue to reconcile relevant cluster scoped resources such as
GatewayClass that it is linked to. Precisely one of Namespaces and NamespaceSelector must be set. | | `namespaceSelector` | _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#labelselector-v1-meta)_ | true | NamespaceSelector holds the label selector used to dynamically select namespaces.
Envoy Gateway will watch for namespaces matching the specified label selector.
Precisely one of Namespaces and NamespaceSelector must be set. | + #### KubernetesWatchModeType _Underlying type:_ _string_ @@ -1789,12 +1840,12 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `leaseDuration` | _[Duration](#duration)_ | true | LeaseDuration defines the time non-leader contenders will wait before attempting to claim leadership.
It's based on the timestamp of the last acknowledged signal. The default setting is 15 seconds. | | `renewDeadline` | _[Duration](#duration)_ | true | RenewDeadline represents the time frame within which the current leader will attempt to renew its leadership
status before relinquishing its position. The default setting is 10 seconds. | | `retryPeriod` | _[Duration](#duration)_ | true | RetryPeriod denotes the interval at which LeaderElector clients should perform action retries.
The default setting is 2 seconds. | | `disable` | _boolean_ | true | Disable provides the option to turn off leader election, which is enabled by default. | + #### LiteralCustomTag @@ -1806,9 +1857,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `value` | _string_ | true | Value defines the hard-coded value to add to each span. | + #### LoadBalancer @@ -1820,11 +1871,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `type` | _[LoadBalancerType](#loadbalancertype)_ | true | Type decides the type of Load Balancer policy.
Valid LoadBalancerType values are
"ConsistentHash",
"LeastRequest",
"Random",
"RoundRobin", | | `consistentHash` | _[ConsistentHash](#consistenthash)_ | false | ConsistentHash defines the configuration when the load balancer type is
set to ConsistentHash | | `slowStart` | _[SlowStart](#slowstart)_ | false | SlowStart defines the configuration related to the slow start load balancer policy.
If set, during slow start window, traffic sent to the newly added hosts will gradually increase.
Currently this is only supported for RoundRobin and LeastRequest load balancers | + #### LoadBalancerType _Underlying type:_ _string_ @@ -1834,6 +1885,12 @@ LoadBalancerType specifies the types of LoadBalancer. _Appears in:_ - [LoadBalancer](#loadbalancer) +| Value | Description | +| ----- | ----------- | +| `ConsistentHash` | ConsistentHashLoadBalancerType load balancer policy.
| +| `LeastRequest` | LeastRequestLoadBalancerType load balancer policy.
| +| `Random` | RandomLoadBalancerType load balancer policy.
| +| `RoundRobin` | RoundRobinLoadBalancerType load balancer policy.
| #### LocalRateLimit @@ -1847,9 +1904,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `rules` | _[RateLimitRule](#ratelimitrule) array_ | false | Rules are a list of RateLimit selectors and limits. If a request matches
multiple rules, the strictest limit is applied. For example, if a request
matches two rules, one with 10rps and one with 20rps, the final limit will
be based on the rule with 10rps. | + #### LogLevel _Underlying type:_ _string_ @@ -1860,6 +1917,12 @@ _Appears in:_ - [EnvoyGatewayLogging](#envoygatewaylogging) - [ProxyLogging](#proxylogging) +| Value | Description | +| ----- | ----------- | +| `debug` | LogLevelDebug defines the "debug" logging level.
| +| `info` | LogLevelInfo defines the "Info" logging level.
| +| `warn` | LogLevelWarn defines the "Warn" logging level.
| +| `error` | LogLevelError defines the "Error" logging level.
| @@ -1874,6 +1937,9 @@ _Appears in:_ - [EnvoyGatewayMetricSink](#envoygatewaymetricsink) - [ProxyMetricSink](#proxymetricsink) +| Value | Description | +| ----- | ----------- | +| `OpenTelemetry` | | #### OIDC @@ -1887,7 +1953,6 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `provider` | _[OIDCProvider](#oidcprovider)_ | true | The OIDC Provider configuration. | | `clientID` | _string_ | true | The client ID to be used in the OIDC
[Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest). | | `clientSecret` | _[SecretObjectReference](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.SecretObjectReference)_ | true | The Kubernetes secret which contains the OIDC client secret to be used in the
[Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest).

This is an Opaque secret. The client secret should be stored in the key
"client-secret". | @@ -1896,6 +1961,7 @@ _Appears in:_ | `redirectURL` | _string_ | true | The redirect URL to be used in the OIDC
[Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest).
If not specified, uses the default redirect URI "%REQ(x-forwarded-proto)%://%REQ(:authority)%/oauth2/callback" | | `logoutPath` | _string_ | true | The path to log a user out, clearing their credential cookies.
If not specified, uses a default logout path "/logout" | + #### OIDCProvider @@ -1907,11 +1973,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `issuer` | _string_ | true | The OIDC Provider's [issuer identifier](https://openid.net/specs/openid-connect-discovery-1_0.html#IssuerDiscovery).
Issuer MUST be a URI RFC 3986 [RFC3986] with a scheme component that MUST
be https, a host component, and optionally, port and path components and
no query or fragment components. | | `authorizationEndpoint` | _string_ | false | The OIDC Provider's [authorization endpoint](https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint).
If not provided, EG will try to discover it from the provider's [Well-Known Configuration Endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse). | | `tokenEndpoint` | _string_ | false | The OIDC Provider's [token endpoint](https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint).
If not provided, EG will try to discover it from the provider's [Well-Known Configuration Endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse). | + #### OpenTelemetryEnvoyProxyAccessLog @@ -1923,12 +1989,12 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `host` | _string_ | false | Host define the extension service hostname.
Deprecated: Use BackendRef instead. | | `port` | _integer_ | false | Port defines the port the extension service is exposed on.
Deprecated: Use BackendRef instead. | | `backendRefs` | _[BackendRef](#backendref) array_ | false | BackendRefs references a Kubernetes object that represents the
backend server to which the accesslog will be sent.
Only service Kind is supported for now. | | `resources` | _object (keys:string, values:string)_ | false | Resources is a set of labels that describe the source of a log entry, including envoy node info.
It's recommended to follow [semantic conventions](https://opentelemetry.io/docs/reference/specification/resource/semantic_conventions/). | + #### Origin _Underlying type:_ _string_ @@ -1965,7 +2031,6 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `splitExternalLocalOriginErrors` | _boolean_ | false | SplitExternalLocalOriginErrors enables splitting of errors between external and local origin. | | `interval` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#duration-v1-meta)_ | false | Interval defines the time between passive health checks. | | `consecutiveLocalOriginFailures` | _integer_ | false | ConsecutiveLocalOriginFailures sets the number of consecutive local origin failures triggering ejection.
Parameter takes effect only when split_external_local_origin_errors is set to true. | @@ -1974,6 +2039,7 @@ _Appears in:_ | `baseEjectionTime` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#duration-v1-meta)_ | false | BaseEjectionTime defines the base duration for which a host will be ejected on consecutive failures. | | `maxEjectionPercent` | _integer_ | false | MaxEjectionPercent sets the maximum percentage of hosts in a cluster that can be ejected. | + #### PathEscapedSlashAction _Underlying type:_ _string_ @@ -1984,6 +2050,12 @@ sequences in the URI path. _Appears in:_ - [PathSettings](#pathsettings) +| Value | Description | +| ----- | ----------- | +| `KeepUnchanged` | KeepUnchangedAction keeps escaped slashes as they arrive without changes
| +| `RejectRequest` | RejectRequestAction rejects client requests containing escaped slashes
with a 400 status. gRPC requests will be rejected with the INTERNAL (13)
error code.
The "httpN.downstream_rq_failed_path_normalization" counter is incremented
for each rejected request.
| +| `UnescapeAndRedirect` | UnescapeAndRedirect unescapes %2F and %5C sequences and redirects to the new path
if these sequences were present.
Redirect occurs after path normalization and merge slashes transformations if
they were configured. gRPC requests will be rejected with the INTERNAL (13)
error code.
This option minimizes possibility of path confusion exploits by forcing request
with unescaped slashes to traverse all parties: downstream client, intermediate
proxies, Envoy and upstream server.
The “httpN.downstream_rq_redirected_with_normalized_path” counter is incremented
for each redirected request.
| +| `UnescapeAndForward` | UnescapeAndForward unescapes %2F and %5C sequences and forwards the request.
Note: this option should not be enabled if intermediaries perform path based access
control as it may lead to path confusion vulnerabilities.
| #### PathSettings @@ -1997,10 +2069,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `escapedSlashesAction` | _[PathEscapedSlashAction](#pathescapedslashaction)_ | false | EscapedSlashesAction determines how %2f, %2F, %5c, or %5C sequences in the path URI
should be handled.
The default is UnescapeAndRedirect. | | `disableMergeSlashes` | _boolean_ | false | DisableMergeSlashes allows disabling the default configuration of merging adjacent
slashes in the path.
Note that slash merging is not part of the HTTP spec and is provided for convenience. | + #### PerRetryPolicy @@ -2012,10 +2084,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `timeout` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#duration-v1-meta)_ | false | Timeout is the timeout per retry attempt. | | `backOff` | _[BackOffPolicy](#backoffpolicy)_ | false | Backoff is the backoff policy to be applied per retry attempt. gateway uses a fully jittered exponential
back-off algorithm for retries. For additional details,
see https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#config-http-filters-router-x-envoy-max-retries | + #### ProviderType _Underlying type:_ _string_ @@ -2026,6 +2098,10 @@ _Appears in:_ - [EnvoyGatewayProvider](#envoygatewayprovider) - [EnvoyProxyProvider](#envoyproxyprovider) +| Value | Description | +| ----- | ----------- | +| `Kubernetes` | ProviderTypeKubernetes defines the "Kubernetes" provider.
| +| `File` | ProviderTypeFile defines the "File" provider. This type is not implemented
until https://github.com/envoyproxy/gateway/issues/1001 is fixed.
| #### ProxyAccessLog @@ -2039,10 +2115,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `disable` | _boolean_ | true | Disable disables access logging for managed proxies if set to true. | | `settings` | _[ProxyAccessLogSetting](#proxyaccesslogsetting) array_ | false | Settings defines accesslog settings for managed proxies.
If unspecified, will send default format to stdout. | + #### ProxyAccessLogFormat @@ -2055,11 +2131,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `type` | _[ProxyAccessLogFormatType](#proxyaccesslogformattype)_ | true | Type defines the type of accesslog format. | | `text` | _string_ | false | Text defines the text accesslog format, following Envoy accesslog formatting,
It's required when the format type is "Text".
Envoy [command operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators) may be used in the format.
The [format string documentation](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#config-access-log-format-strings) provides more information. | | `json` | _object (keys:string, values:string)_ | false | JSON is additional attributes that describe the specific event occurrence.
Structured format for the envoy access logs. Envoy [command operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators)
can be used as values for fields within the Struct.
It's required when the format type is "JSON". | + #### ProxyAccessLogFormatType _Underlying type:_ _string_ @@ -2069,6 +2145,10 @@ _Underlying type:_ _string_ _Appears in:_ - [ProxyAccessLogFormat](#proxyaccesslogformat) +| Value | Description | +| ----- | ----------- | +| `Text` | ProxyAccessLogFormatTypeText defines the text accesslog format.
| +| `JSON` | ProxyAccessLogFormatTypeJSON defines the JSON accesslog format.
| #### ProxyAccessLogSetting @@ -2082,10 +2162,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `format` | _[ProxyAccessLogFormat](#proxyaccesslogformat)_ | true | Format defines the format of accesslog. | | `sinks` | _[ProxyAccessLogSink](#proxyaccesslogsink) array_ | true | Sinks defines the sinks of accesslog. | + #### ProxyAccessLogSink @@ -2097,12 +2177,12 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `type` | _[ProxyAccessLogSinkType](#proxyaccesslogsinktype)_ | true | Type defines the type of accesslog sink. | | `als` | _[ALSEnvoyProxyAccessLog](#alsenvoyproxyaccesslog)_ | false | ALS defines the gRPC Access Log Service (ALS) sink. | | `file` | _[FileEnvoyProxyAccessLog](#fileenvoyproxyaccesslog)_ | false | File defines the file accesslog sink. | | `openTelemetry` | _[OpenTelemetryEnvoyProxyAccessLog](#opentelemetryenvoyproxyaccesslog)_ | false | OpenTelemetry defines the OpenTelemetry accesslog sink. | + #### ProxyAccessLogSinkType _Underlying type:_ _string_ @@ -2112,6 +2192,10 @@ _Underlying type:_ _string_ _Appears in:_ - [ProxyAccessLogSink](#proxyaccesslogsink) +| Value | Description | +| ----- | ----------- | +| `File` | ProxyAccessLogSinkTypeFile defines the file accesslog sink.
| +| `OpenTelemetry` | ProxyAccessLogSinkTypeOpenTelemetry defines the OpenTelemetry accesslog sink.
When the provider is Kubernetes, EnvoyGateway always sends `k8s.namespace.name`
and `k8s.pod.name` as additional attributes.
| #### ProxyBootstrap @@ -2125,10 +2209,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `type` | _[BootstrapType](#bootstraptype)_ | false | Type is the type of the bootstrap configuration, it should be either Replace or Merge.
If unspecified, it defaults to Replace. | | `value` | _string_ | true | Value is a YAML string of the bootstrap. | + #### ProxyLogComponent _Underlying type:_ _string_ @@ -2138,6 +2222,18 @@ ProxyLogComponent defines a component that supports a configured logging level. _Appears in:_ - [ProxyLogging](#proxylogging) +| Value | Description | +| ----- | ----------- | +| `default` | LogComponentDefault defines the default logging component.
See more details: https://www.envoyproxy.io/docs/envoy/latest/operations/cli#cmdoption-l
| +| `upstream` | LogComponentUpstream defines the "upstream" logging component.
| +| `http` | LogComponentHTTP defines the "http" logging component.
| +| `connection` | LogComponentConnection defines the "connection" logging component.
| +| `admin` | LogComponentAdmin defines the "admin" logging component.
| +| `client` | LogComponentClient defines the "client" logging component.
| +| `filter` | LogComponentFilter defines the "filter" logging component.
| +| `main` | LogComponentMain defines the "main" logging component.
| +| `router` | LogComponentRouter defines the "router" logging component.
| +| `runtime` | LogComponentRuntime defines the "runtime" logging component.
| #### ProxyLogging @@ -2151,9 +2247,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `level` | _object (keys:[ProxyLogComponent](#proxylogcomponent), values:[LogLevel](#loglevel))_ | true | Level is a map of logging level per component, where the component is the key
and the log level is the value. If unspecified, defaults to "default: warn". | + #### ProxyMetricSink @@ -2166,10 +2262,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `type` | _[MetricSinkType](#metricsinktype)_ | true | Type defines the metric sink type.
EG currently only supports OpenTelemetry. | | `openTelemetry` | _[ProxyOpenTelemetrySink](#proxyopentelemetrysink)_ | false | OpenTelemetry defines the configuration for OpenTelemetry sink.
It's required if the sink type is OpenTelemetry. | + #### ProxyMetrics @@ -2181,12 +2277,12 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `prometheus` | _[ProxyPrometheusProvider](#proxyprometheusprovider)_ | true | Prometheus defines the configuration for Admin endpoint `/stats/prometheus`. | | `sinks` | _[ProxyMetricSink](#proxymetricsink) array_ | true | Sinks defines the metric sinks where metrics are sent to. | | `matches` | _[StringMatch](#stringmatch) array_ | true | Matches defines configuration for selecting specific metrics instead of generating all metrics stats
that are enabled by default. This helps reduce CPU and memory overhead in Envoy, but eliminating some stats
may after critical functionality. Here are the stats that we strongly recommend not disabling:
`cluster_manager.warming_clusters`, `cluster..membership_total`,`cluster..membership_healthy`,
`cluster..membership_degraded`,reference https://github.com/envoyproxy/envoy/issues/9856,
https://github.com/envoyproxy/envoy/issues/14610 | | `enableVirtualHostStats` | _boolean_ | true | EnableVirtualHostStats enables envoy stat metrics for virtual hosts. | + #### ProxyOpenTelemetrySink @@ -2198,11 +2294,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `host` | _string_ | false | Host define the service hostname.
Deprecated: Use BackendRef instead. | | `port` | _integer_ | false | Port defines the port the service is exposed on.
Deprecated: Use BackendRef instead. | | `backendRefs` | _[BackendRef](#backendref) array_ | false | BackendRefs references a Kubernetes object that represents the
backend server to which the metric will be sent.
Only service Kind is supported for now. | + #### ProxyPrometheusProvider @@ -2214,9 +2310,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `disable` | _boolean_ | true | Disable the Prometheus endpoint. | + #### ProxyProtocol @@ -2229,9 +2325,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `version` | _[ProxyProtocolVersion](#proxyprotocolversion)_ | true | Version of ProxyProtol
Valid ProxyProtocolVersion values are
"V1"
"V2" | + #### ProxyProtocolVersion _Underlying type:_ _string_ @@ -2241,6 +2337,10 @@ ProxyProtocolVersion defines the version of the Proxy Protocol to use. _Appears in:_ - [ProxyProtocol](#proxyprotocol) +| Value | Description | +| ----- | ----------- | +| `V1` | ProxyProtocolVersionV1 is the PROXY protocol version 1 (human readable format).
| +| `V2` | ProxyProtocolVersionV2 is the PROXY protocol version 2 (binary format).
| #### ProxyTelemetry @@ -2254,11 +2354,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `accessLog` | _[ProxyAccessLog](#proxyaccesslog)_ | false | AccessLogs defines accesslog parameters for managed proxies.
If unspecified, will send default format to stdout. | | `tracing` | _[ProxyTracing](#proxytracing)_ | false | Tracing defines tracing configuration for managed proxies.
If unspecified, will not send tracing data. | | `metrics` | _[ProxyMetrics](#proxymetrics)_ | true | Metrics defines metrics configuration for managed proxies. | + #### ProxyTracing @@ -2270,11 +2370,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `samplingRate` | _integer_ | false | SamplingRate controls the rate at which traffic will be
selected for tracing if no prior sampling decision has been made.
Defaults to 100, valid values [0-100]. 100 indicates 100% sampling. | | `customTags` | _object (keys:string, values:[CustomTag](#customtag))_ | true | CustomTags defines the custom tags to add to each span.
If provider is kubernetes, pod name and namespace are added by default. | | `provider` | _[TracingProvider](#tracingprovider)_ | true | Provider defines the tracing provider.
Only OpenTelemetry is supported currently. | + #### RateLimit @@ -2288,12 +2388,12 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `backend` | _[RateLimitDatabaseBackend](#ratelimitdatabasebackend)_ | true | Backend holds the configuration associated with the
database backend used by the rate limit service to store
state associated with global ratelimiting. | | `timeout` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#duration-v1-meta)_ | false | Timeout specifies the timeout period for the proxy to access the ratelimit server
If not set, timeout is 20ms. | | `failClosed` | _boolean_ | true | FailClosed is a switch used to control the flow of traffic
when the response from the ratelimit server cannot be obtained.
If FailClosed is false, let the traffic pass,
otherwise, don't let the traffic pass and return 500.
If not set, FailClosed is False. | | `telemetry` | _[RateLimitTelemetry](#ratelimittelemetry)_ | false | Telemetry defines telemetry configuration for RateLimit. | + #### RateLimitDatabaseBackend @@ -2306,10 +2406,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `type` | _[RateLimitDatabaseBackendType](#ratelimitdatabasebackendtype)_ | true | Type is the type of database backend to use. Supported types are:
* Redis: Connects to a Redis database. | | `redis` | _[RateLimitRedisSettings](#ratelimitredissettings)_ | false | Redis defines the settings needed to connect to a Redis database. | + #### RateLimitDatabaseBackendType _Underlying type:_ _string_ @@ -2320,6 +2420,9 @@ to be used by the rate limit service. _Appears in:_ - [RateLimitDatabaseBackend](#ratelimitdatabasebackend) +| Value | Description | +| ----- | ----------- | +| `Redis` | RedisBackendType uses a redis database for the rate limit service.
| #### RateLimitMetrics @@ -2333,9 +2436,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `prometheus` | _[RateLimitMetricsPrometheusProvider](#ratelimitmetricsprometheusprovider)_ | true | Prometheus defines the configuration for prometheus endpoint. | + #### RateLimitMetricsPrometheusProvider @@ -2347,9 +2450,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `disable` | _boolean_ | true | Disable the Prometheus endpoint. | + #### RateLimitRedisSettings @@ -2361,10 +2464,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `url` | _string_ | true | URL of the Redis Database. | | `tls` | _[RedisTLSSettings](#redistlssettings)_ | false | TLS defines TLS configuration for connecting to redis database. | + #### RateLimitRule @@ -2378,10 +2481,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `clientSelectors` | _[RateLimitSelectCondition](#ratelimitselectcondition) array_ | false | ClientSelectors holds the list of select conditions to select
specific clients using attributes from the traffic flow.
All individual select conditions must hold True for this rule
and its limit to be applied.

If no client selectors are specified, the rule applies to all traffic of
the targeted Route.

If the policy targets a Gateway, the rule applies to each Route of the Gateway.
Please note that each Route has its own rate limit counters. For example,
if a Gateway has two Routes, and the policy has a rule with limit 10rps,
each Route will have its own 10rps limit. | | `limit` | _[RateLimitValue](#ratelimitvalue)_ | true | Limit holds the rate limit values.
This limit is applied for traffic flows when the selectors
compute to True, causing the request to be counted towards the limit.
The limit is enforced and the request is ratelimited, i.e. a response with
429 HTTP status code is sent back to the client when
the selected requests have reached the limit. | + #### RateLimitSelectCondition @@ -2395,10 +2498,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `headers` | _[HeaderMatch](#headermatch) array_ | false | Headers is a list of request headers to match. Multiple header values are ANDed together,
meaning, a request MUST match all the specified headers.
At least one of headers or sourceCIDR condition must be specified. | | `sourceCIDR` | _[SourceMatch](#sourcematch)_ | false | SourceCIDR is the client IP Address range to match on.
At least one of headers or sourceCIDR condition must be specified. | + #### RateLimitSpec @@ -2410,11 +2513,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `type` | _[RateLimitType](#ratelimittype)_ | true | Type decides the scope for the RateLimits.
Valid RateLimitType values are "Global" or "Local". | | `global` | _[GlobalRateLimit](#globalratelimit)_ | false | Global defines global rate limit configuration. | | `local` | _[LocalRateLimit](#localratelimit)_ | false | Local defines local rate limit configuration. | + #### RateLimitTelemetry @@ -2426,10 +2529,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `metrics` | _[RateLimitMetrics](#ratelimitmetrics)_ | true | Metrics defines metrics configuration for RateLimit. | | `tracing` | _[RateLimitTracing](#ratelimittracing)_ | true | Tracing defines traces configuration for RateLimit. | + #### RateLimitTracing @@ -2441,10 +2544,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `samplingRate` | _integer_ | false | SamplingRate controls the rate at which traffic will be
selected for tracing if no prior sampling decision has been made.
Defaults to 100, valid values [0-100]. 100 indicates 100% sampling. | | `provider` | _[RateLimitTracingProvider](#ratelimittracingprovider)_ | true | Provider defines the rateLimit tracing provider.
Only OpenTelemetry is supported currently. | + #### RateLimitTracingProvider @@ -2456,12 +2559,12 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `type` | _[RateLimitTracingProviderType](#ratelimittracingprovidertype)_ | true | Type defines the tracing provider type.
Since to RateLimit Exporter currently using OpenTelemetry, only OpenTelemetry is supported | | `url` | _string_ | true | URL is the endpoint of the trace collector that supports the OTLP protocol | + #### RateLimitType _Underlying type:_ _string_ @@ -2471,6 +2574,10 @@ RateLimitType specifies the types of RateLimiting. _Appears in:_ - [RateLimitSpec](#ratelimitspec) +| Value | Description | +| ----- | ----------- | +| `Global` | GlobalRateLimitType allows the rate limits to be applied across all Envoy
proxy instances.
| +| `Local` | LocalRateLimitType allows the rate limits to be applied on a per Envoy
proxy instance basis.
| #### RateLimitUnit @@ -2483,6 +2590,12 @@ Valid RateLimitUnit values are "Second", "Minute", "Hour", and "Day". _Appears in:_ - [RateLimitValue](#ratelimitvalue) +| Value | Description | +| ----- | ----------- | +| `Second` | RateLimitUnitSecond specifies the rate limit interval to be 1 second.
| +| `Minute` | RateLimitUnitMinute specifies the rate limit interval to be 1 minute.
| +| `Hour` | RateLimitUnitHour specifies the rate limit interval to be 1 hour.
| +| `Day` | RateLimitUnitDay specifies the rate limit interval to be 1 day.
| #### RateLimitValue @@ -2496,10 +2609,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `requests` | _integer_ | true | | | `unit` | _[RateLimitUnit](#ratelimitunit)_ | true | | + #### RedisTLSSettings @@ -2511,9 +2624,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `certificateRef` | _[SecretObjectReference](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.SecretObjectReference)_ | false | CertificateRef defines the client certificate reference for TLS connections.
Currently only a Kubernetes Secret of type TLS is supported. | + #### RemoteJWKS @@ -2526,9 +2639,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `uri` | _string_ | true | URI is the HTTPS URI to fetch the JWKS. Envoy's system trust bundle is used to
validate the server certificate. | + #### RequestHeaderCustomTag @@ -2540,10 +2653,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `name` | _string_ | true | Name defines the name of the request header which to extract the value from. | | `defaultValue` | _string_ | false | DefaultValue defines the default value to use if the request header is not set. | + #### ResourceProviderType _Underlying type:_ _string_ @@ -2553,6 +2666,9 @@ ResourceProviderType defines the types of custom resource providers supported by _Appears in:_ - [EnvoyGatewayResourceProvider](#envoygatewayresourceprovider) +| Value | Description | +| ----- | ----------- | +| `File` | ResourceProviderTypeFile defines the "File" provider.
| #### Retry @@ -2566,11 +2682,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `numRetries` | _integer_ | false | NumRetries is the number of retries to be attempted. Defaults to 2. | | `retryOn` | _[RetryOn](#retryon)_ | false | RetryOn specifies the retry trigger condition.

If not specified, the default is to retry on connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes(503). | | `perRetry` | _[PerRetryPolicy](#perretrypolicy)_ | false | PerRetry is the retry policy to be applied per retry attempt. | + #### RetryOn @@ -2582,10 +2698,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `triggers` | _[TriggerEnum](#triggerenum) array_ | false | Triggers specifies the retry trigger condition(Http/Grpc). | | `httpStatusCodes` | _[HTTPStatus](#httpstatus) array_ | false | HttpStatusCodes specifies the http status codes to be retried.
The retriable-status-codes trigger must also be configured for these status codes to trigger a retry. | + #### SecurityPolicy @@ -2600,10 +2716,10 @@ _Appears in:_ | --- | --- | --- | --- | | `apiVersion` | _string_ | |`gateway.envoyproxy.io/v1alpha1` | `kind` | _string_ | |`SecurityPolicy` - | `metadata` | _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#objectmeta-v1-meta)_ | true | Refer to Kubernetes API documentation for fields of `metadata`. | | `spec` | _[SecurityPolicySpec](#securitypolicyspec)_ | true | Spec defines the desired state of SecurityPolicy. | + #### SecurityPolicyList @@ -2616,10 +2732,10 @@ SecurityPolicyList contains a list of SecurityPolicy resources. | --- | --- | --- | --- | | `apiVersion` | _string_ | |`gateway.envoyproxy.io/v1alpha1` | `kind` | _string_ | |`SecurityPolicyList` - | `metadata` | _[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#listmeta-v1-meta)_ | true | Refer to Kubernetes API documentation for fields of `metadata`. | | `items` | _[SecurityPolicy](#securitypolicy) array_ | true | | + #### SecurityPolicySpec @@ -2631,7 +2747,6 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `targetRef` | _[PolicyTargetReferenceWithSectionName](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1alpha2.PolicyTargetReferenceWithSectionName)_ | true | TargetRef is the name of the Gateway resource this policy
is being attached to.
This Policy and the TargetRef MUST be in the same namespace
for this Policy to have effect and be applied to the Gateway. | | `cors` | _[CORS](#cors)_ | false | CORS defines the configuration for Cross-Origin Resource Sharing (CORS). | | `basicAuth` | _[BasicAuth](#basicauth)_ | false | BasicAuth defines the configuration for the HTTP Basic Authentication. | @@ -2641,6 +2756,7 @@ _Appears in:_ + #### ServiceExternalTrafficPolicy _Underlying type:_ _string_ @@ -2652,6 +2768,10 @@ and LoadBalancer IPs. _Appears in:_ - [KubernetesServiceSpec](#kubernetesservicespec) +| Value | Description | +| ----- | ----------- | +| `Cluster` | ServiceExternalTrafficPolicyCluster routes traffic to all endpoints.
| +| `Local` | ServiceExternalTrafficPolicyLocal preserves the source IP of the traffic by
routing only to endpoints on the same node as the traffic was received on
(dropping the traffic if there are no local endpoints).
| #### ServiceType @@ -2663,6 +2783,11 @@ ServiceType string describes ingress methods for a service _Appears in:_ - [KubernetesServiceSpec](#kubernetesservicespec) +| Value | Description | +| ----- | ----------- | +| `ClusterIP` | ServiceTypeClusterIP means a service will only be accessible inside the
cluster, via the cluster IP.
| +| `LoadBalancer` | ServiceTypeLoadBalancer means a service will be exposed via an
external load balancer (if the cloud provider supports it).
| +| `NodePort` | ServiceTypeNodePort means a service will be exposed on each Kubernetes Node
at a static Port, common across all Nodes.
| #### ShutdownConfig @@ -2676,10 +2801,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `drainTimeout` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#duration-v1-meta)_ | false | DrainTimeout defines the graceful drain timeout. This should be less than the pod's terminationGracePeriodSeconds.
If unspecified, defaults to 600 seconds. | | `minDrainDuration` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#duration-v1-meta)_ | false | MinDrainDuration defines the minimum drain duration allowing time for endpoint deprogramming to complete.
If unspecified, defaults to 5 seconds. | + #### SlowStart @@ -2691,11 +2816,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `window` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#duration-v1-meta)_ | true | Window defines the duration of the warm up period for newly added host.
During slow start window, traffic sent to the newly added hosts will gradually increase.
Currently only supports linear growth of traffic. For additional details,
see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#config-cluster-v3-cluster-slowstartconfig | + #### SourceMatchType _Underlying type:_ _string_ @@ -2705,6 +2830,10 @@ _Underlying type:_ _string_ _Appears in:_ - [SourceMatch](#sourcematch) +| Value | Description | +| ----- | ----------- | +| `Exact` | SourceMatchExact All IP Addresses within the specified Source IP CIDR are treated as a single client selector
and share the same rate limit bucket.
| +| `Distinct` | SourceMatchDistinct Each IP Address within the specified Source IP CIDR is treated as a distinct client selector
and uses a separate rate limit bucket/counter.
Note: This is only supported for Global Rate Limits.
| #### StringMatch @@ -2720,10 +2849,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `type` | _[StringMatchType](#stringmatchtype)_ | false | Type specifies how to match against a string. | | `value` | _string_ | true | Value specifies the string value that the match must have. | + #### StringMatchType _Underlying type:_ _string_ @@ -2734,6 +2863,12 @@ Valid MatchType values are "Exact", "Prefix", "Suffix", "RegularExpression". _Appears in:_ - [StringMatch](#stringmatch) +| Value | Description | +| ----- | ----------- | +| `Exact` | StringMatchExact :the input string must match exactly the match value.
| +| `Prefix` | StringMatchPrefix :the input string must start with the match value.
| +| `Suffix` | StringMatchSuffix :the input string must end with the match value.
| +| `RegularExpression` | StringMatchRegularExpression :The input string must match the regular expression
specified in the match value.
The regex string must adhere to the syntax documented in
https://github.com/google/re2/wiki/Syntax.
| #### TCPActiveHealthChecker @@ -2747,10 +2882,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `send` | _[ActiveHealthCheckPayload](#activehealthcheckpayload)_ | false | Send defines the request payload. | | `receive` | _[ActiveHealthCheckPayload](#activehealthcheckpayload)_ | false | Receive defines the expected response payload. | + #### TCPKeepalive @@ -2763,11 +2898,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `probes` | _integer_ | false | The total number of unacknowledged probes to send before deciding
the connection is dead.
Defaults to 9. | | `idleTime` | _[Duration](#duration)_ | false | The duration a connection needs to be idle before keep-alive
probes start being sent.
The duration format is
Defaults to `7200s`. | | `interval` | _[Duration](#duration)_ | false | The duration between keep-alive probes.
Defaults to `75s`. | + #### TCPTimeout @@ -2779,9 +2914,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `connectTimeout` | _[Duration](#duration)_ | false | The timeout for network connection establishment, including TCP and TLS handshakes.
Default: 10 seconds. | + #### TLSSettings @@ -2793,7 +2928,6 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `minVersion` | _[TLSVersion](#tlsversion)_ | false | Min specifies the minimal TLS protocol version to allow.
The default is TLS 1.2 if this is not specified. | | `maxVersion` | _[TLSVersion](#tlsversion)_ | false | Max specifies the maximal TLS protocol version to allow
The default is TLS 1.3 if this is not specified. | | `ciphers` | _string array_ | false | Ciphers specifies the set of cipher suites supported when
negotiating TLS 1.0 - 1.2. This setting has no effect for TLS 1.3.
In non-FIPS Envoy Proxy builds the default cipher list is:
- [ECDHE-ECDSA-AES128-GCM-SHA256\|ECDHE-ECDSA-CHACHA20-POLY1305]
- [ECDHE-RSA-AES128-GCM-SHA256\|ECDHE-RSA-CHACHA20-POLY1305]
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384
In builds using BoringSSL FIPS the default cipher list is:
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384 | @@ -2802,6 +2936,7 @@ _Appears in:_ | `alpnProtocols` | _[ALPNProtocol](#alpnprotocol) array_ | false | ALPNProtocols supplies the list of ALPN protocols that should be
exposed by the listener. By default h2 and http/1.1 are enabled.
Supported values are:
- http/1.0
- http/1.1
- h2 | | `clientValidation` | _[ClientValidationContext](#clientvalidationcontext)_ | false | ClientValidation specifies the configuration to validate the client
initiating the TLS connection to the Gateway listener. | + #### TLSVersion _Underlying type:_ _string_ @@ -2811,6 +2946,13 @@ TLSVersion specifies the TLS version _Appears in:_ - [TLSSettings](#tlssettings) +| Value | Description | +| ----- | ----------- | +| `Auto` | TLSAuto allows Envoy to choose the optimal TLS Version
| +| `1.0` | TLS1.0 specifies TLS version 1.0
| +| `1.1` | TLS1.1 specifies TLS version 1.1
| +| `1.2` | TLSv1.2 specifies TLS version 1.2
| +| `1.3` | TLSv1.3 specifies TLS version 1.3
| #### Timeout @@ -2824,10 +2966,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `tcp` | _[TCPTimeout](#tcptimeout)_ | false | Timeout settings for TCP. | | `http` | _[HTTPTimeout](#httptimeout)_ | false | Timeout settings for HTTP. | + #### TracingProvider @@ -2839,12 +2981,12 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `type` | _[TracingProviderType](#tracingprovidertype)_ | true | Type defines the tracing provider type.
EG currently only supports OpenTelemetry. | | `host` | _string_ | false | Host define the provider service hostname.
Deprecated: Use BackendRef instead. | | `port` | _integer_ | false | Port defines the port the provider service is exposed on.
Deprecated: Use BackendRef instead. | | `backendRefs` | _[BackendRef](#backendref) array_ | false | BackendRefs references a Kubernetes object that represents the
backend server to which the accesslog will be sent.
Only service Kind is supported for now. | + #### TracingProviderType _Underlying type:_ _string_ @@ -2854,6 +2996,10 @@ _Underlying type:_ _string_ _Appears in:_ - [TracingProvider](#tracingprovider) +| Value | Description | +| ----- | ----------- | +| `OpenTelemetry` | | +| `OpenTelemetry` | | #### TriggerEnum @@ -2865,6 +3011,20 @@ TriggerEnum specifies the conditions that trigger retries. _Appears in:_ - [RetryOn](#retryon) +| Value | Description | +| ----- | ----------- | +| `5xx` | The upstream server responds with any 5xx response code, or does not respond at all (disconnect/reset/read timeout).
Includes connect-failure and refused-stream.
| +| `gateway-error` | The response is a gateway error (502,503 or 504).
| +| `reset` | The upstream server does not respond at all (disconnect/reset/read timeout.)
| +| `connect-failure` | Connection failure to the upstream server (connect timeout, etc.). (Included in *5xx*)
| +| `retriable-4xx` | The upstream server responds with a retriable 4xx response code.
Currently, the only response code in this category is 409.
| +| `refused-stream` | The upstream server resets the stream with a REFUSED_STREAM error code.
| +| `retriable-status-codes` | The upstream server responds with any response code matching one defined in the RetriableStatusCodes.
| +| `cancelled` | The gRPC status code in the response headers is “cancelled”.
| +| `deadline-exceeded` | The gRPC status code in the response headers is “deadline-exceeded”.
| +| `internal` | The gRPC status code in the response headers is “internal”.
| +| `resource-exhausted` | The gRPC status code in the response headers is “resource-exhausted”.
| +| `unavailable` | The gRPC status code in the response headers is “unavailable”.
| #### Wasm @@ -2882,12 +3042,12 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `name` | _string_ | true | Name is a unique name for this Wasm extension. It is used to identify the
Wasm extension if multiple extensions are handled by the same vm_id and root_id.
It's also used for logging/debugging. | | `code` | _[WasmCodeSource](#wasmcodesource)_ | true | Code is the wasm code for the extension. | | `config` | _[JSON](#json)_ | true | Config is the configuration for the Wasm extension.
This configuration will be passed as a JSON string to the Wasm extension. | | `failOpen` | _boolean_ | false | FailOpen is a switch used to control the behavior when a fatal error occurs
during the initialization or the execution of the Wasm extension.
If FailOpen is set to true, the system bypasses the Wasm extension and
allows the traffic to pass through. Otherwise, if it is set to false or
not set (defaulting to false), the system blocks the traffic and returns
an HTTP 5xx error. | + #### WasmCodeSource @@ -2899,11 +3059,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `type` | _[WasmCodeSourceType](#wasmcodesourcetype)_ | true | Type is the type of the source of the wasm code.
Valid WasmCodeSourceType values are "HTTP" or "Image". | | `http` | _[HTTPWasmCodeSource](#httpwasmcodesource)_ | false | HTTP is the HTTP URL containing the wasm code.

Note that the HTTP server must be accessible from the Envoy proxy. | | `image` | _[ImageWasmCodeSource](#imagewasmcodesource)_ | false | Image is the OCI image containing the wasm code.

Note that the image must be accessible from the Envoy Gateway. | + #### WasmCodeSourceType _Underlying type:_ _string_ @@ -2913,6 +3073,10 @@ WasmCodeSourceType specifies the types of sources for the wasm code. _Appears in:_ - [WasmCodeSource](#wasmcodesource) +| Value | Description | +| ----- | ----------- | +| `HTTP` | HTTPWasmCodeSourceType allows the user to specify the wasm code in an HTTP URL.
| +| `Image` | ImageWasmCodeSourceType allows the user to specify the wasm code in an OCI image.
| #### WithUnderscoresAction @@ -2925,6 +3089,11 @@ is encountered. _Appears in:_ - [HeaderSettings](#headersettings) +| Value | Description | +| ----- | ----------- | +| `Allow` | WithUnderscoresActionAllow allows headers with underscores to be passed through.
| +| `RejectRequest` | WithUnderscoresActionRejectRequest rejects the client request. HTTP/1 requests are rejected with
the 400 status. HTTP/2 requests end with the stream reset.
| +| `DropHeader` | WithUnderscoresActionDropHeader drops the client header with name containing underscores. The header
is dropped before the filter chain is invoked and as such filters will not see
dropped headers.
| #### XDSTranslatorHook @@ -2937,6 +3106,12 @@ for the xds-translator _Appears in:_ - [XDSTranslatorHooks](#xdstranslatorhooks) +| Value | Description | +| ----- | ----------- | +| `VirtualHost` | | +| `Route` | | +| `HTTPListener` | | +| `Translation` | | #### XDSTranslatorHooks @@ -2950,10 +3125,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `pre` | _[XDSTranslatorHook](#xdstranslatorhook) array_ | true | | | `post` | _[XDSTranslatorHook](#xdstranslatorhook) array_ | true | | + #### XForwardedForSettings @@ -2965,6 +3140,6 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `numTrustedHops` | _integer_ | false | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP
headers to trust when determining the origin client's IP address.
Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for
for more details. | + diff --git a/tools/crd-ref-docs/templates/type.tpl b/tools/crd-ref-docs/templates/type.tpl index fa15a93fd3e..a1bb44833a7 100644 --- a/tools/crd-ref-docs/templates/type.tpl +++ b/tools/crd-ref-docs/templates/type.tpl @@ -25,10 +25,17 @@ _Appears in:_ {{ range $type.Members -}} {{- with .Markers.notImplementedHide -}} -{{ else }} +{{- else -}} | `{{ .Name }}` | _{{ markdownRenderType .Type }}_ | {{ with .Markers.optional }} {{ "false" }} {{ else }} {{ "true" }} {{end}} | {{ template "type_members" . }} | +{{ end -}} {{- end -}} {{- end -}} +{{ if $type.EnumValues -}} +| Value | Description | +| ----- | ----------- | +{{ range $type.EnumValues -}} +| `{{ .Name }}` | {{ markdownRenderFieldDoc .Doc }} | +{{ end -}} {{- end -}} {{- end -}} {{- end -}} diff --git a/tools/src/crd-ref-docs/go.mod b/tools/src/crd-ref-docs/go.mod index 609d3a99a7c..a91cf7e6cec 100644 --- a/tools/src/crd-ref-docs/go.mod +++ b/tools/src/crd-ref-docs/go.mod @@ -2,24 +2,21 @@ module local go 1.22 -// TODO: remove this after https://github.com/elastic/crd-ref-docs/pull/76 is merged -replace github.com/elastic/crd-ref-docs => github.com/zirain/crd-ref-docs v0.0.0-20240330085406-9336d26578da - -require github.com/elastic/crd-ref-docs v0.0.10 +require github.com/elastic/crd-ref-docs v0.0.13-0.20240413123740-ea9fcaa0230f require ( github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver v1.5.0 // indirect github.com/Masterminds/sprig v2.22.0+incompatible // indirect github.com/fatih/color v1.16.0 // indirect - github.com/go-logr/logr v1.3.0 // indirect + github.com/go-logr/logr v1.4.1 // indirect github.com/gobuffalo/flect v1.0.2 // indirect github.com/goccy/go-yaml v1.11.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/uuid v1.3.0 // indirect + github.com/google/uuid v1.6.0 // indirect github.com/huandu/xstrings v1.4.0 // indirect - github.com/imdario/mergo v0.3.13 // indirect + github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/mattn/go-colorable v0.1.13 // indirect @@ -32,19 +29,20 @@ require ( github.com/spf13/pflag v1.0.5 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.21.0 // indirect - golang.org/x/mod v0.16.0 // indirect - golang.org/x/net v0.22.0 // indirect - golang.org/x/sys v0.18.0 // indirect + golang.org/x/crypto v0.22.0 // indirect + golang.org/x/mod v0.17.0 // indirect + golang.org/x/net v0.24.0 // indirect + golang.org/x/sync v0.7.0 // indirect + golang.org/x/sys v0.19.0 // indirect golang.org/x/text v0.14.0 // indirect - golang.org/x/tools v0.19.0 // indirect + golang.org/x/tools v0.20.0 // indirect golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - k8s.io/apiextensions-apiserver v0.29.0 // indirect + k8s.io/apiextensions-apiserver v0.29.3 // indirect k8s.io/apimachinery v0.29.3 // indirect - k8s.io/klog/v2 v2.110.1 // indirect - k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect + k8s.io/klog/v2 v2.120.1 // indirect + k8s.io/utils v0.0.0-20240310230437-4693a0247e57 // indirect sigs.k8s.io/controller-tools v0.14.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect diff --git a/tools/src/crd-ref-docs/go.sum b/tools/src/crd-ref-docs/go.sum index 71a99bbc539..af2c38bb430 100644 --- a/tools/src/crd-ref-docs/go.sum +++ b/tools/src/crd-ref-docs/go.sum @@ -8,12 +8,18 @@ github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/elastic/crd-ref-docs v0.0.12 h1:F3seyncbzUz3rT3d+caeYWhumb5ojYQ6Bl0Z+zOp16M= +github.com/elastic/crd-ref-docs v0.0.12/go.mod h1:X83mMBdJt05heJUYiS3T0yJ/JkCuliuhSUNav5Gjo/U= +github.com/elastic/crd-ref-docs v0.0.13-0.20240413123740-ea9fcaa0230f h1:cE1CF4Bfi+9gvaNz35jOsp3tFJVm/mFr88szZ41FG8Q= +github.com/elastic/crd-ref-docs v0.0.13-0.20240413123740-ea9fcaa0230f/go.mod h1:X83mMBdJt05heJUYiS3T0yJ/JkCuliuhSUNav5Gjo/U= github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= +github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8ceBS/t7Q= github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8= github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD876Lmtgy7VtROAbHHXk8no= @@ -34,10 +40,14 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU= github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= +github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= +github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= @@ -97,21 +107,29 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= +golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic= golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= +golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -119,6 +137,8 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= @@ -129,6 +149,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.19.0 h1:tfGCXNR1OsFG+sVdLAitlpjAvD/I6dHDKnYrpEZUHkw= golang.org/x/tools v0.19.0/go.mod h1:qoJWxmGSIBmAeriMx19ogtrEPrGtDbPK634QFIcLAhc= +golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY= +golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -150,12 +172,18 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0= k8s.io/apiextensions-apiserver v0.29.0/go.mod h1:TKmpy3bTS0mr9pylH0nOt/QzQRrW7/h7yLdRForMZwc= +k8s.io/apiextensions-apiserver v0.29.3 h1:9HF+EtZaVpFjStakF4yVufnXGPRppWFEQ87qnO91YeI= +k8s.io/apiextensions-apiserver v0.29.3/go.mod h1:po0XiY5scnpJfFizNGo6puNU6Fq6D70UJY2Cb2KwAVc= k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU= k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= +k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= +k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY= +k8s.io/utils v0.0.0-20240310230437-4693a0247e57/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/controller-tools v0.14.0 h1:rnNoCC5wSXlrNoBKKzL70LNJKIQKEzT6lloG6/LF73A= sigs.k8s.io/controller-tools v0.14.0/go.mod h1:TV7uOtNNnnR72SpzhStvPkoS/U5ir0nMudrkrC4M9Sc= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= From 2b24e9b2ff0183339e566756337ff159185fb02d Mon Sep 17 00:00:00 2001 From: Eitan Suez Date: Mon, 15 Apr 2024 01:55:41 -0500 Subject: [PATCH 02/14] docs: provides a suggested path through the docs after the quickstart (#3185) (#3179) Signed-off-by: Eitan Suez --- site/content/en/latest/tasks/quickstart.md | 17 +++++++++++++++++ site/content/en/v1.0.1/tasks/quickstart.md | 17 +++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/site/content/en/latest/tasks/quickstart.md b/site/content/en/latest/tasks/quickstart.md index 4fe91fb3405..8bdd463be9e 100644 --- a/site/content/en/latest/tasks/quickstart.md +++ b/site/content/en/latest/tasks/quickstart.md @@ -83,6 +83,23 @@ Curl the example app through Envoy proxy: curl --verbose --header "Host: www.example.com" http://$GATEWAY_HOST/get ``` +## What to explore next? + +In this quickstart, you have: +- Installed Envoy Gateway +- Deployed a backend service, and a gateway +- Configured the gateway using Kubernetes Gateway API resources [Gateway](https://gateway-api.sigs.k8s.io/api-types/gateway/) and [HttpRoute](https://gateway-api.sigs.k8s.io/api-types/httproute/) to direct incoming requests over HTTP to the backend service. + +Here is a suggested list of follow-on tasks to guide you in your exploration of Envoy Gateway: + +- [HTTP Routing](traffic/http-routing) +- [Traffic Splitting](traffic/http-traffic-splitting) +- [Secure Gateways](security/secure-gateways/) +- [Global Rate Limit](traffic/global-rate-limit/) +- [gRPC Routing](traffic/grpc-routing/) + +Review the [Tasks](./) section for the scenario matching your use case. The Envoy Gateway tasks are organized by category: traffic management, security, extensibility, observability, and operations. + ## Clean-Up Use the steps in this section to uninstall everything from the quickstart. diff --git a/site/content/en/v1.0.1/tasks/quickstart.md b/site/content/en/v1.0.1/tasks/quickstart.md index 14471133d9e..fd62b772818 100644 --- a/site/content/en/v1.0.1/tasks/quickstart.md +++ b/site/content/en/v1.0.1/tasks/quickstart.md @@ -83,6 +83,23 @@ Curl the example app through Envoy proxy: curl --verbose --header "Host: www.example.com" http://$GATEWAY_HOST/get ``` +## What to explore next? + +In this quickstart, you have: +- Installed Envoy Gateway +- Deployed a backend service, and a gateway +- Configured the gateway using Kubernetes Gateway API resources [Gateway](https://gateway-api.sigs.k8s.io/api-types/gateway/) and [HttpRoute](https://gateway-api.sigs.k8s.io/api-types/httproute/) to direct incoming requests over HTTP to the backend service. + +Here is a suggested list of follow-on tasks to guide you in your exploration of Envoy Gateway: + +- [HTTP Routing](traffic/http-routing) +- [Traffic Splitting](traffic/http-traffic-splitting) +- [Secure Gateways](security/secure-gateways/) +- [Global Rate Limit](traffic/global-rate-limit/) +- [gRPC Routing](traffic/grpc-routing/) + +Review the [Tasks](./) section for the scenario matching your use case. The Envoy Gateway tasks are organized by category: traffic management, security, extensibility, observability, and operations. + ## Clean-Up Use the steps in this section to uninstall everything from the quickstart. From 9f00be3c0bbf145dee7cc97c7d0f110e0b83232b Mon Sep 17 00:00:00 2001 From: sh2 Date: Mon, 15 Apr 2024 15:40:28 +0800 Subject: [PATCH 03/14] fix merge race caused by #3185 (#3197) fix merge race Signed-off-by: shawnh2 --- site/content/en/latest/api/extension_types.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index e45d3ca0a9e..7c9b355fefb 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -64,12 +64,12 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `backendRefs` | _[BackendRef](#backendref) array_ | true | BackendRefs references a Kubernetes object that represents the gRPC service to which
the access logs will be sent. Currently only Service is supported. | | `logName` | _string_ | false | LogName defines the friendly name of the access log to be returned in
StreamAccessLogsMessage.Identifier. This allows the access log server
to differentiate between different access logs coming from the same Envoy. | | `type` | _[ALSEnvoyProxyAccessLogType](#alsenvoyproxyaccesslogtype)_ | true | Type defines the type of accesslog. Supported types are "HTTP" and "TCP". | | `http` | _[ALSEnvoyProxyHTTPAccessLogConfig](#alsenvoyproxyhttpaccesslogconfig)_ | false | HTTP defines additional configuration specific to HTTP access logs. | + #### ALSEnvoyProxyAccessLogType _Underlying type:_ _string_ @@ -79,6 +79,10 @@ _Underlying type:_ _string_ _Appears in:_ - [ALSEnvoyProxyAccessLog](#alsenvoyproxyaccesslog) +| Value | Description | +| ----- | ----------- | +| `HTTP` | ALSEnvoyProxyAccessLogTypeHTTP defines the HTTP access log type and will populate StreamAccessLogsMessage.http_logs.
| +| `TCP` | ALSEnvoyProxyAccessLogTypeTCP defines the TCP access log type and will populate StreamAccessLogsMessage.tcp_logs.
| #### ALSEnvoyProxyHTTPAccessLogConfig @@ -92,11 +96,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | - | `requestHeaders` | _string array_ | false | RequestHeaders defines request headers to include in log entries sent to the access log service. | | `responseHeaders` | _string array_ | false | ResponseHeaders defines response headers to include in log entries sent to the access log service. | | `responseTrailers` | _string array_ | false | ResponseTrailers defines response trailers to include in log entries sent to the access log service. | + #### ActiveHealthCheck @@ -2194,6 +2198,7 @@ _Appears in:_ | Value | Description | | ----- | ----------- | +| `ALS` | ProxyAccessLogSinkTypeALS defines the gRPC Access Log Service (ALS) sink.
The service must implement the Envoy gRPC Access Log Service streaming API:
https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/accesslog/v3/als.proto
| | `File` | ProxyAccessLogSinkTypeFile defines the file accesslog sink.
| | `OpenTelemetry` | ProxyAccessLogSinkTypeOpenTelemetry defines the OpenTelemetry accesslog sink.
When the provider is Kubernetes, EnvoyGateway always sends `k8s.namespace.name`
and `k8s.pod.name` as additional attributes.
| From e537033f7f8cbd718b9c03b8c7ef2b24d241c1dd Mon Sep 17 00:00:00 2001 From: JuniorJPDJ Date: Tue, 16 Apr 2024 05:40:24 +0200 Subject: [PATCH 04/14] fix(chart): set ttlSecondsAfterFinished on certgen job to 30 by default (#3156) This is painless workaround for ArgoCD bug: argoproj/argo-cd#6880 Signed-off-by: JuniorJPDJ --- charts/gateway-helm/values.tmpl.yaml | 2 +- site/content/en/latest/install/api.md | 2 +- test/helm/default.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/gateway-helm/values.tmpl.yaml b/charts/gateway-helm/values.tmpl.yaml index ce6359dabc6..d7d43391039 100644 --- a/charts/gateway-helm/values.tmpl.yaml +++ b/charts/gateway-helm/values.tmpl.yaml @@ -48,7 +48,7 @@ certgen: job: annotations: {} resources: {} - ttlSecondsAfterFinished: 0 + ttlSecondsAfterFinished: 30 rbac: annotations: {} labels: {} diff --git a/site/content/en/latest/install/api.md b/site/content/en/latest/install/api.md index 47351ba771b..944a31f1e2e 100644 --- a/site/content/en/latest/install/api.md +++ b/site/content/en/latest/install/api.md @@ -26,7 +26,7 @@ The Helm chart for Envoy Gateway |-----|------|---------|-------------| | certgen.job.annotations | object | `{}` | | | certgen.job.resources | object | `{}` | | -| certgen.job.ttlSecondsAfterFinished | int | `0` | | +| certgen.job.ttlSecondsAfterFinished | int | `30` | | | certgen.rbac.annotations | object | `{}` | | | certgen.rbac.labels | object | `{}` | | | config.envoyGateway.gateway.controllerName | string | `"gateway.envoyproxy.io/gatewayclass-controller"` | | diff --git a/test/helm/default.yaml b/test/helm/default.yaml index 4b2976a62ce..ca4a1f6c2df 100644 --- a/test/helm/default.yaml +++ b/test/helm/default.yaml @@ -524,4 +524,4 @@ spec: runAsNonRoot: true runAsUser: 65534 serviceAccountName: eg-gateway-helm-certgen - ttlSecondsAfterFinished: 0 + ttlSecondsAfterFinished: 30 From 0692b099c6ef1c316f23ade3a390e24f4bdbdd09 Mon Sep 17 00:00:00 2001 From: Eguzki Astiz Lezaun Date: Tue, 16 Apr 2024 07:55:25 +0200 Subject: [PATCH 05/14] api: fix WasmCodeSourceType enum validation (#3203) envoyextensionpolicy: fix WasmCodeSourceType enum validation Signed-off-by: Eguzki Astiz Lezaun --- api/v1alpha1/wasm_types.go | 2 +- .../gateway.envoyproxy.io_envoyextensionpolicies.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/api/v1alpha1/wasm_types.go b/api/v1alpha1/wasm_types.go index f918f92c9e0..8a5fc25a277 100644 --- a/api/v1alpha1/wasm_types.go +++ b/api/v1alpha1/wasm_types.go @@ -83,7 +83,7 @@ type WasmCodeSource struct { } // WasmCodeSourceType specifies the types of sources for the wasm code. -// +kubebuilder:validation:Enum=Global;Local +// +kubebuilder:validation:Enum=HTTP;Image type WasmCodeSourceType string const ( diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml index 1207b989e8f..37becdd417f 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml @@ -304,8 +304,8 @@ spec: type: allOf: - enum: - - Global - - Local + - HTTP + - Image - enum: - HTTP - Image From ad54e06ea58a5bcef27d1dfc3d4ed734b9746b0c Mon Sep 17 00:00:00 2001 From: Guy Daich Date: Tue, 16 Apr 2024 01:17:45 -0500 Subject: [PATCH 06/14] api: ext-proc timeout, fail-open, backendRefs (#3087) * extend extproc api Signed-off-by: Guy Daich * fix metadata options Signed-off-by: Guy Daich * rm attributes, metadata and processing mode Signed-off-by: Guy Daich * rm enums Signed-off-by: Guy Daich * rm unrealted CEL Signed-off-by: Guy Daich * sort imports, add optional plural backendRefs Signed-off-by: Guy Daich * fix gen Signed-off-by: Guy Daich --------- Signed-off-by: Guy Daich Co-authored-by: zirain --- api/v1alpha1/ext_proc_types.go | 20 +++- api/v1alpha1/zz_generated.deepcopy.go | 17 ++++ ....envoyproxy.io_envoyextensionpolicies.yaml | 95 ++++++++++++++++++- site/content/en/latest/api/extension_types.md | 6 +- .../envoyextensionpolicy_test.go | 82 ++++++++++++++++ 5 files changed, 217 insertions(+), 3 deletions(-) diff --git a/api/v1alpha1/ext_proc_types.go b/api/v1alpha1/ext_proc_types.go index c94682198b4..7499b9f8e4f 100644 --- a/api/v1alpha1/ext_proc_types.go +++ b/api/v1alpha1/ext_proc_types.go @@ -14,8 +14,26 @@ import ( // // ExtProc defines the configuration for External Processing filter. type ExtProc struct { - // Service defines the configuration of the external processing service + // BackendRef defines the configuration of the external processing service BackendRef ExtProcBackendRef `json:"backendRef"` + + // BackendRefs defines the configuration of the external processing service + // + // +optional + BackendRefs []BackendRef `json:"backendRefs,omitempty"` + + // MessageTimeout is the timeout for a response to be returned from the external processor + // Default: 200ms + // + // +optional + MessageTimeout *gwapiv1.Duration `json:"messageTimeout,omitempty"` + + // FailOpen defines if requests or responses that cannot be processed due to connectivity to the + // external processor are terminated or passed-through. + // Default: false + // + // +optional + FailOpen *bool `json:"failOpen,omitempty"` } // ExtProcService defines the gRPC External Processing service using the envoy grpc client diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 1b0a97fa77a..0055d7669f1 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -1573,6 +1573,23 @@ func (in *ExtAuth) DeepCopy() *ExtAuth { func (in *ExtProc) DeepCopyInto(out *ExtProc) { *out = *in in.BackendRef.DeepCopyInto(&out.BackendRef) + if in.BackendRefs != nil { + in, out := &in.BackendRefs, &out.BackendRefs + *out = make([]BackendRef, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.MessageTimeout != nil { + in, out := &in.MessageTimeout, &out.MessageTimeout + *out = new(v1.Duration) + **out = **in + } + if in.FailOpen != nil { + in, out := &in.FailOpen, &out.FailOpen + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtProc. diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml index 37becdd417f..4861dd1fcc0 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml @@ -58,7 +58,7 @@ spec: filter. properties: backendRef: - description: Service defines the configuration of the external + description: BackendRef defines the configuration of the external processing service properties: group: @@ -134,6 +134,99 @@ spec: - message: Must have port for Service reference rule: '(size(self.group) == 0 && self.kind == ''Service'') ? has(self.port) : true' + backendRefs: + description: BackendRefs defines the configuration of the external + processing service + items: + description: BackendRef defines how an ObjectReference that + is specific to BackendRef. + properties: + group: + default: "" + description: |- + Group is the group of the referent. For example, "gateway.networking.k8s.io". + When unspecified or empty string, core API group is inferred. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + default: Service + description: |- + Kind is the Kubernetes resource kind of the referent. For example + "Service". + + + Defaults to "Service" when not specified. + + + ExternalName services can refer to CNAME DNS records that may live + outside of the cluster and as such are difficult to reason about in + terms of conformance. They also may not be safe to forward to (see + CVE-2021-25740 for more information). Implementations SHOULD NOT + support ExternalName Services. + + + Support: Core (Services with a type other than ExternalName) + + + Support: Implementation-specific (Services with type ExternalName) + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: Name is the name of the referent. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: |- + Namespace is the namespace of the backend. When unspecified, the local + namespace is inferred. + + + Note that when a namespace different than the local namespace is specified, + a ReferenceGrant object is required in the referent namespace to allow that + namespace's owner to accept the reference. See the ReferenceGrant + documentation for details. + + + Support: Core + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: |- + Port specifies the destination port number to use for this resource. + Port is required when the referent is a Kubernetes Service. In this + case, the port number is the service port number, not the target port. + For other resources, destination port might be derived from the referent + resource or this field. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - name + type: object + x-kubernetes-validations: + - message: Must have port for Service reference + rule: '(size(self.group) == 0 && self.kind == ''Service'') + ? has(self.port) : true' + type: array + failOpen: + description: |- + FailOpen defines if requests or responses that cannot be processed due to connectivity to the + external processor are terminated or passed-through. + Default: false + type: boolean + messageTimeout: + description: |- + MessageTimeout is the timeout for a response to be returned from the external processor + Default: 200ms + pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$ + type: string required: - backendRef type: object diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index 7c9b355fefb..a9847ac0645 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -192,6 +192,7 @@ BackendRef defines how an ObjectReference that is specific to BackendRef. _Appears in:_ - [ALSEnvoyProxyAccessLog](#alsenvoyproxyaccesslog) +- [ExtProc](#extproc) - [OpenTelemetryEnvoyProxyAccessLog](#opentelemetryenvoyproxyaccesslog) - [ProxyOpenTelemetrySink](#proxyopentelemetrysink) - [TracingProvider](#tracingprovider) @@ -1137,7 +1138,10 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | -| `backendRef` | _[ExtProcBackendRef](#extprocbackendref)_ | true | Service defines the configuration of the external processing service | +| `backendRef` | _[ExtProcBackendRef](#extprocbackendref)_ | true | BackendRef defines the configuration of the external processing service | +| `backendRefs` | _[BackendRef](#backendref) array_ | false | BackendRefs defines the configuration of the external processing service | +| `messageTimeout` | _[Duration](#duration)_ | false | MessageTimeout is the timeout for a response to be returned from the external processor
Default: 200ms | +| `failOpen` | _boolean_ | false | FailOpen defines if requests or responses that cannot be processed due to connectivity to the
external processor are terminated or passed-through.
Default: false | #### ExtProcBackendRef diff --git a/test/cel-validation/envoyextensionpolicy_test.go b/test/cel-validation/envoyextensionpolicy_test.go index 4a179c84ec3..2283212cd5c 100644 --- a/test/cel-validation/envoyextensionpolicy_test.go +++ b/test/cel-validation/envoyextensionpolicy_test.go @@ -15,9 +15,12 @@ import ( "testing" "time" + "k8s.io/utils/ptr" + egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2" ) @@ -151,6 +154,85 @@ func TestEnvoyExtensionPolicyTarget(t *testing.T) { "spec.targetRef: Invalid value: \"object\": this policy does not yet support the sectionName field", }, }, + + // ExtProc + { + desc: "ExtProc with BackendRef", + mutate: func(sp *egv1a1.EnvoyExtensionPolicy) { + sp.Spec = egv1a1.EnvoyExtensionPolicySpec{ + ExtProc: []egv1a1.ExtProc{ + { + BackendRef: egv1a1.ExtProcBackendRef{ + BackendObjectReference: gwapiv1.BackendObjectReference{ + Name: "grpc-proc-service", + Port: ptr.To(gwapiv1.PortNumber(80)), + }, + }, + }, + }, + TargetRef: gwapiv1a2.PolicyTargetReferenceWithSectionName{ + PolicyTargetReference: gwapiv1a2.PolicyTargetReference{ + Group: "gateway.networking.k8s.io", + Kind: "Gateway", + Name: "eg", + }, + }, + } + }, + wantErrors: []string{}, + }, + { + desc: "ExtProc with invalid BackendRef Group", + mutate: func(sp *egv1a1.EnvoyExtensionPolicy) { + sp.Spec = egv1a1.EnvoyExtensionPolicySpec{ + ExtProc: []egv1a1.ExtProc{ + { + BackendRef: egv1a1.ExtProcBackendRef{ + BackendObjectReference: gwapiv1.BackendObjectReference{ + Group: ptr.To(gwapiv1.Group("unsupported")), + Name: "grpc-proc-service", + Port: ptr.To(gwapiv1.PortNumber(80)), + }, + }, + }, + }, + TargetRef: gwapiv1a2.PolicyTargetReferenceWithSectionName{ + PolicyTargetReference: gwapiv1a2.PolicyTargetReference{ + Group: "gateway.networking.k8s.io", + Kind: "Gateway", + Name: "eg", + }, + }, + } + }, + wantErrors: []string{"spec.extProc[0]: Invalid value: \"object\": group is invalid, only the core API group (specified by omitting the group field or setting it to an empty string) is supported"}, + }, + { + desc: "ExtProc with invalid BackendRef Kind", + mutate: func(sp *egv1a1.EnvoyExtensionPolicy) { + sp.Spec = egv1a1.EnvoyExtensionPolicySpec{ + ExtProc: []egv1a1.ExtProc{ + { + BackendRef: egv1a1.ExtProcBackendRef{ + BackendObjectReference: gwapiv1.BackendObjectReference{ + Kind: ptr.To(gwapiv1.Kind("unsupported")), + Name: "grpc-proc-service", + Port: ptr.To(gwapiv1.PortNumber(80)), + }, + }, + }, + }, + TargetRef: gwapiv1a2.PolicyTargetReferenceWithSectionName{ + PolicyTargetReference: gwapiv1a2.PolicyTargetReference{ + Group: "gateway.networking.k8s.io", + Kind: "Gateway", + Name: "eg", + }, + }, + } + }, + wantErrors: []string{"spec.extProc[0]: Invalid value: \"object\": kind is invalid, only Service (specified by omitting the kind field or setting it to 'Service') is supported"}, + }, } for _, tc := range cases { From 9f81b47fa567db5e26119589ac7cef8374ba89b7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Apr 2024 16:08:04 +0800 Subject: [PATCH 07/14] build(deps): bump sigs.k8s.io/controller-runtime from 0.17.2 to 0.17.3 (#3192) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.17.2 to 0.17.3. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.17.2...v0.17.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 6df69822686..441c123b06b 100644 --- a/go.mod +++ b/go.mod @@ -49,7 +49,7 @@ require ( k8s.io/client-go v0.29.3 k8s.io/kubectl v0.29.3 k8s.io/utils v0.0.0-20230726121419-3b25d923346b - sigs.k8s.io/controller-runtime v0.17.2 + sigs.k8s.io/controller-runtime v0.17.3 sigs.k8s.io/gateway-api v1.0.0 sigs.k8s.io/mcs-api v0.1.0 sigs.k8s.io/yaml v1.4.0 diff --git a/go.sum b/go.sum index 388448882a1..4a76a15976f 100644 --- a/go.sum +++ b/go.sum @@ -991,8 +991,8 @@ oras.land/oras-go v1.2.4 h1:djpBY2/2Cs1PV87GSJlxv4voajVOMZxqqtq9AB8YNvY= oras.land/oras-go v1.2.4/go.mod h1:DYcGfb3YF1nKjcezfX2SNlDAeQFKSXmf+qrFmrh4324= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7/go.mod h1:PHgbrJT7lCHcxMU+mDHEm+nx46H4zuuHZkDP6icnhu0= sigs.k8s.io/controller-runtime v0.6.1/go.mod h1:XRYBPdbf5XJu9kpS84VJiZ7h/u1hF3gEORz0efEja7A= -sigs.k8s.io/controller-runtime v0.17.2 h1:FwHwD1CTUemg0pW2otk7/U5/i5m2ymzvOXdbeGOUvw0= -sigs.k8s.io/controller-runtime v0.17.2/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= +sigs.k8s.io/controller-runtime v0.17.3 h1:65QmN7r3FWgTxDMz9fvGnO1kbf2nu+acg9p2R9oYYYk= +sigs.k8s.io/controller-runtime v0.17.3/go.mod h1:N0jpP5Lo7lMTF9aL56Z/B2oWBJjey6StQM0jRbKQXtY= sigs.k8s.io/controller-tools v0.3.0/go.mod h1:enhtKGfxZD1GFEoMgP8Fdbu+uKQ/cq1/WGJhdVChfvI= sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs= sigs.k8s.io/gateway-api v1.0.0/go.mod h1:4cUgr0Lnp5FZ0Cdq8FdRwCvpiWws7LVhLHGIudLlf4c= From eeec3d4f1e2902e09c4ff0675d604d301e32e7e9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Apr 2024 16:08:25 +0800 Subject: [PATCH 08/14] build(deps): bump github.com/prometheus/common from 0.52.2 to 0.52.3 (#3194) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.52.2 to 0.52.3. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.52.2...v0.52.3) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 441c123b06b..7567ea4114a 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/grafana/tempo v1.5.0 github.com/miekg/dns v1.1.58 github.com/prometheus/client_golang v1.19.0 - github.com/prometheus/common v0.52.2 + github.com/prometheus/common v0.52.3 github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 diff --git a/go.sum b/go.sum index 4a76a15976f..dcef971db0b 100644 --- a/go.sum +++ b/go.sum @@ -569,8 +569,8 @@ github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7q github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= -github.com/prometheus/common v0.52.2 h1:LW8Vk7BccEdONfrJBDffQGRtpSzi5CQaRZGtboOO2ck= -github.com/prometheus/common v0.52.2/go.mod h1:lrWtQx+iDfn2mbH5GUzlH9TSHyfZpHkSiG1W7y3sF2Q= +github.com/prometheus/common v0.52.3 h1:5f8uj6ZwHSscOGNdIQg6OiZv/ybiK2CO2q2drVZAQSA= +github.com/prometheus/common v0.52.3/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= From 4b101eeefe97371d449424a89b6960ee4656a566 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Apr 2024 16:08:31 +0800 Subject: [PATCH 09/14] build(deps): bump helm.sh/helm/v3 from 3.14.3 to 3.14.4 (#3195) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.3 to 3.14.4. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.14.3...v3.14.4) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 7567ea4114a..33ca37d4ee8 100644 --- a/go.mod +++ b/go.mod @@ -41,7 +41,7 @@ require ( google.golang.org/grpc v1.63.2 google.golang.org/protobuf v1.33.0 gopkg.in/yaml.v3 v3.0.1 - helm.sh/helm/v3 v3.14.3 + helm.sh/helm/v3 v3.14.4 k8s.io/api v0.29.3 k8s.io/apiextensions-apiserver v0.29.3 k8s.io/apimachinery v0.29.3 @@ -72,7 +72,7 @@ require ( github.com/cyphar/filepath-securejoin v0.2.4 // indirect github.com/docker/cli v24.0.6+incompatible // indirect github.com/docker/distribution v2.8.2+incompatible // indirect - github.com/docker/docker v24.0.7+incompatible // indirect + github.com/docker/docker v24.0.9+incompatible // indirect github.com/docker/docker-credential-helpers v0.7.0 // indirect github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-metrics v0.0.1 // indirect diff --git a/go.sum b/go.sum index dcef971db0b..54814a72c2c 100644 --- a/go.sum +++ b/go.sum @@ -141,8 +141,8 @@ github.com/docker/cli v24.0.6+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvM github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM= -github.com/docker/docker v24.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v24.0.9+incompatible h1:HPGzNmwfLZWdxHqK9/II92pyi1EpYKsAqcl4G0Of9v0= +github.com/docker/docker v24.0.9+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= @@ -936,8 +936,8 @@ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= -helm.sh/helm/v3 v3.14.3 h1:HmvRJlwyyt9HjgmAuxHbHv3PhMz9ir/XNWHyXfmnOP4= -helm.sh/helm/v3 v3.14.3/go.mod h1:v6myVbyseSBJTzhmeE39UcPLNv6cQK6qss3dvgAySaE= +helm.sh/helm/v3 v3.14.4 h1:6FSpEfqyDalHq3kUr4gOMThhgY55kXUEjdQoyODYnrM= +helm.sh/helm/v3 v3.14.4/go.mod h1:Tje7LL4gprZpuBNTbG34d1Xn5NmRT3OWfBRwpOSer9I= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= From c0068a056f225e136a740823d6d0955cf380374e Mon Sep 17 00:00:00 2001 From: Wilson Wu Date: Tue, 16 Apr 2024 17:49:32 +0800 Subject: [PATCH 10/14] docs: translate release announcement and process into Chinese (#3166) * docs: translate release announcement and process into Chinese Signed-off-by: Wilson Wu * Sync the latest doc update Signed-off-by: Wilson Wu --------- Signed-off-by: Wilson Wu Co-authored-by: zirain --- site/content/zh/announcements/_index.md | 50 +++- site/content/zh/contributions/RELEASING.md | 256 ++++++++++++++++++ .../zh/{latest => }/contributions/_index.md | 0 3 files changed, 304 insertions(+), 2 deletions(-) create mode 100644 site/content/zh/contributions/RELEASING.md rename site/content/zh/{latest => }/contributions/_index.md (100%) diff --git a/site/content/zh/announcements/_index.md b/site/content/zh/announcements/_index.md index 9fd4dfc1d58..08f04069b5b 100644 --- a/site/content/zh/announcements/_index.md +++ b/site/content/zh/announcements/_index.md @@ -1,10 +1,56 @@ +++ title = "发布公告" description = "Envoy Gateway 发布公告" -linktitle = "Announcement" +linktitle = "公告" [[cascade]] type = "docs" +++ -中文内容正在建设中! +本文档提供了 Envoy Gateway 版本的详细信息。 +Envoy Gateway 遵循语义版本控制 [v2.0.0 规范][]进行发布版本控制。 +由于 Envoy Gateway 是一个新项目,因此次要版本是唯一被定义的版本。 +Envoy Gateway 维护人员在未来的某个日期将建立额外的发布详细信息,例如补丁版本。 + +## 稳定版本 {#stable-releases} + +Envoy Gateway 的稳定版本包括: + +* 次要版本 - 从 `main` 分支创建新的版本分支和相应的 Tag。 + 次要版本将在发布日期后的 6 个月内受到支持。 + 随着项目的成熟,Envoy Gateway 维护人员将重新评估支持时间范围。 + +次要版本每季度发布一次,并遵循以下时间表。 + +## 发布管理 {#release-management} + +次要版本由指定的 Envoy Gateway 维护人员处理。 +该维护者被视为该版本的发布经理。[发布指南][]中描述了创建发布的详细信息。 +发布经理负责协调整体发布。这包括确定版本中要解决的问题、与 Envoy Gateway 社区的沟通以及发布版本的机制。 + +| 季度 | 发布经理 | +|:-------:|:--------------------------------------------------------------:| +| 2022 Q4 | Daneyon Hansen ([danehans](https://github.com/danehans)) | +| 2023 Q1 | Xunzhuo Liu ([Xunzhuo](https://github.com/Xunzhuo)) | +| 2023 Q2 | Alice Wasko ([AliceProxy](https://github.com/AliceProxy)) | +| 2023 Q3 | Arko Dasgupta ([arkodg](https://github.com/arkodg)) | +| 2023 Q4 | Arko Dasgupta ([arkodg](https://github.com/arkodg)) | +| 2024 Q1 | Xunzhuo Liu ([Xunzhuo](https://github.com/Xunzhuo)) | + +## 发布时间表 {#release-schedule} + +为了与 Envoy Proxy [发布时间表][]保持一致, +Envoy Gateway 版本按固定时间表(每个季度的第 22 天)生成, +可接受的延迟最多为 2 周,硬性截止日期为 3 周。 + +| 版本 | 预期时间 | 实际时间 | 偏差 | 生命周期结束 | +|:-------:|:-----------:|:-----------:|:-----------:|:-----------:| +| 0.2.0 | 2022/10/22 | 2022/10/20 | -2 天 | 2023/4/20 | +| 0.3.0 | 2023/01/22 | 2023/02/09 | +17 天 | 2023/08/09 | +| 0.4.0 | 2023/04/22 | 2023/04/24 | +2 天 | 2023/10/24 | +| 0.5.0 | 2023/07/22 | 2023/08/02 | +10 天 | 2024/01/02 | +| 0.6.0 | 2023/10/22 | 2023/11/02 | +10 天 | 2024/05/02 | + +[v2.0.0 规范]: https://semver.org/lang/zh-CN/ +[发布指南]: ../contributions/releasing +[发布时间表]: https://github.com/envoyproxy/envoy/blob/main/RELEASES.md#major-release-schedule diff --git a/site/content/zh/contributions/RELEASING.md b/site/content/zh/contributions/RELEASING.md new file mode 100644 index 00000000000..e1412e4eb7c --- /dev/null +++ b/site/content/zh/contributions/RELEASING.md @@ -0,0 +1,256 @@ +--- +title: "发布流程" +description: "本文描述了 Envoy Gateway 的发布流程。" +--- + +本文档指导维护人员完成创建 Envoy Gateway 版本的过程。 + +- [候选版本](#release-candidate) + - [先决条件](#prerequisites) + - [设置 Cherry Picker Action](#setup-cherry-picker-action) +- [次要版本](#minor-release) + - [先决条件](#prerequisites-1) +- [公告发布](#announce-the-release) + +## 候选版本 {#release-candidate} + +应使用以下步骤创建候选版本。 + +### 先决条件 {#prerequisites} + +- 具备推送到 Envoy Gateway 仓库的权限。 + +设置环境变量以供后续步骤使用: + +```shell +export MAJOR_VERSION=0 +export MINOR_VERSION=3 +export RELEASE_CANDIDATE_NUMBER=1 +export GITHUB_REMOTE=origin +``` + +1. 克隆仓库,迁出 `main` 分支,确保它是最新的,并且您的本地分支是干净的。 +2. 创建一个主题分支,用于添加发布说明并使用发布版本更新 [VERSION][] 文件。 + 请参阅之前的[发布说明][]和 [VERSION][] 了解更多详细信息。 +3. 签名、提交更改并将其推送到您 Fork 的分支。 +4. 提交 [Pull Request][] 将更改合并到 `main` 分支中。 + 在您的 PR 合并并且[构建和测试][]成功完成之前,请勿继续。 +5. 从 `main` 创建一个新的发布分支。发布分支应命名为 + `release/v${MAJOR_VERSION}.${MINOR_VERSION}`,例如 `release/v0.3`。 + + ```shell + git checkout -b release/v${MAJOR_VERSION}.${MINOR_VERSION} + ``` + +6. 将分支推送到 Envoy Gateway 仓库。 + + ```shell + git push ${GITHUB_REMOTE} release/v${MAJOR_VERSION}.${MINOR_VERSION} + ``` + +7. 创建主题分支,用于将 Envoy Proxy 镜像和 Envoy Ratelimit 镜像更新为版本支持的 Tag。 + 有关更新镜像 Tag 的更多详细信息,请参阅 [PR #2098][]。 +8. 签名、提交更改并将其推送到您 Fork 的分支。 +9. 提交 [Pull Request][] 将更改合并到 `release/v${MAJOR_VERSION}.${MINOR_VERSION}` 分支中。 + 在您的 PR 已合并到发布分支并且 PR 的[构建和测试][]已完成之前,请勿继续。 +10. 确保您的发布分支是最新的,并使用候选版本编号为发布分支的头部打 Tag。 + + ```shell + git tag -a v${MAJOR_VERSION}.${MINOR_VERSION}.0-rc.${RELEASE_CANDIDATE_NUMBER} -m 'Envoy Gateway v${MAJOR_VERSION}.${MINOR_VERSION}.0-rc.${RELEASE_CANDIDATE_NUMBER} Release Candidate' + ``` + +11. 将 Tag 推送到 Envoy Gateway 仓库。 + + ```shell + git push ${GITHUB_REMOTE} v${MAJOR_VERSION}.${MINOR_VERSION}.0-rc.${RELEASE_CANDIDATE_NUMBER} + ``` + +12. 这将触发[发布 GitHub Action][] 并生成发布版本、发布制品等内容。 +13. 确认[发布工作流程][]已成功完成。 +14. 确认具有正确发布标签的 Envoy Gateway [镜像][]已发布到 Docker Hub。 +15. 确认[版本][]已被创建。 +16. 请注意,[快速入门][]参考资料并未针对候选版本进行更新。 + 但是,请通过手动更新链接来使用候选版本测试快速入门步骤。 +17. [生成][] GitHub 变更日志。 +18. 确保在编辑 GitHub 版本时选中 "这是一个 pre-release" 复选框。 +19. 如果您在此过程中发现任何错误,请创建 Issue。 + +### 设置 Cherry Picker Action {#setup-cherry-picker-action} + +在发布分支切分后,RM(发布经理)应添加 +[Cherrypick Action](https://github.com/envoyproxy/gateway/blob/main/.github/workflows/cherrypick.yaml) Job 以进行目标发布。 + +配置如下所示: + +```yaml + cherry_pick_release_v0_4: + runs-on: ubuntu-latest + name: Cherry pick into release-v0.4 + if: ${{ contains(github.event.pull_request.labels.*.name, 'cherrypick/release-v0.4') && github.event.pull_request.merged == true }} + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + - name: Cherry pick into release/v0.4 + uses: carloscastrojumo/github-cherry-pick-action@a145da1b8142e752d3cbc11aaaa46a535690f0c5 # v1.0.9 + with: + branch: release/v0.4 + title: "[release/v0.4] {old_title}" + body: "Cherry picking #{old_pull_request_id} onto release/v0.4" + labels: | + cherrypick/release-v0.4 + # 将发布经理名字放在这里 + reviewers: | + AliceProxy +``` + +将 `v0.4` 替换为真实的分支名称,并将 `AliceProxy` 替换为 RM 的真实名称。 + +## 次要版本 {#minor-release} + +应使用以下步骤创建次要版本。 + +### 先决条件 {#prerequisites-1} + +- 具备推送到 Envoy Gateway 仓库的权限。 +- 版本分支是从相应候选版本中切分的。 + 有关切分候选版本的更多详细信息,请参阅[候选版本](#release-candidate)部分。 + +设置环境变量以供后续步骤使用: + +```shell +export MAJOR_VERSION=0 +export MINOR_VERSION=3 +export GITHUB_REMOTE=origin +``` + +1. 克隆仓库,迁出 `main` 分支,确保它是最新的,并且您的本地分支是干净的。 +2. 创建主题分支以添加发布说明、发布公告和具体版本的发布文档。 + + 1. 创建发布说明。请参阅之前的[发布说明][]以了解更多详细信息。 + **注意:**发布说明应该是候选版本发布说明以及自发布候选版以来的任何更改的累积。 + 2. 创建发布公告。请参阅 [PR #635] 作为发布公告示例。 + 3. 将版本包含在兼容性矩阵中。请参阅 [PR #1002] 作为示例。 + 4. 生成具体版本的发布文档: + + ``` shell + make docs-release TAG=v${MAJOR_VERSION}.${MINOR_VERSION}.0 + ``` + + 5. 更新 `site/content/en/_index.md` 中的 `Get Started` 和 `Contributing` 按钮引用链接: + + ```shell + + Get Started + + + Contributing + + ``` + + 6. 更新 `site/hugo.toml` 中菜单上的 `Documentation` 引用链接: + + ```shell + [[menu.main]] + name = "Documentation" + weight = -101 + pre = "" + url = "/v0.5.0" + ``` + +3. 签名、提交更改并将其推送到您 Fork 的分支。 +4. 提交 [Pull Request][] 将更改合并到 `main` 分支中。 + 在您的所有 PR 合并并且最终 PR 的[构建和测试][]完成之前,请勿继续。 + +5. 迁出发布分支。 + + ```shell + git checkout -b release/v${MAJOR_VERSION}.${MINOR_VERSION} $GITHUB_REMOTE/release/v${MAJOR_VERSION}.${MINOR_VERSION} + ``` + +6. 如果发布分支的提示与 `main` 的提示不匹配,则执行以下操作: + + 1. 从发布分支创建主题分支。 + 2. 从 `main` 中 Cherry-pick 与发布分支不同的提交。 + 3. 在本地运行测试,例如 `make lint`。 + 4. 签名、提交主题分支并将其推送到您 Fork 的 Envoy Gateway 分支。 + 5. 提交 PR,将您的 Fork 分支中的主题合并到 Envoy Gateway 发布分支中。 + 6. 在 PR 合并以及该合并的 PR 的 CI 通过之前,不要继续。 + 7. 如果您仍在主题分支,请切换到发布分支: + + ```shell + git checkout release/v${MAJOR_VERSION}.${MINOR_VERSION} + ``` + + 8. 确保您的本地发布分支是最新的: + + ```shell + git pull $GITHUB_REMOTE release/v${MAJOR_VERSION}.${MINOR_VERSION} + ``` + +7. 使用发布信息为发布分支的头部打 Tag。例如: + + ```shell + git tag -a v${MAJOR_VERSION}.${MINOR_VERSION}.0 -m 'Envoy Gateway v${MAJOR_VERSION}.${MINOR_VERSION}.0 Release' + ``` + + **注意:**Tag 版本与发布分支的不同之处在于包含 `.0` 补丁版本。 + +8. 将标签推送到 Envoy Gateway 仓库。 + + ```shell + git push origin v${MAJOR_VERSION}.${MINOR_VERSION}.0 + ``` + +9. 这将触发[发布 GitHub Action][] 并生成发布版本、发布制品等内容。 +10. 确认[发布工作流程][]已成功完成。 +11. 确认具有正确发布标签的 Envoy Gateway [镜像][]已发布到 Docker Hub。 +12. 确认[版本][]已被创建。 +13. 确认[快速入门][]中的步骤按预期工作。 +14. [生成][] GitHub 变更日志并保持发布页面的开头包含以下文本: + + ```console + # Release Announcement + + Check out the [v${MAJOR_VERSION}.${MINOR_VERSION} release announcement] + (https://gateway.envoyproxy.io/releases/v${MAJOR_VERSION}.${MINOR_VERSION}.html) to learn more about the release. + ``` + +如果您在此过程中发现任何错误,请创建 Issue。 + +## 公告发布 {#announce-the-release} + +让所有人都知道这次发布非常重要。使用以下步骤来公告发布。 + +1. 在 Envoy Gateway Slack 频道中设置发布信息。例如: + + ```shell + Envoy Gateway v${MAJOR_VERSION}.${MINOR_VERSION} has been released: https://github.com/envoyproxy/gateway/releases/tag/v${MAJOR_VERSION}.${MINOR_VERSION}.0 + ``` + +2. 向 Envoy Gateway Slack 频道发送消息。例如: + + ```shell + On behalf of the entire Envoy Gateway community, I am pleased to announce the release of Envoy Gateway + v${MAJOR_VERSION}.${MINOR_VERSION}. A big thank you to all the contributors that made this release possible. + Refer to the official v${MAJOR_VERSION}.${MINOR_VERSION} announcement for release details and the project docs + to start using Envoy Gateway. + ... + ``` + + 链接到 GitHub 版本和突出显示该版本的版本公告页面。 + +[发布说明]: https://github.com/envoyproxy/gateway/tree/main/release-notes +[Pull Request]: https://github.com/envoyproxy/gateway/pulls +[快速入门]: https://github.com/envoyproxy/gateway/blob/main/docs/user/quickstart.md +[构建和测试]: https://github.com/envoyproxy/gateway/blob/main/.github/workflows/build_and_test.yaml +[发布 GitHub Action]: https://github.com/envoyproxy/gateway/blob/main/.github/workflows/release.yaml +[发布工作流程]: https://github.com/envoyproxy/gateway/actions/workflows/release.yaml +[镜像]: https://hub.docker.com/r/envoyproxy/gateway/tags +[版本]: https://github.com/envoyproxy/gateway/releases +[生成]: https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes +[PR #635]: https://github.com/envoyproxy/gateway/pull/635 +[PR #2098]: https://github.com/envoyproxy/gateway/pull/2098 +[PR #1002]: https://github.com/envoyproxy/gateway/pull/1002 +[VERSION]: https://github.com/envoyproxy/gateway/blob/main/VERSION diff --git a/site/content/zh/latest/contributions/_index.md b/site/content/zh/contributions/_index.md similarity index 100% rename from site/content/zh/latest/contributions/_index.md rename to site/content/zh/contributions/_index.md From d162184e550b003c4095b49297aa6d5bee206783 Mon Sep 17 00:00:00 2001 From: zirain Date: Wed, 17 Apr 2024 04:49:34 +0800 Subject: [PATCH 11/14] docs: use tabpane (#3208) Signed-off-by: zirain --- site/content/en/latest/tasks/quickstart.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/site/content/en/latest/tasks/quickstart.md b/site/content/en/latest/tasks/quickstart.md index 8bdd463be9e..3d857e53dd5 100644 --- a/site/content/en/latest/tasks/quickstart.md +++ b/site/content/en/latest/tasks/quickstart.md @@ -47,6 +47,9 @@ consideration when debugging. ## Testing the Configuration +{{< tabpane text=true >}} +{{% tab header="Without LoadBalancer Support" %}} + Get the name of the Envoy service created the by the example Gateway: ```shell @@ -65,7 +68,9 @@ Curl the example app through Envoy proxy: curl --verbose --header "Host: www.example.com" http://localhost:8888/get ``` -### External LoadBalancer Support +{{% /tab %}} + +{{% tab header="External LoadBalancer Support" %}} You can also test the same functionality by sending traffic to the External IP. To get the external IP of the Envoy service, run: @@ -83,6 +88,9 @@ Curl the example app through Envoy proxy: curl --verbose --header "Host: www.example.com" http://$GATEWAY_HOST/get ``` +{{% /tab %}} +{{< /tabpane >}} + ## What to explore next? In this quickstart, you have: From c41247bb16d3ea01552656af90388e249575804b Mon Sep 17 00:00:00 2001 From: Arko Dasgupta Date: Wed, 17 Apr 2024 10:48:00 +0530 Subject: [PATCH 12/14] Use - for naming service and container ports (#3130) * Use - for naming service and container ports Takes inspiration from https://github.com/envoyproxy/gateway/pull/2973 to name port, not off the listener but off the port-proto ensuring that patch (during updates) also works Fixes: https://github.com/envoyproxy/gateway/issues/3111 Signed-off-by: Arko Dasgupta * testdata Signed-off-by: Arko Dasgupta * fix test Signed-off-by: Arko Dasgupta * move to helper pkg Signed-off-by: Arko Dasgupta * fix e2e Signed-off-by: Arko Dasgupta * lint Signed-off-by: Arko Dasgupta * fix e2e Signed-off-by: Arko Dasgupta --------- Signed-off-by: Arko Dasgupta --- .../testdata/translate/out/quickstart.all.yaml | 2 +- internal/gatewayapi/helpers.go | 4 ++++ internal/gatewayapi/listener.go | 6 +----- .../testdata/backendtlspolicy-ca-only.out.yaml | 2 +- .../backendtlspolicy-default-ns.out.yaml | 2 +- .../backendtlspolicy-invalid-ca.out.yaml | 2 +- .../backendtlspolicy-system-truststore.out.yaml | 2 +- ...kendtlspolicy-without-referencegrant.out.yaml | 2 +- ...ackendtrafficpolicy-override-replace.out.yaml | 2 +- ...ckendtrafficpolicy-status-conditions.out.yaml | 8 ++++---- ...trafficpolicy-status-fault-injection.out.yaml | 4 ++-- ...ficpolicy-with-circuitbreakers-error.out.yaml | 4 ++-- ...ndtrafficpolicy-with-circuitbreakers.out.yaml | 4 ++-- ...ackendtrafficpolicy-with-healthcheck.out.yaml | 4 ++-- ...ckendtrafficpolicy-with-loadbalancer.out.yaml | 4 ++-- ...-ratelimit-default-route-level-limit.out.yaml | 2 +- ...h-local-ratelimit-invalid-limit-unit.out.yaml | 2 +- ...h-local-ratelimit-invalid-match-type.out.yaml | 2 +- ...-invalid-multiple-route-level-limits.out.yaml | 2 +- ...ndtrafficpolicy-with-local-ratelimit.out.yaml | 2 +- ...kendtrafficpolicy-with-proxyprotocol.out.yaml | 4 ++-- ...cpolicy-with-ratelimit-invalid-regex.out.yaml | 2 +- .../backendtrafficpolicy-with-ratelimit.out.yaml | 4 ++-- .../backendtrafficpolicy-with-retries.out.yaml | 4 ++-- ...icpolicy-with-same-prefix-httproutes.out.yaml | 2 +- ...h-tcp-udp-listeners-apply-on-gateway.out.yaml | 4 ++-- ...ith-tcp-udp-listeners-apply-on-route.out.yaml | 4 ++-- ...ckendtrafficpolicy-with-tcpkeepalive.out.yaml | 4 ++-- ...kendtrafficpolicy-with-timeout-error.out.yaml | 2 +- .../backendtrafficpolicy-with-timeout.out.yaml | 4 ++-- ...olicy-buffer-limit-with-format-error.out.yaml | 4 ++-- ...buffer-limit-with-out-of-range-error.out.yaml | 4 ++-- .../clienttrafficpolicy-buffer-limit.out.yaml | 4 ++-- ...enttrafficpolicy-client-ip-detection.out.yaml | 8 ++++---- ...trafficpolicy-connection-limit-error.out.yaml | 4 ++-- ...clienttrafficpolicy-connection-limit.out.yaml | 4 ++-- .../clienttrafficpolicy-headers.out.yaml | 4 ++-- .../testdata/clienttrafficpolicy-http10.out.yaml | 6 +++--- .../testdata/clienttrafficpolicy-http3.out.yaml | 2 +- ...rafficpolicy-idle-timeout-with-error.out.yaml | 2 +- .../clienttrafficpolicy-idle-timeout.out.yaml | 4 ++-- .../testdata/clienttrafficpolicy-mtls.out.yaml | 6 +++--- .../clienttrafficpolicy-path-settings.out.yaml | 4 ++-- .../clienttrafficpolicy-preserve-case.out.yaml | 4 ++-- .../clienttrafficpolicy-proxyprotocol.out.yaml | 4 ++-- ...lienttrafficpolicy-status-conditions.out.yaml | 10 +++++----- .../clienttrafficpolicy-tcp-keepalive.out.yaml | 4 ++-- ...ienttrafficpolicy-timeout-with-error.out.yaml | 2 +- .../clienttrafficpolicy-timeout.out.yaml | 4 ++-- .../clienttrafficpolicy-tls-settings.out.yaml | 4 ++-- .../clienttrafficpolicy-trailers.out.yaml | 4 ++-- .../testdata/conflicting-policies.out.yaml | 2 +- .../testdata/disable-accesslog.out.yaml | 2 +- ...extensionpolicy-invalid-cross-ns-ref.out.yaml | 2 +- ...nvoyextensionpolicy-override-replace.out.yaml | 2 +- ...voyextensionpolicy-status-conditions.out.yaml | 8 ++++---- ...ith-extproc-invalid-no-matching-port.out.yaml | 2 +- ...npolicy-with-extproc-invalid-no-port.out.yaml | 2 +- ...h-extproc-invalid-no-reference-grant.out.yaml | 2 +- ...licy-with-extproc-invalid-no-service.out.yaml | 2 +- ...y-with-extproc-with-backendtlspolicy.out.yaml | 2 +- .../envoypatchpolicy-cross-ns-target.out.yaml | 2 +- ...patchpolicy-invalid-feature-disabled.out.yaml | 2 +- ...y-invalid-target-kind-merge-gateways.out.yaml | 2 +- ...envoypatchpolicy-invalid-target-kind.out.yaml | 2 +- ...nvoypatchpolicy-valid-merge-gateways.out.yaml | 2 +- .../testdata/envoypatchpolicy-valid.out.yaml | 2 +- .../envoyproxy-accesslog-backend.out.yaml | 2 +- ...yproxy-accesslog-file-json-no-format.out.yaml | 2 +- .../envoyproxy-accesslog-file-json.out.yaml | 2 +- .../envoyproxy-accesslog-with-bad-sinks.out.yaml | 2 +- .../testdata/envoyproxy-accesslog.out.yaml | 2 +- .../testdata/envoyproxy-valid.out.yaml | 2 +- ...-with-extension-filter-invalid-group.out.yaml | 2 +- ...e-with-non-matching-extension-filter.out.yaml | 2 +- ...te-with-unsupported-extension-filter.out.yaml | 2 +- ...ttproute-with-valid-extension-filter.out.yaml | 2 +- ...ame-namespace-with-allowed-httproute.out.yaml | 2 +- ...-namespace-with-disallowed-httproute.out.yaml | 2 +- .../testdata/gateway-infrastructure.out.yaml | 2 +- ...ateway-with-addresses-with-ipaddress.out.yaml | 2 +- ...tcproute-with-mismatch-port-protocol.out.yaml | 2 +- ...with-tcproute-with-multiple-backends.out.yaml | 2 +- ...er-with-tcproute-with-multiple-rules.out.yaml | 2 +- ...-other-namespace-allowed-by-refgrant.out.yaml | 2 +- ...r-with-tls-terminate-and-passthrough.out.yaml | 4 ++-- ...udproute-with-mismatch-port-protocol.out.yaml | 2 +- ...with-udproute-with-multiple-backends.out.yaml | 2 +- ...er-with-udproute-with-multiple-rules.out.yaml | 2 +- ...ith-listener-with-unmatched-tcproute.out.yaml | 2 +- ...ith-listener-with-unmatched-udproute.out.yaml | 2 +- ...n-with-same-algorithm-different-fqdn.out.yaml | 2 +- ...ith-valid-multiple-tls-configuration.out.yaml | 2 +- ...istener-with-valid-tls-configuration.out.yaml | 2 +- ...ay-with-preexisting-status-condition.out.yaml | 2 +- ...gle-listener-with-multiple-tcproutes.out.yaml | 2 +- ...gle-listener-with-multiple-udproutes.out.yaml | 2 +- .../gateway-with-stale-status-condition.out.yaml | 2 +- ...wo-listeners-on-same-tcp-or-tls-port.out.yaml | 2 +- ...-with-two-listeners-on-same-udp-port.out.yaml | 2 +- ...o-listeners-with-multiple-httproutes.out.yaml | 4 ++-- ...ers-with-same-port-http-tcp-protocol.out.yaml | 4 ++-- ...ers-with-same-port-http-udp-protocol.out.yaml | 4 ++-- ...ners-with-tcproutes-with-sectionname.out.yaml | 4 ++-- ...s-with-tcproutes-without-sectionname.out.yaml | 4 ++-- ...ners-with-udproutes-with-sectionname.out.yaml | 4 ++-- ...s-with-udproutes-without-sectionname.out.yaml | 4 ++-- .../grpcroute-with-empty-backends.out.yaml | 2 +- .../grpcroute-with-header-match.out.yaml | 2 +- ...croute-with-method-and-service-match.out.yaml | 2 +- .../grpcroute-with-method-match.out.yaml | 2 +- ...pcroute-with-request-header-modifier.out.yaml | 2 +- .../grpcroute-with-service-match.out.yaml | 2 +- ...kendtrafficpolicy-with-timeout-error.out.yaml | 2 +- ...nd-backendtrafficpolicy-with-timeout.out.yaml | 4 ++-- ...ateway-with-more-different-listeners.out.yaml | 16 ++++++++-------- ...ching-to-gateway-with-more-listeners.out.yaml | 2 +- ...h-two-listeners-with-different-ports.out.yaml | 4 ++-- ...aching-to-gateway-with-two-listeners.out.yaml | 2 +- .../httproute-attaching-to-gateway.out.yaml | 2 +- ...-attaching-to-listener-matching-port.out.yaml | 2 +- ...stener-on-gateway-with-two-listeners.out.yaml | 2 +- ...import-backendrefs-diff-address-type.out.yaml | 2 +- ...import-backendrefs-same-address-type.out.yaml | 2 +- ...eimport-backendref-fqdn-address-type.out.yaml | 2 +- ...import-backendref-mixed-address-type.out.yaml | 2 +- ...stener-with-serviceimport-backendref.out.yaml | 2 +- .../httproute-attaching-to-listener.out.yaml | 2 +- .../httproute-backend-request-timeout.out.yaml | 2 +- ...aching-to-listener-non-matching-port.out.yaml | 2 +- .../testdata/httproute-request-timeout.out.yaml | 2 +- ...e-with-empty-backends-and-no-filters.out.yaml | 2 +- ...ith-multiple-backends-and-no-weights.out.yaml | 2 +- ...e-with-multiple-backends-and-weights.out.yaml | 2 +- ...-other-namespace-allowed-by-refgrant.out.yaml | 2 +- ...-other-namespace-allowed-by-refgrant.out.yaml | 2 +- .../httproute-with-empty-matches.out.yaml | 2 +- ...ilter-duplicate-add-multiple-filters.out.yaml | 2 +- ...te-with-header-filter-duplicate-adds.out.yaml | 2 +- ...er-duplicate-remove-multiple-filters.out.yaml | 2 +- ...with-header-filter-duplicate-removes.out.yaml | 2 +- ...th-header-filter-empty-header-values.out.yaml | 2 +- ...ute-with-header-filter-empty-headers.out.yaml | 2 +- ...e-with-header-filter-invalid-headers.out.yaml | 2 +- ...proute-with-header-filter-no-headers.out.yaml | 2 +- ...-with-header-filter-no-valid-headers.out.yaml | 2 +- .../httproute-with-header-filter-remove.out.yaml | 2 +- ...te-with-invalid-backend-ref-bad-port.out.yaml | 2 +- ...th-invalid-backend-ref-invalid-group.out.yaml | 2 +- ...ith-invalid-backend-ref-invalid-kind.out.yaml | 2 +- ...ute-with-invalid-backend-ref-no-port.out.yaml | 2 +- ...nvalid-backend-ref-no-service.import.out.yaml | 2 +- ...-with-invalid-backend-ref-no-service.out.yaml | 2 +- ...valid-backend-ref-unsupported-filter.out.yaml | 2 +- ...nvalid-backendref-in-other-namespace.out.yaml | 2 +- .../httproute-with-invalid-regex.out.yaml | 4 ++-- ...proute-with-mirror-filter-duplicates.out.yaml | 2 +- ...ttproute-with-mirror-filter-multiple.out.yaml | 2 +- ...e-with-mirror-filter-service-no-port.out.yaml | 2 +- ...with-mirror-filter-service-not-found.out.yaml | 2 +- .../httproute-with-mirror-filter.out.yaml | 2 +- ...ng-to-gateway-with-wildcard-hostname.out.yaml | 2 +- ...irect-filter-full-path-replace-https.out.yaml | 2 +- ...proute-with-redirect-filter-hostname.out.yaml | 2 +- ...-redirect-filter-invalid-filter-type.out.yaml | 2 +- ...-with-redirect-filter-invalid-scheme.out.yaml | 2 +- ...-with-redirect-filter-invalid-status.out.yaml | 2 +- ...filter-prefix-replace-with-port-http.out.yaml | 2 +- ...ute-with-response-header-filter-adds.out.yaml | 2 +- ...ilter-duplicate-add-multiple-filters.out.yaml | 2 +- ...esponse-header-filter-duplicate-adds.out.yaml | 2 +- ...er-duplicate-remove-multiple-filters.out.yaml | 2 +- ...onse-header-filter-duplicate-removes.out.yaml | 2 +- ...se-header-filter-empty-header-values.out.yaml | 2 +- ...response-header-filter-empty-headers.out.yaml | 2 +- ...sponse-header-filter-invalid-headers.out.yaml | 2 +- ...th-response-header-filter-no-headers.out.yaml | 2 +- ...ponse-header-filter-no-valid-headers.out.yaml | 2 +- ...e-with-response-header-filter-remove.out.yaml | 2 +- ...th-single-rule-with-exact-path-match.out.yaml | 2 +- ...h-single-rule-with-http-method-match.out.yaml | 2 +- ...with-single-rule-with-multiple-rules.out.yaml | 2 +- ...path-prefix-and-exact-header-matches.out.yaml | 2 +- ...some-invalid-backend-refs-no-service.out.yaml | 2 +- ...ng-to-gateway-with-wildcard-hostname.out.yaml | 2 +- ...ng-to-gateway-with-wildcard-hostname.out.yaml | 2 +- ...ewrite-filter-full-path-replace-http.out.yaml | 2 +- ...write-filter-hostname-prefix-replace.out.yaml | 2 +- ...oute-with-urlrewrite-filter-hostname.out.yaml | 2 +- ...rlrewrite-filter-invalid-filter-type.out.yaml | 2 +- ...h-urlrewrite-filter-invalid-hostname.out.yaml | 2 +- ...rite-filter-invalid-multiple-filters.out.yaml | 2 +- ...-urlrewrite-filter-invalid-path-type.out.yaml | 2 +- ...-with-urlrewrite-filter-invalid-path.out.yaml | 2 +- ...-with-urlrewrite-filter-missing-path.out.yaml | 2 +- ...rlrewrite-filter-prefix-replace-http.out.yaml | 2 +- ...ching-to-gateway-with-unset-hostname.out.yaml | 2 +- .../httproutes-with-multiple-matches.out.yaml | 2 +- .../merge-invalid-multiple-gateways.out.yaml | 4 ++-- ...teways-multiple-listeners-same-ports.out.yaml | 4 ++-- ...id-multiple-gateways-multiple-routes.out.yaml | 4 ++-- .../merge-valid-multiple-gateways.out.yaml | 4 ++-- .../merge-with-isolated-policies-2.out.yaml | 4 ++-- .../merge-with-isolated-policies.out.yaml | 4 ++-- .../securitypolicy-invalid-cross-ns-ref.out.yaml | 2 +- .../securitypolicy-override-replace.out.yaml | 2 +- .../securitypolicy-status-conditions.out.yaml | 6 +++--- .../securitypolicy-with-basic-auth.out.yaml | 2 +- .../testdata/securitypolicy-with-cors.out.yaml | 6 +++--- ...ith-extauth-invalid-no-matching-port.out.yaml | 2 +- ...ypolicy-with-extauth-invalid-no-port.out.yaml | 2 +- ...h-extauth-invalid-no-reference-grant.out.yaml | 2 +- ...licy-with-extauth-invalid-no-service.out.yaml | 2 +- ...y-with-extauth-with-backendtlspolicy.out.yaml | 2 +- .../securitypolicy-with-extauth.out.yaml | 2 +- ...ritypolicy-with-jwt-and-invalid-oidc.out.yaml | 2 +- ...olicy-with-jwt-with-custom-extractor.out.yaml | 4 ++-- .../testdata/securitypolicy-with-jwt.out.yaml | 4 ++-- ...uritypolicy-with-oidc-invalid-issuer.out.yaml | 2 +- ...typolicy-with-oidc-invalid-secretref.out.yaml | 6 +++--- .../testdata/securitypolicy-with-oidc.out.yaml | 2 +- ...-gateway-with-listener-tls-terminate.out.yaml | 2 +- .../tlsroute-attaching-to-gateway.out.yaml | 2 +- .../testdata/tlsroute-multiple.out.yaml | 2 +- ...-other-namespace-allowed-by-refgrant.out.yaml | 2 +- .../tlsroute-with-empty-hostname.out.yaml | 2 +- ...lsroute-with-empty-listener-hostname.out.yaml | 2 +- .../infrastructure/kubernetes/proxy/resource.go | 3 +-- .../kubernetes/proxy/resource_provider.go | 4 ++-- .../proxy/testdata/deployments/bootstrap.yaml | 4 ++-- .../testdata/deployments/component-level.yaml | 4 ++-- .../proxy/testdata/deployments/custom.yaml | 4 ++-- .../deployments/custom_with_initcontainers.yaml | 4 ++-- .../proxy/testdata/deployments/default-env.yaml | 4 ++-- .../proxy/testdata/deployments/default.yaml | 4 ++-- .../testdata/deployments/disable-prometheus.yaml | 4 ++-- .../testdata/deployments/extension-env.yaml | 4 ++-- .../override-labels-and-annotations.yaml | 4 ++-- .../testdata/deployments/patch-deployment.yaml | 4 ++-- .../testdata/deployments/shutdown-manager.yaml | 4 ++-- .../proxy/testdata/deployments/volumes.yaml | 4 ++-- .../testdata/deployments/with-annotations.yaml | 4 ++-- .../testdata/deployments/with-concurrency.yaml | 4 ++-- .../deployments/with-empty-memory-limits.yaml | 4 ++-- .../testdata/deployments/with-extra-args.yaml | 4 ++-- .../deployments/with-image-pull-secrets.yaml | 4 ++-- .../testdata/deployments/with-node-selector.yaml | 4 ++-- .../with-topology-spread-constraints.yaml | 4 ++-- .../services/clusterIP-custom-addresses.yaml | 4 ++-- .../proxy/testdata/services/custom.yaml | 4 ++-- .../proxy/testdata/services/default.yaml | 4 ++-- .../testdata/services/override-annotations.yaml | 4 ++-- .../proxy/testdata/services/patch-service.yaml | 4 ++-- .../testdata/services/with-annotations.yaml | 4 ++-- test/e2e/tests/gateway_infra_resource.go | 10 ++++------ 255 files changed, 362 insertions(+), 365 deletions(-) diff --git a/internal/cmd/egctl/testdata/translate/out/quickstart.all.yaml b/internal/cmd/egctl/testdata/translate/out/quickstart.all.yaml index 3f2009bccf3..3ea1f3f2bc7 100644 --- a/internal/cmd/egctl/testdata/translate/out/quickstart.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/quickstart.all.yaml @@ -80,7 +80,7 @@ infraIR: name: envoy-gateway-system/eg/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/helpers.go b/internal/gatewayapi/helpers.go index 252056f2d7d..269ea9b4147 100644 --- a/internal/gatewayapi/helpers.go +++ b/internal/gatewayapi/helpers.go @@ -359,6 +359,10 @@ func irUDPListenerName(listener *ListenerContext, udpRoute *UDPRouteContext) str return fmt.Sprintf("%s/%s/%s/%s", listener.gateway.Namespace, listener.gateway.Name, listener.Name, udpRoute.Name) } +func irListenerPortName(proto ir.ProtocolType, port int32) string { + return strings.ToLower(fmt.Sprintf("%s-%d", proto, port)) +} + func irRoutePrefix(route RouteContext) string { // add a "/" at the end of the prefix to prevent mismatching routes with the // same prefix. For example, route prefix "/foo/" should not match a route "/foobar". diff --git a/internal/gatewayapi/listener.go b/internal/gatewayapi/listener.go index 37f83c49cc1..07d71bfd172 100644 --- a/internal/gatewayapi/listener.go +++ b/internal/gatewayapi/listener.go @@ -145,12 +145,8 @@ func (t *Translator) processInfraIRListener(listener *ListenerContext, infraIR I proto = ir.UDPProtocolType } - infraPortName := string(listener.Name) - if t.MergeGateways { - infraPortName = irHTTPListenerName(listener) - } infraPort := ir.ListenerPort{ - Name: infraPortName, + Name: irListenerPortName(proto, servicePort.port), Protocol: proto, ServicePort: servicePort.port, ContainerPort: servicePortToContainerPort(servicePort.port), diff --git a/internal/gatewayapi/testdata/backendtlspolicy-ca-only.out.yaml b/internal/gatewayapi/testdata/backendtlspolicy-ca-only.out.yaml index eb1d0a7ff99..13b0f649be7 100644 --- a/internal/gatewayapi/testdata/backendtlspolicy-ca-only.out.yaml +++ b/internal/gatewayapi/testdata/backendtlspolicy-ca-only.out.yaml @@ -119,7 +119,7 @@ infraIR: name: envoy-gateway/gateway-btls/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/backendtlspolicy-default-ns.out.yaml b/internal/gatewayapi/testdata/backendtlspolicy-default-ns.out.yaml index e26e069dfd2..515b77057bc 100644 --- a/internal/gatewayapi/testdata/backendtlspolicy-default-ns.out.yaml +++ b/internal/gatewayapi/testdata/backendtlspolicy-default-ns.out.yaml @@ -118,7 +118,7 @@ infraIR: name: envoy-gateway/gateway-btls/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/backendtlspolicy-invalid-ca.out.yaml b/internal/gatewayapi/testdata/backendtlspolicy-invalid-ca.out.yaml index ae583f55e47..47e7c66c07e 100644 --- a/internal/gatewayapi/testdata/backendtlspolicy-invalid-ca.out.yaml +++ b/internal/gatewayapi/testdata/backendtlspolicy-invalid-ca.out.yaml @@ -119,7 +119,7 @@ infraIR: name: envoy-gateway/gateway-btls/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/backendtlspolicy-system-truststore.out.yaml b/internal/gatewayapi/testdata/backendtlspolicy-system-truststore.out.yaml index bc1904e2b46..a28101f7810 100644 --- a/internal/gatewayapi/testdata/backendtlspolicy-system-truststore.out.yaml +++ b/internal/gatewayapi/testdata/backendtlspolicy-system-truststore.out.yaml @@ -115,7 +115,7 @@ infraIR: name: envoy-gateway/gateway-btls/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/backendtlspolicy-without-referencegrant.out.yaml b/internal/gatewayapi/testdata/backendtlspolicy-without-referencegrant.out.yaml index 57382ac7650..6922e60d7c8 100755 --- a/internal/gatewayapi/testdata/backendtlspolicy-without-referencegrant.out.yaml +++ b/internal/gatewayapi/testdata/backendtlspolicy-without-referencegrant.out.yaml @@ -120,7 +120,7 @@ infraIR: name: envoy-gateway/gateway-btls/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-override-replace.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-override-replace.out.yaml index 23c2e1c1f5c..18879240a3c 100755 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-override-replace.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-override-replace.out.yaml @@ -196,7 +196,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-status-conditions.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-status-conditions.out.yaml index 2adaa229dd6..64c6932c2a3 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-status-conditions.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-status-conditions.out.yaml @@ -505,7 +505,7 @@ infraIR: name: another-namespace/not-same-namespace-gateway/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: @@ -520,7 +520,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: @@ -535,14 +535,14 @@ infraIR: name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway-2/tcp ports: - containerPort: 10053 - name: tcp + name: tcp-53 protocol: TCP servicePort: 53 metadata: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-status-fault-injection.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-status-fault-injection.out.yaml index 7cbbb266058..b322ce55192 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-status-fault-injection.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-status-fault-injection.out.yaml @@ -303,7 +303,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: @@ -318,7 +318,7 @@ infraIR: name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-circuitbreakers-error.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-circuitbreakers-error.out.yaml index 867a99f85bc..45d95e8aaf9 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-circuitbreakers-error.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-circuitbreakers-error.out.yaml @@ -285,7 +285,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: @@ -300,7 +300,7 @@ infraIR: name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-circuitbreakers.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-circuitbreakers.out.yaml index 1324a75e0ef..1c0c622624e 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-circuitbreakers.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-circuitbreakers.out.yaml @@ -226,7 +226,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: @@ -241,7 +241,7 @@ infraIR: name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.out.yaml index 34b5a13021e..2205a1cc1b6 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.out.yaml @@ -436,7 +436,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: @@ -451,7 +451,7 @@ infraIR: name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml index f47f84a874a..f3836170e44 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml @@ -325,7 +325,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: @@ -340,7 +340,7 @@ infraIR: name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-default-route-level-limit.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-default-route-level-limit.out.yaml index 26e2ac288e9..4f4cb6d5165 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-default-route-level-limit.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-default-route-level-limit.out.yaml @@ -137,7 +137,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-limit-unit.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-limit-unit.out.yaml index 3100a7e26df..0b81c2dd0de 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-limit-unit.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-limit-unit.out.yaml @@ -141,7 +141,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-match-type.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-match-type.out.yaml index 853a1ac1c5f..68ed3affde6 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-match-type.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-match-type.out.yaml @@ -137,7 +137,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-multiple-route-level-limits.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-multiple-route-level-limits.out.yaml index 7acba1f616b..32d1661ea55 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-multiple-route-level-limits.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-multiple-route-level-limits.out.yaml @@ -144,7 +144,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit.out.yaml index 624ffa15384..11012aa6940 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit.out.yaml @@ -140,7 +140,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-proxyprotocol.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-proxyprotocol.out.yaml index b43f116ef08..2344cae4a31 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-proxyprotocol.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-proxyprotocol.out.yaml @@ -218,7 +218,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: @@ -233,7 +233,7 @@ infraIR: name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-invalid-regex.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-invalid-regex.out.yaml index 50bf055b039..360544da250 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-invalid-regex.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-invalid-regex.out.yaml @@ -123,7 +123,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml index 21a149aa542..750b4243777 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml @@ -238,7 +238,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: @@ -253,7 +253,7 @@ infraIR: name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-retries.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-retries.out.yaml index b3c699e39a3..206b93b9f6a 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-retries.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-retries.out.yaml @@ -237,7 +237,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: @@ -252,7 +252,7 @@ infraIR: name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-same-prefix-httproutes.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-same-prefix-httproutes.out.yaml index aa69f61da8e..130958f4d46 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-same-prefix-httproutes.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-same-prefix-httproutes.out.yaml @@ -156,7 +156,7 @@ infraIR: name: default/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcp-udp-listeners-apply-on-gateway.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcp-udp-listeners-apply-on-gateway.out.yaml index 62a0ec8fc75..99e076b98ab 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcp-udp-listeners-apply-on-gateway.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcp-udp-listeners-apply-on-gateway.out.yaml @@ -146,14 +146,14 @@ infraIR: name: default/tcp-gateway/foo ports: - containerPort: 8162 - name: foo + name: udp-8162 protocol: UDP servicePort: 8162 - address: null name: default/tcp-gateway/bar ports: - containerPort: 8089 - name: bar + name: tcp-8089 protocol: TCP servicePort: 8089 metadata: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcp-udp-listeners-apply-on-route.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcp-udp-listeners-apply-on-route.out.yaml index 774e7e0525b..14eea34c492 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcp-udp-listeners-apply-on-route.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcp-udp-listeners-apply-on-route.out.yaml @@ -221,14 +221,14 @@ infraIR: name: default/tcp-gateway/foo ports: - containerPort: 8162 - name: foo + name: udp-8162 protocol: UDP servicePort: 8162 - address: null name: default/tcp-gateway/bar ports: - containerPort: 8089 - name: bar + name: tcp-8089 protocol: TCP servicePort: 8089 metadata: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcpkeepalive.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcpkeepalive.out.yaml index 0610f61fb9c..ea98b67e005 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcpkeepalive.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcpkeepalive.out.yaml @@ -222,7 +222,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: @@ -237,7 +237,7 @@ infraIR: name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout-error.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout-error.out.yaml index d54df2b9e25..3adff744df7 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout-error.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout-error.out.yaml @@ -114,7 +114,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout.out.yaml index 4af65e3ca35..58ea2d64060 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout.out.yaml @@ -226,7 +226,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: @@ -241,7 +241,7 @@ infraIR: name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit-with-format-error.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit-with-format-error.out.yaml index 85ec2d02e9d..f82580ce39f 100755 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit-with-format-error.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit-with-format-error.out.yaml @@ -140,14 +140,14 @@ infraIR: name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10080 - name: http-1 + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway-1/http-2 ports: - containerPort: 8080 - name: http-2 + name: http-8080 protocol: HTTP servicePort: 8080 metadata: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit-with-out-of-range-error.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit-with-out-of-range-error.out.yaml index 2c9cb161ebf..1240114ffa9 100755 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit-with-out-of-range-error.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit-with-out-of-range-error.out.yaml @@ -140,14 +140,14 @@ infraIR: name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10080 - name: http-1 + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway-1/http-2 ports: - containerPort: 8080 - name: http-2 + name: http-8080 protocol: HTTP servicePort: 8080 metadata: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit.out.yaml index 8788cfd2e6c..6969904a40f 100755 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit.out.yaml @@ -140,14 +140,14 @@ infraIR: name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10080 - name: http-1 + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway-1/http-2 ports: - containerPort: 8080 - name: http-2 + name: http-8080 protocol: HTTP servicePort: 8080 metadata: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-client-ip-detection.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-client-ip-detection.out.yaml index 308d12d7948..61ff96bfeca 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-client-ip-detection.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-client-ip-detection.out.yaml @@ -230,28 +230,28 @@ infraIR: name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 8081 - name: http-1 + name: http-8081 protocol: HTTP servicePort: 8081 - address: null name: envoy-gateway/gateway-1/http-2 ports: - containerPort: 8082 - name: http-2 + name: http-8082 protocol: HTTP servicePort: 8082 - address: null name: envoy-gateway/gateway-1/http-3 ports: - containerPort: 8083 - name: http-3 + name: http-8083 protocol: HTTP servicePort: 8083 - address: null name: envoy-gateway/gateway-1/http-4 ports: - containerPort: 8084 - name: http-4 + name: http-8084 protocol: HTTP servicePort: 8084 metadata: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-connection-limit-error.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-connection-limit-error.out.yaml index a08fe4b1191..2dfb99f691e 100755 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-connection-limit-error.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-connection-limit-error.out.yaml @@ -142,14 +142,14 @@ infraIR: name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10080 - name: http-1 + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway-1/http-2 ports: - containerPort: 8080 - name: http-2 + name: http-8080 protocol: HTTP servicePort: 8080 metadata: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-connection-limit.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-connection-limit.out.yaml index 3ccf5385eb8..651f18ecd1c 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-connection-limit.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-connection-limit.out.yaml @@ -142,14 +142,14 @@ infraIR: name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10080 - name: http-1 + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway-1/http-2 ports: - containerPort: 8080 - name: http-2 + name: http-8080 protocol: HTTP servicePort: 8080 metadata: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-headers.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-headers.out.yaml index 005487ada5b..4a71a59d6d0 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-headers.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-headers.out.yaml @@ -106,14 +106,14 @@ infraIR: name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10080 - name: http-1 + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway-1/http-2 ports: - containerPort: 8080 - name: http-2 + name: http-8080 protocol: HTTP servicePort: 8080 metadata: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-http10.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-http10.out.yaml index 1165ba87e91..df2e0592b6b 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-http10.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-http10.out.yaml @@ -199,21 +199,21 @@ infraIR: name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10080 - name: http-1 + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway-1/http-2 ports: - containerPort: 8080 - name: http-2 + name: http-8080 protocol: HTTP servicePort: 8080 - address: null name: envoy-gateway/gateway-1/http-3 ports: - containerPort: 8081 - name: http-3 + name: http-8081 protocol: HTTP servicePort: 8081 metadata: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-http3.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-http3.out.yaml index bfdd73846a2..a58801dd58b 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-http3.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-http3.out.yaml @@ -118,7 +118,7 @@ infraIR: name: envoy-gateway/gateway-1/tls ports: - containerPort: 10443 - name: tls + name: https-443 protocol: HTTPS servicePort: 443 metadata: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-idle-timeout-with-error.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-idle-timeout-with-error.out.yaml index 21cb15d7f46..0854e41ef4d 100755 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-idle-timeout-with-error.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-idle-timeout-with-error.out.yaml @@ -77,7 +77,7 @@ infraIR: name: envoy-gateway/gateway/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-idle-timeout.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-idle-timeout.out.yaml index 182fec065b0..efd85a62185 100755 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-idle-timeout.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-idle-timeout.out.yaml @@ -108,14 +108,14 @@ infraIR: name: envoy-gateway/gateway/http-1 ports: - containerPort: 10080 - name: http-1 + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway/http-2 ports: - containerPort: 8080 - name: http-2 + name: http-8080 protocol: HTTP servicePort: 8080 metadata: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls.out.yaml index e5ee7a11a3c..eb75fd79c30 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls.out.yaml @@ -197,14 +197,14 @@ infraIR: name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10443 - name: http-1 + name: https-443 protocol: HTTPS servicePort: 443 - address: null name: envoy-gateway/gateway-1/http-2 ports: - containerPort: 8080 - name: http-2 + name: http-8080 protocol: HTTP servicePort: 8080 metadata: @@ -219,7 +219,7 @@ infraIR: name: envoy-gateway/gateway-2/http-1 ports: - containerPort: 10443 - name: http-1 + name: https-443 protocol: HTTPS servicePort: 443 metadata: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-path-settings.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-path-settings.out.yaml index 419fbf076aa..e16a5cf2344 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-path-settings.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-path-settings.out.yaml @@ -106,14 +106,14 @@ infraIR: name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10080 - name: http-1 + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway-1/http-2 ports: - containerPort: 8080 - name: http-2 + name: http-8080 protocol: HTTP servicePort: 8080 metadata: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-preserve-case.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-preserve-case.out.yaml index 7deea550663..af97e2397ca 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-preserve-case.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-preserve-case.out.yaml @@ -106,14 +106,14 @@ infraIR: name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10080 - name: http-1 + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway-1/http-2 ports: - containerPort: 8080 - name: http-2 + name: http-8080 protocol: HTTP servicePort: 8080 metadata: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-proxyprotocol.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-proxyprotocol.out.yaml index dd61eb7fe89..7b57484d3df 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-proxyprotocol.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-proxyprotocol.out.yaml @@ -106,14 +106,14 @@ infraIR: name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10080 - name: http-1 + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway-1/http-2 ports: - containerPort: 8080 - name: http-2 + name: http-8080 protocol: HTTP servicePort: 8080 metadata: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-status-conditions.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-status-conditions.out.yaml index 5527116ad7d..fddae6e6c9e 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-status-conditions.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-status-conditions.out.yaml @@ -458,7 +458,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: @@ -473,14 +473,14 @@ infraIR: name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway-2/tcp ports: - containerPort: 10053 - name: tcp + name: tcp-53 protocol: TCP servicePort: 53 metadata: @@ -495,7 +495,7 @@ infraIR: name: envoy-gateway/gateway-3/bar-foo ports: - containerPort: 10080 - name: bar-foo + name: http-80 protocol: HTTP servicePort: 80 metadata: @@ -510,7 +510,7 @@ infraIR: name: not-same-namespace/not-same-namespace-gateway/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-tcp-keepalive.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-tcp-keepalive.out.yaml index fa977c27444..c7557020382 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-tcp-keepalive.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-tcp-keepalive.out.yaml @@ -142,14 +142,14 @@ infraIR: name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10080 - name: http-1 + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway-1/http-2 ports: - containerPort: 8080 - name: http-2 + name: http-8080 protocol: HTTP servicePort: 8080 metadata: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-timeout-with-error.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-timeout-with-error.out.yaml index 245a10810b3..eaf13c0af18 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-timeout-with-error.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-timeout-with-error.out.yaml @@ -77,7 +77,7 @@ infraIR: name: envoy-gateway/gateway/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-timeout.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-timeout.out.yaml index d4fedc92372..9c83084ce76 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-timeout.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-timeout.out.yaml @@ -108,14 +108,14 @@ infraIR: name: envoy-gateway/gateway/http-1 ports: - containerPort: 10080 - name: http-1 + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway/http-2 ports: - containerPort: 8080 - name: http-2 + name: http-8080 protocol: HTTP servicePort: 8080 metadata: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.out.yaml index e4fcd514d15..924a9a14920 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.out.yaml @@ -123,14 +123,14 @@ infraIR: name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10443 - name: http-1 + name: https-443 protocol: HTTPS servicePort: 443 - address: null name: envoy-gateway/gateway-1/http-2 ports: - containerPort: 8080 - name: http-2 + name: http-8080 protocol: HTTP servicePort: 8080 metadata: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-trailers.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-trailers.out.yaml index cf3abc4f51d..b2c1145c06c 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-trailers.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-trailers.out.yaml @@ -105,14 +105,14 @@ infraIR: name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10080 - name: http-1 + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway-1/http-2 ports: - containerPort: 8080 - name: http-2 + name: http-8080 protocol: HTTP servicePort: 8080 metadata: diff --git a/internal/gatewayapi/testdata/conflicting-policies.out.yaml b/internal/gatewayapi/testdata/conflicting-policies.out.yaml index 6ffd1c911bd..3f2a1d53418 100644 --- a/internal/gatewayapi/testdata/conflicting-policies.out.yaml +++ b/internal/gatewayapi/testdata/conflicting-policies.out.yaml @@ -215,7 +215,7 @@ infraIR: name: default/gateway-1/http ports: - containerPort: 10080 - name: default/gateway-1/http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/disable-accesslog.out.yaml b/internal/gatewayapi/testdata/disable-accesslog.out.yaml index c48bad79000..10a49651a17 100644 --- a/internal/gatewayapi/testdata/disable-accesslog.out.yaml +++ b/internal/gatewayapi/testdata/disable-accesslog.out.yaml @@ -108,7 +108,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-invalid-cross-ns-ref.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-invalid-cross-ns-ref.out.yaml index 983b95a6114..1deb8ca6b25 100755 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-invalid-cross-ns-ref.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-invalid-cross-ns-ref.out.yaml @@ -79,7 +79,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-override-replace.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-override-replace.out.yaml index 1adc83f74aa..0fd8d36b3ca 100755 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-override-replace.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-override-replace.out.yaml @@ -192,7 +192,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-status-conditions.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-status-conditions.out.yaml index 9d6ba198049..b2abfba7c21 100755 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-status-conditions.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-status-conditions.out.yaml @@ -505,7 +505,7 @@ infraIR: name: another-namespace/not-same-namespace-gateway/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: @@ -520,7 +520,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: @@ -535,14 +535,14 @@ infraIR: name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway-2/tcp ports: - containerPort: 10053 - name: tcp + name: tcp-53 protocol: TCP servicePort: 53 metadata: diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-matching-port.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-matching-port.out.yaml index 394ccff73d5..55e0b661896 100755 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-matching-port.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-matching-port.out.yaml @@ -117,7 +117,7 @@ infraIR: name: default/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-port.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-port.out.yaml index ea8098edd07..05db4b4438c 100755 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-port.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-port.out.yaml @@ -117,7 +117,7 @@ infraIR: name: default/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-reference-grant.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-reference-grant.out.yaml index 50535c1a392..c4ad278a6c4 100755 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-reference-grant.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-reference-grant.out.yaml @@ -119,7 +119,7 @@ infraIR: name: default/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-service.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-service.out.yaml index 27519cb0302..7155bfe7243 100755 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-service.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-service.out.yaml @@ -118,7 +118,7 @@ infraIR: name: default/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-backendtlspolicy.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-backendtlspolicy.out.yaml index 66063672452..c8eb952e580 100755 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-backendtlspolicy.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-backendtlspolicy.out.yaml @@ -259,7 +259,7 @@ infraIR: name: default/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-cross-ns-target.out.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-cross-ns-target.out.yaml index 4d003c79e01..b91f140014a 100644 --- a/internal/gatewayapi/testdata/envoypatchpolicy-cross-ns-target.out.yaml +++ b/internal/gatewayapi/testdata/envoypatchpolicy-cross-ns-target.out.yaml @@ -47,7 +47,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-feature-disabled.out.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-feature-disabled.out.yaml index eee41351ea5..b1ca7a29071 100644 --- a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-feature-disabled.out.yaml +++ b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-feature-disabled.out.yaml @@ -58,7 +58,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: envoy-gateway/gateway-1/http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind-merge-gateways.out.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind-merge-gateways.out.yaml index 740bfb7800f..b63636dac9b 100644 --- a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind-merge-gateways.out.yaml +++ b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind-merge-gateways.out.yaml @@ -58,7 +58,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: envoy-gateway/gateway-1/http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind.out.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind.out.yaml index 5375d43d51a..a820898caa0 100644 --- a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind.out.yaml +++ b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind.out.yaml @@ -47,7 +47,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-valid-merge-gateways.out.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-valid-merge-gateways.out.yaml index 69a919f4ccb..8200430befc 100644 --- a/internal/gatewayapi/testdata/envoypatchpolicy-valid-merge-gateways.out.yaml +++ b/internal/gatewayapi/testdata/envoypatchpolicy-valid-merge-gateways.out.yaml @@ -58,7 +58,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: envoy-gateway/gateway-1/http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-valid.out.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-valid.out.yaml index ccba87e5c50..9a13040a8e9 100644 --- a/internal/gatewayapi/testdata/envoypatchpolicy-valid.out.yaml +++ b/internal/gatewayapi/testdata/envoypatchpolicy-valid.out.yaml @@ -47,7 +47,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-backend.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-backend.out.yaml index e527eea3e63..265b1a19887 100755 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-backend.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-backend.out.yaml @@ -124,7 +124,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.out.yaml index 7b6af7c2fd3..76f758a594e 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.out.yaml @@ -114,7 +114,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.out.yaml index 73566a7adec..995153edd62 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.out.yaml @@ -117,7 +117,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.out.yaml index 583ce720c9a..05a1560000c 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.out.yaml @@ -115,7 +115,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog.out.yaml index 74a090dc6e8..b219623c2ed 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog.out.yaml @@ -122,7 +122,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-valid.out.yaml b/internal/gatewayapi/testdata/envoyproxy-valid.out.yaml index b5a1347f4fc..2343d936160 100644 --- a/internal/gatewayapi/testdata/envoyproxy-valid.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-valid.out.yaml @@ -105,7 +105,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/extensions/httproute-with-extension-filter-invalid-group.out.yaml b/internal/gatewayapi/testdata/extensions/httproute-with-extension-filter-invalid-group.out.yaml index b772bd943c9..0607032af8f 100644 --- a/internal/gatewayapi/testdata/extensions/httproute-with-extension-filter-invalid-group.out.yaml +++ b/internal/gatewayapi/testdata/extensions/httproute-with-extension-filter-invalid-group.out.yaml @@ -95,7 +95,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/extensions/httproute-with-non-matching-extension-filter.out.yaml b/internal/gatewayapi/testdata/extensions/httproute-with-non-matching-extension-filter.out.yaml index 8bab973f1e6..0a691324cda 100644 --- a/internal/gatewayapi/testdata/extensions/httproute-with-non-matching-extension-filter.out.yaml +++ b/internal/gatewayapi/testdata/extensions/httproute-with-non-matching-extension-filter.out.yaml @@ -93,7 +93,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/extensions/httproute-with-unsupported-extension-filter.out.yaml b/internal/gatewayapi/testdata/extensions/httproute-with-unsupported-extension-filter.out.yaml index 4f318617bed..2f8e19d300e 100644 --- a/internal/gatewayapi/testdata/extensions/httproute-with-unsupported-extension-filter.out.yaml +++ b/internal/gatewayapi/testdata/extensions/httproute-with-unsupported-extension-filter.out.yaml @@ -93,7 +93,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/extensions/httproute-with-valid-extension-filter.out.yaml b/internal/gatewayapi/testdata/extensions/httproute-with-valid-extension-filter.out.yaml index b468c423db5..ed697a91ad0 100644 --- a/internal/gatewayapi/testdata/extensions/httproute-with-valid-extension-filter.out.yaml +++ b/internal/gatewayapi/testdata/extensions/httproute-with-valid-extension-filter.out.yaml @@ -93,7 +93,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml index 4b5c58da3f1..7ec08cdd2c8 100644 --- a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml +++ b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml @@ -82,7 +82,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-disallowed-httproute.out.yaml b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-disallowed-httproute.out.yaml index 4d0863926db..e04a9abcc61 100644 --- a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-disallowed-httproute.out.yaml +++ b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-disallowed-httproute.out.yaml @@ -82,7 +82,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/gateway-infrastructure.out.yaml b/internal/gatewayapi/testdata/gateway-infrastructure.out.yaml index 2eac73861c6..2cca7a21513 100644 --- a/internal/gatewayapi/testdata/gateway-infrastructure.out.yaml +++ b/internal/gatewayapi/testdata/gateway-infrastructure.out.yaml @@ -95,7 +95,7 @@ infraIR: name: default/gateway-1/https ports: - containerPort: 10443 - name: https + name: https-443 protocol: HTTPS servicePort: 443 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-addresses-with-ipaddress.out.yaml b/internal/gatewayapi/testdata/gateway-with-addresses-with-ipaddress.out.yaml index 7424d6332bf..1001026c2be 100644 --- a/internal/gatewayapi/testdata/gateway-with-addresses-with-ipaddress.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-addresses-with-ipaddress.out.yaml @@ -52,7 +52,7 @@ infraIR: name: envoy-gateway/gateway-1/tcp ports: - containerPort: 10080 - name: tcp + name: tcp-80 protocol: TCP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-mismatch-port-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-mismatch-port-protocol.out.yaml index 9ad4d5f2eb1..00a01a90dfe 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-mismatch-port-protocol.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-mismatch-port-protocol.out.yaml @@ -45,7 +45,7 @@ infraIR: name: envoy-gateway/gateway-1/tcp ports: - containerPort: 10162 - name: tcp + name: tcp-162 protocol: TCP servicePort: 162 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-backends.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-backends.out.yaml index d68f758d473..d87a590cc69 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-backends.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-backends.out.yaml @@ -45,7 +45,7 @@ infraIR: name: envoy-gateway/gateway-1/tcp ports: - containerPort: 10080 - name: tcp + name: tcp-80 protocol: TCP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-rules.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-rules.out.yaml index 73accd49f5b..0298d8e8bc7 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-rules.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-rules.out.yaml @@ -45,7 +45,7 @@ infraIR: name: envoy-gateway/gateway-1/tcp ports: - containerPort: 10080 - name: tcp + name: tcp-80 protocol: TCP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml index b1f4d6530d0..a501e2a7ccd 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml @@ -89,7 +89,7 @@ infraIR: name: envoy-gateway/gateway-1/tls ports: - containerPort: 10443 - name: tls + name: https-443 protocol: HTTPS servicePort: 443 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml index 88856e37f64..bb6c6d082bb 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml @@ -119,14 +119,14 @@ infraIR: name: envoy-gateway/gateway-1/tls-passthrough ports: - containerPort: 10090 - name: tls-passthrough + name: tls-90 protocol: TLS servicePort: 90 - address: null name: envoy-gateway/gateway-1/tls-terminate ports: - containerPort: 10443 - name: tls-terminate + name: https-443 protocol: HTTPS servicePort: 443 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-mismatch-port-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-mismatch-port-protocol.out.yaml index 86546252947..ddbf1400ee6 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-mismatch-port-protocol.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-mismatch-port-protocol.out.yaml @@ -45,7 +45,7 @@ infraIR: name: envoy-gateway/gateway-1/udp ports: - containerPort: 10162 - name: udp + name: udp-162 protocol: UDP servicePort: 162 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-backends.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-backends.out.yaml index bed2cc4aa37..69ece808c6b 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-backends.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-backends.out.yaml @@ -45,7 +45,7 @@ infraIR: name: envoy-gateway/gateway-1/udp ports: - containerPort: 10080 - name: udp + name: udp-80 protocol: UDP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-rules.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-rules.out.yaml index 51b01238520..56d9c366b02 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-rules.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-rules.out.yaml @@ -45,7 +45,7 @@ infraIR: name: envoy-gateway/gateway-1/udp ports: - containerPort: 10080 - name: udp + name: udp-80 protocol: UDP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-tcproute.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-tcproute.out.yaml index 74e11eb415a..dd31bd501ea 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-tcproute.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-tcproute.out.yaml @@ -45,7 +45,7 @@ infraIR: name: envoy-gateway/gateway-1/tcp ports: - containerPort: 10080 - name: tcp + name: tcp-80 protocol: TCP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-udproute.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-udproute.out.yaml index cee2e52e84e..27d949d622e 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-udproute.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-udproute.out.yaml @@ -45,7 +45,7 @@ infraIR: name: envoy-gateway/gateway-1/udp ports: - containerPort: 10080 - name: udp + name: udp-80 protocol: UDP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml index 6d6ac8724c6..e197d01d60b 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml @@ -91,7 +91,7 @@ infraIR: name: envoy-gateway/gateway-1/tls ports: - containerPort: 10443 - name: tls + name: https-443 protocol: HTTPS servicePort: 443 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml index a4499bc066e..e9534d5bd7b 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml @@ -91,7 +91,7 @@ infraIR: name: envoy-gateway/gateway-1/tls ports: - containerPort: 10443 - name: tls + name: https-443 protocol: HTTPS servicePort: 443 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml index 9380a03ce6c..cdc613c4a9a 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml @@ -88,7 +88,7 @@ infraIR: name: envoy-gateway/gateway-1/tls ports: - containerPort: 10443 - name: tls + name: https-443 protocol: HTTPS servicePort: 443 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-preexisting-status-condition.out.yaml b/internal/gatewayapi/testdata/gateway-with-preexisting-status-condition.out.yaml index d2dce6e0af7..aefd53705de 100644 --- a/internal/gatewayapi/testdata/gateway-with-preexisting-status-condition.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-preexisting-status-condition.out.yaml @@ -82,7 +82,7 @@ infraIR: name: default/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-tcproutes.out.yaml b/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-tcproutes.out.yaml index f332997f2c5..0bd36bdaac1 100644 --- a/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-tcproutes.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-tcproutes.out.yaml @@ -45,7 +45,7 @@ infraIR: name: envoy-gateway/gateway-1/tcp ports: - containerPort: 10162 - name: tcp + name: tcp-162 protocol: TCP servicePort: 162 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-udproutes.out.yaml b/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-udproutes.out.yaml index 708916becce..22e840d232a 100644 --- a/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-udproutes.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-udproutes.out.yaml @@ -45,7 +45,7 @@ infraIR: name: envoy-gateway/gateway-1/udp ports: - containerPort: 10162 - name: udp + name: udp-162 protocol: UDP servicePort: 162 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml b/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml index 05ae433a1a5..acb517c5b82 100644 --- a/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml @@ -88,7 +88,7 @@ infraIR: name: default/gateway-1/https ports: - containerPort: 10443 - name: https + name: https-443 protocol: HTTPS servicePort: 443 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-tcp-or-tls-port.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-tcp-or-tls-port.out.yaml index 532e03227db..0e65142eb85 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-tcp-or-tls-port.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-tcp-or-tls-port.out.yaml @@ -74,7 +74,7 @@ infraIR: name: envoy-gateway/gateway-1/tcp1 ports: - containerPort: 10162 - name: tcp1 + name: tcp-162 protocol: TCP servicePort: 162 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-udp-port.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-udp-port.out.yaml index 64b52d04f8e..68f755e99ab 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-udp-port.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-udp-port.out.yaml @@ -72,7 +72,7 @@ infraIR: name: envoy-gateway/gateway-1/udp1 ports: - containerPort: 10162 - name: udp1 + name: udp-162 protocol: UDP servicePort: 162 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-multiple-httproutes.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-multiple-httproutes.out.yaml index 267296982ad..e43457681d5 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-multiple-httproutes.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-multiple-httproutes.out.yaml @@ -147,14 +147,14 @@ infraIR: name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10080 - name: http-1 + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway-1/http-2 ports: - containerPort: 10081 - name: http-2 + name: http-81 protocol: HTTP servicePort: 81 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-tcp-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-tcp-protocol.out.yaml index 61119e9b76a..0233225bb98 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-tcp-protocol.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-tcp-protocol.out.yaml @@ -110,14 +110,14 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway-1/tcp ports: - containerPort: 10080 - name: tcp + name: tcp-80 protocol: TCP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-udp-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-udp-protocol.out.yaml index fb19c1102f6..7ac4c4e14b3 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-udp-protocol.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-udp-protocol.out.yaml @@ -110,14 +110,14 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway-1/udp ports: - containerPort: 10080 - name: udp + name: udp-80 protocol: UDP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-with-sectionname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-with-sectionname.out.yaml index 246d53aa32f..bf49b0dafaa 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-with-sectionname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-with-sectionname.out.yaml @@ -72,14 +72,14 @@ infraIR: name: envoy-gateway/gateway-1/tcp1 ports: - containerPort: 10162 - name: tcp1 + name: tcp-162 protocol: TCP servicePort: 162 - address: null name: envoy-gateway/gateway-1/tcp2 ports: - containerPort: 10163 - name: tcp2 + name: tcp-163 protocol: TCP servicePort: 163 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-without-sectionname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-without-sectionname.out.yaml index 1ee22061b3d..733f4e76b16 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-without-sectionname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-without-sectionname.out.yaml @@ -72,14 +72,14 @@ infraIR: name: envoy-gateway/gateway-1/tcp1 ports: - containerPort: 10161 - name: tcp1 + name: tcp-161 protocol: TCP servicePort: 161 - address: null name: envoy-gateway/gateway-1/tcp2 ports: - containerPort: 10162 - name: tcp2 + name: tcp-162 protocol: TCP servicePort: 162 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-with-sectionname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-with-sectionname.out.yaml index b9a54af4594..418f7a0ad4e 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-with-sectionname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-with-sectionname.out.yaml @@ -72,14 +72,14 @@ infraIR: name: envoy-gateway/gateway-1/udp1 ports: - containerPort: 10162 - name: udp1 + name: udp-162 protocol: UDP servicePort: 162 - address: null name: envoy-gateway/gateway-1/udp2 ports: - containerPort: 10163 - name: udp2 + name: udp-163 protocol: UDP servicePort: 163 metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-without-sectionname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-without-sectionname.out.yaml index 12fe93bd326..17b9d4e2253 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-without-sectionname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-without-sectionname.out.yaml @@ -72,14 +72,14 @@ infraIR: name: envoy-gateway/gateway-1/udp1 ports: - containerPort: 10161 - name: udp1 + name: udp-161 protocol: UDP servicePort: 161 - address: null name: envoy-gateway/gateway-1/udp2 ports: - containerPort: 10162 - name: udp2 + name: udp-162 protocol: UDP servicePort: 162 metadata: diff --git a/internal/gatewayapi/testdata/grpcroute-with-empty-backends.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-empty-backends.out.yaml index 57d5ad03bf5..23d899faad6 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-empty-backends.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-empty-backends.out.yaml @@ -82,7 +82,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/grpcroute-with-header-match.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-header-match.out.yaml index d2abc957458..2c5ecc13bf0 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-header-match.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-header-match.out.yaml @@ -86,7 +86,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/grpcroute-with-method-and-service-match.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-method-and-service-match.out.yaml index 45acfd7e614..eb7ce849a96 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-method-and-service-match.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-method-and-service-match.out.yaml @@ -90,7 +90,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/grpcroute-with-method-match.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-method-match.out.yaml index 67ed17a35f4..82a2584d195 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-method-match.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-method-match.out.yaml @@ -88,7 +88,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml index 76f8148dce5..ad5e96b684b 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml @@ -87,7 +87,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/grpcroute-with-service-match.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-service-match.out.yaml index ca598b9d046..aa2ef46b259 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-service-match.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-service-match.out.yaml @@ -88,7 +88,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-and-backendtrafficpolicy-with-timeout-error.out.yaml b/internal/gatewayapi/testdata/httproute-and-backendtrafficpolicy-with-timeout-error.out.yaml index 001de5ea84e..88becd8a82a 100644 --- a/internal/gatewayapi/testdata/httproute-and-backendtrafficpolicy-with-timeout-error.out.yaml +++ b/internal/gatewayapi/testdata/httproute-and-backendtrafficpolicy-with-timeout-error.out.yaml @@ -121,7 +121,7 @@ infraIR: name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-and-backendtrafficpolicy-with-timeout.out.yaml b/internal/gatewayapi/testdata/httproute-and-backendtrafficpolicy-with-timeout.out.yaml index 5ca518d493d..6ece1834d62 100644 --- a/internal/gatewayapi/testdata/httproute-and-backendtrafficpolicy-with-timeout.out.yaml +++ b/internal/gatewayapi/testdata/httproute-and-backendtrafficpolicy-with-timeout.out.yaml @@ -227,7 +227,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: @@ -242,7 +242,7 @@ infraIR: name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-different-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-different-listeners.out.yaml index 9d0c0d570c9..197503b51c5 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-different-listeners.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-different-listeners.out.yaml @@ -293,56 +293,56 @@ infraIR: name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10081 - name: http-1 + name: http-81 protocol: HTTP servicePort: 81 - address: null name: envoy-gateway/gateway-1/http-2 ports: - containerPort: 10082 - name: http-2 + name: http-82 protocol: HTTP servicePort: 82 - address: null name: envoy-gateway/gateway-1/http-3 ports: - containerPort: 10083 - name: http-3 + name: http-83 protocol: HTTP servicePort: 83 - address: null name: envoy-gateway/gateway-1/http-4 ports: - containerPort: 10084 - name: http-4 + name: http-84 protocol: HTTP servicePort: 84 - address: null name: envoy-gateway/gateway-1/http-5 ports: - containerPort: 10085 - name: http-5 + name: http-85 protocol: HTTP servicePort: 85 - address: null name: envoy-gateway/gateway-1/http-6 ports: - containerPort: 10086 - name: http-6 + name: http-86 protocol: HTTP servicePort: 86 - address: null name: envoy-gateway/gateway-1/http-7 ports: - containerPort: 10087 - name: http-7 + name: http-87 protocol: HTTP servicePort: 87 - address: null name: envoy-gateway/gateway-1/http-8 ports: - containerPort: 10088 - name: http-8 + name: http-88 protocol: HTTP servicePort: 88 metadata: diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-listeners.out.yaml index 90041233336..1c238cdf039 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-listeners.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-listeners.out.yaml @@ -293,7 +293,7 @@ infraIR: name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10080 - name: http-1 + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml index 2fd05635ddf..e16ff66b0ea 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml @@ -117,14 +117,14 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway-1/tls ports: - containerPort: 10443 - name: tls + name: https-443 protocol: HTTPS servicePort: 443 metadata: diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml index cda246ecc6c..1d39beaf5e7 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml @@ -113,7 +113,7 @@ infraIR: name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10080 - name: http-1 + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml index 39834ebc86e..352a6da41a5 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml @@ -82,7 +82,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-matching-port.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-matching-port.out.yaml index 813d9250277..6ddbd88af2a 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-matching-port.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-matching-port.out.yaml @@ -86,7 +86,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml index bbc2f85502a..3e2ef78a015 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml @@ -115,7 +115,7 @@ infraIR: name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10080 - name: http-1 + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-diff-address-type.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-diff-address-type.out.yaml index 967713517a0..e2a3401c217 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-diff-address-type.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-diff-address-type.out.yaml @@ -90,7 +90,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-same-address-type.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-same-address-type.out.yaml index 2a60e150ec6..a1e080d6482 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-same-address-type.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-same-address-type.out.yaml @@ -90,7 +90,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-fqdn-address-type.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-fqdn-address-type.out.yaml index 369959e0c7d..134162f6b5c 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-fqdn-address-type.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-fqdn-address-type.out.yaml @@ -86,7 +86,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-mixed-address-type.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-mixed-address-type.out.yaml index cd98ee93cc8..8a3c4a0587a 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-mixed-address-type.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-mixed-address-type.out.yaml @@ -86,7 +86,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref.out.yaml index 8ffa5793822..c1bb62b6797 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref.out.yaml @@ -86,7 +86,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml index 55c1ac1b83d..0d0d1755ef4 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml @@ -84,7 +84,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-backend-request-timeout.out.yaml b/internal/gatewayapi/testdata/httproute-backend-request-timeout.out.yaml index e448a02bf2d..f56835ccb2e 100644 --- a/internal/gatewayapi/testdata/httproute-backend-request-timeout.out.yaml +++ b/internal/gatewayapi/testdata/httproute-backend-request-timeout.out.yaml @@ -86,7 +86,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-not-attaching-to-listener-non-matching-port.out.yaml b/internal/gatewayapi/testdata/httproute-not-attaching-to-listener-non-matching-port.out.yaml index 783b3be7b30..e7474693b36 100644 --- a/internal/gatewayapi/testdata/httproute-not-attaching-to-listener-non-matching-port.out.yaml +++ b/internal/gatewayapi/testdata/httproute-not-attaching-to-listener-non-matching-port.out.yaml @@ -85,7 +85,7 @@ infraIR: name: envoy-gateway/gateway-1/http-1 ports: - containerPort: 10080 - name: http-1 + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-request-timeout.out.yaml b/internal/gatewayapi/testdata/httproute-request-timeout.out.yaml index ec80e30e1e8..3d3f73076ee 100644 --- a/internal/gatewayapi/testdata/httproute-request-timeout.out.yaml +++ b/internal/gatewayapi/testdata/httproute-request-timeout.out.yaml @@ -86,7 +86,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-rule-with-empty-backends-and-no-filters.out.yaml b/internal/gatewayapi/testdata/httproute-rule-with-empty-backends-and-no-filters.out.yaml index d49bb265d46..6a99fbe90e3 100644 --- a/internal/gatewayapi/testdata/httproute-rule-with-empty-backends-and-no-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-rule-with-empty-backends-and-no-filters.out.yaml @@ -79,7 +79,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml index 048b705766e..8a8b799c552 100644 --- a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml +++ b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml @@ -86,7 +86,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml index 53038b2348b..b962d108c8b 100644 --- a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml +++ b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml @@ -92,7 +92,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml index b827af53150..a170bf0e21f 100644 --- a/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml @@ -84,7 +84,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-backendref-serviceimport-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/httproute-with-backendref-serviceimport-in-other-namespace-allowed-by-refgrant.out.yaml index 485d59bcde1..2501f9d8c20 100644 --- a/internal/gatewayapi/testdata/httproute-with-backendref-serviceimport-in-other-namespace-allowed-by-refgrant.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-backendref-serviceimport-in-other-namespace-allowed-by-refgrant.out.yaml @@ -86,7 +86,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-empty-matches.out.yaml b/internal/gatewayapi/testdata/httproute-with-empty-matches.out.yaml index 5ef60eccf6a..d345186e64c 100644 --- a/internal/gatewayapi/testdata/httproute-with-empty-matches.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-empty-matches.out.yaml @@ -81,7 +81,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml index 9d439afa3c6..d1b3c41b858 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml @@ -102,7 +102,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml index 7d69c437116..ec57fd25d09 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml @@ -112,7 +112,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml index f8a325b46ee..c290d1a96c5 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml @@ -98,7 +98,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml index 53c939f2b0d..d6d97d8e7d4 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml @@ -93,7 +93,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml index b5193139bbe..c74c9294dab 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml @@ -96,7 +96,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-headers.out.yaml index c95a7df7e41..5065aa523df 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-headers.out.yaml @@ -98,7 +98,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-invalid-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-invalid-headers.out.yaml index 949dce73540..93f152ffea8 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-invalid-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-invalid-headers.out.yaml @@ -99,7 +99,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml index c3ab6b9f021..d06a9820f7a 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml @@ -90,7 +90,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-no-valid-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-no-valid-headers.out.yaml index 6102adbb08e..3329848de05 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-no-valid-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-no-valid-headers.out.yaml @@ -94,7 +94,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml index 3ac50c40bac..f0e08c90108 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml @@ -94,7 +94,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-bad-port.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-bad-port.out.yaml index 9c3bab389cf..d976cb93f38 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-bad-port.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-bad-port.out.yaml @@ -83,7 +83,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-group.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-group.out.yaml index 5f78538385f..fe064903ada 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-group.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-group.out.yaml @@ -87,7 +87,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-kind.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-kind.out.yaml index b38425e7563..bee00784ac7 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-kind.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-kind.out.yaml @@ -84,7 +84,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-port.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-port.out.yaml index 6668252cdbc..417f53c7dfb 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-port.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-port.out.yaml @@ -83,7 +83,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.import.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.import.out.yaml index da0bce317d6..a6c22425e84 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.import.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.import.out.yaml @@ -85,7 +85,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.out.yaml index ddaccd43a10..2bf53591ed3 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.out.yaml @@ -83,7 +83,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-unsupported-filter.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-unsupported-filter.out.yaml index f916d303053..26c803f9d91 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-unsupported-filter.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-unsupported-filter.out.yaml @@ -89,7 +89,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backendref-in-other-namespace.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backendref-in-other-namespace.out.yaml index 8d622b36680..cc0cc881a87 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backendref-in-other-namespace.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backendref-in-other-namespace.out.yaml @@ -84,7 +84,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-regex.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-regex.out.yaml index 8e676db62f1..a8e06b4fa54 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-regex.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-regex.out.yaml @@ -119,7 +119,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: @@ -134,7 +134,7 @@ infraIR: name: envoy-gateway/gateway-2/http ports: - containerPort: 10081 - name: http + name: http-81 protocol: HTTP servicePort: 81 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-duplicates.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-duplicates.out.yaml index 431a85a1dca..8ed5fe11eff 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-duplicates.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-duplicates.out.yaml @@ -100,7 +100,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml index 8588726a36e..425bebf34b3 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml @@ -112,7 +112,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-no-port.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-no-port.out.yaml index a5b71817a08..60b599dcdd7 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-no-port.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-no-port.out.yaml @@ -94,7 +94,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-not-found.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-not-found.out.yaml index a9fb238b04f..724d00e1ecc 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-not-found.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-not-found.out.yaml @@ -94,7 +94,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter.out.yaml index d324d246514..d98e16bd4d3 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter.out.yaml @@ -94,7 +94,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-non-matching-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-non-matching-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml index 293b36390b1..ebe71a52556 100644 --- a/internal/gatewayapi/testdata/httproute-with-non-matching-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-non-matching-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml @@ -86,7 +86,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml index 95a7cbdc1d4..c1f9030ef3c 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml @@ -92,7 +92,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml index 77254975bde..0cc17703e29 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml @@ -90,7 +90,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-filter-type.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-filter-type.out.yaml index 2491b007b73..a7a57501a4e 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-filter-type.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-filter-type.out.yaml @@ -93,7 +93,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-scheme.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-scheme.out.yaml index 96974409276..c408f51ffb5 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-scheme.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-scheme.out.yaml @@ -90,7 +90,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-status.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-status.out.yaml index e330972e2a8..99c291b14ae 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-status.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-status.out.yaml @@ -89,7 +89,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-prefix-replace-with-port-http.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-prefix-replace-with-port-http.out.yaml index 961afbb26f1..bb9d2644130 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-prefix-replace-with-port-http.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-prefix-replace-with-port-http.out.yaml @@ -93,7 +93,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml index 43c7a116b4b..b3625b41e1a 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml @@ -108,7 +108,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml index 4fba4eb7b99..05f34deb133 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml @@ -102,7 +102,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml index 61441d6a1d6..6c95d3dbc5f 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml @@ -112,7 +112,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-remove-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-remove-multiple-filters.out.yaml index 4f58c01222d..3183508ec02 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-remove-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-remove-multiple-filters.out.yaml @@ -98,7 +98,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-removes.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-removes.out.yaml index 0cd94a754a4..e20ab6f52fc 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-removes.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-removes.out.yaml @@ -93,7 +93,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml index b7f3e26ef42..4de5380a305 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml @@ -96,7 +96,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-headers.out.yaml index 50fe9f29aed..c0a449536bd 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-headers.out.yaml @@ -98,7 +98,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-invalid-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-invalid-headers.out.yaml index bb974df71b8..14f957bb880 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-invalid-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-invalid-headers.out.yaml @@ -99,7 +99,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-headers.out.yaml index 48c3b5f8f5b..41667e93380 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-headers.out.yaml @@ -90,7 +90,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-valid-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-valid-headers.out.yaml index e3c8a6dbec0..2ee89577ab9 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-valid-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-valid-headers.out.yaml @@ -94,7 +94,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-remove.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-remove.out.yaml index 1ea53e4797d..4e06010a1a2 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-remove.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-remove.out.yaml @@ -94,7 +94,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml index 0b9bc1037ec..9f7d91d4ec7 100644 --- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml @@ -83,7 +83,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-http-method-match.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-http-method-match.out.yaml index 291e21eebcc..55059d9d6ee 100644 --- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-http-method-match.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-http-method-match.out.yaml @@ -81,7 +81,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-multiple-rules.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-multiple-rules.out.yaml index 6cdc1ed6c56..7cae3475b67 100644 --- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-multiple-rules.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-multiple-rules.out.yaml @@ -109,7 +109,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml index b16e4cfe932..f48725ca3ce 100644 --- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml @@ -87,7 +87,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-some-invalid-backend-refs-no-service.out.yaml b/internal/gatewayapi/testdata/httproute-with-some-invalid-backend-refs-no-service.out.yaml index ad7e977d4a8..da444284df0 100644 --- a/internal/gatewayapi/testdata/httproute-with-some-invalid-backend-refs-no-service.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-some-invalid-backend-refs-no-service.out.yaml @@ -87,7 +87,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml index 2beec1c17f5..f2aab324c92 100644 --- a/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml @@ -85,7 +85,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml index a2a913ec417..f07df0591d4 100644 --- a/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml @@ -86,7 +86,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-full-path-replace-http.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-full-path-replace-http.out.yaml index 8b2138f2100..e2cbea3dd90 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-full-path-replace-http.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-full-path-replace-http.out.yaml @@ -93,7 +93,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname-prefix-replace.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname-prefix-replace.out.yaml index 9ea570c292b..2b59d98a5b1 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname-prefix-replace.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname-prefix-replace.out.yaml @@ -94,7 +94,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname.out.yaml index bf682e88b35..6a2571e0e26 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname.out.yaml @@ -91,7 +91,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-filter-type.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-filter-type.out.yaml index b85ff6e2db3..79131ac54f1 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-filter-type.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-filter-type.out.yaml @@ -91,7 +91,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-hostname.out.yaml index 448b7518fc0..21596a52d42 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-hostname.out.yaml @@ -97,7 +97,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-multiple-filters.out.yaml index cac49f264af..7f25b160719 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-multiple-filters.out.yaml @@ -99,7 +99,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path-type.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path-type.out.yaml index a8e83b7761e..6429820c1a3 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path-type.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path-type.out.yaml @@ -95,7 +95,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path.out.yaml index 9633fa077b5..0cf9358e1ac 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path.out.yaml @@ -94,7 +94,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-missing-path.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-missing-path.out.yaml index 7ff23ecae5d..8d3cb231dd9 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-missing-path.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-missing-path.out.yaml @@ -92,7 +92,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-prefix-replace-http.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-prefix-replace-http.out.yaml index bc23aabd4d7..44067c28c56 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-prefix-replace-http.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-prefix-replace-http.out.yaml @@ -93,7 +93,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproute-with-wildcard-hostname-attaching-to-gateway-with-unset-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-wildcard-hostname-attaching-to-gateway-with-unset-hostname.out.yaml index 8d436c384cb..0353ec71963 100644 --- a/internal/gatewayapi/testdata/httproute-with-wildcard-hostname-attaching-to-gateway-with-unset-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-wildcard-hostname-attaching-to-gateway-with-unset-hostname.out.yaml @@ -84,7 +84,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/httproutes-with-multiple-matches.out.yaml b/internal/gatewayapi/testdata/httproutes-with-multiple-matches.out.yaml index 325c79da51d..58921ad7474 100644 --- a/internal/gatewayapi/testdata/httproutes-with-multiple-matches.out.yaml +++ b/internal/gatewayapi/testdata/httproutes-with-multiple-matches.out.yaml @@ -269,7 +269,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.out.yaml b/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.out.yaml index 8e65705fc44..c37bd4038e5 100644 --- a/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.out.yaml +++ b/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.out.yaml @@ -116,14 +116,14 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: envoy-gateway/gateway-1/http + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway-2/udp ports: - containerPort: 10080 - name: envoy-gateway/gateway-2/udp + name: udp-80 protocol: UDP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-listeners-same-ports.out.yaml b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-listeners-same-ports.out.yaml index 94ab094ec2e..085d78dd41c 100755 --- a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-listeners-same-ports.out.yaml +++ b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-listeners-same-ports.out.yaml @@ -152,14 +152,14 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: envoy-gateway/gateway-1/http + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway-1/http-2 ports: - containerPort: 8888 - name: envoy-gateway/gateway-1/http-2 + name: http-8888 protocol: HTTP servicePort: 8888 metadata: diff --git a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.out.yaml b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.out.yaml index 073d47f8cfc..e02cf0852f4 100644 --- a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.out.yaml +++ b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.out.yaml @@ -203,14 +203,14 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: envoy-gateway/gateway-1/http + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway-2/http-2 ports: - containerPort: 8888 - name: envoy-gateway/gateway-2/http-2 + name: http-8888 protocol: HTTP servicePort: 8888 metadata: diff --git a/internal/gatewayapi/testdata/merge-valid-multiple-gateways.out.yaml b/internal/gatewayapi/testdata/merge-valid-multiple-gateways.out.yaml index 1346f408115..e91403b3cf4 100644 --- a/internal/gatewayapi/testdata/merge-valid-multiple-gateways.out.yaml +++ b/internal/gatewayapi/testdata/merge-valid-multiple-gateways.out.yaml @@ -125,14 +125,14 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: envoy-gateway/gateway-1/http + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway-2/http-2 ports: - containerPort: 8888 - name: envoy-gateway/gateway-2/http-2 + name: http-8888 protocol: HTTP servicePort: 8888 metadata: diff --git a/internal/gatewayapi/testdata/merge-with-isolated-policies-2.out.yaml b/internal/gatewayapi/testdata/merge-with-isolated-policies-2.out.yaml index 20515adf5c2..f8797d895ca 100755 --- a/internal/gatewayapi/testdata/merge-with-isolated-policies-2.out.yaml +++ b/internal/gatewayapi/testdata/merge-with-isolated-policies-2.out.yaml @@ -406,14 +406,14 @@ infraIR: name: default/gateway-1/http ports: - containerPort: 10080 - name: default/gateway-1/http + name: http-80 protocol: HTTP servicePort: 80 - address: null name: default/gateway-2/http ports: - containerPort: 10081 - name: default/gateway-2/http + name: http-81 protocol: HTTP servicePort: 81 metadata: diff --git a/internal/gatewayapi/testdata/merge-with-isolated-policies.out.yaml b/internal/gatewayapi/testdata/merge-with-isolated-policies.out.yaml index fd669713ef0..8eb08db7bfd 100644 --- a/internal/gatewayapi/testdata/merge-with-isolated-policies.out.yaml +++ b/internal/gatewayapi/testdata/merge-with-isolated-policies.out.yaml @@ -236,14 +236,14 @@ infraIR: name: default/gateway-1/http ports: - containerPort: 10080 - name: default/gateway-1/http + name: http-80 protocol: HTTP servicePort: 80 - address: null name: default/gateway-2/http-2 ports: - containerPort: 8888 - name: default/gateway-2/http-2 + name: http-8888 protocol: HTTP servicePort: 8888 metadata: diff --git a/internal/gatewayapi/testdata/securitypolicy-invalid-cross-ns-ref.out.yaml b/internal/gatewayapi/testdata/securitypolicy-invalid-cross-ns-ref.out.yaml index 3bb9ae1338d..fd0c493464e 100755 --- a/internal/gatewayapi/testdata/securitypolicy-invalid-cross-ns-ref.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-invalid-cross-ns-ref.out.yaml @@ -47,7 +47,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/securitypolicy-override-replace.out.yaml b/internal/gatewayapi/testdata/securitypolicy-override-replace.out.yaml index 303fd72292f..f7c7b74db9c 100755 --- a/internal/gatewayapi/testdata/securitypolicy-override-replace.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-override-replace.out.yaml @@ -124,7 +124,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/securitypolicy-status-conditions.out.yaml b/internal/gatewayapi/testdata/securitypolicy-status-conditions.out.yaml index 44100b06203..026f00b4317 100755 --- a/internal/gatewayapi/testdata/securitypolicy-status-conditions.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-status-conditions.out.yaml @@ -210,7 +210,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: @@ -225,14 +225,14 @@ infraIR: name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 - address: null name: envoy-gateway/gateway-2/tcp ports: - containerPort: 10053 - name: tcp + name: tcp-53 protocol: TCP servicePort: 53 metadata: diff --git a/internal/gatewayapi/testdata/securitypolicy-with-basic-auth.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-basic-auth.out.yaml index ebaf4a53218..cc05125f7ee 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-basic-auth.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-basic-auth.out.yaml @@ -130,7 +130,7 @@ infraIR: name: default/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml index d7d1f9b209d..1d11e3a4cda 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml @@ -238,7 +238,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: @@ -253,7 +253,7 @@ infraIR: name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: @@ -268,7 +268,7 @@ infraIR: name: envoy-gateway/gateway-3/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-matching-port.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-matching-port.out.yaml index b2102a0db78..d23b2a7d8f7 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-matching-port.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-matching-port.out.yaml @@ -86,7 +86,7 @@ infraIR: name: default/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-port.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-port.out.yaml index bcb049d8fa2..fb8d90097a0 100755 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-port.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-port.out.yaml @@ -86,7 +86,7 @@ infraIR: name: default/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-reference-grant.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-reference-grant.out.yaml index 46a0d7dc20c..5d31bd10a9b 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-reference-grant.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-reference-grant.out.yaml @@ -86,7 +86,7 @@ infraIR: name: default/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-service.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-service.out.yaml index e83e1a419a2..da185ff74a0 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-service.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-service.out.yaml @@ -86,7 +86,7 @@ infraIR: name: default/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-with-backendtlspolicy.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-with-backendtlspolicy.out.yaml index 6116c4c30c7..a30a343eaee 100755 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-with-backendtlspolicy.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-with-backendtlspolicy.out.yaml @@ -190,7 +190,7 @@ infraIR: name: default/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth.out.yaml index 0b65a634a56..4628a35cc11 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth.out.yaml @@ -130,7 +130,7 @@ infraIR: name: default/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/securitypolicy-with-jwt-and-invalid-oidc.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-jwt-and-invalid-oidc.out.yaml index 64e1e0d210a..b4e2932f294 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-jwt-and-invalid-oidc.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-jwt-and-invalid-oidc.out.yaml @@ -124,7 +124,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/securitypolicy-with-jwt-with-custom-extractor.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-jwt-with-custom-extractor.out.yaml index 4570b796638..73a2e8e33a0 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-jwt-with-custom-extractor.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-jwt-with-custom-extractor.out.yaml @@ -160,7 +160,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: @@ -175,7 +175,7 @@ infraIR: name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/securitypolicy-with-jwt.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-jwt.out.yaml index 2da32b26f8e..d2bb96f0d8d 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-jwt.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-jwt.out.yaml @@ -160,7 +160,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: @@ -175,7 +175,7 @@ infraIR: name: envoy-gateway/gateway-2/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/securitypolicy-with-oidc-invalid-issuer.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-oidc-invalid-issuer.out.yaml index bc8e64eeeda..d2a6d6afab3 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-oidc-invalid-issuer.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-oidc-invalid-issuer.out.yaml @@ -47,7 +47,7 @@ infraIR: name: default/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/securitypolicy-with-oidc-invalid-secretref.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-oidc-invalid-secretref.out.yaml index 34c9a927508..2ea3ac2420d 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-oidc-invalid-secretref.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-oidc-invalid-secretref.out.yaml @@ -127,7 +127,7 @@ infraIR: name: default/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: @@ -142,7 +142,7 @@ infraIR: name: default/gateway-2/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: @@ -157,7 +157,7 @@ infraIR: name: default/gateway-3/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/securitypolicy-with-oidc.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-oidc.out.yaml index 15f0189dec3..2015f492d63 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-oidc.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-oidc.out.yaml @@ -124,7 +124,7 @@ infraIR: name: envoy-gateway/gateway-1/http ports: - containerPort: 10080 - name: http + name: http-80 protocol: HTTP servicePort: 80 metadata: diff --git a/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml b/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml index b4ac4a13faa..44fe206db9b 100644 --- a/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml +++ b/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml @@ -51,7 +51,7 @@ infraIR: name: envoy-gateway/gateway-1/tls ports: - containerPort: 10090 - name: tls + name: tls-90 protocol: TLS servicePort: 90 metadata: diff --git a/internal/gatewayapi/testdata/tlsroute-attaching-to-gateway.out.yaml b/internal/gatewayapi/testdata/tlsroute-attaching-to-gateway.out.yaml index c5156d74c40..7438edad63a 100644 --- a/internal/gatewayapi/testdata/tlsroute-attaching-to-gateway.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-attaching-to-gateway.out.yaml @@ -48,7 +48,7 @@ infraIR: name: envoy-gateway/gateway-1/tls ports: - containerPort: 10090 - name: tls + name: tls-90 protocol: TLS servicePort: 90 metadata: diff --git a/internal/gatewayapi/testdata/tlsroute-multiple.out.yaml b/internal/gatewayapi/testdata/tlsroute-multiple.out.yaml index ada467afc07..4b53cc38e3c 100644 --- a/internal/gatewayapi/testdata/tlsroute-multiple.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-multiple.out.yaml @@ -47,7 +47,7 @@ infraIR: name: envoy-gateway/gateway-1/tls ports: - containerPort: 10091 - name: tls + name: tls-91 protocol: TLS servicePort: 91 metadata: diff --git a/internal/gatewayapi/testdata/tlsroute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/tlsroute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml index c4a9bb0ee13..f7839533321 100644 --- a/internal/gatewayapi/testdata/tlsroute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml @@ -48,7 +48,7 @@ infraIR: name: envoy-gateway/gateway-1/tls ports: - containerPort: 10090 - name: tls + name: tls-90 protocol: TLS servicePort: 90 metadata: diff --git a/internal/gatewayapi/testdata/tlsroute-with-empty-hostname.out.yaml b/internal/gatewayapi/testdata/tlsroute-with-empty-hostname.out.yaml index 8b6843bf49a..7444d808de3 100644 --- a/internal/gatewayapi/testdata/tlsroute-with-empty-hostname.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-with-empty-hostname.out.yaml @@ -47,7 +47,7 @@ infraIR: name: envoy-gateway/gateway-1/tls ports: - containerPort: 10091 - name: tls + name: tls-91 protocol: TLS servicePort: 91 metadata: diff --git a/internal/gatewayapi/testdata/tlsroute-with-empty-listener-hostname.out.yaml b/internal/gatewayapi/testdata/tlsroute-with-empty-listener-hostname.out.yaml index 493fbf296d4..1a45b65bb80 100644 --- a/internal/gatewayapi/testdata/tlsroute-with-empty-listener-hostname.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-with-empty-listener-hostname.out.yaml @@ -47,7 +47,7 @@ infraIR: name: envoy-gateway/gateway-1/tls ports: - containerPort: 10091 - name: tls + name: tls-91 protocol: TLS servicePort: 91 metadata: diff --git a/internal/infrastructure/kubernetes/proxy/resource.go b/internal/infrastructure/kubernetes/proxy/resource.go index 0e5f40191da..5b8e1501b80 100644 --- a/internal/infrastructure/kubernetes/proxy/resource.go +++ b/internal/infrastructure/kubernetes/proxy/resource.go @@ -119,8 +119,7 @@ func expectedProxyContainers(infra *ir.ProxyInfra, return nil, fmt.Errorf("invalid protocol %q", p.Protocol) } port := corev1.ContainerPort{ - // hashed container port name including up to the 6 characters of the port name and the maximum of 15 characters. - Name: utils.GetHashedName(p.Name, 6), + Name: p.Name, ContainerPort: p.ContainerPort, Protocol: protocol, } diff --git a/internal/infrastructure/kubernetes/proxy/resource_provider.go b/internal/infrastructure/kubernetes/proxy/resource_provider.go index 2a11f7317d3..92833a4eecb 100644 --- a/internal/infrastructure/kubernetes/proxy/resource_provider.go +++ b/internal/infrastructure/kubernetes/proxy/resource_provider.go @@ -76,7 +76,7 @@ func (r *ResourceRender) Service() (*corev1.Service, error) { } p := corev1.ServicePort{ - Name: ExpectedResourceHashedName(port.Name), + Name: port.Name, Protocol: protocol, Port: port.ServicePort, TargetPort: target, @@ -86,7 +86,7 @@ func (r *ResourceRender) Service() (*corev1.Service, error) { if port.Protocol == ir.HTTPSProtocolType { if listener.HTTP3 != nil { p := corev1.ServicePort{ - Name: ExpectedResourceHashedName(port.Name + "-h3"), + Name: port.Name + "-h3", Protocol: corev1.ProtocolUDP, Port: port.ServicePort, TargetPort: target, diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml index e40e9f75a6d..25ead478c0d 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml @@ -68,10 +68,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyH-d76a15e2 + name: EnvoyHTTPPort protocol: TCP - containerPort: 8443 - name: EnvoyH-6658f727 + name: EnvoyHTTPSPort protocol: TCP - containerPort: 19001 name: metrics diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml index eaaa4fe3070..79f39763a5c 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml @@ -69,10 +69,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyH-d76a15e2 + name: EnvoyHTTPPort protocol: TCP - containerPort: 8443 - name: EnvoyH-6658f727 + name: EnvoyHTTPSPort protocol: TCP - containerPort: 19001 name: metrics diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml index a2b36699624..be6b2d5d225 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml @@ -216,10 +216,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyH-d76a15e2 + name: EnvoyHTTPPort protocol: TCP - containerPort: 8443 - name: EnvoyH-6658f727 + name: EnvoyHTTPSPort protocol: TCP - containerPort: 19001 name: metrics diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml index 2a179f2e7b4..d340fce372d 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml @@ -216,10 +216,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyH-d76a15e2 + name: EnvoyHTTPPort protocol: TCP - containerPort: 8443 - name: EnvoyH-6658f727 + name: EnvoyHTTPSPort protocol: TCP - containerPort: 19001 name: metrics diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml index c255d72fee5..ea0fa6907a0 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml @@ -214,10 +214,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyH-d76a15e2 + name: EnvoyHTTPPort protocol: TCP - containerPort: 8443 - name: EnvoyH-6658f727 + name: EnvoyHTTPSPort protocol: TCP - containerPort: 19001 name: metrics diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml index 68730b25dca..3fd0948f2ee 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml @@ -198,10 +198,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyH-d76a15e2 + name: EnvoyHTTPPort protocol: TCP - containerPort: 8443 - name: EnvoyH-6658f727 + name: EnvoyHTTPSPort protocol: TCP - containerPort: 19001 name: metrics diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml index a048b3247b6..14342f83286 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml @@ -172,10 +172,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyH-d76a15e2 + name: EnvoyHTTPPort protocol: TCP - containerPort: 8443 - name: EnvoyH-6658f727 + name: EnvoyHTTPSPort protocol: TCP readinessProbe: failureThreshold: 3 diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml index 56cc469846f..2c371d90811 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml @@ -218,10 +218,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyH-d76a15e2 + name: EnvoyHTTPPort protocol: TCP - containerPort: 8443 - name: EnvoyH-6658f727 + name: EnvoyHTTPSPort protocol: TCP - containerPort: 19001 name: metrics diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml index 398deeefc8f..1e65cc299ec 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml @@ -209,10 +209,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyH-d76a15e2 + name: EnvoyHTTPPort protocol: TCP - containerPort: 8443 - name: EnvoyH-6658f727 + name: EnvoyHTTPSPort protocol: TCP - containerPort: 19001 name: metrics diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml index f47f6b5e114..72757a325b7 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml @@ -198,10 +198,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyH-d76a15e2 + name: EnvoyHTTPPort protocol: TCP - containerPort: 8443 - name: EnvoyH-6658f727 + name: EnvoyHTTPSPort protocol: TCP - containerPort: 19001 name: metrics diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml index 66709926358..7bcb064cdee 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml @@ -199,10 +199,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyH-d76a15e2 + name: EnvoyHTTPPort protocol: TCP - containerPort: 8443 - name: EnvoyH-6658f727 + name: EnvoyHTTPSPort protocol: TCP - containerPort: 19001 name: metrics diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml index a452cb55c8a..2fecd59712f 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml @@ -218,10 +218,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyH-d76a15e2 + name: EnvoyHTTPPort protocol: TCP - containerPort: 8443 - name: EnvoyH-6658f727 + name: EnvoyHTTPSPort protocol: TCP - containerPort: 19001 name: metrics diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml index d56f8a2b267..65cea34a8d9 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml @@ -203,10 +203,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyH-d76a15e2 + name: EnvoyHTTPPort protocol: TCP - containerPort: 8443 - name: EnvoyH-6658f727 + name: EnvoyHTTPSPort protocol: TCP - containerPort: 19001 name: metrics diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml index 30dbb84616a..b5ce902f529 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml @@ -69,10 +69,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyH-d76a15e2 + name: EnvoyHTTPPort protocol: TCP - containerPort: 8443 - name: EnvoyH-6658f727 + name: EnvoyHTTPSPort protocol: TCP - containerPort: 19001 name: metrics diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml index 050ed47b5d3..f60fec2e8eb 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml @@ -198,10 +198,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyH-d76a15e2 + name: EnvoyHTTPPort protocol: TCP - containerPort: 8443 - name: EnvoyH-6658f727 + name: EnvoyHTTPSPort protocol: TCP - containerPort: 19001 name: metrics diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml index b077bd33364..2085acacc0e 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml @@ -200,10 +200,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyH-d76a15e2 + name: EnvoyHTTPPort protocol: TCP - containerPort: 8443 - name: EnvoyH-6658f727 + name: EnvoyHTTPSPort protocol: TCP - containerPort: 19001 name: metrics diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml index 13cdfe76c1a..e1e2b22b957 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml @@ -198,10 +198,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyH-d76a15e2 + name: EnvoyHTTPPort protocol: TCP - containerPort: 8443 - name: EnvoyH-6658f727 + name: EnvoyHTTPSPort protocol: TCP - containerPort: 19001 name: metrics diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml index 5e7d0144baf..08f9e6a0b85 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml @@ -198,10 +198,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyH-d76a15e2 + name: EnvoyHTTPPort protocol: TCP - containerPort: 8443 - name: EnvoyH-6658f727 + name: EnvoyHTTPSPort protocol: TCP - containerPort: 19001 name: metrics diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml index 44d3bcfdb4e..1b734654109 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml @@ -198,10 +198,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyH-d76a15e2 + name: EnvoyHTTPPort protocol: TCP - containerPort: 8443 - name: EnvoyH-6658f727 + name: EnvoyHTTPSPort protocol: TCP - containerPort: 19001 name: metrics diff --git a/internal/infrastructure/kubernetes/proxy/testdata/services/clusterIP-custom-addresses.yaml b/internal/infrastructure/kubernetes/proxy/testdata/services/clusterIP-custom-addresses.yaml index 336e3fe8ee0..f6730ec0439 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/services/clusterIP-custom-addresses.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/services/clusterIP-custom-addresses.yaml @@ -14,11 +14,11 @@ spec: clusterIPs: - 10.102.168.100 ports: - - name: envoy-EnvoyHTTPPort-d76a15e2 + - name: EnvoyHTTPPort port: 0 protocol: TCP targetPort: 8080 - - name: envoy-EnvoyHTTPSPort-6658f727 + - name: EnvoyHTTPSPort port: 0 protocol: TCP targetPort: 8443 diff --git a/internal/infrastructure/kubernetes/proxy/testdata/services/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/services/custom.yaml index 4139ac4f6b1..e898ccb1aff 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/services/custom.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/services/custom.yaml @@ -13,11 +13,11 @@ metadata: namespace: envoy-gateway-system spec: ports: - - name: envoy-EnvoyHTTPPort-d76a15e2 + - name: EnvoyHTTPPort port: 0 protocol: TCP targetPort: 8080 - - name: envoy-EnvoyHTTPSPort-6658f727 + - name: EnvoyHTTPSPort port: 0 protocol: TCP targetPort: 8443 diff --git a/internal/infrastructure/kubernetes/proxy/testdata/services/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/services/default.yaml index 6efc4ee4aaf..8b4bd40b87f 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/services/default.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/services/default.yaml @@ -12,11 +12,11 @@ metadata: spec: externalTrafficPolicy: Local ports: - - name: envoy-EnvoyHTTPPort-d76a15e2 + - name: EnvoyHTTPPort port: 0 protocol: TCP targetPort: 8080 - - name: envoy-EnvoyHTTPSPort-6658f727 + - name: EnvoyHTTPSPort port: 0 protocol: TCP targetPort: 8443 diff --git a/internal/infrastructure/kubernetes/proxy/testdata/services/override-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/services/override-annotations.yaml index 8953b5d9590..be487a5f96e 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/services/override-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/services/override-annotations.yaml @@ -17,11 +17,11 @@ metadata: spec: externalTrafficPolicy: Local ports: - - name: envoy-EnvoyHTTPPort-d76a15e2 + - name: EnvoyHTTPPort port: 0 protocol: TCP targetPort: 8080 - - name: envoy-EnvoyHTTPSPort-6658f727 + - name: EnvoyHTTPSPort port: 0 protocol: TCP targetPort: 8443 diff --git a/internal/infrastructure/kubernetes/proxy/testdata/services/patch-service.yaml b/internal/infrastructure/kubernetes/proxy/testdata/services/patch-service.yaml index 3dd093ffff6..8d904a9eb6c 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/services/patch-service.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/services/patch-service.yaml @@ -12,11 +12,11 @@ metadata: spec: externalTrafficPolicy: Local ports: - - name: envoy-EnvoyHTTPPort-d76a15e2 + - name: EnvoyHTTPPort port: 0 protocol: TCP targetPort: 8080 - - name: envoy-EnvoyHTTPSPort-6658f727 + - name: EnvoyHTTPSPort port: 0 protocol: TCP targetPort: 8443 diff --git a/internal/infrastructure/kubernetes/proxy/testdata/services/with-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/services/with-annotations.yaml index 75635bc5fcd..9121cf5fe71 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/services/with-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/services/with-annotations.yaml @@ -15,11 +15,11 @@ metadata: spec: externalTrafficPolicy: Local ports: - - name: envoy-EnvoyHTTPPort-d76a15e2 + - name: EnvoyHTTPPort port: 0 protocol: TCP targetPort: 8080 - - name: envoy-EnvoyHTTPSPort-6658f727 + - name: EnvoyHTTPSPort port: 0 protocol: TCP targetPort: 8443 diff --git a/test/e2e/tests/gateway_infra_resource.go b/test/e2e/tests/gateway_infra_resource.go index 9d234922991..7a468b80f60 100644 --- a/test/e2e/tests/gateway_infra_resource.go +++ b/test/e2e/tests/gateway_infra_resource.go @@ -21,8 +21,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" "sigs.k8s.io/gateway-api/conformance/utils/suite" - - "github.com/envoyproxy/gateway/internal/utils" ) func init() { @@ -90,6 +88,7 @@ var GatewayInfraResourceTest = suite.ConformanceTest{ awaitOperation.Add(1) newListenerTCPName := "custom-tcp" + containerPortName := "tcp-5432" newListenerHTTPPort := int32(8001) changedGatewayObj := &gwapiv1.Gateway{ @@ -129,10 +128,9 @@ var GatewayInfraResourceTest = suite.ConformanceTest{ for _, container := range gatewayDeployment.Spec.Template.Spec.Containers { var isTCPPortNameMatch, isHTTPPortNumberMatch bool - hashedPortName := utils.GetHashedName(newListenerTCPName, 6) if container.Name == "envoy" { for _, port := range container.Ports { - if port.Name == hashedPortName { + if port.Name == containerPortName { isTCPPortNameMatch = true } @@ -142,11 +140,11 @@ var GatewayInfraResourceTest = suite.ConformanceTest{ } if !isTCPPortNameMatch { - t.Errorf("container expected TCP port name '%v' is not found", hashedPortName) + t.Errorf("container expected TCP port name '%v' is not found", containerPortName) } if !isHTTPPortNumberMatch { - t.Errorf("container expected HTTP port number '%v' is not found", hashedPortName) + t.Errorf("container expected HTTP port number '%d' is not found", newListenerHTTPPort) } } } From a7b4b55935706b0b18eddd8a23e7f20d221165ea Mon Sep 17 00:00:00 2001 From: Huabing Zhao Date: Wed, 17 Apr 2024 03:22:55 -0700 Subject: [PATCH 13/14] API: HTTP Filter ordering (#2993) * add filter ordering API Signed-off-by: huabing zhao * envoy HTTP filter ordering API Signed-off-by: huabing zhao * add validation Signed-off-by: huabing zhao * remove router Signed-off-by: huabing zhao * address comments Signed-off-by: huabing zhao * fix json tag Signed-off-by: huabing zhao * fix gen Signed-off-by: huabing zhao * fix gen Signed-off-by: huabing zhao * address comments Signed-off-by: huabing zhao * minor wording Signed-off-by: huabing zhao * minor wording Signed-off-by: huabing zhao * fix gen Signed-off-by: huabing zhao * fix gen Signed-off-by: huabing zhao * minor wording Signed-off-by: huabing zhao * fix gen Signed-off-by: huabing zhao * address comments Signed-off-by: huabing zhao * fix gent Signed-off-by: Huabing Zhao * address comments Signed-off-by: huabing zhao * kube gen Signed-off-by: huabing zhao * address comments Signed-off-by: huabing zhao * address comments Signed-off-by: huabing zhao --------- Signed-off-by: huabing zhao Signed-off-by: Huabing Zhao Co-authored-by: zirain --- api/v1alpha1/envoyproxy_types.go | 84 ++++++++++++++++ api/v1alpha1/zz_generated.deepcopy.go | 32 ++++++ .../gateway.envoyproxy.io_envoyproxies.yaml | 98 +++++++++++++++++++ site/content/en/latest/api/extension_types.md | 40 ++++++++ test/cel-validation/envoyproxy_test.go | 58 ++++++++++- 5 files changed, 311 insertions(+), 1 deletion(-) diff --git a/api/v1alpha1/envoyproxy_types.go b/api/v1alpha1/envoyproxy_types.go index a8bb1505717..6fcc35e18ca 100644 --- a/api/v1alpha1/envoyproxy_types.go +++ b/api/v1alpha1/envoyproxy_types.go @@ -86,8 +86,92 @@ type EnvoyProxySpec struct { // // +optional Shutdown *ShutdownConfig `json:"shutdown,omitempty"` + + // FilterOrder defines the order of filters in the Envoy proxy's HTTP filter chain. + // If unspecified, the default filter order is applied. + // Default filter order is: + // + // - envoy.filters.http.fault + // + // - envoy.filters.http.cors + // + // - envoy.filters.http.ext_authz + // + // - envoy.filters.http.basic_authn + // + // - envoy.filters.http.oauth2 + // + // - envoy.filters.http.jwt_authn + // + // - envoy.filters.http.ext_proc + // + // - envoy.filters.http.wasm + // + // - envoy.filters.http.local_ratelimit + // + // - envoy.filters.http.ratelimit + // + // - envoy.filters.http.router + // + // +optional + // +notImplementedHide + FilterOrder []FilterPosition `json:"filterOrder,omitempty"` } +// FilterPosition defines the position of an Envoy HTTP filter in the filter chain. +// +kubebuilder:validation:XValidation:rule="(has(self.before) || has(self.after))",message="one of before or after must be specified" +// +kubebuilder:validation:XValidation:rule="(has(self.before) && !has(self.after)) || (!has(self.before) && has(self.after))",message="only one of before or after can be specified" +type FilterPosition struct { + // Name of the filter. + Name EnvoyFilter `json:"filter"` + + // Before defines the filter that should come before the filter. + // Only one of Before or After must be set. + Before *EnvoyFilter `json:"before,omitempty"` + + // After defines the filter that should come after the filter. + // Only one of Before or After must be set. + After *EnvoyFilter `json:"after,omitempty"` +} + +// EnvoyFilter defines the type of Envoy HTTP filter. +// +kubebuilder:validation:Enum=envoy.filters.http.cors;envoy.filters.http.ext_authz;envoy.filters.http.basic_authn;envoy.filters.http.oauth2;envoy.filters.http.jwt_authn;envoy.filters.http.fault;envoy.filters.http.local_ratelimit;envoy.filters.http.ratelimit;envoy.filters.http.wasm;envoy.filters.http.ext_proc +type EnvoyFilter string + +const ( + // EnvoyFilterFault defines the Envoy HTTP fault filter. + EnvoyFilterFault EnvoyFilter = "envoy.filters.http.fault" + // EnvoyFilterCORS defines the Envoy HTTP CORS filter. + EnvoyFilterCORS EnvoyFilter = "envoy.filters.http.cors" + + // EnvoyFilterExtAuthz defines the Envoy HTTP external authorization filter. + EnvoyFilterExtAuthz EnvoyFilter = "envoy.filters.http.ext_authz" + + // EnvoyFilterBasicAuthn defines the Envoy HTTP basic authentication filter. + EnvoyFilterBasicAuthn EnvoyFilter = "envoy.filters.http.basic_authn" + + // EnvoyFilterOAuth2 defines the Envoy HTTP OAuth2 filter. + EnvoyFilterOAuth2 EnvoyFilter = "envoy.filters.http.oauth2" + + // EnvoyFilterJWTAuthn defines the Envoy HTTP JWT authentication filter. + EnvoyFilterJWTAuthn EnvoyFilter = "envoy.filters.http.jwt_authn" + + // EnvoyFilterExtProc defines the Envoy HTTP external process filter. + EnvoyFilterExtProc EnvoyFilter = "envoy.filters.http.ext_proc" + + // EnvoyFilterWasm defines the Envoy HTTP WebAssembly filter. + EnvoyFilterWasm EnvoyFilter = "envoy.filters.http.wasm" + + // EnvoyFilterLocalRateLimit defines the Envoy HTTP local rate limit filter. + EnvoyFilterLocalRateLimit EnvoyFilter = "envoy.filters.http.local_ratelimit" + + // EnvoyFilterRateLimit defines the Envoy HTTP rate limit filter. + EnvoyFilterRateLimit EnvoyFilter = "envoy.filters.http.ratelimit" + + // EnvoyFilterRouter defines the Envoy HTTP router filter. + EnvoyFilterRouter EnvoyFilter = "envoy.filters.http.router" +) + type ProxyTelemetry struct { // AccessLogs defines accesslog parameters for managed proxies. // If unspecified, will send default format to stdout. diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 0055d7669f1..a1a7ca77f73 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -1507,6 +1507,13 @@ func (in *EnvoyProxySpec) DeepCopyInto(out *EnvoyProxySpec) { *out = new(ShutdownConfig) (*in).DeepCopyInto(*out) } + if in.FilterOrder != nil { + in, out := &in.FilterOrder, &out.FilterOrder + *out = make([]FilterPosition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyProxySpec. @@ -1814,6 +1821,31 @@ func (in *FileEnvoyProxyAccessLog) DeepCopy() *FileEnvoyProxyAccessLog { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FilterPosition) DeepCopyInto(out *FilterPosition) { + *out = *in + if in.Before != nil { + in, out := &in.Before, &out.Before + *out = new(EnvoyFilter) + **out = **in + } + if in.After != nil { + in, out := &in.After, &out.After + *out = new(EnvoyFilter) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FilterPosition. +func (in *FilterPosition) DeepCopy() *FilterPosition { + if in == nil { + return nil + } + out := new(FilterPosition) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GRPCExtAuthService) DeepCopyInto(out *GRPCExtAuthService) { *out = *in diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml index 76d96eccaea..beecbf18eb3 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml @@ -85,6 +85,104 @@ spec: items: type: string type: array + filterOrder: + description: |- + FilterOrder defines the order of filters in the Envoy proxy's HTTP filter chain. + If unspecified, the default filter order is applied. + Default filter order is: + + + - envoy.filters.http.fault + + + - envoy.filters.http.cors + + + - envoy.filters.http.ext_authz + + + - envoy.filters.http.basic_authn + + + - envoy.filters.http.oauth2 + + + - envoy.filters.http.jwt_authn + + + - envoy.filters.http.ext_proc + + + - envoy.filters.http.wasm + + + - envoy.filters.http.local_ratelimit + + + - envoy.filters.http.ratelimit + + + - envoy.filters.http.router + items: + description: FilterPosition defines the position of an Envoy HTTP + filter in the filter chain. + properties: + after: + description: |- + After defines the filter that should come after the filter. + Only one of Before or After must be set. + enum: + - envoy.filters.http.cors + - envoy.filters.http.ext_authz + - envoy.filters.http.basic_authn + - envoy.filters.http.oauth2 + - envoy.filters.http.jwt_authn + - envoy.filters.http.fault + - envoy.filters.http.local_ratelimit + - envoy.filters.http.ratelimit + - envoy.filters.http.wasm + - envoy.filters.http.ext_proc + type: string + before: + description: |- + Before defines the filter that should come before the filter. + Only one of Before or After must be set. + enum: + - envoy.filters.http.cors + - envoy.filters.http.ext_authz + - envoy.filters.http.basic_authn + - envoy.filters.http.oauth2 + - envoy.filters.http.jwt_authn + - envoy.filters.http.fault + - envoy.filters.http.local_ratelimit + - envoy.filters.http.ratelimit + - envoy.filters.http.wasm + - envoy.filters.http.ext_proc + type: string + filter: + description: Name of the filter. + enum: + - envoy.filters.http.cors + - envoy.filters.http.ext_authz + - envoy.filters.http.basic_authn + - envoy.filters.http.oauth2 + - envoy.filters.http.jwt_authn + - envoy.filters.http.fault + - envoy.filters.http.local_ratelimit + - envoy.filters.http.ratelimit + - envoy.filters.http.wasm + - envoy.filters.http.ext_proc + type: string + required: + - filter + type: object + x-kubernetes-validations: + - message: one of before or after must be specified + rule: (has(self.before) || has(self.after)) + - message: only one of before or after can be specified + rule: (has(self.before) && !has(self.after)) || (!has(self.before) + && has(self.after)) + type: array logging: default: level: diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index a9847ac0645..526e8012502 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -648,6 +648,30 @@ _Appears in:_ | `extProc` | _[ExtProc](#extproc) array_ | true | ExtProc is an ordered list of external processing filters
that should added to the envoy filter chain | +#### EnvoyFilter + +_Underlying type:_ _string_ + +EnvoyFilter defines the type of Envoy HTTP filter. + +_Appears in:_ +- [FilterPosition](#filterposition) + +| Value | Description | +| ----- | ----------- | +| `envoy.filters.http.fault` | EnvoyFilterFault defines the Envoy HTTP fault filter.
| +| `envoy.filters.http.cors` | EnvoyFilterCORS defines the Envoy HTTP CORS filter.
| +| `envoy.filters.http.ext_authz` | EnvoyFilterExtAuthz defines the Envoy HTTP external authorization filter.
| +| `envoy.filters.http.basic_authn` | EnvoyFilterBasicAuthn defines the Envoy HTTP basic authentication filter.
| +| `envoy.filters.http.oauth2` | EnvoyFilterOAuth2 defines the Envoy HTTP OAuth2 filter.
| +| `envoy.filters.http.jwt_authn` | EnvoyFilterJWTAuthn defines the Envoy HTTP JWT authentication filter.
| +| `envoy.filters.http.ext_proc` | EnvoyFilterExtProc defines the Envoy HTTP external process filter.
| +| `envoy.filters.http.wasm` | EnvoyFilterWasm defines the Envoy HTTP WebAssembly filter.
| +| `envoy.filters.http.local_ratelimit` | EnvoyFilterLocalRateLimit defines the Envoy HTTP local rate limit filter.
| +| `envoy.filters.http.ratelimit` | EnvoyFilterRateLimit defines the Envoy HTTP rate limit filter.
| +| `envoy.filters.http.router` | EnvoyFilterRouter defines the Envoy HTTP router filter.
| + + #### EnvoyGateway @@ -1302,6 +1326,22 @@ _Appears in:_ | `path` | _string_ | true | Path defines the file path used to expose envoy access log(e.g. /dev/stdout). | +#### FilterPosition + + + +FilterPosition defines the position of an Envoy HTTP filter in the filter chain. + +_Appears in:_ +- [EnvoyProxySpec](#envoyproxyspec) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `filter` | _[EnvoyFilter](#envoyfilter)_ | true | Name of the filter. | +| `before` | _[EnvoyFilter](#envoyfilter)_ | true | Before defines the filter that should come before the filter.
Only one of Before or After must be set. | +| `after` | _[EnvoyFilter](#envoyfilter)_ | true | After defines the filter that should come after the filter.
Only one of Before or After must be set. | + + #### GRPCExtAuthService diff --git a/test/cel-validation/envoyproxy_test.go b/test/cel-validation/envoyproxy_test.go index 3b2785f713d..e6d88ff2c77 100644 --- a/test/cel-validation/envoyproxy_test.go +++ b/test/cel-validation/envoyproxy_test.go @@ -1219,6 +1219,62 @@ func TestEnvoyProxyProvider(t *testing.T) { } }, }, + { + desc: "ProxyFilterOrder-with-before-and-after", + mutate: func(envoy *egv1a1.EnvoyProxy) { + envoy.Spec = egv1a1.EnvoyProxySpec{ + FilterOrder: []egv1a1.FilterPosition{ + { + Name: egv1a1.EnvoyFilterRateLimit, + Before: ptr.To(egv1a1.EnvoyFilterCORS), + After: ptr.To(egv1a1.EnvoyFilterBasicAuthn), + }, + }, + } + }, + wantErrors: []string{"only one of before or after can be specified"}, + }, + { + desc: "ProxyFilterOrder-without-before-or-after", + mutate: func(envoy *egv1a1.EnvoyProxy) { + envoy.Spec = egv1a1.EnvoyProxySpec{ + FilterOrder: []egv1a1.FilterPosition{ + { + Name: egv1a1.EnvoyFilterRateLimit, + }, + }, + } + }, + wantErrors: []string{"one of before or after must be specified"}, + }, + { + desc: "ProxyFilterOrder-with-before", + mutate: func(envoy *egv1a1.EnvoyProxy) { + envoy.Spec = egv1a1.EnvoyProxySpec{ + FilterOrder: []egv1a1.FilterPosition{ + { + Name: egv1a1.EnvoyFilterRateLimit, + Before: ptr.To(egv1a1.EnvoyFilterCORS), + }, + }, + } + }, + wantErrors: []string{}, + }, + { + desc: "ProxyFilterOrder-with-after", + mutate: func(envoy *egv1a1.EnvoyProxy) { + envoy.Spec = egv1a1.EnvoyProxySpec{ + FilterOrder: []egv1a1.FilterPosition{ + { + Name: egv1a1.EnvoyFilterRateLimit, + After: ptr.To(egv1a1.EnvoyFilterBasicAuthn), + }, + }, + } + }, + wantErrors: []string{}, + }, } for _, tc := range cases { @@ -1237,7 +1293,7 @@ func TestEnvoyProxyProvider(t *testing.T) { } if (len(tc.wantErrors) != 0) != (err != nil) { - t.Fatalf("Unexpected response while creating EnvoyProxy; got err=\n%v\n;want error=%v", err, tc.wantErrors != nil) + t.Fatalf("Unexpected response while creating EnvoyProxy; got err=\n%v\n;want error=%v", err, tc.wantErrors) } var missingErrorStrings []string From e8b8074fc7e9a23e3e12d6ade55307b618f421fa Mon Sep 17 00:00:00 2001 From: zirain Date: Wed, 17 Apr 2024 20:29:04 +0800 Subject: [PATCH 14/14] e2e: disable GatewayInfraResourceTest (#3205) Signed-off-by: zirain Co-authored-by: Guy Daich --- test/e2e/tests/gateway_infra_resource.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/e2e/tests/gateway_infra_resource.go b/test/e2e/tests/gateway_infra_resource.go index 7a468b80f60..864cc4b1b11 100644 --- a/test/e2e/tests/gateway_infra_resource.go +++ b/test/e2e/tests/gateway_infra_resource.go @@ -24,9 +24,11 @@ import ( ) func init() { - ConformanceTests = append(ConformanceTests, GatewayInfraResourceTest) + // nolint + //ConformanceTests = append(ConformanceTests, GatewayInfraResourceTest) } +// nolint var GatewayInfraResourceTest = suite.ConformanceTest{ ShortName: "GatewayInfraResourceTest", Description: "Gateway Infra Resource E2E Test",