diff --git a/api/v1alpha1/backendtrafficpolicy_types.go b/api/v1alpha1/backendtrafficpolicy_types.go
index f484f44b409..80e4561507e 100644
--- a/api/v1alpha1/backendtrafficpolicy_types.go
+++ b/api/v1alpha1/backendtrafficpolicy_types.go
@@ -110,6 +110,15 @@ type BackendTrafficPolicySpec struct {
//
// +optional
Connection *BackendConnection `json:"connection,omitempty"`
+ // DNS includes dns resolution settings.
+ //
+ // +optional
+ DNS *DNS `json:"dns,omitempty"`
+
+ // HTTP2 provides HTTP/2 configuration for backend connections.
+ //
+ // +optional
+ HTTP2 *HTTP2Settings `json:"http2,omitempty"`
}
// +kubebuilder:object:root=true
diff --git a/api/v1alpha1/clienttrafficpolicy_types.go b/api/v1alpha1/clienttrafficpolicy_types.go
index 397535ebf43..347eb946353 100644
--- a/api/v1alpha1/clienttrafficpolicy_types.go
+++ b/api/v1alpha1/clienttrafficpolicy_types.go
@@ -6,7 +6,6 @@
package v1alpha1
import (
- "k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
)
@@ -289,30 +288,6 @@ type HTTP10Settings struct {
UseDefaultHost *bool `json:"useDefaultHost,omitempty"`
}
-// HTTP2Settings provides HTTP/2 configuration on the listener.
-type HTTP2Settings struct {
- // InitialStreamWindowSize sets the initial window size for HTTP/2 streams.
- // If not set, the default value is 64 KiB(64*1024).
- //
- // +kubebuilder:validation:XValidation:rule="type(self) == string ? self.matches(r\"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\") : type(self) == int",message="initialStreamWindowSize must be of the format \"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\""
- // +optional
- InitialStreamWindowSize *resource.Quantity `json:"initialStreamWindowSize,omitempty"`
-
- // InitialConnectionWindowSize sets the initial window size for HTTP/2 connections.
- // If not set, the default value is 1 MiB.
- //
- // +kubebuilder:validation:XValidation:rule="type(self) == string ? self.matches(r\"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\") : type(self) == int",message="initialConnectionWindowSize must be of the format \"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\""
- // +optional
- InitialConnectionWindowSize *resource.Quantity `json:"initialConnectionWindowSize,omitempty"`
-
- // MaxConcurrentStreams sets the maximum number of concurrent streams allowed per connection.
- // If not set, the default value is 100.
- // +kubebuilder:validation:Minimum=1
- // +kubebuilder:validation:Maximum=2147483647
- // +optional
- MaxConcurrentStreams *uint32 `json:"maxConcurrentStreams,omitempty"`
-}
-
// HealthCheckSettings provides HealthCheck configuration on the HTTP/HTTPS listener.
type HealthCheckSettings struct {
// Path specifies the HTTP path to match on for health check requests.
diff --git a/api/v1alpha1/connection_types.go b/api/v1alpha1/connection_types.go
index 758a22fddc7..ff24c8edd4d 100644
--- a/api/v1alpha1/connection_types.go
+++ b/api/v1alpha1/connection_types.go
@@ -17,6 +17,7 @@ type ClientConnection struct {
// +optional
ConnectionLimit *ConnectionLimit `json:"connectionLimit,omitempty"`
// BufferLimit provides configuration for the maximum buffer size in bytes for each incoming connection.
+ // BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
// For example, 20Mi, 1Gi, 256Ki etc.
// Note that when the suffix is not provided, the value is interpreted as bytes.
// Default: 32768 bytes.
@@ -24,11 +25,21 @@ type ClientConnection struct {
// +kubebuilder:validation:XValidation:rule="type(self) == string ? self.matches(r\"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\") : type(self) == int",message="bufferLimit must be of the format \"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\""
// +optional
BufferLimit *resource.Quantity `json:"bufferLimit,omitempty"`
+ // SocketBufferLimit provides configuration for the maximum buffer size in bytes for each incoming socket.
+ // SocketBufferLimit applies to socket streaming channel between TCP/IP stacks, it's in kernel space.
+ // For example, 20Mi, 1Gi, 256Ki etc.
+ // Note that when the suffix is not provided, the value is interpreted as bytes.
+ //
+ // +kubebuilder:validation:XValidation:rule="type(self) == string ? self.matches(r\"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\") : type(self) == int",message="socketBufferLimit must be of the format \"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\""
+ // +optional
+ // +notImplementedHide
+ SocketBufferLimit *resource.Quantity `json:"socketBufferLimit,omitempty"`
}
// BackendConnection allows users to configure connection-level settings of backend
type BackendConnection struct {
// BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
+ // BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
// If unspecified, an implementation defined default is applied (32768 bytes).
// For example, 20Mi, 1Gi, 256Ki etc.
// Note: that when the suffix is not provided, the value is interpreted as bytes.
@@ -36,6 +47,16 @@ type BackendConnection struct {
// +kubebuilder:validation:XValidation:rule="type(self) == string ? self.matches(r\"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\") : type(self) == int",message="BufferLimit must be of the format \"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\""
// +optional
BufferLimit *resource.Quantity `json:"bufferLimit,omitempty"`
+ // SocketBufferLimit provides configuration for the maximum buffer size in bytes for each socket
+ // to backend.
+ // SocketBufferLimit applies to socket streaming channel between TCP/IP stacks, it's in kernel space.
+ // For example, 20Mi, 1Gi, 256Ki etc.
+ // Note that when the suffix is not provided, the value is interpreted as bytes.
+ //
+ // +kubebuilder:validation:XValidation:rule="type(self) == string ? self.matches(r\"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\") : type(self) == int",message="socketBufferLimit must be of the format \"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\""
+ // +optional
+ // +notImplementedHide
+ SocketBufferLimit *resource.Quantity `json:"socketBufferLimit,omitempty"`
}
type ConnectionLimit struct {
diff --git a/api/v1alpha1/dns_types.go b/api/v1alpha1/dns_types.go
new file mode 100644
index 00000000000..62108a934a9
--- /dev/null
+++ b/api/v1alpha1/dns_types.go
@@ -0,0 +1,18 @@
+// Copyright Envoy Gateway Authors
+// SPDX-License-Identifier: Apache-2.0
+// The full text of the Apache license is available in the LICENSE file at
+// the root of the repo.
+
+package v1alpha1
+
+import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+type DNS struct {
+ // DNSRefreshRate specifies the rate at which DNS records should be refreshed.
+ // Defaults to 30 seconds.
+ DNSRefreshRate *metav1.Duration `json:"dnsRefreshRate,omitempty"`
+ // RespectDNSTTL indicates whether the DNS Time-To-Live (TTL) should be respected.
+ // If the value is set to true, the DNS refresh rate will be set to the resource record’s TTL.
+ // Defaults to true.
+ RespectDNSTTL *bool `json:"respectDnsTtl,omitempty"`
+}
diff --git a/api/v1alpha1/shared_types.go b/api/v1alpha1/shared_types.go
index 6ad310859bc..c151fcd8b17 100644
--- a/api/v1alpha1/shared_types.go
+++ b/api/v1alpha1/shared_types.go
@@ -10,6 +10,7 @@ import (
autoscalingv2 "k8s.io/api/autoscaling/v2"
corev1 "k8s.io/api/core/v1"
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+ "k8s.io/apimachinery/pkg/api/resource"
gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
)
@@ -478,3 +479,41 @@ type BackendRef struct {
// A CIDR can be an IPv4 address range such as "192.168.1.0/24" or an IPv6 address range such as "2001:0db8:11a3:09d7::/64".
// +kubebuilder:validation:Pattern=`((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([0-9]+))|((([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))\/([0-9]+))`
type CIDR string
+
+type InvalidMessageAction string
+
+const (
+ InvalidMessageActionTerminateConnection InvalidMessageAction = "TerminateConnection"
+ InvalidMessageActionTerminateStream InvalidMessageAction = "TerminateStream"
+)
+
+// HTTP2Settings provides HTTP/2 configuration for listeners and backends.
+type HTTP2Settings struct {
+ // InitialStreamWindowSize sets the initial window size for HTTP/2 streams.
+ // If not set, the default value is 64 KiB(64*1024).
+ //
+ // +kubebuilder:validation:XValidation:rule="type(self) == string ? self.matches(r\"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\") : type(self) == int",message="initialStreamWindowSize must be of the format \"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\""
+ // +optional
+ InitialStreamWindowSize *resource.Quantity `json:"initialStreamWindowSize,omitempty"`
+
+ // InitialConnectionWindowSize sets the initial window size for HTTP/2 connections.
+ // If not set, the default value is 1 MiB.
+ //
+ // +kubebuilder:validation:XValidation:rule="type(self) == string ? self.matches(r\"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\") : type(self) == int",message="initialConnectionWindowSize must be of the format \"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\""
+ // +optional
+ InitialConnectionWindowSize *resource.Quantity `json:"initialConnectionWindowSize,omitempty"`
+
+ // MaxConcurrentStreams sets the maximum number of concurrent streams allowed per connection.
+ // If not set, the default value is 100.
+ // +kubebuilder:validation:Minimum=1
+ // +kubebuilder:validation:Maximum=2147483647
+ // +optional
+ MaxConcurrentStreams *uint32 `json:"maxConcurrentStreams,omitempty"`
+
+ // OnInvalidMessage determines if Envoy will terminate the connection or just the offending stream in the event of HTTP messaging error
+ // It's recommended for L2 Envoy deployments to set this value to TerminateStream.
+ // https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/level_two
+ // Default: TerminateConnection
+ // +optional
+ OnInvalidMessage *InvalidMessageAction `json:"onInvalidMessage,omitempty"`
+}
diff --git a/api/v1alpha1/validation/envoygateway_validate.go b/api/v1alpha1/validation/envoygateway_validate.go
index 91d61bcc80d..8d7c97dc94a 100644
--- a/api/v1alpha1/validation/envoygateway_validate.go
+++ b/api/v1alpha1/validation/envoygateway_validate.go
@@ -6,115 +6,172 @@
package validation
import (
- "errors"
"fmt"
"net/url"
- gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
-
egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
)
// ValidateEnvoyGateway validates the provided EnvoyGateway.
func ValidateEnvoyGateway(eg *egv1a1.EnvoyGateway) error {
- switch {
- case eg == nil:
- return errors.New("envoy gateway config is unspecified")
- case eg.Gateway == nil:
- return errors.New("gateway is unspecified")
- case len(eg.Gateway.ControllerName) == 0:
- return errors.New("gateway controllerName is unspecified")
- case eg.Provider == nil:
- return errors.New("provider is unspecified")
- case eg.Provider.Type != egv1a1.ProviderTypeKubernetes:
- return fmt.Errorf("unsupported provider %v", eg.Provider.Type)
- case eg.Provider.Kubernetes != nil && eg.Provider.Kubernetes.Watch != nil:
- watch := eg.Provider.Kubernetes.Watch
- switch watch.Type {
- case egv1a1.KubernetesWatchModeTypeNamespaces:
- if len(watch.Namespaces) == 0 {
- return errors.New("namespaces should be specified when envoy gateway watch mode is 'Namespaces'")
- }
- case egv1a1.KubernetesWatchModeTypeNamespaceSelector:
- if watch.NamespaceSelector == nil {
- return errors.New("namespaceSelector should be specified when envoy gateway watch mode is 'NamespaceSelector'")
- }
- default:
- return errors.New("envoy gateway watch mode invalid, should be 'Namespaces' or 'NamespaceSelector'")
- }
- case eg.Logging != nil && len(eg.Logging.Level) != 0:
- level := eg.Logging.Level
- for component, logLevel := range level {
- switch component {
- case egv1a1.LogComponentGatewayDefault,
- egv1a1.LogComponentProviderRunner,
- egv1a1.LogComponentGatewayAPIRunner,
- egv1a1.LogComponentXdsTranslatorRunner,
- egv1a1.LogComponentXdsServerRunner,
- egv1a1.LogComponentInfrastructureRunner,
- egv1a1.LogComponentGlobalRateLimitRunner:
- switch logLevel {
- case egv1a1.LogLevelDebug, egv1a1.LogLevelError, egv1a1.LogLevelWarn, egv1a1.LogLevelInfo:
- default:
- return errors.New("envoy gateway logging level invalid. valid options: info/debug/warn/error")
- }
- default:
- return errors.New("envoy gateway logging components invalid. valid options: system/provider/gateway-api/xds-translator/xds-server/infrastructure")
- }
- }
- case eg.RateLimit != nil:
- if eg.RateLimit.Backend.Type != egv1a1.RedisBackendType {
- return fmt.Errorf("unsupported ratelimit backend %v", eg.RateLimit.Backend.Type)
- }
- if eg.RateLimit.Backend.Redis == nil || eg.RateLimit.Backend.Redis.URL == "" {
- return fmt.Errorf("empty ratelimit redis settings")
+ if eg == nil {
+ return fmt.Errorf("envoy gateway config is unspecified")
+ }
+
+ if eg.Gateway == nil {
+ return fmt.Errorf("gateway is unspecified")
+ }
+
+ if len(eg.Gateway.ControllerName) == 0 {
+ return fmt.Errorf("gateway controllerName is unspecified")
+ }
+
+ if eg.Provider == nil {
+ return fmt.Errorf("provider is unspecified")
+ }
+
+ switch eg.Provider.Type {
+ case egv1a1.ProviderTypeKubernetes:
+ if err := validateEnvoyGatewayKubernetesProvider(eg.Provider.Kubernetes); err != nil {
+ return err
}
- if _, err := url.Parse(eg.RateLimit.Backend.Redis.URL); err != nil {
- return fmt.Errorf("unknown ratelimit redis url format: %w", err)
+ default:
+ return fmt.Errorf("unsupported provider type")
+ }
+
+ if err := validateEnvoyGatewayLogging(eg.Logging); err != nil {
+ return err
+ }
+
+ if err := validateEnvoyGatewayRateLimit(eg.RateLimit); err != nil {
+ return err
+ }
+
+ if err := validateEnvoyGatewayExtensionManager(eg.ExtensionManager); err != nil {
+ return err
+ }
+
+ if err := validateEnvoyGatewayTelemetry(eg.Telemetry); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func validateEnvoyGatewayKubernetesProvider(provider *egv1a1.EnvoyGatewayKubernetesProvider) error {
+ if provider == nil || provider.Watch == nil {
+ return nil
+ }
+
+ watch := provider.Watch
+ switch watch.Type {
+ case egv1a1.KubernetesWatchModeTypeNamespaces:
+ if len(watch.Namespaces) == 0 {
+ return fmt.Errorf("namespaces should be specified when envoy gateway watch mode is 'Namespaces'")
}
- case eg.ExtensionManager != nil:
- if eg.ExtensionManager.Hooks == nil || eg.ExtensionManager.Hooks.XDSTranslator == nil {
- return fmt.Errorf("registered extension has no hooks specified")
+ case egv1a1.KubernetesWatchModeTypeNamespaceSelector:
+ if watch.NamespaceSelector == nil {
+ return fmt.Errorf("namespaceSelector should be specified when envoy gateway watch mode is 'NamespaceSelector'")
}
+ default:
+ return fmt.Errorf("envoy gateway watch mode invalid, should be 'Namespaces' or 'NamespaceSelector'")
+ }
+ return nil
+}
- if len(eg.ExtensionManager.Hooks.XDSTranslator.Pre) == 0 && len(eg.ExtensionManager.Hooks.XDSTranslator.Post) == 0 {
- return fmt.Errorf("registered extension has no hooks specified")
- }
+func validateEnvoyGatewayLogging(logging *egv1a1.EnvoyGatewayLogging) error {
+ if logging == nil || len(logging.Level) == 0 {
+ return nil
+ }
- if eg.ExtensionManager.Service == nil {
- return fmt.Errorf("extension service config is empty")
+ for component, logLevel := range logging.Level {
+ switch component {
+ case egv1a1.LogComponentGatewayDefault,
+ egv1a1.LogComponentProviderRunner,
+ egv1a1.LogComponentGatewayAPIRunner,
+ egv1a1.LogComponentXdsTranslatorRunner,
+ egv1a1.LogComponentXdsServerRunner,
+ egv1a1.LogComponentInfrastructureRunner,
+ egv1a1.LogComponentGlobalRateLimitRunner:
+ switch logLevel {
+ case egv1a1.LogLevelDebug, egv1a1.LogLevelError, egv1a1.LogLevelWarn, egv1a1.LogLevelInfo:
+ default:
+ return fmt.Errorf("envoy gateway logging level invalid. valid options: info/debug/warn/error")
+ }
+ default:
+ return fmt.Errorf("envoy gateway logging components invalid. valid options: system/provider/gateway-api/xds-translator/xds-server/infrastructure")
}
+ }
+ return nil
+}
- switch {
- case eg.ExtensionManager.Service.Host == "" && eg.ExtensionManager.Service.FQDN == nil && eg.ExtensionManager.Service.Unix == nil && eg.ExtensionManager.Service.IP == nil:
- return fmt.Errorf("extension service must contain a configured target")
+func validateEnvoyGatewayRateLimit(rateLimit *egv1a1.RateLimit) error {
+ if rateLimit == nil {
+ return nil
+ }
+ if rateLimit.Backend.Type != egv1a1.RedisBackendType {
+ return fmt.Errorf("unsupported ratelimit backend %v", rateLimit.Backend.Type)
+ }
+ if rateLimit.Backend.Redis == nil || rateLimit.Backend.Redis.URL == "" {
+ return fmt.Errorf("empty ratelimit redis settings")
+ }
+ if _, err := url.Parse(rateLimit.Backend.Redis.URL); err != nil {
+ return fmt.Errorf("unknown ratelimit redis url format: %w", err)
+ }
+ return nil
+}
- case eg.ExtensionManager.Service.FQDN != nil && (eg.ExtensionManager.Service.IP != nil || eg.ExtensionManager.Service.Unix != nil || eg.ExtensionManager.Service.Host != ""),
- eg.ExtensionManager.Service.IP != nil && (eg.ExtensionManager.Service.FQDN != nil || eg.ExtensionManager.Service.Unix != nil || eg.ExtensionManager.Service.Host != ""),
- eg.ExtensionManager.Service.Unix != nil && (eg.ExtensionManager.Service.IP != nil || eg.ExtensionManager.Service.FQDN != nil || eg.ExtensionManager.Service.Host != ""):
+func validateEnvoyGatewayExtensionManager(extensionManager *egv1a1.ExtensionManager) error {
+ if extensionManager == nil {
+ return nil
+ }
- return fmt.Errorf("only one backend target can be configured for the extension manager")
+ if extensionManager.Hooks == nil || extensionManager.Hooks.XDSTranslator == nil {
+ return fmt.Errorf("registered extension has no hooks specified")
+ }
- }
+ if len(extensionManager.Hooks.XDSTranslator.Pre) == 0 && len(extensionManager.Hooks.XDSTranslator.Post) == 0 {
+ return fmt.Errorf("registered extension has no hooks specified")
+ }
- if eg.ExtensionManager.Service.TLS != nil {
- certificateRefKind := eg.ExtensionManager.Service.TLS.CertificateRef.Kind
+ if extensionManager.Service == nil {
+ return fmt.Errorf("extension service config is empty")
+ }
- if certificateRefKind == nil {
- return fmt.Errorf("certificateRef empty in extension service server TLS settings")
- }
+ switch {
+ case extensionManager.Service.Host == "" && extensionManager.Service.FQDN == nil && extensionManager.Service.Unix == nil && extensionManager.Service.IP == nil:
+ return fmt.Errorf("extension service must contain a configured target")
- if *certificateRefKind != gwapiv1.Kind("Secret") {
- return fmt.Errorf("unsupported extension server TLS certificateRef %v", certificateRefKind)
- }
+ case extensionManager.Service.FQDN != nil && (extensionManager.Service.IP != nil || extensionManager.Service.Unix != nil || extensionManager.Service.Host != ""),
+ extensionManager.Service.IP != nil && (extensionManager.Service.FQDN != nil || extensionManager.Service.Unix != nil || extensionManager.Service.Host != ""),
+ extensionManager.Service.Unix != nil && (extensionManager.Service.IP != nil || extensionManager.Service.FQDN != nil || extensionManager.Service.Host != ""):
+ return fmt.Errorf("only one backend target can be configured for the extension manager")
+ }
+
+ if extensionManager.Service.TLS != nil {
+ certificateRefKind := extensionManager.Service.TLS.CertificateRef.Kind
+
+ if certificateRefKind == nil {
+ return fmt.Errorf("certificateRef empty in extension service server TLS settings")
}
- case eg.Telemetry != nil:
- if eg.Telemetry.Metrics != nil {
- for _, sink := range eg.Telemetry.Metrics.Sinks {
- if sink.Type == egv1a1.MetricSinkTypeOpenTelemetry {
- if sink.OpenTelemetry == nil {
- return fmt.Errorf("OpenTelemetry is required when sink Type is OpenTelemetry")
- }
+
+ if *certificateRefKind != "Secret" {
+ return fmt.Errorf("unsupported extension server TLS certificateRef %v", certificateRefKind)
+ }
+ }
+ return nil
+}
+
+func validateEnvoyGatewayTelemetry(telemetry *egv1a1.EnvoyGatewayTelemetry) error {
+ if telemetry == nil {
+ return nil
+ }
+
+ if telemetry.Metrics != nil {
+ for _, sink := range telemetry.Metrics.Sinks {
+ if sink.Type == egv1a1.MetricSinkTypeOpenTelemetry {
+ if sink.OpenTelemetry == nil {
+ return fmt.Errorf("OpenTelemetry is required when sink Type is OpenTelemetry")
}
}
}
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
index 3ea39b669c6..b5bac63fc50 100644
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@@ -260,6 +260,11 @@ func (in *BackendConnection) DeepCopyInto(out *BackendConnection) {
x := (*in).DeepCopy()
*out = &x
}
+ if in.SocketBufferLimit != nil {
+ in, out := &in.SocketBufferLimit, &out.SocketBufferLimit
+ x := (*in).DeepCopy()
+ *out = &x
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendConnection.
@@ -569,6 +574,16 @@ func (in *BackendTrafficPolicySpec) DeepCopyInto(out *BackendTrafficPolicySpec)
*out = new(BackendConnection)
(*in).DeepCopyInto(*out)
}
+ if in.DNS != nil {
+ in, out := &in.DNS, &out.DNS
+ *out = new(DNS)
+ (*in).DeepCopyInto(*out)
+ }
+ if in.HTTP2 != nil {
+ in, out := &in.HTTP2, &out.HTTP2
+ *out = new(HTTP2Settings)
+ (*in).DeepCopyInto(*out)
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendTrafficPolicySpec.
@@ -710,6 +725,11 @@ func (in *ClientConnection) DeepCopyInto(out *ClientConnection) {
x := (*in).DeepCopy()
*out = &x
}
+ if in.SocketBufferLimit != nil {
+ in, out := &in.SocketBufferLimit, &out.SocketBufferLimit
+ x := (*in).DeepCopy()
+ *out = &x
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientConnection.
@@ -1097,6 +1117,31 @@ func (in *CustomTag) DeepCopy() *CustomTag {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *DNS) DeepCopyInto(out *DNS) {
+ *out = *in
+ if in.DNSRefreshRate != nil {
+ in, out := &in.DNSRefreshRate, &out.DNSRefreshRate
+ *out = new(v1.Duration)
+ **out = **in
+ }
+ if in.RespectDNSTTL != nil {
+ in, out := &in.RespectDNSTTL, &out.RespectDNSTTL
+ *out = new(bool)
+ **out = **in
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNS.
+func (in *DNS) DeepCopy() *DNS {
+ if in == nil {
+ return nil
+ }
+ out := new(DNS)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EnvironmentCustomTag) DeepCopyInto(out *EnvironmentCustomTag) {
*out = *in
@@ -2418,6 +2463,11 @@ func (in *HTTP2Settings) DeepCopyInto(out *HTTP2Settings) {
*out = new(uint32)
**out = **in
}
+ if in.OnInvalidMessage != nil {
+ in, out := &in.OnInvalidMessage, &out.OnInvalidMessage
+ *out = new(InvalidMessageAction)
+ **out = **in
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTP2Settings.
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml
index 20ffe833923..d94bd0fa0d3 100644
--- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml
+++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml
@@ -128,6 +128,7 @@ spec:
- type: string
description: |-
BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
+ BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
If unspecified, an implementation defined default is applied (32768 bytes).
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
@@ -137,6 +138,37 @@ spec:
- message: BufferLimit must be of the format "^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$"
rule: 'type(self) == string ? self.matches(r"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$")
: type(self) == int'
+ socketBufferLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ SocketBufferLimit provides configuration for the maximum buffer size in bytes for each socket
+ to backend.
+ SocketBufferLimit applies to socket streaming channel between TCP/IP stacks, it's in kernel space.
+ For example, 20Mi, 1Gi, 256Ki etc.
+ Note that when the suffix is not provided, the value is interpreted as bytes.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ x-kubernetes-validations:
+ - message: socketBufferLimit must be of the format "^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$"
+ rule: 'type(self) == string ? self.matches(r"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$")
+ : type(self) == int'
+ type: object
+ dns:
+ description: DNS includes dns resolution settings.
+ properties:
+ dnsRefreshRate:
+ description: |-
+ DNSRefreshRate specifies the rate at which DNS records should be refreshed.
+ Defaults to 30 seconds.
+ type: string
+ respectDnsTtl:
+ description: |-
+ RespectDNSTTL indicates whether the DNS Time-To-Live (TTL) should be respected.
+ If the value is set to true, the DNS refresh rate will be set to the resource record’s TTL.
+ Defaults to true.
+ type: boolean
type: object
faultInjection:
description: |-
@@ -421,6 +453,51 @@ spec:
type: boolean
type: object
type: object
+ http2:
+ description: HTTP2 provides HTTP/2 configuration for backend connections.
+ properties:
+ initialConnectionWindowSize:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ InitialConnectionWindowSize sets the initial window size for HTTP/2 connections.
+ If not set, the default value is 1 MiB.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ x-kubernetes-validations:
+ - message: initialConnectionWindowSize must be of the format "^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$"
+ rule: 'type(self) == string ? self.matches(r"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$")
+ : type(self) == int'
+ initialStreamWindowSize:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ InitialStreamWindowSize sets the initial window size for HTTP/2 streams.
+ If not set, the default value is 64 KiB(64*1024).
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ x-kubernetes-validations:
+ - message: initialStreamWindowSize must be of the format "^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$"
+ rule: 'type(self) == string ? self.matches(r"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$")
+ : type(self) == int'
+ maxConcurrentStreams:
+ description: |-
+ MaxConcurrentStreams sets the maximum number of concurrent streams allowed per connection.
+ If not set, the default value is 100.
+ format: int32
+ maximum: 2147483647
+ minimum: 1
+ type: integer
+ onInvalidMessage:
+ description: |-
+ OnInvalidMessage determines if Envoy will terminate the connection or just the offending stream in the event of HTTP messaging error
+ It's recommended for L2 Envoy deployments to set this value to TerminateStream.
+ https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/level_two
+ Default: TerminateConnection
+ type: string
+ type: object
loadBalancer:
description: |-
LoadBalancer policy to apply when routing traffic from the gateway to
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
index 48cfb9f3aad..43443bf28cc 100644
--- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
+++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
@@ -103,6 +103,7 @@ spec:
- type: string
description: |-
BufferLimit provides configuration for the maximum buffer size in bytes for each incoming connection.
+ BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
For example, 20Mi, 1Gi, 256Ki etc.
Note that when the suffix is not provided, the value is interpreted as bytes.
Default: 32768 bytes.
@@ -131,6 +132,21 @@ spec:
minimum: 0
type: integer
type: object
+ socketBufferLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ SocketBufferLimit provides configuration for the maximum buffer size in bytes for each incoming socket.
+ SocketBufferLimit applies to socket streaming channel between TCP/IP stacks, it's in kernel space.
+ For example, 20Mi, 1Gi, 256Ki etc.
+ Note that when the suffix is not provided, the value is interpreted as bytes.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ x-kubernetes-validations:
+ - message: socketBufferLimit must be of the format "^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$"
+ rule: 'type(self) == string ? self.matches(r"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$")
+ : type(self) == int'
type: object
enableProxyProtocol:
description: |-
@@ -300,6 +316,13 @@ spec:
maximum: 2147483647
minimum: 1
type: integer
+ onInvalidMessage:
+ description: |-
+ OnInvalidMessage determines if Envoy will terminate the connection or just the offending stream in the event of HTTP messaging error
+ It's recommended for L2 Envoy deployments to set this value to TerminateStream.
+ https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/level_two
+ Default: TerminateConnection
+ type: string
type: object
http3:
description: HTTP3 provides HTTP/3 configuration on the listener.
diff --git a/go.mod b/go.mod
index 21c1953f3d3..e66adb8a3db 100644
--- a/go.mod
+++ b/go.mod
@@ -21,7 +21,7 @@ require (
github.com/go-logr/zapr v1.3.0
github.com/gogo/protobuf v1.3.2
github.com/golang/protobuf v1.5.4
- github.com/google/cel-go v0.20.1
+ github.com/google/cel-go v0.21.0
github.com/google/go-cmp v0.6.0
github.com/google/go-containerregistry v0.20.1
github.com/grafana/tempo v1.5.0
diff --git a/go.sum b/go.sum
index 6328c42f379..ed3fe16fab6 100644
--- a/go.sum
+++ b/go.sum
@@ -597,8 +597,8 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
-github.com/google/cel-go v0.20.1 h1:nDx9r8S3L4pE61eDdt8igGj8rf5kjYR3ILxWIpWNi84=
-github.com/google/cel-go v0.20.1/go.mod h1:kWcIzTsPX0zmQ+H3TirHstLLf9ep5QTsZBN9u4dOYLg=
+github.com/google/cel-go v0.21.0 h1:cl6uW/gxN+Hy50tNYvI691+sXxioCnstFzLp2WO4GCI=
+github.com/google/cel-go v0.21.0/go.mod h1:rHUlWCcBKgyEk+eV03RPdZUekPp6YcJwV0FxuUksYxc=
github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
diff --git a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml
index 86df2f9de4c..4f2d2892174 100644
--- a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml
+++ b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml
@@ -804,7 +804,9 @@ xds:
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
- cluster:
'@type': type.googleapis.com/envoy.config.cluster.v3.Cluster
circuitBreakers:
@@ -918,7 +920,7 @@ xds:
resourceApiVersion: V3
routeConfigName: default/eg/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: default/eg/http
drainType: MODIFY_ONLY
@@ -986,7 +988,7 @@ xds:
resourceApiVersion: V3
routeConfigName: default/eg/grpc
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-8080
useRemoteAddress: true
name: default/eg/grpc
drainType: MODIFY_ONLY
@@ -1028,7 +1030,7 @@ xds:
{"start_time":"%START_TIME%","method":"%REQ(:METHOD)%","x-envoy-origin-path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","response_code_details":"%RESPONSE_CODE_DETAILS%","connection_termination_details":"%CONNECTION_TERMINATION_DETAILS%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","duration":"%DURATION%","x-envoy-upstream-service-time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","x-forwarded-for":"%REQ(X-FORWARDED-FOR)%","user-agent":"%REQ(USER-AGENT)%","x-request-id":"%REQ(X-REQUEST-ID)%",":authority":"%REQ(:AUTHORITY)%","upstream_host":"%UPSTREAM_HOST%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","requested_server_name":"%REQUESTED_SERVER_NAME%","route_name":"%ROUTE_NAME%"}
path: /dev/stdout
cluster: tcproute/default/backend/rule/-1
- statPrefix: tcp
+ statPrefix: tcp-1234
name: tcproute/default/backend
name: default/eg/tcp
perConnectionBufferLimitBytes: 32768
@@ -1071,7 +1073,7 @@ xds:
{"start_time":"%START_TIME%","method":"%REQ(:METHOD)%","x-envoy-origin-path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","response_code_details":"%RESPONSE_CODE_DETAILS%","connection_termination_details":"%CONNECTION_TERMINATION_DETAILS%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","duration":"%DURATION%","x-envoy-upstream-service-time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","x-forwarded-for":"%REQ(X-FORWARDED-FOR)%","user-agent":"%REQ(USER-AGENT)%","x-request-id":"%REQ(X-REQUEST-ID)%",":authority":"%REQ(:AUTHORITY)%","upstream_host":"%UPSTREAM_HOST%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","requested_server_name":"%REQUESTED_SERVER_NAME%","route_name":"%ROUTE_NAME%"}
path: /dev/stdout
cluster: tlsroute/default/backend/rule/-1
- statPrefix: passthrough
+ statPrefix: tls-passthrough-8443
name: tlsroute/default/backend
listenerFilters:
- name: envoy.filters.listener.tls_inspector
diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json
index 14d29a32be2..aa5af990807 100644
--- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json
+++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json
@@ -504,7 +504,10 @@
"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
"@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
"explicitHttpConfig": {
- "http2ProtocolOptions": {}
+ "http2ProtocolOptions": {
+ "initialConnectionWindowSize": 1048576,
+ "initialStreamWindowSize": 65536
+ }
}
}
}
@@ -681,7 +684,7 @@
"routeConfigName": "default/eg/http"
},
"serverHeaderTransformation": "PASS_THROUGH",
- "statPrefix": "http",
+ "statPrefix": "http-10080",
"useRemoteAddress": true
}
}
@@ -787,7 +790,7 @@
"routeConfigName": "default/eg/grpc"
},
"serverHeaderTransformation": "PASS_THROUGH",
- "statPrefix": "http",
+ "statPrefix": "http-8080",
"useRemoteAddress": true
}
}
@@ -854,7 +857,7 @@
}
],
"cluster": "tcproute/default/backend/rule/-1",
- "statPrefix": "tcp"
+ "statPrefix": "tcp-1234"
}
}
],
@@ -925,7 +928,7 @@
}
],
"cluster": "tlsroute/default/backend/rule/-1",
- "statPrefix": "passthrough"
+ "statPrefix": "tls-passthrough-8443"
}
}
],
diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml
index a8fb322e28b..1c53aef7e90 100644
--- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml
+++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml
@@ -285,7 +285,9 @@ xds:
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
- cluster:
'@type': type.googleapis.com/envoy.config.cluster.v3.Cluster
circuitBreakers:
@@ -399,7 +401,7 @@ xds:
resourceApiVersion: V3
routeConfigName: default/eg/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: default/eg/http
drainType: MODIFY_ONLY
@@ -467,7 +469,7 @@ xds:
resourceApiVersion: V3
routeConfigName: default/eg/grpc
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-8080
useRemoteAddress: true
name: default/eg/grpc
drainType: MODIFY_ONLY
@@ -509,7 +511,7 @@ xds:
{"start_time":"%START_TIME%","method":"%REQ(:METHOD)%","x-envoy-origin-path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","response_code_details":"%RESPONSE_CODE_DETAILS%","connection_termination_details":"%CONNECTION_TERMINATION_DETAILS%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","duration":"%DURATION%","x-envoy-upstream-service-time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","x-forwarded-for":"%REQ(X-FORWARDED-FOR)%","user-agent":"%REQ(USER-AGENT)%","x-request-id":"%REQ(X-REQUEST-ID)%",":authority":"%REQ(:AUTHORITY)%","upstream_host":"%UPSTREAM_HOST%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","requested_server_name":"%REQUESTED_SERVER_NAME%","route_name":"%ROUTE_NAME%"}
path: /dev/stdout
cluster: tcproute/default/backend/rule/-1
- statPrefix: tcp
+ statPrefix: tcp-1234
name: tcproute/default/backend
name: default/eg/tcp
perConnectionBufferLimitBytes: 32768
@@ -552,7 +554,7 @@ xds:
{"start_time":"%START_TIME%","method":"%REQ(:METHOD)%","x-envoy-origin-path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","response_code_details":"%RESPONSE_CODE_DETAILS%","connection_termination_details":"%CONNECTION_TERMINATION_DETAILS%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","duration":"%DURATION%","x-envoy-upstream-service-time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","x-forwarded-for":"%REQ(X-FORWARDED-FOR)%","user-agent":"%REQ(USER-AGENT)%","x-request-id":"%REQ(X-REQUEST-ID)%",":authority":"%REQ(:AUTHORITY)%","upstream_host":"%UPSTREAM_HOST%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","requested_server_name":"%REQUESTED_SERVER_NAME%","route_name":"%ROUTE_NAME%"}
path: /dev/stdout
cluster: tlsroute/default/backend/rule/-1
- statPrefix: passthrough
+ statPrefix: tls-passthrough-8443
name: tlsroute/default/backend
listenerFilters:
- name: envoy.filters.listener.tls_inspector
diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.cluster.yaml b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.cluster.yaml
index 3d9bce8ad21..c9f782804a4 100644
--- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.cluster.yaml
+++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.cluster.yaml
@@ -44,7 +44,9 @@ xds:
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
- cluster:
'@type': type.googleapis.com/envoy.config.cluster.v3.Cluster
circuitBreakers:
diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.listener.yaml b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.listener.yaml
index c151e22c7cc..5a0c626162a 100644
--- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.listener.yaml
+++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.listener.yaml
@@ -56,7 +56,7 @@ xds:
resourceApiVersion: V3
routeConfigName: default/eg/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: default/eg/http
drainType: MODIFY_ONLY
@@ -124,7 +124,7 @@ xds:
resourceApiVersion: V3
routeConfigName: default/eg/grpc
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-8080
useRemoteAddress: true
name: default/eg/grpc
drainType: MODIFY_ONLY
@@ -166,7 +166,7 @@ xds:
{"start_time":"%START_TIME%","method":"%REQ(:METHOD)%","x-envoy-origin-path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","response_code_details":"%RESPONSE_CODE_DETAILS%","connection_termination_details":"%CONNECTION_TERMINATION_DETAILS%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","duration":"%DURATION%","x-envoy-upstream-service-time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","x-forwarded-for":"%REQ(X-FORWARDED-FOR)%","user-agent":"%REQ(USER-AGENT)%","x-request-id":"%REQ(X-REQUEST-ID)%",":authority":"%REQ(:AUTHORITY)%","upstream_host":"%UPSTREAM_HOST%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","requested_server_name":"%REQUESTED_SERVER_NAME%","route_name":"%ROUTE_NAME%"}
path: /dev/stdout
cluster: tcproute/default/backend/rule/-1
- statPrefix: tcp
+ statPrefix: tcp-1234
name: tcproute/default/backend
name: default/eg/tcp
perConnectionBufferLimitBytes: 32768
@@ -209,7 +209,7 @@ xds:
{"start_time":"%START_TIME%","method":"%REQ(:METHOD)%","x-envoy-origin-path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","response_code_details":"%RESPONSE_CODE_DETAILS%","connection_termination_details":"%CONNECTION_TERMINATION_DETAILS%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","duration":"%DURATION%","x-envoy-upstream-service-time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","x-forwarded-for":"%REQ(X-FORWARDED-FOR)%","user-agent":"%REQ(USER-AGENT)%","x-request-id":"%REQ(X-REQUEST-ID)%",":authority":"%REQ(:AUTHORITY)%","upstream_host":"%UPSTREAM_HOST%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","requested_server_name":"%REQUESTED_SERVER_NAME%","route_name":"%ROUTE_NAME%"}
path: /dev/stdout
cluster: tlsroute/default/backend/rule/-1
- statPrefix: passthrough
+ statPrefix: tls-passthrough-8443
name: tlsroute/default/backend
listenerFilters:
- name: envoy.filters.listener.tls_inspector
diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json
index 3d786413e60..f58e4d6932f 100644
--- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json
+++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json
@@ -537,7 +537,7 @@
"routeConfigName": "envoy-gateway-system/eg/http"
},
"serverHeaderTransformation": "PASS_THROUGH",
- "statPrefix": "http",
+ "statPrefix": "http-10080",
"useRemoteAddress": true
}
}
diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml
index 9f54fcc5d1b..121d5b6e16e 100644
--- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml
+++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml
@@ -317,7 +317,7 @@ xds:
resourceApiVersion: V3
routeConfigName: envoy-gateway-system/eg/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway-system/eg/http
drainType: MODIFY_ONLY
diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml
index 3d2efd91270..692be7fec9e 100644
--- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml
+++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml
@@ -73,7 +73,7 @@ xds:
resourceApiVersion: V3
routeConfigName: envoy-gateway-system/eg/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway-system/eg/http
drainType: MODIFY_ONLY
diff --git a/internal/cmd/egctl/testdata/translate/out/no-service-cluster-ip.all.yaml b/internal/cmd/egctl/testdata/translate/out/no-service-cluster-ip.all.yaml
index 73ea76b01e6..854b6b3388b 100644
--- a/internal/cmd/egctl/testdata/translate/out/no-service-cluster-ip.all.yaml
+++ b/internal/cmd/egctl/testdata/translate/out/no-service-cluster-ip.all.yaml
@@ -262,7 +262,7 @@ xds:
resourceApiVersion: V3
routeConfigName: envoy-gateway-system/eg/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway-system/eg/http
drainType: MODIFY_ONLY
diff --git a/internal/gatewayapi/backendtrafficpolicy.go b/internal/gatewayapi/backendtrafficpolicy.go
index 26d4a2a9b7c..120918a8f6a 100644
--- a/internal/gatewayapi/backendtrafficpolicy.go
+++ b/internal/gatewayapi/backendtrafficpolicy.go
@@ -295,6 +295,8 @@ func (t *Translator) translateBackendTrafficPolicyForRoute(policy *egv1a1.Backen
ka *ir.TCPKeepalive
rt *ir.Retry
bc *ir.BackendConnection
+ ds *ir.DNS
+ h2 *ir.HTTP2Settings
err, errs error
)
@@ -349,6 +351,17 @@ func (t *Translator) translateBackendTrafficPolicyForRoute(policy *egv1a1.Backen
}
}
+ if policy.Spec.HTTP2 != nil {
+ if h2, err = buildIRHTTP2Settings(policy.Spec.HTTP2); err != nil {
+ err = perr.WithMessage(err, "HTTP2")
+ errs = errors.Join(errs, err)
+ }
+ }
+
+ if policy.Spec.DNS != nil {
+ ds = t.translateDNS(policy)
+ }
+
// Early return if got any errors
if errs != nil {
return errs
@@ -368,6 +381,7 @@ func (t *Translator) translateBackendTrafficPolicyForRoute(policy *egv1a1.Backen
r.TCPKeepalive = ka
r.Timeout = to
r.BackendConnection = bc
+ r.DNS = ds
}
}
}
@@ -380,6 +394,7 @@ func (t *Translator) translateBackendTrafficPolicyForRoute(policy *egv1a1.Backen
r.LoadBalancer = lb
r.Timeout = to
r.BackendConnection = bc
+ r.DNS = ds
}
}
}
@@ -398,8 +413,10 @@ func (t *Translator) translateBackendTrafficPolicyForRoute(policy *egv1a1.Backen
TCPKeepalive: ka,
Retry: rt,
BackendConnection: bc,
+ HTTP2: h2,
}
+ r.DNS = ds
// Update the Host field in HealthCheck, now that we have access to the Route Hostname.
r.Traffic.HealthCheck.SetHTTPHostIfAbsent(r.Hostname)
@@ -432,6 +449,8 @@ func (t *Translator) translateBackendTrafficPolicyForGateway(policy *egv1a1.Back
ct *ir.Timeout
ka *ir.TCPKeepalive
rt *ir.Retry
+ ds *ir.DNS
+ h2 *ir.HTTP2Settings
err, errs error
)
@@ -478,6 +497,16 @@ func (t *Translator) translateBackendTrafficPolicyForGateway(policy *egv1a1.Back
errs = errors.Join(errs, err)
}
}
+ if policy.Spec.HTTP2 != nil {
+ if h2, err = buildIRHTTP2Settings(policy.Spec.HTTP2); err != nil {
+ err = perr.WithMessage(err, "HTTP2")
+ errs = errors.Join(errs, err)
+ }
+ }
+
+ if policy.Spec.DNS != nil {
+ ds = t.translateDNS(policy)
+ }
// Early return if got any errors
if errs != nil {
@@ -516,6 +545,10 @@ func (t *Translator) translateBackendTrafficPolicyForGateway(policy *egv1a1.Back
if r.Timeout == nil {
r.Timeout = ct
}
+
+ if r.DNS == nil {
+ r.DNS = ds
+ }
}
}
@@ -540,6 +573,10 @@ func (t *Translator) translateBackendTrafficPolicyForGateway(policy *egv1a1.Back
if route.Timeout == nil {
route.Timeout = ct
}
+
+ if route.DNS == nil {
+ route.DNS = ds
+ }
}
for _, http := range x.HTTP {
@@ -566,6 +603,11 @@ func (t *Translator) translateBackendTrafficPolicyForGateway(policy *egv1a1.Back
FaultInjection: fi,
TCPKeepalive: ka,
Retry: rt,
+ HTTP2: h2,
+ }
+
+ if r.DNS == nil {
+ r.DNS = ds
}
// Update the Host field in HealthCheck, now that we have access to the Route Hostname.
@@ -847,6 +889,17 @@ func (t *Translator) buildConsistentHashLoadBalancer(policy *egv1a1.BackendTraff
return consistentHash, nil
}
+func (t *Translator) translateDNS(policy *egv1a1.BackendTrafficPolicy) *ir.DNS {
+ ds := &ir.DNS{}
+ if policy.Spec.DNS.RespectDNSTTL != nil {
+ ds.RespectDNSTTL = policy.Spec.DNS.RespectDNSTTL
+ }
+ if policy.Spec.DNS.DNSRefreshRate != nil {
+ ds.DNSRefreshRate = policy.Spec.DNS.DNSRefreshRate
+ }
+ return ds
+}
+
func (t *Translator) buildProxyProtocol(policy *egv1a1.BackendTrafficPolicy) *ir.ProxyProtocol {
var pp *ir.ProxyProtocol
switch policy.Spec.ProxyProtocol.Version {
diff --git a/internal/gatewayapi/clienttrafficpolicy.go b/internal/gatewayapi/clienttrafficpolicy.go
index 8462a0545c0..1d7e8e89a84 100644
--- a/internal/gatewayapi/clienttrafficpolicy.go
+++ b/internal/gatewayapi/clienttrafficpolicy.go
@@ -28,11 +28,7 @@ import (
const (
// Use an invalid string to represent all sections (listeners) within a Gateway
- AllSections = "/"
- MinHTTP2InitialStreamWindowSize = 65535 // https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-http2protocoloptions-initial-stream-window-size
- MaxHTTP2InitialStreamWindowSize = 2147483647 // https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-http2protocoloptions-initial-stream-window-size
- MinHTTP2InitialConnectionWindowSize = MinHTTP2InitialStreamWindowSize
- MaxHTTP2InitialConnectionWindowSize = MaxHTTP2InitialStreamWindowSize
+ AllSections = "/"
)
func hasSectionName(target *gwapiv1a2.LocalPolicyTargetReferenceWithSectionName) bool {
diff --git a/internal/gatewayapi/http.go b/internal/gatewayapi/http.go
new file mode 100644
index 00000000000..95b0cd6310e
--- /dev/null
+++ b/internal/gatewayapi/http.go
@@ -0,0 +1,73 @@
+// Copyright Envoy Gateway Authors
+// SPDX-License-Identifier: Apache-2.0
+// The full text of the Apache license is available in the LICENSE file at
+// the root of the repo.
+
+package gatewayapi
+
+import (
+ "errors"
+ "fmt"
+
+ "k8s.io/utils/ptr"
+
+ egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
+ "github.com/envoyproxy/gateway/internal/ir"
+)
+
+const (
+ MinHTTP2InitialStreamWindowSize = 65535 // https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-http2protocoloptions-initial-stream-window-size
+ MaxHTTP2InitialStreamWindowSize = 2147483647 // https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-http2protocoloptions-initial-stream-window-size
+ MinHTTP2InitialConnectionWindowSize = MinHTTP2InitialStreamWindowSize
+ MaxHTTP2InitialConnectionWindowSize = MaxHTTP2InitialStreamWindowSize
+)
+
+func buildIRHTTP2Settings(http2Settings *egv1a1.HTTP2Settings) (*ir.HTTP2Settings, error) {
+ var (
+ http2 = &ir.HTTP2Settings{}
+ errs error
+ )
+
+ if http2Settings.InitialStreamWindowSize != nil {
+ initialStreamWindowSize, ok := http2Settings.InitialStreamWindowSize.AsInt64()
+ switch {
+ case !ok:
+ errs = errors.Join(errs, fmt.Errorf("invalid InitialStreamWindowSize value %s", http2Settings.InitialStreamWindowSize.String()))
+ case initialStreamWindowSize < MinHTTP2InitialStreamWindowSize || initialStreamWindowSize > MaxHTTP2InitialStreamWindowSize:
+ errs = errors.Join(errs, fmt.Errorf("InitialStreamWindowSize value %s is out of range, must be between %d and %d",
+ http2Settings.InitialStreamWindowSize.String(),
+ MinHTTP2InitialStreamWindowSize,
+ MaxHTTP2InitialStreamWindowSize))
+ default:
+ http2.InitialStreamWindowSize = ptr.To(uint32(initialStreamWindowSize))
+ }
+ }
+
+ if http2Settings.InitialConnectionWindowSize != nil {
+ initialConnectionWindowSize, ok := http2Settings.InitialConnectionWindowSize.AsInt64()
+ switch {
+ case !ok:
+ errs = errors.Join(errs, fmt.Errorf("invalid InitialConnectionWindowSize value %s", http2Settings.InitialConnectionWindowSize.String()))
+ case initialConnectionWindowSize < MinHTTP2InitialConnectionWindowSize || initialConnectionWindowSize > MaxHTTP2InitialConnectionWindowSize:
+ errs = errors.Join(errs, fmt.Errorf("InitialConnectionWindowSize value %s is out of range, must be between %d and %d",
+ http2Settings.InitialConnectionWindowSize.String(),
+ MinHTTP2InitialConnectionWindowSize,
+ MaxHTTP2InitialConnectionWindowSize))
+ default:
+ http2.InitialConnectionWindowSize = ptr.To(uint32(initialConnectionWindowSize))
+ }
+ }
+
+ http2.MaxConcurrentStreams = http2Settings.MaxConcurrentStreams
+
+ if http2Settings.OnInvalidMessage != nil {
+ switch *http2Settings.OnInvalidMessage {
+ case egv1a1.InvalidMessageActionTerminateStream:
+ http2.ResetStreamOnError = ptr.To(true)
+ case egv1a1.InvalidMessageActionTerminateConnection:
+ http2.ResetStreamOnError = ptr.To(false)
+ }
+ }
+
+ return http2, errs
+}
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-dns-settings.in.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-dns-settings.in.yaml
new file mode 100644
index 00000000000..f1d48c4d31d
--- /dev/null
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-dns-settings.in.yaml
@@ -0,0 +1,127 @@
+gateways:
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: Gateway
+ metadata:
+ namespace: envoy-gateway
+ name: gateway-1
+ spec:
+ gatewayClassName: envoy-gateway-class
+ listeners:
+ - name: http
+ protocol: HTTP
+ port: 80
+ allowedRoutes:
+ namespaces:
+ from: All
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: Gateway
+ metadata:
+ namespace: envoy-gateway
+ name: gateway-2
+ spec:
+ gatewayClassName: envoy-gateway-class
+ listeners:
+ - name: http
+ protocol: HTTP
+ port: 80
+ allowedRoutes:
+ namespaces:
+ from: All
+httpRoutes:
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: HTTPRoute
+ metadata:
+ namespace: default
+ name: httproute-1
+ spec:
+ hostnames:
+ - gateway.envoyproxy.io
+ parentRefs:
+ - namespace: envoy-gateway
+ name: gateway-2
+ sectionName: http
+ rules:
+ - matches:
+ - path:
+ value: "/"
+ backendRefs:
+ - name: service-1
+ port: 8080
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: HTTPRoute
+ metadata:
+ namespace: default
+ name: httproute-2
+ spec:
+ hostnames:
+ - gateway.envoyproxy.io
+ parentRefs:
+ - namespace: envoy-gateway
+ name: gateway-2
+ sectionName: http
+ rules:
+ - matches:
+ - path:
+ value: "/v2"
+ backendRefs:
+ - name: service-2
+ port: 8080
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: HTTPRoute
+ metadata:
+ namespace: default
+ name: httproute-3
+ spec:
+ hostnames:
+ - gateway.envoyproxy.io
+ parentRefs:
+ - namespace: envoy-gateway
+ name: gateway-1
+ sectionName: http
+ rules:
+ - matches:
+ - path:
+ value: "/v3"
+ backendRefs:
+ - name: service-3
+ port: 8080
+backendTrafficPolicies:
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: BackendTrafficPolicy
+ metadata:
+ namespace: default
+ name: policy-for-route-1
+ spec:
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ name: httproute-1
+ dns:
+ dnsRefreshRate: "1s"
+ respectDnsTtl: true
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: BackendTrafficPolicy
+ metadata:
+ namespace: default
+ name: policy-for-route-2
+ spec:
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ name: httproute-2
+ dns:
+ dnsRefreshRate: "5s"
+ respectDnsTtl: false
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: BackendTrafficPolicy
+ metadata:
+ namespace: envoy-gateway
+ name: policy-for-all-routes-in-gateway-1
+ spec:
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-1
+ dns:
+ dnsRefreshRate: "10s"
+ respectDnsTtl: true
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-dns-settings.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-dns-settings.out.yaml
new file mode 100644
index 00000000000..89d9902328f
--- /dev/null
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-dns-settings.out.yaml
@@ -0,0 +1,427 @@
+backendTrafficPolicies:
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: BackendTrafficPolicy
+ metadata:
+ creationTimestamp: null
+ name: policy-for-route-1
+ namespace: default
+ spec:
+ dns:
+ dnsRefreshRate: 1s
+ respectDnsTtl: true
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ name: httproute-1
+ status:
+ ancestors:
+ - ancestorRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-2
+ namespace: envoy-gateway
+ sectionName: http
+ conditions:
+ - lastTransitionTime: null
+ message: Policy has been accepted.
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: BackendTrafficPolicy
+ metadata:
+ creationTimestamp: null
+ name: policy-for-route-2
+ namespace: default
+ spec:
+ dns:
+ dnsRefreshRate: 5s
+ respectDnsTtl: false
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ name: httproute-2
+ status:
+ ancestors:
+ - ancestorRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-2
+ namespace: envoy-gateway
+ sectionName: http
+ conditions:
+ - lastTransitionTime: null
+ message: Policy has been accepted.
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: BackendTrafficPolicy
+ metadata:
+ creationTimestamp: null
+ name: policy-for-all-routes-in-gateway-1
+ namespace: envoy-gateway
+ spec:
+ dns:
+ dnsRefreshRate: 10s
+ respectDnsTtl: true
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-1
+ status:
+ ancestors:
+ - ancestorRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-1
+ namespace: envoy-gateway
+ conditions:
+ - lastTransitionTime: null
+ message: Policy has been accepted.
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+gateways:
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: Gateway
+ metadata:
+ creationTimestamp: null
+ name: gateway-1
+ namespace: envoy-gateway
+ spec:
+ gatewayClassName: envoy-gateway-class
+ listeners:
+ - allowedRoutes:
+ namespaces:
+ from: All
+ name: http
+ port: 80
+ protocol: HTTP
+ status:
+ listeners:
+ - attachedRoutes: 1
+ conditions:
+ - lastTransitionTime: null
+ message: Sending translated listener configuration to the data plane
+ reason: Programmed
+ status: "True"
+ type: Programmed
+ - lastTransitionTime: null
+ message: Listener has been successfully translated
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: Listener references have been resolved
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ name: http
+ supportedKinds:
+ - group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ - group: gateway.networking.k8s.io
+ kind: GRPCRoute
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: Gateway
+ metadata:
+ creationTimestamp: null
+ name: gateway-2
+ namespace: envoy-gateway
+ spec:
+ gatewayClassName: envoy-gateway-class
+ listeners:
+ - allowedRoutes:
+ namespaces:
+ from: All
+ name: http
+ port: 80
+ protocol: HTTP
+ status:
+ listeners:
+ - attachedRoutes: 2
+ conditions:
+ - lastTransitionTime: null
+ message: Sending translated listener configuration to the data plane
+ reason: Programmed
+ status: "True"
+ type: Programmed
+ - lastTransitionTime: null
+ message: Listener has been successfully translated
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: Listener references have been resolved
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ name: http
+ supportedKinds:
+ - group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ - group: gateway.networking.k8s.io
+ kind: GRPCRoute
+httpRoutes:
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: HTTPRoute
+ metadata:
+ creationTimestamp: null
+ name: httproute-1
+ namespace: default
+ spec:
+ hostnames:
+ - gateway.envoyproxy.io
+ parentRefs:
+ - name: gateway-2
+ namespace: envoy-gateway
+ sectionName: http
+ rules:
+ - backendRefs:
+ - name: service-1
+ port: 8080
+ matches:
+ - path:
+ value: /
+ status:
+ parents:
+ - conditions:
+ - lastTransitionTime: null
+ message: Route is accepted
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: Resolved all the Object references for the Route
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+ parentRef:
+ name: gateway-2
+ namespace: envoy-gateway
+ sectionName: http
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: HTTPRoute
+ metadata:
+ creationTimestamp: null
+ name: httproute-2
+ namespace: default
+ spec:
+ hostnames:
+ - gateway.envoyproxy.io
+ parentRefs:
+ - name: gateway-2
+ namespace: envoy-gateway
+ sectionName: http
+ rules:
+ - backendRefs:
+ - name: service-2
+ port: 8080
+ matches:
+ - path:
+ value: /v2
+ status:
+ parents:
+ - conditions:
+ - lastTransitionTime: null
+ message: Route is accepted
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: Resolved all the Object references for the Route
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+ parentRef:
+ name: gateway-2
+ namespace: envoy-gateway
+ sectionName: http
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: HTTPRoute
+ metadata:
+ creationTimestamp: null
+ name: httproute-3
+ namespace: default
+ spec:
+ hostnames:
+ - gateway.envoyproxy.io
+ parentRefs:
+ - name: gateway-1
+ namespace: envoy-gateway
+ sectionName: http
+ rules:
+ - backendRefs:
+ - name: service-3
+ port: 8080
+ matches:
+ - path:
+ value: /v3
+ status:
+ parents:
+ - conditions:
+ - lastTransitionTime: null
+ message: Route is accepted
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: Resolved all the Object references for the Route
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+ parentRef:
+ name: gateway-1
+ namespace: envoy-gateway
+ sectionName: http
+infraIR:
+ envoy-gateway/gateway-1:
+ proxy:
+ listeners:
+ - address: null
+ name: envoy-gateway/gateway-1/http
+ ports:
+ - containerPort: 10080
+ name: http-80
+ protocol: HTTP
+ servicePort: 80
+ metadata:
+ labels:
+ gateway.envoyproxy.io/owning-gateway-name: gateway-1
+ gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway
+ name: envoy-gateway/gateway-1
+ envoy-gateway/gateway-2:
+ proxy:
+ listeners:
+ - address: null
+ name: envoy-gateway/gateway-2/http
+ ports:
+ - containerPort: 10080
+ name: http-80
+ protocol: HTTP
+ servicePort: 80
+ metadata:
+ labels:
+ gateway.envoyproxy.io/owning-gateway-name: gateway-2
+ gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway
+ name: envoy-gateway/gateway-2
+xdsIR:
+ envoy-gateway/gateway-1:
+ accessLog:
+ text:
+ - path: /dev/stdout
+ http:
+ - address: 0.0.0.0
+ hostnames:
+ - '*'
+ isHTTP2: false
+ metadata:
+ kind: Gateway
+ name: gateway-1
+ namespace: envoy-gateway
+ sectionName: http
+ name: envoy-gateway/gateway-1/http
+ path:
+ escapedSlashesAction: UnescapeAndRedirect
+ mergeSlashes: true
+ port: 10080
+ routes:
+ - destination:
+ name: httproute/default/httproute-3/rule/0
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 7.7.7.7
+ port: 8080
+ protocol: HTTP
+ weight: 1
+ dns:
+ dnsRefreshRate: 10s
+ respectDnsTtl: true
+ hostname: gateway.envoyproxy.io
+ isHTTP2: false
+ metadata:
+ kind: HTTPRoute
+ name: httproute-3
+ namespace: default
+ name: httproute/default/httproute-3/rule/0/match/0/gateway_envoyproxy_io
+ pathMatch:
+ distinct: false
+ name: ""
+ prefix: /v3
+ traffic: {}
+ envoy-gateway/gateway-2:
+ accessLog:
+ text:
+ - path: /dev/stdout
+ http:
+ - address: 0.0.0.0
+ hostnames:
+ - '*'
+ isHTTP2: false
+ metadata:
+ kind: Gateway
+ name: gateway-2
+ namespace: envoy-gateway
+ sectionName: http
+ name: envoy-gateway/gateway-2/http
+ path:
+ escapedSlashesAction: UnescapeAndRedirect
+ mergeSlashes: true
+ port: 10080
+ routes:
+ - destination:
+ name: httproute/default/httproute-2/rule/0
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 7.7.7.7
+ port: 8080
+ protocol: HTTP
+ weight: 1
+ dns:
+ dnsRefreshRate: 5s
+ respectDnsTtl: false
+ hostname: gateway.envoyproxy.io
+ isHTTP2: false
+ metadata:
+ kind: HTTPRoute
+ name: httproute-2
+ namespace: default
+ name: httproute/default/httproute-2/rule/0/match/0/gateway_envoyproxy_io
+ pathMatch:
+ distinct: false
+ name: ""
+ prefix: /v2
+ traffic: {}
+ - destination:
+ name: httproute/default/httproute-1/rule/0
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 7.7.7.7
+ port: 8080
+ protocol: HTTP
+ weight: 1
+ dns:
+ dnsRefreshRate: 1s
+ respectDnsTtl: true
+ hostname: gateway.envoyproxy.io
+ isHTTP2: false
+ metadata:
+ kind: HTTPRoute
+ name: httproute-1
+ namespace: default
+ name: httproute/default/httproute-1/rule/0/match/0/gateway_envoyproxy_io
+ pathMatch:
+ distinct: false
+ name: ""
+ prefix: /
+ traffic: {}
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-http2.in.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-http2.in.yaml
new file mode 100644
index 00000000000..f8962194199
--- /dev/null
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-http2.in.yaml
@@ -0,0 +1,95 @@
+gateways:
+ - apiVersion: gateway.networking.k8s.io/v1
+ kind: Gateway
+ metadata:
+ namespace: envoy-gateway
+ name: gateway-1
+ spec:
+ gatewayClassName: envoy-gateway-class
+ listeners:
+ - name: http
+ protocol: HTTP
+ port: 80
+ allowedRoutes:
+ namespaces:
+ from: All
+ - apiVersion: gateway.networking.k8s.io/v1
+ kind: Gateway
+ metadata:
+ namespace: envoy-gateway
+ name: gateway-2
+ spec:
+ gatewayClassName: envoy-gateway-class
+ listeners:
+ - name: http
+ protocol: HTTP
+ port: 80
+ allowedRoutes:
+ namespaces:
+ from: All
+grpcRoutes:
+ - apiVersion: gateway.networking.k8s.io/v1alpha2
+ kind: GRPCRoute
+ metadata:
+ namespace: default
+ name: grpcroute-1
+ spec:
+ parentRefs:
+ - namespace: envoy-gateway
+ name: gateway-1
+ sectionName: http
+ rules:
+ - backendRefs:
+ - name: service-1
+ port: 8080
+httpRoutes:
+ - apiVersion: gateway.networking.k8s.io/v1
+ kind: HTTPRoute
+ metadata:
+ namespace: default
+ name: httproute-1
+ spec:
+ hostnames:
+ - gateway.envoyproxy.io
+ parentRefs:
+ - namespace: envoy-gateway
+ name: gateway-2
+ sectionName: http
+ rules:
+ - matches:
+ - path:
+ value: "/"
+ backendRefs:
+ - name: service-1
+ port: 8080
+backendTrafficPolicies:
+ - apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: BackendTrafficPolicy
+ metadata:
+ namespace: envoy-gateway
+ name: policy-for-gateway
+ spec:
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-1
+ http2:
+ initialStreamWindowSize: 2Mi
+ initialConnectionWindowSize: 1Gi
+ maxConcurrentStreams: 500
+ onInvalidMessage: TerminateConnection
+ - apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: BackendTrafficPolicy
+ metadata:
+ namespace: default
+ name: policy-for-route
+ spec:
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ name: httproute-1
+ http2:
+ initialStreamWindowSize: 1Mi
+ initialConnectionWindowSize: 500Mi
+ maxConcurrentStreams: 200
+ onInvalidMessage: TerminateStream
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-http2.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-http2.out.yaml
new file mode 100644
index 00000000000..35dbb164bf1
--- /dev/null
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-http2.out.yaml
@@ -0,0 +1,336 @@
+backendTrafficPolicies:
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: BackendTrafficPolicy
+ metadata:
+ creationTimestamp: null
+ name: policy-for-route
+ namespace: default
+ spec:
+ http2:
+ initialConnectionWindowSize: 500Mi
+ initialStreamWindowSize: 1Mi
+ maxConcurrentStreams: 200
+ onInvalidMessage: TerminateStream
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ name: httproute-1
+ status:
+ ancestors:
+ - ancestorRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-2
+ namespace: envoy-gateway
+ sectionName: http
+ conditions:
+ - lastTransitionTime: null
+ message: Policy has been accepted.
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: BackendTrafficPolicy
+ metadata:
+ creationTimestamp: null
+ name: policy-for-gateway
+ namespace: envoy-gateway
+ spec:
+ http2:
+ initialConnectionWindowSize: 1Gi
+ initialStreamWindowSize: 2Mi
+ maxConcurrentStreams: 500
+ onInvalidMessage: TerminateConnection
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-1
+ status:
+ ancestors:
+ - ancestorRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-1
+ namespace: envoy-gateway
+ conditions:
+ - lastTransitionTime: null
+ message: Policy has been accepted.
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+gateways:
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: Gateway
+ metadata:
+ creationTimestamp: null
+ name: gateway-1
+ namespace: envoy-gateway
+ spec:
+ gatewayClassName: envoy-gateway-class
+ listeners:
+ - allowedRoutes:
+ namespaces:
+ from: All
+ name: http
+ port: 80
+ protocol: HTTP
+ status:
+ listeners:
+ - attachedRoutes: 1
+ conditions:
+ - lastTransitionTime: null
+ message: Sending translated listener configuration to the data plane
+ reason: Programmed
+ status: "True"
+ type: Programmed
+ - lastTransitionTime: null
+ message: Listener has been successfully translated
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: Listener references have been resolved
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ name: http
+ supportedKinds:
+ - group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ - group: gateway.networking.k8s.io
+ kind: GRPCRoute
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: Gateway
+ metadata:
+ creationTimestamp: null
+ name: gateway-2
+ namespace: envoy-gateway
+ spec:
+ gatewayClassName: envoy-gateway-class
+ listeners:
+ - allowedRoutes:
+ namespaces:
+ from: All
+ name: http
+ port: 80
+ protocol: HTTP
+ status:
+ listeners:
+ - attachedRoutes: 1
+ conditions:
+ - lastTransitionTime: null
+ message: Sending translated listener configuration to the data plane
+ reason: Programmed
+ status: "True"
+ type: Programmed
+ - lastTransitionTime: null
+ message: Listener has been successfully translated
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: Listener references have been resolved
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ name: http
+ supportedKinds:
+ - group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ - group: gateway.networking.k8s.io
+ kind: GRPCRoute
+grpcRoutes:
+- apiVersion: gateway.networking.k8s.io/v1alpha2
+ kind: GRPCRoute
+ metadata:
+ creationTimestamp: null
+ name: grpcroute-1
+ namespace: default
+ spec:
+ parentRefs:
+ - name: gateway-1
+ namespace: envoy-gateway
+ sectionName: http
+ rules:
+ - backendRefs:
+ - name: service-1
+ port: 8080
+ status:
+ parents:
+ - conditions:
+ - lastTransitionTime: null
+ message: Route is accepted
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: Resolved all the Object references for the Route
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+ parentRef:
+ name: gateway-1
+ namespace: envoy-gateway
+ sectionName: http
+httpRoutes:
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: HTTPRoute
+ metadata:
+ creationTimestamp: null
+ name: httproute-1
+ namespace: default
+ spec:
+ hostnames:
+ - gateway.envoyproxy.io
+ parentRefs:
+ - name: gateway-2
+ namespace: envoy-gateway
+ sectionName: http
+ rules:
+ - backendRefs:
+ - name: service-1
+ port: 8080
+ matches:
+ - path:
+ value: /
+ status:
+ parents:
+ - conditions:
+ - lastTransitionTime: null
+ message: Route is accepted
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: Resolved all the Object references for the Route
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+ parentRef:
+ name: gateway-2
+ namespace: envoy-gateway
+ sectionName: http
+infraIR:
+ envoy-gateway/gateway-1:
+ proxy:
+ listeners:
+ - address: null
+ name: envoy-gateway/gateway-1/http
+ ports:
+ - containerPort: 10080
+ name: http-80
+ protocol: HTTP
+ servicePort: 80
+ metadata:
+ labels:
+ gateway.envoyproxy.io/owning-gateway-name: gateway-1
+ gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway
+ name: envoy-gateway/gateway-1
+ envoy-gateway/gateway-2:
+ proxy:
+ listeners:
+ - address: null
+ name: envoy-gateway/gateway-2/http
+ ports:
+ - containerPort: 10080
+ name: http-80
+ protocol: HTTP
+ servicePort: 80
+ metadata:
+ labels:
+ gateway.envoyproxy.io/owning-gateway-name: gateway-2
+ gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway
+ name: envoy-gateway/gateway-2
+xdsIR:
+ envoy-gateway/gateway-1:
+ accessLog:
+ text:
+ - path: /dev/stdout
+ http:
+ - address: 0.0.0.0
+ hostnames:
+ - '*'
+ isHTTP2: true
+ metadata:
+ kind: Gateway
+ name: gateway-1
+ namespace: envoy-gateway
+ sectionName: http
+ name: envoy-gateway/gateway-1/http
+ path:
+ escapedSlashesAction: UnescapeAndRedirect
+ mergeSlashes: true
+ port: 10080
+ routes:
+ - destination:
+ name: grpcroute/default/grpcroute-1/rule/0
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 7.7.7.7
+ port: 8080
+ protocol: GRPC
+ weight: 1
+ hostname: '*'
+ isHTTP2: true
+ metadata:
+ kind: GRPCRoute
+ name: grpcroute-1
+ namespace: default
+ name: grpcroute/default/grpcroute-1/rule/0/match/-1/*
+ traffic:
+ http2:
+ initialConnectionWindowSize: 2097152
+ initialStreamWindowSize: 1073741824
+ maxConcurrentStreams: 500
+ resetStreamOnError: false
+ envoy-gateway/gateway-2:
+ accessLog:
+ text:
+ - path: /dev/stdout
+ http:
+ - address: 0.0.0.0
+ hostnames:
+ - '*'
+ isHTTP2: false
+ metadata:
+ kind: Gateway
+ name: gateway-2
+ namespace: envoy-gateway
+ sectionName: http
+ name: envoy-gateway/gateway-2/http
+ path:
+ escapedSlashesAction: UnescapeAndRedirect
+ mergeSlashes: true
+ port: 10080
+ routes:
+ - destination:
+ name: httproute/default/httproute-1/rule/0
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 7.7.7.7
+ port: 8080
+ protocol: HTTP
+ weight: 1
+ hostname: gateway.envoyproxy.io
+ isHTTP2: false
+ metadata:
+ kind: HTTPRoute
+ name: httproute-1
+ namespace: default
+ name: httproute/default/httproute-1/rule/0/match/0/gateway_envoyproxy_io
+ pathMatch:
+ distinct: false
+ name: ""
+ prefix: /
+ traffic:
+ http2:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 524288000
+ maxConcurrentStreams: 200
+ resetStreamOnError: true
diff --git a/internal/ir/xds.go b/internal/ir/xds.go
index 3d300f1a539..7cc5ed8f354 100644
--- a/internal/ir/xds.go
+++ b/internal/ir/xds.go
@@ -456,6 +456,8 @@ type HTTP2Settings struct {
InitialConnectionWindowSize *uint32 `json:"initialStreamWindowSize,omitempty" yaml:"initialStreamWindowSize,omitempty"`
// MaxConcurrentStreams is the maximum number of concurrent streams that can be opened on a connection.
MaxConcurrentStreams *uint32 `json:"maxConcurrentStreams,omitempty" yaml:"maxConcurrentStreams,omitempty"`
+ // ResetStreamOnError determines if a stream or connection is reset on messaging error.
+ ResetStreamOnError *bool `json:"resetStreamOnError,omitempty" yaml:"resetStreamOnError,omitempty"`
}
// HealthCheckSettings provides HealthCheck configuration on the HTTP/HTTPS listener.
@@ -563,6 +565,17 @@ type HTTPRoute struct {
UseClientProtocol *bool `json:"useClientProtocol,omitempty" yaml:"useClientProtocol,omitempty"`
// Metadata is used to enrich envoy route metadata with user and provider-specific information
Metadata *ResourceMetadata `json:"metadata,omitempty" yaml:"metadata,omitempty"`
+ // DNS is used to configure how DNS resolution is handled for the route
+ DNS *DNS `json:"dns,omitempty" yaml:"dns,omitempty"`
+}
+
+// DNS contains configuration options for DNS resolution.
+// +k8s:deepcopy-gen=true
+type DNS struct {
+ // DNSRefreshRate specifies the rate at which DNS records should be refreshed.
+ DNSRefreshRate *metav1.Duration `json:"dnsRefreshRate,omitempty"`
+ // RespectDNSTTL indicates whether the DNS Time-To-Live (TTL) should be respected.
+ RespectDNSTTL *bool `json:"respectDnsTtl,omitempty"`
}
// TrafficFeatures holds the information associated with the Backend Traffic Policy.
@@ -589,6 +602,9 @@ type TrafficFeatures struct {
Retry *Retry `json:"retry,omitempty" yaml:"retry,omitempty"`
// settings of upstream connection
BackendConnection *BackendConnection `json:"backendConnection,omitempty" yaml:"backendConnection,omitempty"`
+ // HTTP2 provides HTTP/2 configuration for clusters
+ // +optional
+ HTTP2 *HTTP2Settings `json:"http2,omitempty" yaml:"http2,omitempty"`
}
func (b *TrafficFeatures) Validate() error {
@@ -1386,6 +1402,8 @@ type TCPRoute struct {
ProxyProtocol *ProxyProtocol `json:"proxyProtocol,omitempty" yaml:"proxyProtocol,omitempty"`
// settings of upstream connection
BackendConnection *BackendConnection `json:"backendConnection,omitempty" yaml:"backendConnection,omitempty"`
+ // DNS is used to configure how DNS resolution is handled for the route
+ DNS *DNS `json:"dns,omitempty" yaml:"dns,omitempty"`
}
// TLS holds information for configuring TLS on a listener
@@ -1496,6 +1514,7 @@ type UDPRoute struct {
Timeout *Timeout `json:"timeout,omitempty" yaml:"timeout,omitempty"`
// settings of upstream connection
BackendConnection *BackendConnection `json:"backendConnection,omitempty" yaml:"backendConnection,omitempty"`
+ DNS *DNS `json:"dns,omitempty" yaml:"dns,omitempty"`
}
// Validate the fields within the UDPListener structure
diff --git a/internal/ir/zz_generated.deepcopy.go b/internal/ir/zz_generated.deepcopy.go
index 273eeb1c3ca..dabb7af5afd 100644
--- a/internal/ir/zz_generated.deepcopy.go
+++ b/internal/ir/zz_generated.deepcopy.go
@@ -562,6 +562,31 @@ func (in *CoreListenerDetails) DeepCopy() *CoreListenerDetails {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *DNS) DeepCopyInto(out *DNS) {
+ *out = *in
+ if in.DNSRefreshRate != nil {
+ in, out := &in.DNSRefreshRate, &out.DNSRefreshRate
+ *out = new(v1.Duration)
+ **out = **in
+ }
+ if in.RespectDNSTTL != nil {
+ in, out := &in.RespectDNSTTL, &out.RespectDNSTTL
+ *out = new(bool)
+ **out = **in
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNS.
+func (in *DNS) DeepCopy() *DNS {
+ if in == nil {
+ return nil
+ }
+ out := new(DNS)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *DestinationEndpoint) DeepCopyInto(out *DestinationEndpoint) {
*out = *in
@@ -1005,6 +1030,11 @@ func (in *HTTP2Settings) DeepCopyInto(out *HTTP2Settings) {
*out = new(uint32)
**out = **in
}
+ if in.ResetStreamOnError != nil {
+ in, out := &in.ResetStreamOnError, &out.ResetStreamOnError
+ *out = new(bool)
+ **out = **in
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTP2Settings.
@@ -1318,6 +1348,11 @@ func (in *HTTPRoute) DeepCopyInto(out *HTTPRoute) {
*out = new(ResourceMetadata)
(*in).DeepCopyInto(*out)
}
+ if in.DNS != nil {
+ in, out := &in.DNS, &out.DNS
+ *out = new(DNS)
+ (*in).DeepCopyInto(*out)
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRoute.
@@ -2524,6 +2559,11 @@ func (in *TCPRoute) DeepCopyInto(out *TCPRoute) {
*out = new(BackendConnection)
(*in).DeepCopyInto(*out)
}
+ if in.DNS != nil {
+ in, out := &in.DNS, &out.DNS
+ *out = new(DNS)
+ (*in).DeepCopyInto(*out)
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPRoute.
@@ -2858,6 +2898,11 @@ func (in *TrafficFeatures) DeepCopyInto(out *TrafficFeatures) {
*out = new(BackendConnection)
(*in).DeepCopyInto(*out)
}
+ if in.HTTP2 != nil {
+ in, out := &in.HTTP2, &out.HTTP2
+ *out = new(HTTP2Settings)
+ (*in).DeepCopyInto(*out)
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficFeatures.
@@ -2914,6 +2959,11 @@ func (in *UDPRoute) DeepCopyInto(out *UDPRoute) {
*out = new(BackendConnection)
(*in).DeepCopyInto(*out)
}
+ if in.DNS != nil {
+ in, out := &in.DNS, &out.DNS
+ *out = new(DNS)
+ (*in).DeepCopyInto(*out)
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UDPRoute.
diff --git a/internal/xds/translator/cluster.go b/internal/xds/translator/cluster.go
index e646f410944..697736dbc4d 100644
--- a/internal/xds/translator/cluster.go
+++ b/internal/xds/translator/cluster.go
@@ -48,10 +48,12 @@ type xdsClusterArgs struct {
circuitBreaker *ir.CircuitBreaker
healthCheck *ir.HealthCheck
http1Settings *ir.HTTP1Settings
+ http2Settings *ir.HTTP2Settings
timeout *ir.Timeout
tcpkeepalive *ir.TCPKeepalive
metrics *ir.Metrics
backendConnection *ir.BackendConnection
+ dns *ir.DNS
useClientProtocol bool
}
@@ -144,6 +146,16 @@ func buildXdsCluster(args *xdsClusterArgs) *clusterv3.Cluster {
cluster.ClusterDiscoveryType = &clusterv3.Cluster_Type{Type: clusterv3.Cluster_STRICT_DNS}
cluster.DnsRefreshRate = durationpb.New(30 * time.Second)
cluster.RespectDnsTtl = true
+ if args.dns != nil {
+ if args.dns.DNSRefreshRate != nil {
+ if args.dns.DNSRefreshRate.Duration > 0 {
+ cluster.DnsRefreshRate = durationpb.New(args.dns.DNSRefreshRate.Duration)
+ }
+ }
+ if args.dns.RespectDNSTTL != nil {
+ cluster.RespectDnsTtl = ptr.Deref(args.dns.RespectDNSTTL, true)
+ }
+ }
}
// build common, HTTP/1 and HTTP/2 protocol options for cluster
@@ -504,13 +516,15 @@ func buildTypedExtensionProtocolOptions(args *xdsClusterArgs) map[string]*anypb.
protocolOptions.UpstreamProtocolOptions = &httpv3.HttpProtocolOptions_UseDownstreamProtocolConfig{
UseDownstreamProtocolConfig: &httpv3.HttpProtocolOptions_UseDownstreamHttpConfig{
HttpProtocolOptions: http1opts,
- Http2ProtocolOptions: &corev3.Http2ProtocolOptions{},
+ Http2ProtocolOptions: buildHTTP2Settings(args.http2Settings),
},
}
case requiresHTTP2Options:
protocolOptions.UpstreamProtocolOptions = &httpv3.HttpProtocolOptions_ExplicitHttpConfig_{
ExplicitHttpConfig: &httpv3.HttpProtocolOptions_ExplicitHttpConfig{
- ProtocolConfig: &httpv3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{},
+ ProtocolConfig: &httpv3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{
+ Http2ProtocolOptions: buildHTTP2Settings(args.http2Settings),
+ },
},
}
case requiresHTTP1Options:
@@ -649,3 +663,117 @@ func buildBackandConnectionBufferLimitBytes(bc *ir.BackendConnection) *wrappers.
return wrapperspb.UInt32(tcpClusterPerConnectionBufferLimitBytes)
}
+
+type ExtraArgs struct {
+ metrics *ir.Metrics
+ http1Settings *ir.HTTP1Settings
+ http2Settings *ir.HTTP2Settings
+}
+
+type clusterArgs interface {
+ asClusterArgs(extras *ExtraArgs) *xdsClusterArgs
+}
+
+type UDPRouteTranslator struct {
+ *ir.UDPRoute
+}
+
+func (route *UDPRouteTranslator) asClusterArgs(extra *ExtraArgs) *xdsClusterArgs {
+ return &xdsClusterArgs{
+ name: route.Destination.Name,
+ settings: route.Destination.Settings,
+ loadBalancer: route.LoadBalancer,
+ timeout: route.Timeout,
+ tSocket: nil,
+ endpointType: buildEndpointType(route.Destination.Settings),
+ metrics: extra.metrics,
+ backendConnection: route.BackendConnection,
+ dns: route.DNS,
+ }
+}
+
+type TCPRouteTranslator struct {
+ *ir.TCPRoute
+}
+
+func (route *TCPRouteTranslator) asClusterArgs(extra *ExtraArgs) *xdsClusterArgs {
+ return &xdsClusterArgs{
+ name: route.Destination.Name,
+ settings: route.Destination.Settings,
+ loadBalancer: route.LoadBalancer,
+ proxyProtocol: route.ProxyProtocol,
+ circuitBreaker: route.CircuitBreaker,
+ tcpkeepalive: route.TCPKeepalive,
+ healthCheck: route.HealthCheck,
+ timeout: route.Timeout,
+ endpointType: buildEndpointType(route.Destination.Settings),
+ metrics: extra.metrics,
+ backendConnection: route.BackendConnection,
+ dns: route.DNS,
+ }
+}
+
+type HTTPRouteTranslator struct {
+ *ir.HTTPRoute
+}
+
+func (httpRoute *HTTPRouteTranslator) asClusterArgs(extra *ExtraArgs) *xdsClusterArgs {
+ clusterArgs := &xdsClusterArgs{
+ name: httpRoute.Destination.Name,
+ settings: httpRoute.Destination.Settings,
+ tSocket: nil,
+ endpointType: buildEndpointType(httpRoute.Destination.Settings),
+ metrics: extra.metrics,
+ http1Settings: extra.http1Settings,
+ http2Settings: extra.http2Settings,
+ useClientProtocol: ptr.Deref(httpRoute.UseClientProtocol, false),
+ }
+
+ // Populate traffic features.
+ bt := httpRoute.Traffic
+ if bt != nil {
+ clusterArgs.loadBalancer = bt.LoadBalancer
+ clusterArgs.proxyProtocol = bt.ProxyProtocol
+ clusterArgs.circuitBreaker = bt.CircuitBreaker
+ clusterArgs.healthCheck = bt.HealthCheck
+ clusterArgs.timeout = bt.Timeout
+ clusterArgs.tcpkeepalive = bt.TCPKeepalive
+ clusterArgs.backendConnection = bt.BackendConnection
+ }
+
+ if httpRoute.DNS != nil {
+ clusterArgs.dns = httpRoute.DNS
+ }
+
+ return clusterArgs
+}
+
+func buildHTTP2Settings(opts *ir.HTTP2Settings) *corev3.Http2ProtocolOptions {
+ if opts == nil {
+ opts = &ir.HTTP2Settings{}
+ }
+
+ // defaults based on https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/edge
+ out := &corev3.Http2ProtocolOptions{
+ InitialStreamWindowSize: &wrapperspb.UInt32Value{
+ Value: ptr.Deref(opts.InitialStreamWindowSize, http2InitialStreamWindowSize),
+ },
+ InitialConnectionWindowSize: &wrapperspb.UInt32Value{
+ Value: ptr.Deref(opts.InitialConnectionWindowSize, http2InitialConnectionWindowSize),
+ },
+ }
+
+ if opts.MaxConcurrentStreams != nil {
+ out.MaxConcurrentStreams = &wrapperspb.UInt32Value{
+ Value: *opts.MaxConcurrentStreams,
+ }
+ }
+
+ if opts.ResetStreamOnError != nil {
+ out.OverrideStreamErrorOnInvalidHttpMessage = &wrapperspb.BoolValue{
+ Value: *opts.ResetStreamOnError,
+ }
+ }
+
+ return out
+}
diff --git a/internal/xds/translator/listener.go b/internal/xds/translator/listener.go
index ee1f5c7d133..0812010ade1 100644
--- a/internal/xds/translator/listener.go
+++ b/internal/xds/translator/listener.go
@@ -7,6 +7,8 @@ package translator
import (
"errors"
+ "strconv"
+ "strings"
xdscore "github.com/cncf/xds/go/xds/core/v3"
matcher "github.com/cncf/xds/go/xds/type/matcher/v3"
@@ -84,7 +86,7 @@ func http2ProtocolOptions(opts *ir.HTTP2Settings) *corev3.Http2ProtocolOptions {
opts = &ir.HTTP2Settings{}
}
- return &corev3.Http2ProtocolOptions{
+ out := &corev3.Http2ProtocolOptions{
MaxConcurrentStreams: &wrapperspb.UInt32Value{
Value: ptr.Deref(opts.MaxConcurrentStreams, http2MaxConcurrentStreamsLimit),
},
@@ -95,6 +97,14 @@ func http2ProtocolOptions(opts *ir.HTTP2Settings) *corev3.Http2ProtocolOptions {
Value: ptr.Deref(opts.InitialConnectionWindowSize, http2InitialConnectionWindowSize),
},
}
+
+ if opts.ResetStreamOnError != nil {
+ out.OverrideStreamErrorOnInvalidHttpMessage = &wrapperspb.BoolValue{
+ Value: *opts.ResetStreamOnError,
+ }
+ }
+
+ return out
}
func xffNumTrustedHops(clientIPDetection *ir.ClientIPDetectionSettings) uint32 {
@@ -226,6 +236,9 @@ func (t *Translator) addHCMToXDSListener(xdsListener *listenerv3.Listener, irLis
statPrefix = "http"
}
+ // Append port to the statPrefix.
+ statPrefix = strings.Join([]string{statPrefix, strconv.Itoa(int(irListener.Port))}, "-")
+
// Client IP detection
useRemoteAddress := true
originalIPDetectionExtensions := originalIPDetectionExtensions(irListener.ClientIPDetection)
@@ -403,13 +416,16 @@ func addXdsTCPFilterChain(xdsListener *listenerv3.Listener, irRoute *ir.TCPRoute
isTLSTerminate := irRoute.TLS != nil && irRoute.TLS.Terminate != nil
statPrefix := "tcp"
if isTLSPassthrough {
- statPrefix = "passthrough"
+ statPrefix = "tls-passthrough"
}
if isTLSTerminate {
- statPrefix = "terminate"
+ statPrefix = "tls-terminate"
}
+ // Append port to the statPrefix.
+ statPrefix = strings.Join([]string{statPrefix, strconv.Itoa(int(xdsListener.Address.GetSocketAddress().GetPortValue()))}, "-")
+
mgr := &tcpv3.TcpProxy{
AccessLog: buildXdsAccessLog(accesslog, false),
StatPrefix: statPrefix,
diff --git a/internal/xds/translator/route.go b/internal/xds/translator/route.go
index 2b9c75a2e91..8a56e9e42b1 100644
--- a/internal/xds/translator/route.go
+++ b/internal/xds/translator/route.go
@@ -401,7 +401,10 @@ func buildXdsURLRewriteAction(destName string, urlRewrite *ir.URLRewrite, pathMa
if useRegexRewriteForPrefixMatchReplace(pathMatch, *urlRewrite.Path.PrefixMatchReplace) {
routeAction.RegexRewrite = prefix2RegexRewrite(*pathMatch.Prefix)
} else {
- routeAction.PrefixRewrite = *urlRewrite.Path.PrefixMatchReplace
+ // remove trailing / to fix #3989
+ // when the pathMath.Prefix has suffix / but EG has removed it,
+ // and the urlRewrite.Path.PrefixMatchReplace suffix with / the upstream will get unwanted /
+ routeAction.PrefixRewrite = strings.TrimSuffix(*urlRewrite.Path.PrefixMatchReplace, "/")
}
}
}
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.yaml
new file mode 100644
index 00000000000..97d0b5457cd
--- /dev/null
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.yaml
@@ -0,0 +1,27 @@
+name: "http-route"
+http:
+- name: "first-listener"
+ address: "0.0.0.0"
+ port: 10080
+ hostnames:
+ - "*"
+ path:
+ mergeSlashes: true
+ escapedSlashesAction: UnescapeAndRedirect
+ routes:
+ - name: "rewrite-route"
+ pathMatch:
+ prefix: "/origin/"
+ hostname: gateway.envoyproxy.io
+ headerMatches:
+ - name: ":authority"
+ exact: gateway.envoyproxy.io
+ destination:
+ name: "rewrite-route-dest"
+ settings:
+ - endpoints:
+ - host: "1.2.3.4"
+ port: 50000
+ urlRewrite:
+ path:
+ prefixMatchReplace: /rewrite/
diff --git a/internal/xds/translator/testdata/in/xds-ir/http2-route.yaml b/internal/xds/translator/testdata/in/xds-ir/http2-route.yaml
index f3dc12c5aae..5d271080918 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http2-route.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http2-route.yaml
@@ -28,3 +28,59 @@ http:
- host: "1.2.3.4"
port: 50000
protocol: GRPC
+ traffic:
+ http2:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 524288000
+ maxConcurrentStreams: 200
+ resetStreamOnError: true
+ - name: "second-route"
+ hostname: "*"
+ pathMatch:
+ name: "test"
+ exact: "bar/foo"
+ destination:
+ name: "second-route-dest"
+ settings:
+ - endpoints:
+ - host: "1.2.3.4"
+ port: 50000
+ protocol: GRPC
+ traffic:
+ http2: {}
+ - name: "third-route-use-client"
+ hostname: "*"
+ pathMatch:
+ name: "test"
+ exact: "bar/bar"
+ destination:
+ name: "third-route-dest"
+ settings:
+ - endpoints:
+ - host: "1.2.3.4"
+ port: 50000
+ protocol: HTTP
+ useClientProtocol: true
+ traffic:
+ http2:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 524288000
+ maxConcurrentStreams: 200
+ resetStreamOnError: false
+ - name: "fourth-route-not-http2"
+ hostname: "*"
+ pathMatch:
+ name: "test"
+ exact: "foo/foo"
+ destination:
+ name: "fourth-route-dest"
+ settings:
+ - endpoints:
+ - host: "1.2.3.4"
+ port: 50000
+ traffic:
+ http2:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 524288000
+ maxConcurrentStreams: 200
+ resetStreamOnError: true
diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.listeners.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.listeners.yaml
index 3d5d41d69ff..cbb8238986c 100644
--- a/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.listeners.yaml
+++ b/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-1/http1
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway/gateway-1/http1
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/http-route-extension-filter.listeners.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/http-route-extension-filter.listeners.yaml
index 2f7f43464c0..e40dcfab7e4 100644
--- a/internal/xds/translator/testdata/out/extension-xds-ir/http-route-extension-filter.listeners.yaml
+++ b/internal/xds/translator/testdata/out/extension-xds-ir/http-route-extension-filter.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: extension-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: extension-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/http-route.listeners.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/http-route.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/extension-xds-ir/http-route.listeners.yaml
+++ b/internal/xds/translator/testdata/out/extension-xds-ir/http-route.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/listener-policy.listeners.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/listener-policy.listeners.yaml
index 759e1ffb857..17ca0e60e44 100644
--- a/internal/xds/translator/testdata/out/extension-xds-ir/listener-policy.listeners.yaml
+++ b/internal/xds/translator/testdata/out/extension-xds-ir/listener-policy.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: policyextension-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10081
useRemoteAddress: true
name: policyextension-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-als-tcp.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-als-tcp.clusters.yaml
index 18b309bb74d..9603f302b73 100755
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-als-tcp.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-als-tcp.clusters.yaml
@@ -19,4 +19,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.clusters.yaml
index b8874bf24f9..6d040000dbb 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.clusters.yaml
@@ -46,4 +46,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.listeners.yaml
index 2ccfca8ce50..cb390f213f1 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.listeners.yaml
@@ -176,7 +176,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.clusters.yaml
index cbf453a1f17..ea9ef9405ee 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.clusters.yaml
@@ -50,4 +50,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.listeners.yaml
index 8e582b05b7e..04b183a2885 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.listeners.yaml
@@ -137,7 +137,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.clusters.yaml
index b8874bf24f9..6d040000dbb 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.clusters.yaml
@@ -46,4 +46,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.listeners.yaml
index 4bc751c2eca..2ebf9f68a48 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.listeners.yaml
@@ -221,7 +221,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.clusters.yaml
index b8874bf24f9..6d040000dbb 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.clusters.yaml
@@ -46,4 +46,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.listeners.yaml
index 0bca441a443..972bd4682b9 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.listeners.yaml
@@ -212,7 +212,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.clusters.yaml
index 6ba4705c13f..d9c561cee48 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.clusters.yaml
@@ -36,7 +36,9 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
- circuitBreakers:
thresholds:
- maxRetries: 1024
@@ -68,4 +70,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.listeners.yaml
index 4eec559618e..d715eeac8c8 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.listeners.yaml
@@ -169,7 +169,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog.clusters.yaml
index 6ba4705c13f..d9c561cee48 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog.clusters.yaml
@@ -36,7 +36,9 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
- circuitBreakers:
thresholds:
- maxRetries: 1024
@@ -68,4 +70,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog.listeners.yaml
index 16609de576c..748055a4755 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog.listeners.yaml
@@ -169,7 +169,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/authorization.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/authorization.listeners.yaml
index 0fa87744bf1..40b9a52ec49 100644
--- a/internal/xds/translator/testdata/out/xds-ir/authorization.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/authorization.listeners.yaml
@@ -30,7 +30,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-1/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway/gateway-1/http
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/backend-buffer-limit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/backend-buffer-limit.listeners.yaml
index a7a16c3b3e9..df10f0a95c5 100644
--- a/internal/xds/translator/testdata/out/xds-ir/backend-buffer-limit.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/backend-buffer-limit.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
@@ -44,7 +44,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tcp-route-dest
- statPrefix: tcp
+ statPrefix: tcp-10081
name: tcp-route-dest
name: second-listener
perConnectionBufferLimitBytes: 1500
diff --git a/internal/xds/translator/testdata/out/xds-ir/basic-auth.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/basic-auth.listeners.yaml
index 4127a7acbf3..2e7dbd6cd55 100644
--- a/internal/xds/translator/testdata/out/xds-ir/basic-auth.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/basic-auth.listeners.yaml
@@ -33,7 +33,7 @@
resourceApiVersion: V3
routeConfigName: default/gateway-1/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: default/gateway-1/http
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/circuit-breaker.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/circuit-breaker.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/circuit-breaker.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/circuit-breaker.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/client-buffer-limit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/client-buffer-limit.listeners.yaml
index 095074165f3..1ea06ebb07e 100644
--- a/internal/xds/translator/testdata/out/xds-ir/client-buffer-limit.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/client-buffer-limit.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
@@ -44,7 +44,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tcp-route-dest
- statPrefix: tcp
+ statPrefix: tcp-10081
name: tcp-route-dest
name: second-listener
perConnectionBufferLimitBytes: 1500
diff --git a/internal/xds/translator/testdata/out/xds-ir/client-ip-detection.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/client-ip-detection.listeners.yaml
index 21f93d68a49..47b25f2a79f 100644
--- a/internal/xds/translator/testdata/out/xds-ir/client-ip-detection.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/client-ip-detection.listeners.yaml
@@ -25,7 +25,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-8081
useRemoteAddress: true
xffNumTrustedHops: 2
name: first-listener
@@ -65,7 +65,7 @@
resourceApiVersion: V3
routeConfigName: second-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-8082
useRemoteAddress: false
name: second-listener
drainType: MODIFY_ONLY
@@ -106,7 +106,7 @@
resourceApiVersion: V3
routeConfigName: third-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-8083
useRemoteAddress: false
name: third-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/client-timeout.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/client-timeout.listeners.yaml
index 2d1a3e61e38..3e4fa111bcc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/client-timeout.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/client-timeout.listeners.yaml
@@ -29,7 +29,7 @@
routeConfigName: first-listener
requestTimeout: 5s
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
@@ -47,7 +47,7 @@
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: second-route-dest
idleTimeout: 1200s
- statPrefix: tcp
+ statPrefix: tcp-10081
name: second-route
name: second-listener
perConnectionBufferLimitBytes: 32768
diff --git a/internal/xds/translator/testdata/out/xds-ir/cors.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/cors.listeners.yaml
index e8299cdce42..baac8ead6b3 100644
--- a/internal/xds/translator/testdata/out/xds-ir/cors.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/cors.listeners.yaml
@@ -30,7 +30,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.listeners.yaml
index 5f54802ba05..ffaab04f70e 100644
--- a/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.listeners.yaml
@@ -118,7 +118,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-1/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway/gateway-1/http
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-auth.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-auth.clusters.yaml
index cf4fbc9b274..e478c2054cd 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ext-auth.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ext-auth.clusters.yaml
@@ -70,7 +70,9 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
- circuitBreakers:
thresholds:
- maxRetries: 1024
diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-auth.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-auth.listeners.yaml
index c8b861fe1a7..f387ff8da8e 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ext-auth.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ext-auth.listeners.yaml
@@ -62,7 +62,7 @@
resourceApiVersion: V3
routeConfigName: default/gateway-1/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: default/gateway-1/http
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-proc.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-proc.clusters.yaml
index 08b38495e69..6ea0615cb31 100755
--- a/internal/xds/translator/testdata/out/xds-ir/ext-proc.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ext-proc.clusters.yaml
@@ -53,7 +53,9 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
- circuitBreakers:
thresholds:
- maxRetries: 1024
@@ -75,7 +77,9 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
- circuitBreakers:
thresholds:
- maxRetries: 1024
@@ -97,7 +101,9 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
- circuitBreakers:
thresholds:
- maxRetries: 1024
@@ -119,4 +125,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-proc.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-proc.listeners.yaml
index 8e85e79cf9e..9f76729fd78 100755
--- a/internal/xds/translator/testdata/out/xds-ir/ext-proc.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ext-proc.listeners.yaml
@@ -91,7 +91,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-1/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway/gateway-1/http
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/fault-injection.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/fault-injection.listeners.yaml
index e74a1df4287..0ea771b2bd1 100644
--- a/internal/xds/translator/testdata/out/xds-ir/fault-injection.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/fault-injection.listeners.yaml
@@ -30,7 +30,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/headers-with-preserve-x-request-id.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/headers-with-preserve-x-request-id.listeners.yaml
index c6a46e0f9c1..1ad2086d20b 100644
--- a/internal/xds/translator/testdata/out/xds-ir/headers-with-preserve-x-request-id.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/headers-with-preserve-x-request-id.listeners.yaml
@@ -26,7 +26,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-8081
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
@@ -59,7 +59,7 @@
resourceApiVersion: V3
routeConfigName: second-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-8082
useRemoteAddress: true
name: second-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/headers-with-underscores-action.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/headers-with-underscores-action.listeners.yaml
index 2a31352ab37..a0b19ef7b8b 100644
--- a/internal/xds/translator/testdata/out/xds-ir/headers-with-underscores-action.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/headers-with-underscores-action.listeners.yaml
@@ -25,7 +25,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-8081
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
@@ -57,7 +57,7 @@
resourceApiVersion: V3
routeConfigName: second-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-8082
useRemoteAddress: true
name: second-listener
drainType: MODIFY_ONLY
@@ -90,7 +90,7 @@
resourceApiVersion: V3
routeConfigName: third-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-8083
useRemoteAddress: true
name: third-listener
drainType: MODIFY_ONLY
@@ -123,7 +123,7 @@
resourceApiVersion: V3
routeConfigName: fourth-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-8084
useRemoteAddress: true
name: fourth-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/health-check.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/health-check.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/health-check.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/health-check.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-endpoint-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-endpoint-stats.listeners.yaml
index 7400b59665a..fe7d2da356b 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-endpoint-stats.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-endpoint-stats.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: listener-enable-endpoint-stats
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: listener-enable-endpoint-stats
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-health-check.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-health-check.listeners.yaml
index 048ff7cd4a5..f11b0c1c300 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-health-check.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-health-check.listeners.yaml
@@ -35,7 +35,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.clusters.yaml
index 5de1d1cce34..f8cfa834cdd 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.clusters.yaml
@@ -19,5 +19,7 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
useDownstreamProtocolConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
httpProtocolOptions: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.listeners.yaml
index c5665623154..a1964fb2306 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-1/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway/gateway-1/http
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-mirror.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-mirror.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-mirror.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-mirror.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-matches.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-matches.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-matches.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-matches.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-mirrors.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-mirrors.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-mirrors.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-mirrors.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-partial-invalid.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-partial-invalid.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-partial-invalid.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-partial-invalid.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-redirect.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-redirect.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-redirect.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-redirect.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-regex.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-regex.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-regex.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-regex.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-headers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-headers.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-headers.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-headers.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-remove-headers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-remove-headers.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-remove-headers.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-remove-headers.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-response-remove-headers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-response-remove-headers.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-response-remove-headers.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-response-remove-headers.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-root-path-url-prefix.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-root-path-url-prefix.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-root-path-url-prefix.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-root-path-url-prefix.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.clusters.yaml
new file mode 100644
index 00000000000..027db39fb29
--- /dev/null
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.clusters.yaml
@@ -0,0 +1,17 @@
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ dnsLookupFamily: V4_ONLY
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: rewrite-route-dest
+ lbPolicy: LEAST_REQUEST
+ name: rewrite-route-dest
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ type: EDS
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.endpoints.yaml
new file mode 100644
index 00000000000..256dda09089
--- /dev/null
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.endpoints.yaml
@@ -0,0 +1,12 @@
+- clusterName: rewrite-route-dest
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 1.2.3.4
+ portValue: 50000
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: rewrite-route-dest/backend/0
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.listeners.yaml
new file mode 100644
index 00000000000..586f3fa82df
--- /dev/null
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.listeners.yaml
@@ -0,0 +1,35 @@
+- address:
+ socketAddress:
+ address: 0.0.0.0
+ portValue: 10080
+ defaultFilterChain:
+ filters:
+ - name: envoy.filters.network.http_connection_manager
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+ commonHttpProtocolOptions:
+ headersWithUnderscoresAction: REJECT_REQUEST
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
+ maxConcurrentStreams: 100
+ httpFilters:
+ - name: envoy.filters.http.router
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+ suppressEnvoyHeaders: true
+ mergeSlashes: true
+ normalizePath: true
+ pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT
+ rds:
+ configSource:
+ ads: {}
+ resourceApiVersion: V3
+ routeConfigName: first-listener
+ serverHeaderTransformation: PASS_THROUGH
+ statPrefix: http-10080
+ useRemoteAddress: true
+ name: first-listener
+ drainType: MODIFY_ONLY
+ name: first-listener
+ perConnectionBufferLimitBytes: 32768
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.routes.yaml
new file mode 100644
index 00000000000..84bc70f04bd
--- /dev/null
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.routes.yaml
@@ -0,0 +1,19 @@
+- ignorePortInHostMatching: true
+ name: first-listener
+ virtualHosts:
+ - domains:
+ - gateway.envoyproxy.io
+ name: first-listener/gateway_envoyproxy_io
+ routes:
+ - match:
+ headers:
+ - name: :authority
+ stringMatch:
+ exact: gateway.envoyproxy.io
+ pathSeparatedPrefix: /origin
+ name: rewrite-route
+ route:
+ cluster: rewrite-route-dest
+ prefixRewrite: /rewrite
+ upgradeConfigs:
+ - upgradeType: websocket
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-fullpath.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-fullpath.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-fullpath.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-fullpath.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-host.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-host.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-host.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-host.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-prefix.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-prefix.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-prefix.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-prefix.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-timeout.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-timeout.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-timeout.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-timeout.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-uds-ip.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-uds-ip.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-uds-ip.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-uds-ip.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-with-filters.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-with-filters.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-with-filters.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-with-filters.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-invalid-backend.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-invalid-backend.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-invalid-backend.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-invalid-backend.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-clientcert.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-clientcert.listeners.yaml
index ff5431da747..0f567a3db50 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-clientcert.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-clientcert.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-btls/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway/gateway-btls/http
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tls-system-truststore.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tls-system-truststore.listeners.yaml
index ff5431da747..0f567a3db50 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tls-system-truststore.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tls-system-truststore.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-btls/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway/gateway-btls/http
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle-multiple-certs.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle-multiple-certs.listeners.yaml
index b227eccb031..d887b321dc5 100755
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle-multiple-certs.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle-multiple-certs.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-btls/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway/gateway-btls/http
drainType: MODIFY_ONLY
@@ -62,7 +62,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-btls-2/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10081
useRemoteAddress: true
name: envoy-gateway/gateway-btls-2/http
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle.listeners.yaml
index ff5431da747..0f567a3db50 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-btls/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway/gateway-btls/http
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http1-preserve-case.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http1-preserve-case.listeners.yaml
index 60f8750a290..b3fa2acefdb 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http1-preserve-case.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http1-preserve-case.listeners.yaml
@@ -33,7 +33,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
@@ -75,7 +75,7 @@
resourceApiVersion: V3
routeConfigName: second-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10081
useRemoteAddress: true
name: second-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http1-trailers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http1-trailers.listeners.yaml
index d6cb3b5d2c6..f6b29f1548e 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http1-trailers.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http1-trailers.listeners.yaml
@@ -29,7 +29,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http10.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http10.listeners.yaml
index 5eded6a4653..8affd1661ba 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http10.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http10.listeners.yaml
@@ -30,7 +30,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http2-route.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http2-route.clusters.yaml
index 6086cfbb86f..05cf41776c6 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http2-route.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http2-route.clusters.yaml
@@ -19,4 +19,76 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 524288000
+ initialStreamWindowSize: 1048576
+ maxConcurrentStreams: 200
+ overrideStreamErrorOnInvalidHttpMessage: true
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ dnsLookupFamily: V4_ONLY
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: second-route-dest
+ lbPolicy: LEAST_REQUEST
+ name: second-route-dest
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ type: EDS
+ typedExtensionProtocolOptions:
+ envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+ '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+ explicitHttpConfig:
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ dnsLookupFamily: V4_ONLY
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: third-route-dest
+ lbPolicy: LEAST_REQUEST
+ name: third-route-dest
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ type: EDS
+ typedExtensionProtocolOptions:
+ envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+ '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+ useDownstreamProtocolConfig:
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 524288000
+ initialStreamWindowSize: 1048576
+ maxConcurrentStreams: 200
+ overrideStreamErrorOnInvalidHttpMessage: false
+ httpProtocolOptions: {}
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ dnsLookupFamily: V4_ONLY
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: fourth-route-dest
+ lbPolicy: LEAST_REQUEST
+ name: fourth-route-dest
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ type: EDS
diff --git a/internal/xds/translator/testdata/out/xds-ir/http2-route.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/http2-route.endpoints.yaml
index 3b3f2d09076..f185af17da7 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http2-route.endpoints.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http2-route.endpoints.yaml
@@ -10,3 +10,39 @@
loadBalancingWeight: 1
locality:
region: first-route-dest/backend/0
+- clusterName: second-route-dest
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 1.2.3.4
+ portValue: 50000
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: second-route-dest/backend/0
+- clusterName: third-route-dest
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 1.2.3.4
+ portValue: 50000
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: third-route-dest/backend/0
+- clusterName: fourth-route-dest
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 1.2.3.4
+ portValue: 50000
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: fourth-route-dest/backend/0
diff --git a/internal/xds/translator/testdata/out/xds-ir/http2-route.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http2-route.listeners.yaml
index f7ab1ba34a0..3780fc90f94 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http2-route.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http2-route.listeners.yaml
@@ -35,7 +35,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http2-route.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/http2-route.routes.yaml
index a32852fcd88..4fdedfabf67 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http2-route.routes.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http2-route.routes.yaml
@@ -20,3 +20,24 @@
cluster: first-route-dest
upgradeConfigs:
- upgradeType: websocket
+ - match:
+ path: bar/foo
+ name: second-route
+ route:
+ cluster: second-route-dest
+ upgradeConfigs:
+ - upgradeType: websocket
+ - match:
+ path: bar/bar
+ name: third-route-use-client
+ route:
+ cluster: third-route-dest
+ upgradeConfigs:
+ - upgradeType: websocket
+ - match:
+ path: foo/foo
+ name: fourth-route-not-http2
+ route:
+ cluster: fourth-route-dest
+ upgradeConfigs:
+ - upgradeType: websocket
diff --git a/internal/xds/translator/testdata/out/xds-ir/http2.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http2.listeners.yaml
index 1d2cc2574ae..6c4250c78db 100755
--- a/internal/xds/translator/testdata/out/xds-ir/http2.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http2.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/http3.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http3.listeners.yaml
index fdfdb3bbdf5..c1961247566 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http3.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http3.listeners.yaml
@@ -31,7 +31,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-1/tls
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10443
useRemoteAddress: true
name: envoy-gateway/gateway-1/tls
transportSocket:
@@ -81,7 +81,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-1/tls
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10443
useRemoteAddress: true
name: envoy-gateway/gateway-1/tls
transportSocket:
diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-missing-resource.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-missing-resource.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-missing-resource.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-missing-resource.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch.listeners.yaml
index dbc5b4b25a2..08b5d410df5 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jsonpatch.listeners.yaml
@@ -40,7 +40,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10080
useRemoteAddress: true
name: first-listener
transportSocket:
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.listeners.yaml
index 1f89b694bb6..e251ecac040 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.listeners.yaml
@@ -55,7 +55,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml
index 5803c41968c..bd76886759b 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml
@@ -112,7 +112,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.listeners.yaml
index 367f5fa529f..a79d197ba5e 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.listeners.yaml
@@ -89,7 +89,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-optional.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-optional.listeners.yaml
index a4303573e3e..de1f56ed4d4 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-optional.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-optional.listeners.yaml
@@ -58,7 +58,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.clusters.yaml
index d4e9db34e33..e75a68919d1 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.clusters.yaml
@@ -119,4 +119,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.listeners.yaml
index 4e52213f3af..3f55977b503 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.listeners.yaml
@@ -58,7 +58,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.listeners.yaml
index b1ccf1a70cd..3406eeda2fa 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.listeners.yaml
@@ -48,7 +48,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.listeners.yaml
index 66faa259661..9a7954f8970 100644
--- a/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
@@ -43,7 +43,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.connection_limit.v3.ConnectionLimit
maxConnections: "5"
- statPrefix: http
+ statPrefix: http-10081
- name: envoy.filters.network.http_connection_manager
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
@@ -67,7 +67,7 @@
resourceApiVersion: V3
routeConfigName: second-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10081
useRemoteAddress: true
name: second-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-proxy-protocol.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-proxy-protocol.listeners.yaml
index d8ea3aaf802..3a981aca309 100644
--- a/internal/xds/translator/testdata/out/xds-ir/listener-proxy-protocol.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/listener-proxy-protocol.listeners.yaml
@@ -31,7 +31,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10080
useRemoteAddress: true
name: first-listener
transportSocket:
@@ -71,7 +71,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tls-route-dest
- statPrefix: tcp
+ statPrefix: tcp-10081
name: tcp-route-dest
listenerFilters:
- name: envoy.filters.listener.proxy_protocol
diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.listeners.yaml
index 610086b57ab..79e4d5a82d0 100644
--- a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
@@ -67,7 +67,7 @@
resourceApiVersion: V3
routeConfigName: second-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10081
useRemoteAddress: true
name: second-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/load-balancer.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/load-balancer.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/load-balancer.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/load-balancer.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.listeners.yaml
index 0f578bca015..01049c90267 100644
--- a/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.listeners.yaml
@@ -31,7 +31,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/metrics-virtual-host.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/metrics-virtual-host.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/metrics-virtual-host.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/metrics-virtual-host.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/mixed-tls-jwt-authn.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/mixed-tls-jwt-authn.listeners.yaml
index f81185b04b4..b1a9e2c3720 100644
--- a/internal/xds/translator/testdata/out/xds-ir/mixed-tls-jwt-authn.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/mixed-tls-jwt-authn.listeners.yaml
@@ -28,7 +28,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10080
useRemoteAddress: true
name: first-listener
transportSocket:
diff --git a/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port-with-different-filters.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port-with-different-filters.listeners.yaml
index 2242bb6a8a7..9612460ed7a 100755
--- a/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port-with-different-filters.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port-with-different-filters.listeners.yaml
@@ -55,7 +55,7 @@
resourceApiVersion: V3
routeConfigName: default/gateway-1/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: default/gateway-1/http
drainType: MODIFY_ONLY
@@ -159,7 +159,7 @@
resourceApiVersion: V3
routeConfigName: default/gateway-1/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: default/gateway-1/http
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port.listeners.yaml
index 181bb255cdb..a1731a1de8c 100644
--- a/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: third-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: third-listener
drainType: MODIFY_ONLY
@@ -59,7 +59,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10080
useRemoteAddress: true
name: first-listener
transportSocket:
@@ -102,7 +102,7 @@
resourceApiVersion: V3
routeConfigName: second-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10080
useRemoteAddress: true
name: second-listener
transportSocket:
@@ -126,7 +126,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tcp-route-dest
- statPrefix: passthrough
+ statPrefix: tls-passthrough-10080
name: fifth-route
- filterChainMatch:
serverNames:
@@ -136,7 +136,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tls-route-dest
- statPrefix: passthrough
+ statPrefix: tls-passthrough-10080
name: sixth-route
listenerFilters:
- name: envoy.filters.listener.tls_inspector
diff --git a/internal/xds/translator/testdata/out/xds-ir/multiple-simple-tcp-route-same-port.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/multiple-simple-tcp-route-same-port.listeners.yaml
index 962a960656f..73bc084eda1 100644
--- a/internal/xds/translator/testdata/out/xds-ir/multiple-simple-tcp-route-same-port.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/multiple-simple-tcp-route-same-port.listeners.yaml
@@ -9,35 +9,35 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tcp-route-simple-dest
- statPrefix: tcp
+ statPrefix: tcp-10080
name: tcp-route-simple
- filters:
- name: envoy.filters.network.tcp_proxy
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tcp-route-simple-1-dest
- statPrefix: tcp
+ statPrefix: tcp-10080
name: tcp-route-simple-1
- filters:
- name: envoy.filters.network.tcp_proxy
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tcp-route-simple-2-dest
- statPrefix: tcp
+ statPrefix: tcp-10080
name: tcp-route-simple-2
- filters:
- name: envoy.filters.network.tcp_proxy
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tcp-route-simple-3-dest
- statPrefix: tcp
+ statPrefix: tcp-10080
name: tcp-route-simple-3
- filters:
- name: envoy.filters.network.tcp_proxy
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tcp-route-simple-4-dest
- statPrefix: tcp
+ statPrefix: tcp-10080
name: tcp-route-simple-4
name: tcp-listener-simple
perConnectionBufferLimitBytes: 32768
diff --git a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.listeners.yaml
index 8471bb28b4f..e10f6a9ed5b 100644
--- a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.listeners.yaml
@@ -28,7 +28,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10001
useRemoteAddress: true
name: first-listener
transportSocket:
@@ -87,7 +87,7 @@
resourceApiVersion: V3
routeConfigName: second-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10002
useRemoteAddress: true
name: second-listener
transportSocket:
@@ -148,7 +148,7 @@
serverHeaderTransformation: PASS_THROUGH
setCurrentClientCertDetails:
subject: true
- statPrefix: https
+ statPrefix: https-10003
useRemoteAddress: true
name: third-listener
transportSocket:
@@ -211,7 +211,7 @@
dns: true
subject: true
uri: true
- statPrefix: https
+ statPrefix: https-10004
useRemoteAddress: true
name: fourth-listener
transportSocket:
@@ -276,7 +276,7 @@
dns: true
subject: true
uri: true
- statPrefix: https
+ statPrefix: https-10005
useRemoteAddress: true
name: fifth-listener
transportSocket:
diff --git a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate.listeners.yaml
index 6b3b6acded4..5f1f7372126 100644
--- a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate.listeners.yaml
@@ -28,7 +28,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10001
useRemoteAddress: true
name: first-listener
transportSocket:
@@ -87,7 +87,7 @@
resourceApiVersion: V3
routeConfigName: second-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10002
useRemoteAddress: true
name: second-listener
transportSocket:
@@ -146,7 +146,7 @@
resourceApiVersion: V3
routeConfigName: third-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10003
useRemoteAddress: true
name: third-listener
transportSocket:
@@ -205,7 +205,7 @@
resourceApiVersion: V3
routeConfigName: fourth-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10004
useRemoteAddress: true
name: fourth-listener
transportSocket:
@@ -264,7 +264,7 @@
resourceApiVersion: V3
routeConfigName: fifth-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10005
useRemoteAddress: true
name: fifth-listener
transportSocket:
diff --git a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-required-client-certificate-disabled.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-required-client-certificate-disabled.listeners.yaml
index 5c396e30fe3..75430179b51 100644
--- a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-required-client-certificate-disabled.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-required-client-certificate-disabled.listeners.yaml
@@ -28,7 +28,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10080
useRemoteAddress: true
name: first-listener
transportSocket:
@@ -67,7 +67,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tls-terminate-dest
- statPrefix: terminate
+ statPrefix: tls-terminate-10081
name: tls-route-terminate
transportSocket:
name: envoy.transport_sockets.tls
diff --git a/internal/xds/translator/testdata/out/xds-ir/mutual-tls.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/mutual-tls.listeners.yaml
index b1bdae764ff..2448feb80be 100644
--- a/internal/xds/translator/testdata/out/xds-ir/mutual-tls.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/mutual-tls.listeners.yaml
@@ -28,7 +28,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10080
useRemoteAddress: true
name: first-listener
transportSocket:
@@ -67,7 +67,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tls-terminate-dest
- statPrefix: terminate
+ statPrefix: tls-terminate-10081
name: tls-route-terminate
transportSocket:
name: envoy.transport_sockets.tls
diff --git a/internal/xds/translator/testdata/out/xds-ir/oidc.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/oidc.listeners.yaml
index a182efcbd8c..bc4956b285a 100644
--- a/internal/xds/translator/testdata/out/xds-ir/oidc.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/oidc.listeners.yaml
@@ -117,7 +117,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/path-settings.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/path-settings.listeners.yaml
index 836cbde04b6..4934acbee1e 100644
--- a/internal/xds/translator/testdata/out/xds-ir/path-settings.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/path-settings.listeners.yaml
@@ -26,7 +26,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/proxy-protocol-upstream.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/proxy-protocol-upstream.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/proxy-protocol-upstream.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/proxy-protocol-upstream.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.clusters.yaml
index bd23f61ee21..45e8e0898ce 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.clusters.yaml
@@ -93,4 +93,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.listeners.yaml
index 4e74648095d..3486155cda8 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.listeners.yaml
@@ -37,7 +37,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.clusters.yaml
index 9f9bc9f1dff..0ba1749076a 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.clusters.yaml
@@ -93,4 +93,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.listeners.yaml
index 7840bfa0104..b1d7de26ff9 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.listeners.yaml
@@ -36,7 +36,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.clusters.yaml
index 21ea0681611..a3c9b6623c9 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.clusters.yaml
@@ -101,4 +101,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.listeners.yaml
index 4e74648095d..3486155cda8 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.listeners.yaml
@@ -37,7 +37,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.clusters.yaml
index 33fc01336b8..427f6d15340 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.clusters.yaml
@@ -110,4 +110,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.listeners.yaml
index 4e74648095d..3486155cda8 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.listeners.yaml
@@ -37,7 +37,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit.clusters.yaml
index 9f9bc9f1dff..0ba1749076a 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit.clusters.yaml
@@ -93,4 +93,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit.listeners.yaml
index 4e74648095d..3486155cda8 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit.listeners.yaml
@@ -37,7 +37,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/retry-partial-invalid.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/retry-partial-invalid.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/retry-partial-invalid.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/retry-partial-invalid.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/simple-tls.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/simple-tls.listeners.yaml
index 30b2c8f660e..51c022c26f3 100644
--- a/internal/xds/translator/testdata/out/xds-ir/simple-tls.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/simple-tls.listeners.yaml
@@ -28,7 +28,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10080
useRemoteAddress: true
name: first-listener
transportSocket:
diff --git a/internal/xds/translator/testdata/out/xds-ir/suppress-envoy-headers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/suppress-envoy-headers.listeners.yaml
index 4111a2f7c1e..0598759f776 100644
--- a/internal/xds/translator/testdata/out/xds-ir/suppress-envoy-headers.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/suppress-envoy-headers.listeners.yaml
@@ -30,7 +30,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10080
useRemoteAddress: true
name: first-listener
transportSocket:
diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-route-complex.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-route-complex.listeners.yaml
index a02d5e7cfe3..a6072e34b20 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tcp-route-complex.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tcp-route-complex.listeners.yaml
@@ -14,7 +14,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tcp-route-complex-dest
- statPrefix: passthrough
+ statPrefix: tls-passthrough-10080
name: tcp-route-complex
listenerFilters:
- name: envoy.filters.listener.tls_inspector
diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-route-simple.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-route-simple.listeners.yaml
index 10d02ab47e3..1bed88c6882 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tcp-route-simple.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tcp-route-simple.listeners.yaml
@@ -9,7 +9,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tcp-route-simple-dest
- statPrefix: tcp
+ statPrefix: tcp-10080
name: tcp-route-simple
name: tcp-listener-simple
perConnectionBufferLimitBytes: 32768
diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-route-tls-terminate.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-route-tls-terminate.listeners.yaml
index c3726babf21..cc74c19ed91 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tcp-route-tls-terminate.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tcp-route-tls-terminate.listeners.yaml
@@ -9,7 +9,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tls-terminate-dest
- statPrefix: terminate
+ statPrefix: tls-terminate-10080
name: tls-route-terminate
transportSocket:
name: envoy.transport_sockets.tls
@@ -33,7 +33,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tls-terminate-hostname-dest
- statPrefix: terminate
+ statPrefix: tls-terminate-10080
name: tls-terminate-hostname
transportSocket:
name: envoy.transport_sockets.tls
diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-route-weighted-backend.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-route-weighted-backend.listeners.yaml
index 0736b932151..f38ddc66108 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tcp-route-weighted-backend.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tcp-route-weighted-backend.listeners.yaml
@@ -14,7 +14,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tcp-route-weighted-backend-dest
- statPrefix: passthrough
+ statPrefix: tls-passthrough-10080
name: tcp-route-weighted-backend
listenerFilters:
- name: envoy.filters.listener.tls_inspector
diff --git a/internal/xds/translator/testdata/out/xds-ir/timeout.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/timeout.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/timeout.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/timeout.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/tls-route-passthrough.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tls-route-passthrough.listeners.yaml
index be0e5ea7e82..5d20f177934 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tls-route-passthrough.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tls-route-passthrough.listeners.yaml
@@ -12,7 +12,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tls-passthrough-foo-dest
- statPrefix: passthrough
+ statPrefix: tls-passthrough-10080
name: tls-route-passthrough-foo
listenerFilters:
- name: envoy.filters.listener.tls_inspector
@@ -34,7 +34,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tls-passthrough-bar-dest
- statPrefix: passthrough
+ statPrefix: tls-passthrough-10081
name: tls-route-passthrough-bar
listenerFilters:
- name: envoy.filters.listener.tls_inspector
diff --git a/internal/xds/translator/testdata/out/xds-ir/tls-with-ciphers-versions-alpn.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tls-with-ciphers-versions-alpn.listeners.yaml
index f3f8deebcb7..d5c31c5021a 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tls-with-ciphers-versions-alpn.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tls-with-ciphers-versions-alpn.listeners.yaml
@@ -31,7 +31,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: https
+ statPrefix: https-10080
useRemoteAddress: true
name: first-listener
transportSocket:
@@ -88,7 +88,7 @@
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tls-terminate-dest
- statPrefix: terminate
+ statPrefix: tls-terminate-10081
name: tls-route-terminate
transportSocket:
name: envoy.transport_sockets.tls
diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.clusters.yaml
index 0936f4b459a..9e7469dd278 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.clusters.yaml
@@ -50,4 +50,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.listeners.yaml
index 760955a8da0..dcfd967ecb8 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
tracing:
clientSampling:
value: 100
diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.listeners.yaml
index 25b3e9e4d40..e169de7eb0d 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
tracing:
clientSampling:
value: 100
diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing.clusters.yaml
index 35bc81158da..dce48b2c083 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tracing.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tracing.clusters.yaml
@@ -46,4 +46,6 @@
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
'@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicitHttpConfig:
- http2ProtocolOptions: {}
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing.listeners.yaml
index 7e5a19bcca1..3f76ab8e616 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tracing.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tracing.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
tracing:
clientSampling:
value: 100
diff --git a/internal/xds/translator/testdata/out/xds-ir/upstream-tcpkeepalive.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/upstream-tcpkeepalive.listeners.yaml
index 67922c7444f..586f3fa82df 100644
--- a/internal/xds/translator/testdata/out/xds-ir/upstream-tcpkeepalive.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/upstream-tcpkeepalive.listeners.yaml
@@ -27,7 +27,7 @@
resourceApiVersion: V3
routeConfigName: first-listener
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: first-listener
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/testdata/out/xds-ir/wasm.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/wasm.listeners.yaml
index e5ecdbb8156..c04f247fd68 100755
--- a/internal/xds/translator/testdata/out/xds-ir/wasm.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/wasm.listeners.yaml
@@ -105,7 +105,7 @@
resourceApiVersion: V3
routeConfigName: envoy-gateway/gateway-1/http
serverHeaderTransformation: PASS_THROUGH
- statPrefix: http
+ statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway/gateway-1/http
drainType: MODIFY_ONLY
diff --git a/internal/xds/translator/translator.go b/internal/xds/translator/translator.go
index a58903e88ad..9fa5e700986 100644
--- a/internal/xds/translator/translator.go
+++ b/internal/xds/translator/translator.go
@@ -24,7 +24,6 @@ import (
"google.golang.org/protobuf/proto"
"google.golang.org/protobuf/types/known/anypb"
"google.golang.org/protobuf/types/known/wrapperspb"
- "k8s.io/utils/ptr"
egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
extensionTypes "github.com/envoyproxy/gateway/internal/extension/types"
@@ -451,11 +450,19 @@ func (t *Translator) addRouteToRouteConfig(
vHost.Routes = append(vHost.Routes, xdsRoute)
if httpRoute.Destination != nil {
+ ea := &ExtraArgs{
+ metrics: metrics,
+ http1Settings: httpListener.HTTP1,
+ }
+
+ if httpRoute.Traffic != nil && httpRoute.Traffic.HTTP2 != nil {
+ ea.http2Settings = httpRoute.Traffic.HTTP2
+ }
+
if err = processXdsCluster(
tCtx,
- httpRoute,
- httpListener.HTTP1,
- metrics,
+ &HTTPRouteTranslator{httpRoute},
+ ea,
); err != nil {
errs = errors.Join(errs, err)
}
@@ -573,19 +580,7 @@ func (t *Translator) processTCPListenerXdsTranslation(
patchProxyProtocolFilter(xdsListener, tcpListener.EnableProxyProtocol)
for _, route := range tcpListener.Routes {
- if err := addXdsCluster(tCtx, &xdsClusterArgs{
- name: route.Destination.Name,
- settings: route.Destination.Settings,
- loadBalancer: route.LoadBalancer,
- proxyProtocol: route.ProxyProtocol,
- circuitBreaker: route.CircuitBreaker,
- tcpkeepalive: route.TCPKeepalive,
- healthCheck: route.HealthCheck,
- timeout: route.Timeout,
- endpointType: buildEndpointType(route.Destination.Settings),
- metrics: metrics,
- backendConnection: route.BackendConnection,
- }); err != nil && !errors.Is(err, ErrXdsClusterExists) {
+ if err := processXdsCluster(tCtx, &TCPRouteTranslator{route}, &ExtraArgs{metrics: metrics}); err != nil && !errors.Is(err, ErrXdsClusterExists) {
errs = errors.Join(errs, err)
}
if route.TLS != nil && route.TLS.Terminate != nil {
@@ -647,16 +642,7 @@ func processUDPListenerXdsTranslation(
}
// 1:1 between IR UDPRoute and xDS Cluster
- if err := addXdsCluster(tCtx, &xdsClusterArgs{
- name: route.Destination.Name,
- settings: route.Destination.Settings,
- loadBalancer: route.LoadBalancer,
- timeout: route.Timeout,
- tSocket: nil,
- endpointType: buildEndpointType(route.Destination.Settings),
- metrics: metrics,
- backendConnection: route.BackendConnection,
- }); err != nil && !errors.Is(err, ErrXdsClusterExists) {
+ if err := processXdsCluster(tCtx, &UDPRouteTranslator{route}, &ExtraArgs{metrics: metrics}); err != nil && !errors.Is(err, ErrXdsClusterExists) {
errs = errors.Join(errs, err)
}
}
@@ -748,34 +734,11 @@ func findXdsEndpoint(tCtx *types.ResourceVersionTable, name string) *endpointv3.
return nil
}
-// processXdsCluster processes a xds cluster by its endpoint address type.
-func processXdsCluster(tCtx *types.ResourceVersionTable, httpRoute *ir.HTTPRoute, http1Settings *ir.HTTP1Settings, metrics *ir.Metrics) error {
- clusterArgs := &xdsClusterArgs{
- name: httpRoute.Destination.Name,
- settings: httpRoute.Destination.Settings,
- tSocket: nil,
- endpointType: buildEndpointType(httpRoute.Destination.Settings),
- http1Settings: http1Settings,
- metrics: metrics,
- useClientProtocol: ptr.Deref(httpRoute.UseClientProtocol, false),
- }
-
- // Populate traffic features.
- bt := httpRoute.Traffic
- if bt != nil {
- clusterArgs.loadBalancer = bt.LoadBalancer
- clusterArgs.proxyProtocol = bt.ProxyProtocol
- clusterArgs.circuitBreaker = bt.CircuitBreaker
- clusterArgs.healthCheck = bt.HealthCheck
- clusterArgs.timeout = bt.Timeout
- clusterArgs.tcpkeepalive = bt.TCPKeepalive
- clusterArgs.backendConnection = bt.BackendConnection
- }
-
- if err := addXdsCluster(tCtx, clusterArgs); err != nil && !errors.Is(err, ErrXdsClusterExists) {
+// processXdsCluster processes xds cluster with args per route.
+func processXdsCluster(tCtx *types.ResourceVersionTable, route clusterArgs, extras *ExtraArgs) error {
+ if err := addXdsCluster(tCtx, route.asClusterArgs(extras)); err != nil && !errors.Is(err, ErrXdsClusterExists) {
return err
}
-
return nil
}
diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md
index 9a2cd961a63..255c84a77af 100644
--- a/site/content/en/latest/api/extension_types.md
+++ b/site/content/en/latest/api/extension_types.md
@@ -288,7 +288,7 @@ _Appears in:_
| Field | Type | Required | Description |
| --- | --- | --- | --- |
-| `bufferLimit` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
If unspecified, an implementation defined default is applied (32768 bytes).
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes. |
+| `bufferLimit` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
If unspecified, an implementation defined default is applied (32768 bytes).
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes. |
#### BackendEndpoint
@@ -460,6 +460,8 @@ _Appears in:_
| `useClientProtocol` | _boolean_ | false | UseClientProtocol configures Envoy to prefer sending requests to backends using
the same HTTP protocol that the incoming request used. Defaults to false, which means
that Envoy will use the protocol indicated by the attached BackendRef. |
| `timeout` | _[Timeout](#timeout)_ | false | Timeout settings for the backend connections. |
| `connection` | _[BackendConnection](#backendconnection)_ | false | Connection includes backend connection settings. |
+| `dns` | _[DNS](#dns)_ | false | DNS includes dns resolution settings. |
+| `http2` | _[HTTP2Settings](#http2settings)_ | false | HTTP2 provides HTTP/2 configuration for backend connections. |
#### BasicAuth
@@ -567,7 +569,7 @@ _Appears in:_
| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `connectionLimit` | _[ConnectionLimit](#connectionlimit)_ | false | ConnectionLimit defines limits related to connections |
-| `bufferLimit` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | BufferLimit provides configuration for the maximum buffer size in bytes for each incoming connection.
For example, 20Mi, 1Gi, 256Ki etc.
Note that when the suffix is not provided, the value is interpreted as bytes.
Default: 32768 bytes. |
+| `bufferLimit` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | BufferLimit provides configuration for the maximum buffer size in bytes for each incoming connection.
BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
For example, 20Mi, 1Gi, 256Ki etc.
Note that when the suffix is not provided, the value is interpreted as bytes.
Default: 32768 bytes. |
#### ClientIPDetectionSettings
@@ -845,6 +847,21 @@ _Appears in:_
| `RequestHeader` | CustomTagTypeRequestHeader adds value from request header to each span.
|
+#### DNS
+
+
+
+
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `dnsRefreshRate` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#duration-v1-meta)_ | true | DNSRefreshRate specifies the rate at which DNS records should be refreshed.
Defaults to 30 seconds. |
+| `respectDnsTtl` | _boolean_ | true | RespectDNSTTL indicates whether the DNS Time-To-Live (TTL) should be respected.
If the value is set to true, the DNS refresh rate will be set to the resource record’s TTL.
Defaults to true. |
+
+
#### EnvironmentCustomTag
@@ -1773,9 +1790,10 @@ _Appears in:_
-HTTP2Settings provides HTTP/2 configuration on the listener.
+HTTP2Settings provides HTTP/2 configuration for listeners and backends.
_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
- [ClientTrafficPolicySpec](#clienttrafficpolicyspec)
| Field | Type | Required | Description |
@@ -1783,6 +1801,7 @@ _Appears in:_
| `initialStreamWindowSize` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | InitialStreamWindowSize sets the initial window size for HTTP/2 streams.
If not set, the default value is 64 KiB(64*1024). |
| `initialConnectionWindowSize` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | InitialConnectionWindowSize sets the initial window size for HTTP/2 connections.
If not set, the default value is 1 MiB. |
| `maxConcurrentStreams` | _integer_ | false | MaxConcurrentStreams sets the maximum number of concurrent streams allowed per connection.
If not set, the default value is 100. |
+| `onInvalidMessage` | _[InvalidMessageAction](#invalidmessageaction)_ | false | OnInvalidMessage determines if Envoy will terminate the connection or just the offending stream in the event of HTTP messaging error
It's recommended for L2 Envoy deployments to set this value to TerminateStream.
https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/level_two
Default: TerminateConnection |
#### HTTP3Settings
@@ -2031,6 +2050,21 @@ _Appears in:_
| `Host` | InfrastructureProviderTypeHost defines the "Host" provider.
|
+#### InvalidMessageAction
+
+_Underlying type:_ _string_
+
+
+
+_Appears in:_
+- [HTTP2Settings](#http2settings)
+
+| Value | Description |
+| ----- | ----------- |
+| `TerminateConnection` | |
+| `TerminateStream` | |
+
+
#### JSONPatchOperation
diff --git a/site/content/en/news/releases/_index.md b/site/content/en/news/releases/_index.md
index cff55283750..e8282654b7f 100644
--- a/site/content/en/news/releases/_index.md
+++ b/site/content/en/news/releases/_index.md
@@ -36,6 +36,7 @@ communications with the Envoy Gateway community, and the mechanics of the releas
| 2023 Q3 | Arko Dasgupta ([arkodg](https://github.com/arkodg)) |
| 2023 Q4 | Arko Dasgupta ([arkodg](https://github.com/arkodg)) |
| 2024 Q1 | Xunzhuo Liu ([Xunzhuo](https://github.com/Xunzhuo)) |
+| 2024 Q2 | Guy Daich ([guydc](https://github.com/guydc)) |
## Release Schedule
@@ -49,6 +50,8 @@ In order to align with the Envoy Proxy [release schedule][], Envoy Gateway relea
| 0.4.0 | 2023/04/22 | 2023/04/24 | +2 days | 2023/10/24 |
| 0.5.0 | 2023/07/22 | 2023/08/02 | +10 days | 2024/01/02 |
| 0.6.0 | 2023/10/22 | 2023/11/02 | +10 days | 2024/05/02 |
+| 1.0.0 | 2024/03/06 | 2023/03/13 | +7 days | 2024/09/13 |
+| 1.1.0 | 2024/07/16 | 2024/07/22 | +6 days | 2024/01/22 |
[v2.0.0 spec]: https://semver.org/spec/v2.0.0.html
[release guide]: ../../contributions/releasing
diff --git a/site/content/zh/latest/api/extension_types.md b/site/content/zh/latest/api/extension_types.md
index 9a2cd961a63..255c84a77af 100644
--- a/site/content/zh/latest/api/extension_types.md
+++ b/site/content/zh/latest/api/extension_types.md
@@ -288,7 +288,7 @@ _Appears in:_
| Field | Type | Required | Description |
| --- | --- | --- | --- |
-| `bufferLimit` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
If unspecified, an implementation defined default is applied (32768 bytes).
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes. |
+| `bufferLimit` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
If unspecified, an implementation defined default is applied (32768 bytes).
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes. |
#### BackendEndpoint
@@ -460,6 +460,8 @@ _Appears in:_
| `useClientProtocol` | _boolean_ | false | UseClientProtocol configures Envoy to prefer sending requests to backends using
the same HTTP protocol that the incoming request used. Defaults to false, which means
that Envoy will use the protocol indicated by the attached BackendRef. |
| `timeout` | _[Timeout](#timeout)_ | false | Timeout settings for the backend connections. |
| `connection` | _[BackendConnection](#backendconnection)_ | false | Connection includes backend connection settings. |
+| `dns` | _[DNS](#dns)_ | false | DNS includes dns resolution settings. |
+| `http2` | _[HTTP2Settings](#http2settings)_ | false | HTTP2 provides HTTP/2 configuration for backend connections. |
#### BasicAuth
@@ -567,7 +569,7 @@ _Appears in:_
| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `connectionLimit` | _[ConnectionLimit](#connectionlimit)_ | false | ConnectionLimit defines limits related to connections |
-| `bufferLimit` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | BufferLimit provides configuration for the maximum buffer size in bytes for each incoming connection.
For example, 20Mi, 1Gi, 256Ki etc.
Note that when the suffix is not provided, the value is interpreted as bytes.
Default: 32768 bytes. |
+| `bufferLimit` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | BufferLimit provides configuration for the maximum buffer size in bytes for each incoming connection.
BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
For example, 20Mi, 1Gi, 256Ki etc.
Note that when the suffix is not provided, the value is interpreted as bytes.
Default: 32768 bytes. |
#### ClientIPDetectionSettings
@@ -845,6 +847,21 @@ _Appears in:_
| `RequestHeader` | CustomTagTypeRequestHeader adds value from request header to each span.
|
+#### DNS
+
+
+
+
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `dnsRefreshRate` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#duration-v1-meta)_ | true | DNSRefreshRate specifies the rate at which DNS records should be refreshed.
Defaults to 30 seconds. |
+| `respectDnsTtl` | _boolean_ | true | RespectDNSTTL indicates whether the DNS Time-To-Live (TTL) should be respected.
If the value is set to true, the DNS refresh rate will be set to the resource record’s TTL.
Defaults to true. |
+
+
#### EnvironmentCustomTag
@@ -1773,9 +1790,10 @@ _Appears in:_
-HTTP2Settings provides HTTP/2 configuration on the listener.
+HTTP2Settings provides HTTP/2 configuration for listeners and backends.
_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
- [ClientTrafficPolicySpec](#clienttrafficpolicyspec)
| Field | Type | Required | Description |
@@ -1783,6 +1801,7 @@ _Appears in:_
| `initialStreamWindowSize` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | InitialStreamWindowSize sets the initial window size for HTTP/2 streams.
If not set, the default value is 64 KiB(64*1024). |
| `initialConnectionWindowSize` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | InitialConnectionWindowSize sets the initial window size for HTTP/2 connections.
If not set, the default value is 1 MiB. |
| `maxConcurrentStreams` | _integer_ | false | MaxConcurrentStreams sets the maximum number of concurrent streams allowed per connection.
If not set, the default value is 100. |
+| `onInvalidMessage` | _[InvalidMessageAction](#invalidmessageaction)_ | false | OnInvalidMessage determines if Envoy will terminate the connection or just the offending stream in the event of HTTP messaging error
It's recommended for L2 Envoy deployments to set this value to TerminateStream.
https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/level_two
Default: TerminateConnection |
#### HTTP3Settings
@@ -2031,6 +2050,21 @@ _Appears in:_
| `Host` | InfrastructureProviderTypeHost defines the "Host" provider.
|
+#### InvalidMessageAction
+
+_Underlying type:_ _string_
+
+
+
+_Appears in:_
+- [HTTP2Settings](#http2settings)
+
+| Value | Description |
+| ----- | ----------- |
+| `TerminateConnection` | |
+| `TerminateStream` | |
+
+
#### JSONPatchOperation
diff --git a/site/hugo.toml b/site/hugo.toml
index ce169c84f3b..90dddd05e26 100644
--- a/site/hugo.toml
+++ b/site/hugo.toml
@@ -134,9 +134,6 @@ github_branch= "main"
# Google Custom Search Engine ID. Remove or comment out to disable search.
# gcs_engine_id = "d72aa9b2712488cc3"
-# Enable Algolia DocSearch
-algolia_docsearch = false
-
# Enable Lunr.js offline search
offlineSearch = true
@@ -148,7 +145,7 @@ prism_syntax_highlighting = false
# Set to true to disable breadcrumb navigation.
breadcrumb_disable = false
# Set to true to disable the About link in the site footer
-footer_about_disable = false
+footer_about_enable = true
# Set to false if you don't want to display a logo (/assets/icons/logo.svg) in the top navbar
navbar_logo = true
# Set to true if you don't want the top navbar to be translucent when over a `block/cover`, like on the homepage.
diff --git a/site/layouts/_default/_markup/render-heading.html b/site/layouts/_default/_markup/render-heading.html
new file mode 100644
index 00000000000..7f8e97424d6
--- /dev/null
+++ b/site/layouts/_default/_markup/render-heading.html
@@ -0,0 +1 @@
+{{ template "_default/_markup/td-render-heading.html" . }}
diff --git a/test/e2e/tests/connection_limit.go b/test/e2e/tests/connection_limit.go
index 97594c97774..d27b087ba53 100644
--- a/test/e2e/tests/connection_limit.go
+++ b/test/e2e/tests/connection_limit.go
@@ -84,7 +84,7 @@ var ConnectionLimitTest = suite.ConformanceTest{
}
}
- prefix := "http"
+ prefix := "http-10080"
gtwName := "connection-limit-gateway"
promQL := fmt.Sprintf(`envoy_connection_limit_limited_connections{envoy_connection_limit_prefix="%s",gateway_envoyproxy_io_owning_gateway_name="%s"}`, prefix, gtwName)