make experimental gateway api crds optional so that gateway-api upgrade don't break envoy gateway #3387

networkhermit · 2024-05-13T15:52:36Z

Description:

What issue is being seen? Describe what should be happening instead of
the bug, for example: Envoy should not crash, the expected value isn't
returned, etc.

Recently I upgraded the gateway-api to v1.1.0 from the standard channel, but I found that envoy-gateway is in error due to missing some experimental gateway api crds, even though I have not directly used GRPCRoute gateway.networking.k8s.io/v1alpha2 at all.

Make these experimental crds optional could help users to upgrade newer gateway-api releases.

envoy-gateway log:

Error: failed to create provider Kubernetes: failted to create gatewayapi controller: no matches for kind "GRPCRoute" in version "gateway.networking.k
8s.io/v1alpha2"
Usage:
  envoy-gateway server [flags]

Aliases:
  server, serve

Flags:
  -c, --config-path string   The path to the configuration file.
  -h, --help                 help for server

failed to create provider Kubernetes: failted to create gatewayapi controller: no matches for kind "GRPCRoute" in version "gateway.networking.k8s.io/v
1alpha2"

More context: kubernetes-sigs/gateway-api#3075 and the way istio handle it.

Repro steps:

Include sample requests, environment, etc. All data and inputs
required to reproduce the bug.

Note: If there are privacy concerns, sanitize the data prior to
sharing.

Environment:

Include the environment like gateway version, envoy version and so on.

Logs:

Include the access logs and the Envoy logs.

The text was updated successfully, but these errors were encountered:

arkodg · 2024-05-13T19:17:43Z

we've implemented something similar for ServiceImport where we check if it exists before watching it. For this case we are not the CRD owners, so this decision was easy

gateway/internal/provider/kubernetes/controller.go

Line 1099 in 3bc7cf1

serviceImportCRDExists := r.serviceImportCRDExists(mgr)

Do we need to the same for

Gateway API CRDs - that are not installed from the EG Helm Chart, but pre-applied and managed by the cluster admin (e.g. GKE) (helm not updating CRDs just highlights this case even more )
EG CRDs (BackendTrafficPolicy etc) - that are not installed in the cluster, where the user wants to run EG in minimal mode (Gateway API featureset) and pre install the Gateway API CRDs from the standard channel themselves.

cc @envoyproxy/gateway-maintainers

nezdolik · 2024-06-10T12:47:15Z

+1 on the issue

travisghansen · 2024-07-06T00:40:50Z

I have a similar but different issue. I have installed the experimental apis for v1.1.0 and eg is puking with this:

failed to create provider Kubernetes: failted to create gatewayapi controller: no matches for kind "BackendTLSPolicy" in version "gateway.networking.k8s.io/v1alpha2"

The latest version is v1alpha3.

zhaohuabing · 2024-07-06T01:14:56Z

@travisghansen EG v1.0.2 is using gateway-api v1.0.0, in which BackendTLSPolicy is v1alpha2. If you want to test with gateway-api v1.1.0, you can install EG latest version(v0.0.0-latest), which is built with the latest main branch code and currently depends on gateway-api v1.1.0 and BackendTLSPolicy is v1alpha3.

zhaohuabing · 2024-07-06T02:00:04Z

My two cents:

we've implemented something similar for ServiceImport where we check if it exists before watching it. For this case we are not the CRD owners, so this decision was easy

gateway/internal/provider/kubernetes/controller.go

Line 1099 in 3bc7cf1

serviceImportCRDExists := r.serviceImportCRDExists(mgr)

ServiceImport as backendRef is an opt-in feature for EG, not all EG users need it, so it's safe to ignore it when the CRD doesn't exist.

Do we need to the same for

Gateway API CRDs - that are not installed from the EG Helm Chart, but pre-applied and managed by the cluster admin (e.g. GKE) (helm not updating CRDs just highlights this case even more )

IMO, it would be preferable for EG to fail to start and report an error rather than starting and ignoring the CRDs. The absence of these CRDs usually indicate an unexpected issue: mismatch between Gateway API version and EG version, so it's better to fail early. A clearer error message would be useful, for example: “EG depends on Gateway API v x.x.x, please install this version of Gateway API before starting EG.”

EG CRDs (BackendTrafficPolicy etc) - that are not installed in the cluster, where the user wants to run EG in minimal mode (Gateway API featureset) and pre install the Gateway API CRDs from the standard channel themselves.

In theory, yes, but I doubt anyone wants this, we can do this when people ask for it.

inistor · 2024-07-24T16:47:06Z

In the meantime, Envoy Gateway v1.1.0 was released; I am trying to use it with the Gateway API 1.1.0 CRDs and get the same error:

Error: failed to create provider Kubernetes: failted to create gatewayapi controller: no matches for kind "BackendTLSPolicy" in version "gateway.networking.k8s.io/v1alpha3"

I am using FluxCD to deploy it, the configuration is below:

apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: envoy-gateway-release
  namespace: flux-system
spec:
  install:
    createNamespace: true
  interval: 1m
  targetNamespace: envoy-gateway
  storageNamespace: envoy-gateway
  chart:
    spec:
      chart: gateway-helm
      sourceRef:
        kind: HelmRepository
        name: envoy-gateway-repo
      interval: 1m
      version: 'v1.1.0'

The Gateway API CRDs are also deployed with Flux:

apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
  name: gateway-api-repo
  namespace: flux-system
spec:
  interval: 1m0s
  ref:
    tag: v1.1.0
  url: https://github.com/kubernetes-sigs/gateway-api
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: gateway-api-crd
  namespace: flux-system
spec:
  interval: 1m
  path: ./config/crd/standard
  prune: true
  sourceRef:
    kind: GitRepository
    name: gateway-api-repo

zhaohuabing · 2024-07-25T05:09:05Z

@inistor The BackendTLSPolicy version in Gtaeway API v1.1.0 is v1alpha3.

Can you verify it with this command?

kubectl get crd backendtlspolicies.gateway.networking.k8s.io -o jsonpath='{.spec.versions[*].name}'

inistor · 2024-07-25T05:11:45Z

Thanks for the quick response. Sure, here goes:

➜  ~ kubectl get crd backendtlspolicies.gateway.networking.k8s.io -o jsonpath='{.spec.versions[*].name}'
v1alpha2

v1alpha2 seems to be the one included with GW API CRD v1.1.0 or is my CRD deployment somehow lagging behind?

zhaohuabing · 2024-07-25T13:06:53Z

Looks like the CRD is a wrong version. You can update it to v1alpha3 in the Gateway API v1.1.0 and try again.
https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.1.0/experimental-install.yaml

inistor · 2024-07-25T13:21:57Z

What you linked is the experimental channel; I am using the standard channel. Likely, this is the reason.

However, I would say that installing the release Envoy Proxy Gateway should not require the experimental channel CRDs - unless explicitly enabled (say, via a Helm value); moreover, no such option exist (neither to enable nor to disable the use of experimental CRDs).

I believe this is the actual point of this issue: the inability to use the Envoy Proxy Gateway with the "standard" channel Gateway API CRDs.

zhaohuabing · 2024-07-25T13:42:05Z

Oh, I understand now. Thanks for the explanation. I thought you needed Experimental channel CRDs as BackendTLSPolicy v1alpha2 existed in the cluster.

If that's the case, we need to decide whether EG should support opting out of the experimental channel CRDs. I can bring this up for discussion in the next EG meeting.

inistor · 2024-07-25T13:50:02Z

Thank you for considering this.

inistor · 2024-07-31T07:19:13Z

Just to point out that some other Gateway API implementers have taken a similar approach:

arkodg · 2024-07-31T19:13:38Z

adding this into the v1.2 milestone, lets do this in a dynamic way similar to what is done for ServiceImport

gateway/internal/provider/kubernetes/controller.go

Line 1099 in 3bc7cf1

serviceImportCRDExists := r.serviceImportCRDExists(mgr)

davem-git · 2024-08-12T21:33:38Z

I have a similar issues going from 1.0.1 to 1.1.0

 "failed to create provider Kubernetes: failted to create gatewayapi controller: no matches for kind "BackendTLSPolicy" in version "[gateway.networking.k8s.io/v1alpha3](http://gateway.networking.k8s.io/v1alpha3)""

arkodg · 2024-08-12T21:38:41Z

I have a similar issues going from 1.0.1 to 1.1.0

 "failed to create provider Kubernetes: failted to create gatewayapi controller: no matches for kind "BackendTLSPolicy" in version "[gateway.networking.k8s.io/v1alpha3](http://gateway.networking.k8s.io/v1alpha3)""

@davem-git v1.0 to v1.1 upgrade steps are highlighted here https://gateway.envoyproxy.io/docs/install/install-yaml/#upgrading-from-v10

davem-git · 2024-08-12T21:50:41Z

I will try that on my second instance. I deleted the whole thing to reinstall fresh, something I can do on dev but not once we get to prod

* The ownership of CRD installation is not tied to a single entity https://gateway-api.sigs.k8s.io/guides/crd-management/#who-should-manage-crds This results in multiple entities taking ownership of CRD installation * infra users * implementations * cloud providers This complicates things for implementations who may not know which version and release of CRDs are installed, so this PR makes watching alpha versioned CRDs optional * Even Envoy Gateway specific CRDs have been made optional to solve the use case where users want to only configure Gateway API resources * GRPCRoute is the only exception, which is v1, but has been made optional because it just graduated to v1 in v1.2 but a lot of cloud providers or service mesh implementations have not moved to v1.2 Fixes: envoyproxy#3387 Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* make watching alpha CRDs optional * The ownership of CRD installation is not tied to a single entity https://gateway-api.sigs.k8s.io/guides/crd-management/#who-should-manage-crds This results in multiple entities taking ownership of CRD installation * infra users * implementations * cloud providers This complicates things for implementations who may not know which version and release of CRDs are installed, so this PR makes watching alpha versioned CRDs optional * Even Envoy Gateway specific CRDs have been made optional to solve the use case where users want to only configure Gateway API resources * GRPCRoute is the only exception, which is v1, but has been made optional because it just graduated to v1 in v1.2 but a lot of cloud providers or service mesh implementations have not moved to v1.2 Fixes: envoyproxy#3387 Signed-off-by: Arko Dasgupta <arko@tetrate.io> (cherry picked from commit b877bac) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>

* Reduce the amount of configuration logging, and make it line-delimeted friendly (#4505) * Reduce the amount and style of configuration logging Signed-off-by: Evan Anderson <evan@stacklok.com> * Update verbosity from 1->4 Signed-off-by: Evan Anderson <evan@stacklok.com> Signed-off-by: Evan Anderson <evan.k.anderson@gmail.com> --------- Signed-off-by: Evan Anderson <evan@stacklok.com> Signed-off-by: Evan Anderson <evan.k.anderson@gmail.com> (cherry picked from commit 7897fc5) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * feat: enable load backend resources (#4535) enable load backend resources Signed-off-by: shawnh2 <shawnhxh@outlook.com> (cherry picked from commit 9c9f435) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * build(deps): bump actions/setup-node from 4.0.4 to 4.1.0 (#4537) Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.0.4 to 4.1.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@0a44ba7...39370e3) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit 6ccbbac) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * chore: optimized code (#4514) * chore: optimized code Signed-off-by: zirain <zirain2009@gmail.com> * revert Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> (cherry picked from commit 7ad18fa) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 (#4538) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.13 to 3.27.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@f779452...6624720) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit a13f384) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * build(deps): bump distroless/static from `26f9b99` to `3a03fc0` in /tools/docker/envoy-gateway (#4541) build(deps): bump distroless/static in /tools/docker/envoy-gateway Bumps distroless/static from `26f9b99` to `3a03fc0`. --- updated-dependencies: - dependency-name: distroless/static dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit 6667e4c) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 in /tools/github-actions/setup-deps (#4540) build(deps): bump actions/setup-go in /tools/github-actions/setup-deps Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.2 to 5.1.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@0a12ed9...41dfa10) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit de72c77) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * build(deps): bump github.com/replicatedhq/troubleshoot from 0.107.1 to 0.107.4 (#4543) build(deps): bump github.com/replicatedhq/troubleshoot Bumps [github.com/replicatedhq/troubleshoot](https://github.com/replicatedhq/troubleshoot) from 0.107.1 to 0.107.4. - [Release notes](https://github.com/replicatedhq/troubleshoot/releases) - [Commits](replicatedhq/troubleshoot@v0.107.1...v0.107.4) --- updated-dependencies: - dependency-name: github.com/replicatedhq/troubleshoot dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit 189325b) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * build(deps): bump github.com/tsaarni/certyaml from 0.9.3 to 0.10.0 (#4546) Bumps [github.com/tsaarni/certyaml](https://github.com/tsaarni/certyaml) from 0.9.3 to 0.10.0. - [Release notes](https://github.com/tsaarni/certyaml/releases) - [Commits](tsaarni/certyaml@v0.9.3...v0.10.0) --- updated-dependencies: - dependency-name: github.com/tsaarni/certyaml dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit 5e397ea) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * build(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#4539) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.1 to 4.2.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@eef6144...11bd719) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit a9e5cfe) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * build(deps): bump github.com/fatih/color from 1.17.0 to 1.18.0 (#4545) Bumps [github.com/fatih/color](https://github.com/fatih/color) from 1.17.0 to 1.18.0. - [Release notes](https://github.com/fatih/color/releases) - [Commits](fatih/color@v1.17.0...v1.18.0) --- updated-dependencies: - dependency-name: github.com/fatih/color dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit 902925f) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * e2e test for Gateway with EnvoyProxy (#4548) * e2e test for Gateway with EnvoyProxy Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * remove unnecessary comments Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> (cherry picked from commit 217c6a5) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * make watching alpha CRDs optional (#4519) * make watching alpha CRDs optional * The ownership of CRD installation is not tied to a single entity https://gateway-api.sigs.k8s.io/guides/crd-management/#who-should-manage-crds This results in multiple entities taking ownership of CRD installation * infra users * implementations * cloud providers This complicates things for implementations who may not know which version and release of CRDs are installed, so this PR makes watching alpha versioned CRDs optional * Even Envoy Gateway specific CRDs have been made optional to solve the use case where users want to only configure Gateway API resources * GRPCRoute is the only exception, which is v1, but has been made optional because it just graduated to v1 in v1.2 but a lot of cloud providers or service mesh implementations have not moved to v1.2 Fixes: #3387 Signed-off-by: Arko Dasgupta <arko@tetrate.io> (cherry picked from commit b877bac) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix: validate proto messages before converting them to anypb.Any (#4499) * validate proto message before converting to any Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> (cherry picked from commit 05817fc) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * Fix: xds translation failed when wasm http code source configured without sha (#4547) * fix wasm http code source without sha Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * release note Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix gen Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix gen Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> (cherry picked from commit 74e5750) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * build(deps): bump sigs.k8s.io/controller-runtime from 0.19.0 to 0.19.1 (#4544) * build(deps): bump sigs.k8s.io/controller-runtime from 0.19.0 to 0.19.1 Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.19.0 to 0.19.1. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.19.0...v0.19.1) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix gen check Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: zirain <zirain2009@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: zirain <zirain2009@gmail.com> Co-authored-by: Huabing Zhao <zhaohuabing@gmail.com> (cherry picked from commit f5552a4) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * feat(chart): Make security context configurable (#4536) * Make security context configurable Signed-off-by: Tamal Saha <tamal@appscode.com> * make gen-check Signed-off-by: Tamal Saha <tamal@appscode.com> * Update current.yaml Signed-off-by: Tamal Saha <tamal@appscode.com> --------- Signed-off-by: Tamal Saha <tamal@appscode.com> (cherry picked from commit 20a4622) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * helm: make eg-addons support IPv6 cluster (#4559) Signed-off-by: zirain <zirain2009@gmail.com> (cherry picked from commit b0c6f8c) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * ci: cleanup osv-scanner config (#4579) Signed-off-by: Shahar Harari <shahar.harari@sap.com> (cherry picked from commit 1a275b9) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix egctl release artifacts (#4580) * the release artifact for `egctl` was being pulled from the `latest` release instead of a binary associated with the release tag Signed-off-by: Arko Dasgupta <arko@tetrate.io> (cherry picked from commit 82ce107) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix debug level logging for IR (#4584) https://pkg.go.dev/github.com/go-logr/zapr#hdr-Implementation_Details ``` V(1) is equivalent to Zap's DebugLevel ``` Now after setting the log level to `default: debug` I see ``` 2024-10-31T01:59:31.138Z DEBUG gateway-api runner/runner.go:176 {"proxy":{"metadata":{"labels":{"gateway.envoyproxy.io/owning-gateway-name":"eg","gateway.envoyproxy.io/owning-gateway-namespace":"default"}},"name":"default/eg","listeners":[{"name":"default/eg/http","address":null,"ports":[{"name":"http-80","protocol":"HTTP","servicePort":80,"containerPort":10080}]}]}} {"runner": "gateway-api", "infra-ir": "default/eg"} 2024-10-31T01:59:31.138Z DEBUG gateway-api runner/runner.go:187 {"accessLog":{"text":[{"path":"/dev/stdout"}]},"http":[{"name":"default/eg/http","address":"0.0.0.0","port":10080,"metadata":{"kind":"Gateway","name":"eg","namespace":"default","sectionName":"http"},"hostnames":["*"],"routes":[{"name":"httproute/default/backend/rule/0/match/0/www_example_com","hostname":"www.example.com","isHTTP2":false,"pathMatch":{"name":"","prefix":"/","distinct":false},"destination":{"name":"httproute/default/backend/rule/0","settings":[{"weight":1,"protocol":"HTTP","endpoints":[{"host":"10.1.19.7","port":3000}],"addressType":"IP"}]},"metadata":{"kind":"HTTPRoute","name":"backend","namespace":"default"}}],"isHTTP2":false,"path":{"mergeSlashes":true,"escapedSlashesAction":"UnescapeAndRedirect"}}]} {"runner": "gateway-api", "xds-ir": "default/eg"} ``` Relates to #4505 Signed-off-by: Arko Dasgupta <arko@tetrate.io> (cherry picked from commit e6307f0) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * docs: remove List type (#4585) Signed-off-by: zirain <zirain2009@gmail.com> (cherry picked from commit 13490ac) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * ci: enable test for dual stack cluster (#4574) * ci: enable dual stack test Signed-off-by: zirain <zirain2009@gmail.com> * more comment Signed-off-by: zirain <zirain2009@gmail.com> * remove 1.31.0 ipv4 test suite Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> (cherry picked from commit bb3bbdb) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * build(deps): bump the k8s-io group across 2 directories with 6 updates (#4542) * build(deps): bump the k8s-io group across 2 directories with 6 updates Bumps the k8s-io group with 4 updates in the / directory: [k8s.io/api](https://github.com/kubernetes/api), [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver), [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) and [k8s.io/kubectl](https://github.com/kubernetes/kubectl). Bumps the k8s-io group with 1 update in the /examples/extension-server directory: [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery). Updates `k8s.io/api` from 0.31.1 to 0.31.2 - [Commits](kubernetes/api@v0.31.1...v0.31.2) Updates `k8s.io/apiextensions-apiserver` from 0.31.1 to 0.31.2 - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](kubernetes/apiextensions-apiserver@v0.31.1...v0.31.2) Updates `k8s.io/apimachinery` from 0.31.1 to 0.31.2 - [Commits](kubernetes/apimachinery@v0.31.1...v0.31.2) Updates `k8s.io/cli-runtime` from 0.31.1 to 0.31.2 - [Commits](kubernetes/cli-runtime@v0.31.1...v0.31.2) Updates `k8s.io/client-go` from 0.31.1 to 0.31.2 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.31.1...v0.31.2) Updates `k8s.io/kubectl` from 0.31.1 to 0.31.2 - [Commits](kubernetes/kubectl@v0.31.1...v0.31.2) Updates `k8s.io/apimachinery` from 0.31.1 to 0.31.2 - [Commits](kubernetes/apimachinery@v0.31.1...v0.31.2) --- updated-dependencies: - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/apiextensions-apiserver dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/cli-runtime dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/kubectl dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io ... Signed-off-by: dependabot[bot] <support@github.com> * fix gen Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: zirain <zirain2009@gmail.com> Co-authored-by: Huabing Zhao <zhaohuabing@gmail.com> (cherry picked from commit 74f4377) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * chore: remove dump (#4593) Signed-off-by: zirain <zirain2009@gmail.com> (cherry picked from commit efe625d) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix: trigger reconcile for Secret updates referenced by a BackendTLSP… (#4581) fix: trigger reconcile for Secret updates referenced by a BackendTLSPolicy Signed-off-by: Arko Dasgupta <arko@tetrate.io> (cherry picked from commit db68027) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * chore: use net.JoinHostPort (#4599) * chore: use net.JoinHostPort Signed-off-by: zirain <zirain2009@gmail.com> * more fix Signed-off-by: zirain <zirain2009@gmail.com> * remove netutils.JoinHostPort Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> (cherry picked from commit 6e2587d) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix keycloak ipv6 issue (#4601) (cherry picked from commit d42915a) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix: Route with multiple parents has incorrect namespace in parentRef status (#4592) fix route status wrong ns Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> (cherry picked from commit 7285dda) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * add envoy-gateway binary to release artifacts (#4588) Fixes: #4566 Signed-off-by: Arko Dasgupta <arko@tetrate.io> (cherry picked from commit b51c66a) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * [release/v1.1] release v1.1.3 (#4600) * release: v1.1.3 Signed-off-by: Guy Daich <guy.daich@sap.com> * remove gw-api, fix style Signed-off-by: Guy Daich <guy.daich@sap.com> --------- Signed-off-by: Guy Daich <guy.daich@sap.com> (cherry picked from commit a88e6eb) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * chore: donot use space in short name (#4608) Signed-off-by: zirain <zirain2009@gmail.com> (cherry picked from commit ee33b28) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * Move v1.1 docs tag to v1.1.2 (#4615) Wait until v1.1.3 tag is ready Fixes: #4614 Signed-off-by: Arko Dasgupta <arko@tetrate.io> (cherry picked from commit 656ce52) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix: HTTPRoute status only shows one parent when targeting multiple Gateways from different GatewayClasses (#4587) * fix route status Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * address comment Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * update unit test Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix lint Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> (cherry picked from commit 04ac7b4) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * direct response docs and tests (#4583) * tests: direct response Signed-off-by: Arko Dasgupta <arko@tetrate.io> * unit tests Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix ns Signed-off-by: Arko Dasgupta <arko@tetrate.io> * docs for direct response Signed-off-by: Arko Dasgupta <arko@tetrate.io> * negative tests Signed-off-by: Arko Dasgupta <arko@tetrate.io> (cherry picked from commit f384a64) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * build(deps): bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 (#4619) Bumps [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify) from 1.7.0 to 1.8.0. - [Release notes](https://github.com/fsnotify/fsnotify/releases) - [Changelog](https://github.com/fsnotify/fsnotify/blob/main/CHANGELOG.md) - [Commits](fsnotify/fsnotify@v1.7.0...v1.8.0) --- updated-dependencies: - dependency-name: github.com/fsnotify/fsnotify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit 6f91867) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * build(deps): bump github.com/bufbuild/buf from 1.45.0 to 1.46.0 in /tools/src/buf (#4616) build(deps): bump github.com/bufbuild/buf in /tools/src/buf Bumps [github.com/bufbuild/buf](https://github.com/bufbuild/buf) from 1.45.0 to 1.46.0. - [Release notes](https://github.com/bufbuild/buf/releases) - [Changelog](https://github.com/bufbuild/buf/blob/main/CHANGELOG.md) - [Commits](bufbuild/buf@v1.45.0...v1.46.0) --- updated-dependencies: - dependency-name: github.com/bufbuild/buf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Huabing Zhao <zhaohuabing@gmail.com> (cherry picked from commit 2265862) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * remove myself from maintainers (#4624) remove myself from maintainers and update github user Signed-off-by: Alice Lilith <lilith.alice@protonmail.com> (cherry picked from commit 1205ccf) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * e2e: move apps to examples and pre-built (#4576) * e2e: move grpc-ext-auth envoy-als to examples Signed-off-by: zirain <zirain2009@gmail.com> (cherry picked from commit a011146) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix: wasm oci image source e2e test failed when IP_FAMILY=ipv6 (#4623) fixt wasm test” Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> (cherry picked from commit 7b85d22) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * workaroud for the flaky oidc e2e test (#4603) * workaroud for the flaky oidc e2e test Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * add issue link Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * address comment Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix test Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> (cherry picked from commit b0ab317) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * build(deps): bump softprops/action-gh-release from 2.0.8 to 2.0.9 (#4622) Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.0.8 to 2.0.9. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@c062e08...e7a8f85) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Huabing Zhao <zhaohuabing@gmail.com> (cherry picked from commit 26a63e1) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * Set ignore_health_on_host_removal to true for static clusters (#4612) Removes the endpoint from the pool faster instead of waiting for the result of the active health. Since the control plane already has definitive endpoint health info from the EndpointSlice API, its safe to set this. Fixes: #4564 Signed-off-by: Arko Dasgupta <arko@tetrate.io> (cherry picked from commit 1a57daf) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * build(deps): bump github.com/prometheus/common from 0.60.0 to 0.60.1 (#4620) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.60.0 to 0.60.1. - [Release notes](https://github.com/prometheus/common/releases) - [Changelog](https://github.com/prometheus/common/blob/main/RELEASE.md) - [Commits](prometheus/common@v0.60.0...v0.60.1) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit e5968c9) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * build(deps): bump github.com/replicatedhq/troubleshoot from 0.107.4 to 0.107.5 (#4621) build(deps): bump github.com/replicatedhq/troubleshoot Bumps [github.com/replicatedhq/troubleshoot](https://github.com/replicatedhq/troubleshoot) from 0.107.4 to 0.107.5. - [Release notes](https://github.com/replicatedhq/troubleshoot/releases) - [Commits](replicatedhq/troubleshoot@v0.107.4...v0.107.5) --- updated-dependencies: - dependency-name: github.com/replicatedhq/troubleshoot dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit 976e6a1) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * add docker.io registry name in image name (#4628) * add docker.io registry name in image name Fixes: #4626 Signed-off-by: Arko Dasgupta <arko@tetrate.io> * add api file Signed-off-by: Arko Dasgupta <arko@tetrate.io> --------- Signed-off-by: Arko Dasgupta <arko@tetrate.io> (cherry picked from commit cc71048) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * docs: Jwt claim based authorization (#4617) * docs for jwt claim auth Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * add docs for JWT claim based authorization Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * minor change Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix lint Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> (cherry picked from commit da4a060) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * build(deps): bump github.com/ohler55/ojg from 1.24.1 to 1.25.0 (#4618) Bumps [github.com/ohler55/ojg](https://github.com/ohler55/ojg) from 1.24.1 to 1.25.0. - [Release notes](https://github.com/ohler55/ojg/releases) - [Changelog](https://github.com/ohler55/ojg/blob/develop/CHANGELOG.md) - [Commits](ohler55/ojg@v1.24.1...v1.25.0) --- updated-dependencies: - dependency-name: github.com/ohler55/ojg dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: zirain <zirain2009@gmail.com> (cherry picked from commit 2d68e6a) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * e2e: use grafana alloy instead of fluent-bit (#4525) * use grafana alloy instead of fluent-bit Signed-off-by: zirain <zirain2009@gmail.com> * make alloy disabled by default Signed-off-by: zirain <zirain2009@gmail.com> * enable alloy in e2e Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> (cherry picked from commit 3191d49) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * chore: update site docs link for latest release (#4634) update site docs link for latest release Signed-off-by: Guy Daich <guy.daich@sap.com> (cherry picked from commit 5698e88) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix: push a helm chart without v in ther version (#4636) * push a helm chart without v in ther version Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * rename tag Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> (cherry picked from commit f2c8b77) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * add envoy-gateway binary to latest release artifacts (#4638) * add envoy-gateway binary to latest release artifcats Missed in #4566 Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix also in tagged release Signed-off-by: Arko Dasgupta <arko@tetrate.io> --------- Signed-off-by: Arko Dasgupta <arko@tetrate.io> (cherry picked from commit 7b6834e) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix: BackendTlsPolicy specify multiple targetRefs of the same service, only one will work (#4630) * add tests Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix matching comparison Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * add release note Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix lint Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix lint Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> (cherry picked from commit 44c2f74) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix build Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Evan Anderson <evan@stacklok.com> Signed-off-by: Evan Anderson <evan.k.anderson@gmail.com> Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> Signed-off-by: Tamal Saha <tamal@appscode.com> Signed-off-by: Shahar Harari <shahar.harari@sap.com> Signed-off-by: Guy Daich <guy.daich@sap.com> Signed-off-by: Alice Lilith <lilith.alice@protonmail.com> Co-authored-by: Evan Anderson <evan.k.anderson@gmail.com> Co-authored-by: sh2 <shawnhxh@outlook.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: zirain <zirain2009@gmail.com> Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com> Co-authored-by: Tamal Saha <tamal@appscode.com> Co-authored-by: shahar-h <shahar.harari@sap.com> Co-authored-by: Guy Daich <guy.daich@sap.com> Co-authored-by: Alice Lilith <lilith.alice@protonmail.com>

networkhermit added the triage label May 13, 2024

arkodg added the kind/decision A record of a decision made by the community. label May 13, 2024

arkodg added this to the v1.1.0-rc1 milestone May 13, 2024

arkodg added help wanted Extra attention is needed area/installation and removed kind/decision A record of a decision made by the community. triage labels Jun 27, 2024

arkodg modified the milestones: v1.1.0-rc1, Backlog Jul 3, 2024

arkodg modified the milestones: Backlog, v1.2.0-rc1 Jul 31, 2024

arkodg modified the milestones: v1.2.0-rc1, v1.2.0 Oct 24, 2024

arkodg mentioned this issue Oct 24, 2024

make watching alpha CRDs optional #4519

Merged

arkodg modified the milestones: v1.2.0, v1.2.0-rc1 Oct 24, 2024

arkodg self-assigned this Oct 24, 2024

arkodg removed the help wanted Extra attention is needed label Oct 24, 2024

arkodg closed this as completed in #4519 Oct 29, 2024

arkodg closed this as completed in b877bac Oct 29, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

make experimental gateway api crds optional so that gateway-api upgrade don't break envoy gateway #3387

make experimental gateway api crds optional so that gateway-api upgrade don't break envoy gateway #3387

networkhermit commented May 13, 2024

arkodg commented May 13, 2024 •

edited

Loading

nezdolik commented Jun 10, 2024

travisghansen commented Jul 6, 2024

zhaohuabing commented Jul 6, 2024

zhaohuabing commented Jul 6, 2024 •

edited

Loading

inistor commented Jul 24, 2024

zhaohuabing commented Jul 25, 2024

inistor commented Jul 25, 2024

zhaohuabing commented Jul 25, 2024 •

edited

Loading

inistor commented Jul 25, 2024

zhaohuabing commented Jul 25, 2024 •

edited

Loading

inistor commented Jul 25, 2024

inistor commented Jul 31, 2024

arkodg commented Jul 31, 2024

davem-git commented Aug 12, 2024

arkodg commented Aug 12, 2024

davem-git commented Aug 12, 2024

make experimental gateway api crds optional so that gateway-api upgrade don't break envoy gateway #3387

make experimental gateway api crds optional so that gateway-api upgrade don't break envoy gateway #3387

Comments

networkhermit commented May 13, 2024

arkodg commented May 13, 2024 • edited Loading

nezdolik commented Jun 10, 2024

travisghansen commented Jul 6, 2024

zhaohuabing commented Jul 6, 2024

zhaohuabing commented Jul 6, 2024 • edited Loading

inistor commented Jul 24, 2024

zhaohuabing commented Jul 25, 2024

inistor commented Jul 25, 2024

zhaohuabing commented Jul 25, 2024 • edited Loading

inistor commented Jul 25, 2024

zhaohuabing commented Jul 25, 2024 • edited Loading

inistor commented Jul 25, 2024

inistor commented Jul 31, 2024

arkodg commented Jul 31, 2024

davem-git commented Aug 12, 2024

arkodg commented Aug 12, 2024

davem-git commented Aug 12, 2024

arkodg commented May 13, 2024 •

edited

Loading

zhaohuabing commented Jul 6, 2024 •

edited

Loading

zhaohuabing commented Jul 25, 2024 •

edited

Loading

zhaohuabing commented Jul 25, 2024 •

edited

Loading