Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Delete unused status keys from watchable #2782

Merged
merged 7 commits into from
Mar 6, 2024

Conversation

uniglot
Copy link
Contributor

@uniglot uniglot commented Mar 5, 2024

What type of PR is this?

fix: Delete unused status keys from watchable

What this PR does / why we need it:

The status keys are only stored to watchable maps and not deleted, consequently the amount of freeable memory keeps decreasing over time.

The approach to address this problem is very similar to the way to handle XdsIR and InfraIR.

But I thought if I use getIRKeysToDelete directly to track the status diff, too many arrays need to be created to call the function for each status type. So I didn't use getIRKeysToDelete or create a similar function returning the list of keys to delete. Instead, I introduced DeletableStatus struct to temporarily store which keys are still relevant.

Which issue(s) this PR fixes:

Fixes #2660

It works, but the code is very repetitive, so it will be tedious and time-consuming to modify the code for now when other types of status need to be introduced. It'd be better if the watchable keys are handled by each status type's methods (but it requires larger modification) or at least the handlers are in a separate file.

If you want the code to be cleaner I'll try to refactor, or we can make a separate issue for it. I just wanted to get things work first.

+ Checked linting & tests.

uniglot added 3 commits March 5, 2024 17:20
Signed-off-by: Yuneui Jeong <uniglot@proton.me>
Signed-off-by: Yuneui Jeong <uniglot@proton.me>
Signed-off-by: Yuneui Jeong <uniglot@proton.me>
@uniglot uniglot requested a review from a team as a code owner March 5, 2024 09:03
Copy link

codecov bot commented Mar 5, 2024

Codecov Report

Attention: Patch coverage is 54.19355% with 71 lines in your changes are missing coverage. Please review.

Project coverage is 63.46%. Comparing base (930dcc1) to head (6e0c21e).

Files Patch % Lines
internal/gatewayapi/runner/runner.go 55.86% 52 Missing and 12 partials ⚠️
internal/xds/translator/runner/runner.go 30.00% 5 Missing and 2 partials ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #2782      +/-   ##
==========================================
- Coverage   63.50%   63.46%   -0.05%     
==========================================
  Files         125      125              
  Lines       20604    20750     +146     
==========================================
+ Hits        13085    13169      +84     
- Misses       6685     6733      +48     
- Partials      834      848      +14     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Signed-off-by: Yuneui <uniglot@proton.me>
ClientTrafficPolicyStatusKeys map[types.NamespacedName]bool
BackendTrafficPolicyStatusKeys map[types.NamespacedName]bool
SecurityPolicyStatusKeys map[types.NamespacedName]bool
BackendTLSPolicyStatusKeys map[types.NamespacedName]bool
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: can we move BackendTLSPolicyStatusKeys near L212, since its an upstream resource like UDPRouteStatus

@@ -182,6 +203,153 @@ func (r *Runner) deleteAllIRKeys() {
}
}

type DeletableStatus struct {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

prefer StatusesToDelete

BackendTLSPolicyStatusKeys map[types.NamespacedName]bool
}

func (r *Runner) getDeletableStatus() *DeletableStatus {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

prefer if this API was called getAllStatuses

it took me 2 readings to figure out your approach of collecting all statuses and then deleting the current ones from this truck and then deleting the remaining ones from watchable :)

}

// Get the current DeletableStatus which manages status keys to be deleted
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lets add a comment here explaining the logic

  1. Lets get all status keys from watchable and save it in this structure
  2. Lets delete any current keys that are valid from this structure
  3. The remaining keys, are the keys that are no longer valid, and will be deleted before we exit this function

for key := range r.ProviderResources.SecurityPolicyStatuses.LoadAll() {
r.ProviderResources.SecurityPolicyStatuses.Delete(key)
}
for key := range r.ProviderResources.BackendTLSPolicyStatuses.LoadAll() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lets move this to L334

@@ -90,19 +90,31 @@ func (r *Runner) subscribeAndTranslate(ctx context.Context) {
return
}

// Get current status keys and mark them as deletable temporarily
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lets add comments similar to the one above

@arkodg
Copy link
Contributor

arkodg commented Mar 5, 2024

hey @uniglot, added minor comments, this is looking good !

@arkodg arkodg added this to the v1.0.0 milestone Mar 5, 2024
Signed-off-by: Yuneui Jeong <uniglot@proton.me>
@uniglot
Copy link
Contributor Author

uniglot commented Mar 6, 2024

@arkodg Applied all of your suggestions to the code! I feel bad for making you reading 2 times 🥲

Copy link
Contributor

@arkodg arkodg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM thanks !

@arkodg arkodg requested review from a team March 6, 2024 04:16
Comment on lines +209 to +220
GatewayStatusKeys map[types.NamespacedName]bool
HTTPRouteStatusKeys map[types.NamespacedName]bool
GRPCRouteStatusKeys map[types.NamespacedName]bool
TLSRouteStatusKeys map[types.NamespacedName]bool
TCPRouteStatusKeys map[types.NamespacedName]bool
UDPRouteStatusKeys map[types.NamespacedName]bool
BackendTLSPolicyStatusKeys map[types.NamespacedName]bool

ClientTrafficPolicyStatusKeys map[types.NamespacedName]bool
BackendTrafficPolicyStatusKeys map[types.NamespacedName]bool
SecurityPolicyStatusKeys map[types.NamespacedName]bool
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe we should use set[T] instead of map[T]bool, but we can do that in the future.

@zirain
Copy link
Member

zirain commented Mar 6, 2024

/retest

@arkodg arkodg merged commit a6cc60a into envoyproxy:main Mar 6, 2024
16 of 17 checks passed
@uniglot uniglot deleted the fix/delete-unused-keys branch March 6, 2024 05:11
Xunzhuo pushed a commit to Xunzhuo/gateway that referenced this pull request Mar 13, 2024
* Delete unused status keys in gatewayapi-runner

Signed-off-by: Yuneui Jeong <uniglot@proton.me>

* Delete unused status keys in xds-translator runner

Signed-off-by: Yuneui Jeong <uniglot@proton.me>

* Add tests and fix code to pass all tests

Signed-off-by: Yuneui Jeong <uniglot@proton.me>

* Cover more

Signed-off-by: Yuneui <uniglot@proton.me>

* Change struct's name and other minor fixes

Signed-off-by: Yuneui Jeong <uniglot@proton.me>

---------

Signed-off-by: Yuneui Jeong <uniglot@proton.me>
Signed-off-by: Yuneui <uniglot@proton.me>
Xunzhuo added a commit that referenced this pull request Mar 13, 2024
* ci: update cherry-pick v1.0.0 (#2784)

Signed-off-by: bitliu <bitliu@tencent.com>

* fix: add missing release notes details and re organize it (#2785)

fix: complete missing release notes and re organize it

Signed-off-by: bitliu <bitliu@tencent.com>

* e2e: backend upgrade test (#2725)

* chore: add testdata to passive health checks (#2788)

* chore: add testdata to passive health checks

Signed-off-by: yeedove <yeedove@gmail.com>

* fix test

Signed-off-by: yeedove <yeedove@gmail.com>

---------

Signed-off-by: yeedove <yeedove@gmail.com>

* promote: guydc as maintainer (#2794)

Signed-off-by: bitliu <bitliu@tencent.com>

* fix: Delete unused status keys from watchable (#2782)

* Delete unused status keys in gatewayapi-runner

Signed-off-by: Yuneui Jeong <uniglot@proton.me>

* Delete unused status keys in xds-translator runner

Signed-off-by: Yuneui Jeong <uniglot@proton.me>

* Add tests and fix code to pass all tests

Signed-off-by: Yuneui Jeong <uniglot@proton.me>

* Cover more

Signed-off-by: Yuneui <uniglot@proton.me>

* Change struct's name and other minor fixes

Signed-off-by: Yuneui Jeong <uniglot@proton.me>

---------

Signed-off-by: Yuneui Jeong <uniglot@proton.me>
Signed-off-by: Yuneui <uniglot@proton.me>

* docs: fix commands in basic auth example (#2791)

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* feat: Support WellKnownSystemCerts in BackendTLSPolicy (#2804)

* Add support for using the system truststore with upstream TLS.

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Make the linter happy

Signed-off-by: Lior Okman <lior.okman@sap.com>

---------

Signed-off-by: Lior Okman <lior.okman@sap.com>

* docs: refactor user guides (#2797)

* docs: refactor user guides

Signed-off-by: bitliu <bitliu@tencent.com>

* fix: relative paths

Signed-off-by: bitliu <bitliu@tencent.com>

---------

Signed-off-by: bitliu <bitliu@tencent.com>

* Fix gen check (#2814)

* fix: gen-check error

Signed-off-by: bitliu <bitliu@tencent.com>

* run lint for docs

Signed-off-by: bitliu <bitliu@tencent.com>

---------

Signed-off-by: bitliu <bitliu@tencent.com>

* refactor: set instead of map for mergeGateways (#2803)

* refactor:set[T] instead of map[T]bool

Signed-off-by: Dennis Zhou <idennis.zhou@gmail.com>

* fix lint

Signed-off-by: Dennis Zhou <idennis.zhou@gmail.com>

---------

Signed-off-by: Dennis Zhou <idennis.zhou@gmail.com>
Co-authored-by: Xunzhuo <bitliu@tencent.com>

* remove: support for hostnetwork (#2815)

* feat(egctl): add support for egctl to translate from gateway-api resources to IR (#2799)

* Added an option to translate to IR representation.

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Added a unit test, and made sure that existing services have an IP
address.

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Add omitempty where needed.

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Make gen-check happy

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Added some documentation.

Signed-off-by: Lior Okman <lior.okman@sap.com>

---------

Signed-off-by: Lior Okman <lior.okman@sap.com>

* docs: basic auth example use https (#2806)

* docs: basic auth example use https

Signed-off-by: phantooom <xiaorui.zou@gmail.com>

* docs: refactor user guides (#2797)

* docs: refactor user guides

Signed-off-by: bitliu <bitliu@tencent.com>

* fix: relative paths

Signed-off-by: bitliu <bitliu@tencent.com>

---------

Signed-off-by: bitliu <bitliu@tencent.com>
Signed-off-by: phantooom <xiaorui.zou@gmail.com>

* Fix gen check (#2814)

* fix: gen-check error

Signed-off-by: bitliu <bitliu@tencent.com>

* run lint for docs

Signed-off-by: bitliu <bitliu@tencent.com>

---------

Signed-off-by: bitliu <bitliu@tencent.com>
Signed-off-by: phantooom <xiaorui.zou@gmail.com>

* refactor: set instead of map for mergeGateways (#2803)

* refactor:set[T] instead of map[T]bool

Signed-off-by: Dennis Zhou <idennis.zhou@gmail.com>

* fix lint

Signed-off-by: Dennis Zhou <idennis.zhou@gmail.com>

---------

Signed-off-by: Dennis Zhou <idennis.zhou@gmail.com>
Co-authored-by: Xunzhuo <bitliu@tencent.com>
Signed-off-by: phantooom <xiaorui.zou@gmail.com>

* Update site/content/en/latest/user/security/basic-auth.md

Co-authored-by: Huabing Zhao <zhaohuabing@gmail.com>
Signed-off-by: zou rui <xiaorui.zou@gmail.com>

---------

Signed-off-by: phantooom <xiaorui.zou@gmail.com>
Signed-off-by: bitliu <bitliu@tencent.com>
Signed-off-by: Dennis Zhou <idennis.zhou@gmail.com>
Signed-off-by: zou rui <xiaorui.zou@gmail.com>
Co-authored-by: Xunzhuo <bitliu@tencent.com>
Co-authored-by: Dennis Zhou <idennis.zhou@gmail.com>
Co-authored-by: Huabing Zhao <zhaohuabing@gmail.com>

* chore: group go.opentelemetry.io dependabot (#2821)

Signed-off-by: zirain <zirain2009@gmail.com>

* Add referenced BackendRefs for ExtAuth to Resource Tree (#2795)

* add referenced BackendRefs for ExtAuth to Resource Tree

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* clean up the controller code

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* minor changes

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* return errors

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* fix validate error

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* fix gen

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* Support BackendTLSPolicy for the Ext HTTP/GRPC auth service

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* fix lint

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* fix gen

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* check cross-ns reference grant

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* fix test

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* fix test

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

---------

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* fix bootstrap merge (#2801)

* fix bootstrap merge

Signed-off-by: zirain <zirain2009@gmail.com>

* refactor validateBootstrap

Signed-off-by: zirain <zirain2009@gmail.com>

* lint

Signed-off-by: zirain <zirain2009@gmail.com>

* update test

Signed-off-by: zirain <zirain2009@gmail.com>

---------

Signed-off-by: zirain <zirain2009@gmail.com>

* fix: skip the ReasonTargetNotFound for all policies (#2802)

* stop populating ReasonTargetNotFound for all the policies

Signed-off-by: shawnh2 <shawnhxh@outlook.com>

* add test to ensure the status is expected

Signed-off-by: shawnh2 <shawnhxh@outlook.com>

* fix gen-check and lint

Signed-off-by: shawnh2 <shawnhxh@outlook.com>

---------

Signed-off-by: shawnh2 <shawnhxh@outlook.com>

* docs: update EnvoyProxy logs (#2822)

* docs: update EnvoyProxy logs

Signed-off-by: zirain <zirain2009@gmail.com>

* lint

Signed-off-by: zirain <zirain2009@gmail.com>

---------

Signed-off-by: zirain <zirain2009@gmail.com>

* fix: omit default replicas on Kubernetes Deployment (#2816)

* fix: remove default replicas function

Signed-off-by: Ardika Bagus <me@ardikabs.com>

* chore: omit replicas because nil equal to 1 by default

Signed-off-by: Ardika Bagus <me@ardikabs.com>

* chore: add a note when a user is being explicit on deployment replicas

Signed-off-by: Ardika Bagus <me@ardikabs.com>

---------

Signed-off-by: Ardika Bagus <me@ardikabs.com>

* bug: compute endpointType for all protocol types (#2833)

Fixes: #2832

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* docs: Routing outside k8s (#2831)

* docs: Routing outside k8s

Fixes: #2482

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* updates

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

---------

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#2825)

Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0 (#2826)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.21.0 to 0.22.0.
- [Commits](golang/net@v0.21.0...v0.22.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#2827)

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](stretchr/testify@v1.8.4...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fix: failed to create envoy-oidc-hmac secret when upgrading EG (#2835)

try to create every secret instead of returning eraly

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* build(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 (#2829)

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.62.0 to 1.62.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.62.0...v1.62.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Ext auth e2e tests (#2830)

* e2e tests for http ext auth

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* export util methods to avoid unparam link issues

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* fixt test

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>

---------

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>

* fix existing secret check (#2838)

fix existing secret

Signed-off-by: zirain <zirain2009@gmail.com>

* ci: update k8s matrix (#2836)

* ci: update k8s matrix

Signed-off-by: zirain <zirain2009@gmail.com>

* v1.26.14

Signed-off-by: zirain <zirain2009@gmail.com>

* nit

Signed-off-by: zirain <zirain2009@gmail.com>

* update matrix

Signed-off-by: zirain <zirain2009@gmail.com>

* link in quickstart

Signed-off-by: zirain <zirain2009@gmail.com>

* update

Signed-off-by: zirain <zirain2009@gmail.com>

* 1.29.2

Signed-off-by: zirain <zirain2009@gmail.com>

---------

Signed-off-by: zirain <zirain2009@gmail.com>

* e2e: try to fix client timeout flakes (#2812)

* chore: client timeout log

Signed-off-by: zirain <zirain2009@gmail.com>

* add EnvoyProxy extra args

Signed-off-by: zirain <zirain2009@gmail.com>

* add E2E_CLEANUP

Signed-off-by: zirain <zirain2009@gmail.com>

* nit

Signed-off-by: zirain <zirain2009@gmail.com>

---------

Signed-off-by: zirain <zirain2009@gmail.com>

* feat: Support Upstream TLS to multiple Backends (#2818)

* Use transport_socket_matches to setup correct sockets for different
destinations.

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Support Proxy Protocol for TLS upstreams.

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Changed the name generated for each transport match to be more inline
with other names used in other places in xDS.

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Added one more case in the unit-test to show that upstream proxy-protocol still works.

Signed-off-by: Lior Okman <lior.okman@sap.com>

---------

Signed-off-by: Lior Okman <lior.okman@sap.com>

* e2e: move drain settings into shutdown settings (#2850)

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* docs: mtls to the gateway (#2851)

* docs: mtls to the gateway

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* edits

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* add ref

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* typo

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

---------

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* ignore finalizers when comparing envoy proxy svc (#2856)

* ignore finalizers when comparing envoy proxy svc

Fixes: #1820

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* Chore: remove the uncessary allAssociatedRefGrants from resourceMappings (#2843)

* modify oidc docs

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* clear allAssociatedRefGrants

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* address comments

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

---------

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* docs: allow users to configure custom certs for control plane auth (#2847)

Signed-off-by: zirain <zirain2009@gmail.com>

* add e2e tests for ext auth with grpc auth service (#2841)

* add e2e tests for ext auth with grpc auth service

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* add BackedTLSPolicy

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* generate TLS socket for ext auth services

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

---------

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* fix: Address race condition disrupting graceful shutdown process (#2864)

Signed-off-by: David Alger <davidmalger@gmail.com>

* docs: move Design docs under "Get Involved" (#2857)

* docs: move Design docs under "Get Involved"

* design docs are more relevant to internal contributors than external
  users

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* fix links

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

---------

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* e2e: backend TLS policy (#2853)

* start backendtls test

Signed-off-by: Guy Daich <guy.daich@sap.com>

* fix lint

Signed-off-by: Guy Daich <guy.daich@sap.com>

* use better name for egSetup(...)

Signed-off-by: Guy Daich <guy.daich@sap.com>

* add negative test

Signed-off-by: Guy Daich <guy.daich@sap.com>

* use static certs for test

Signed-off-by: Guy Daich <guy.daich@sap.com>

---------

Signed-off-by: Guy Daich <guy.daich@sap.com>

* Update the user doc for OIDC (#2778)

* user doc for oidc

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* address comments

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

---------

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* add ADOPTERS.md (#2865)

ADOPTERS.md

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
Co-authored-by: Xunzhuo <bitliu@tencent.com>

* build(deps): bump softprops/action-gh-release from 1 to 2 (#2867)

Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 1 to 2.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@de2c0eb...d99959e)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/bufbuild/buf from 1.29.0 to 1.30.0 in /tools/src/buf (#2870)

build(deps): bump github.com/bufbuild/buf in /tools/src/buf

Bumps [github.com/bufbuild/buf](https://github.com/bufbuild/buf) from 1.29.0 to 1.30.0.
- [Release notes](https://github.com/bufbuild/buf/releases)
- [Changelog](https://github.com/bufbuild/buf/blob/main/CHANGELOG.md)
- [Commits](bufbuild/buf@v1.29.0...v1.30.0)

---
updated-dependencies:
- dependency-name: github.com/bufbuild/buf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/prometheus/common from 0.49.0 to 0.50.0 (#2871)

Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.49.0 to 0.50.0.
- [Release notes](https://github.com/prometheus/common/releases)
- [Commits](prometheus/common@v0.49.0...v0.50.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/common
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump fortio.org/fortio from 1.63.3 to 1.63.4 (#2873)

Bumps [fortio.org/fortio](https://github.com/fortio/fortio) from 1.63.3 to 1.63.4.
- [Release notes](https://github.com/fortio/fortio/releases)
- [Commits](fortio/fortio@v1.63.3...v1.63.4)

---
updated-dependencies:
- dependency-name: fortio.org/fortio
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add tetrate to adopters (#2874)

add tetrate to adopters

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* fix: Don't override the ALPN array if HTTP/3 is enabled. (#2876)

* Don't override the ALPN array if HTTP/3 is enabled.

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Removed the unneeded CEL validation for HTTP/3 and ALPN, as well as the
CEL tests.

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Also regenerate the CRD.

Signed-off-by: Lior Okman <lior.okman@sap.com>

---------

Signed-off-by: Lior Okman <lior.okman@sap.com>

* [e2e] eg release upgrade test (#2862)

* [e2e] eg release upgrade test

Signed-off-by: Alexander Volchok <alex.volchok@sap.com>

* fixing linit

Signed-off-by: Alexander Volchok <alex.volchok@sap.com>

* Update test/e2e/tests/eg_upgrade.go

Co-authored-by: zirain <zirain2009@gmail.com>
Signed-off-by: Alex Volchok <alex.volchok@sap.com>

* Update test/e2e/tests/eg_upgrade.go

Co-authored-by: zirain <zirain2009@gmail.com>
Signed-off-by: Alex Volchok <alex.volchok@sap.com>

* adding updated go mod

Signed-off-by: Alexander Volchok <alex.volchok@sap.com>

* fix tests

Signed-off-by: Alexander Volchok <alex.volchok@sap.com>

* move eg upgrade tests to a dedicated suit

Signed-off-by: Alexander Volchok <alex.volchok@sap.com>

* removing unused

Signed-off-by: Alexander Volchok <alex.volchok@sap.com>

* fix code review feedbacks and move e2e clean after the eg upgrades suit

Signed-off-by: Alexander Volchok <alex.volchok@sap.com>

* don't clean after this step yet

Signed-off-by: Alexander Volchok <alex.volchok@sap.com>

* increase helm install / upgrade default timeouts

Signed-off-by: Alexander Volchok <alex.volchok@sap.com>

* restructure test order add an option to execute a single test

Signed-off-by: Alexander Volchok <alex.volchok@sap.com>

* fix kube make single test exec

Signed-off-by: Alexander Volchok <alex.volchok@sap.com>

* change to rc version

Signed-off-by: Alexander Volchok <alex.volchok@sap.com>

* removing loadtest part, changing to simple requests

Signed-off-by: Alexander Volchok <alex.volchok@sap.com>

---------

Signed-off-by: Alexander Volchok <alex.volchok@sap.com>
Signed-off-by: Alex Volchok <alex.volchok@sap.com>
Co-authored-by: zirain <zirain2009@gmail.com>

* Docs for ext auth (#2868)

* docs for ext auth

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* fix lint

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

---------

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* Remove the uncessary \ (#2883)

remove the \

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* docs: backend tls policy (#2884)

* backend tls docs

Signed-off-by: Guy Daich <guy.daich@sap.com>

* fix somy copy-paste mistakes

Signed-off-by: Guy Daich <guy.daich@sap.com>

* fix typo

Signed-off-by: Guy Daich <guy.daich@sap.com>

---------

Signed-off-by: Guy Daich <guy.daich@sap.com>

* feat: add PolicyStatus for BackendTrafficPolicy (#2846)

* add PolicyStatus for BTP

Signed-off-by: shawnh2 <shawnhxh@outlook.com>

* fix gen-check

Signed-off-by: shawnh2 <shawnhxh@outlook.com>

* fix ns problem, add more test and modify controller behavior

Signed-off-by: shawnh2 <shawnhxh@outlook.com>

* fix lint

Signed-off-by: shawnh2 <shawnhxh@outlook.com>

* make gateway as the ancestor of btp if it is targeting to the gateway

Signed-off-by: shawnh2 <shawnhxh@outlook.com>

* fix linter

Signed-off-by: shawnh2 <shawnhxh@outlook.com>

* fix go.mod

Signed-off-by: shawnh2 <shawnhxh@outlook.com>

* do some polish

Signed-off-by: shawnh2 <shawnhxh@outlook.com>

---------

Signed-off-by: shawnh2 <shawnhxh@outlook.com>

* Change the Merge behavior to Replace for SecurityPolicy (#2885)

* Change the Merge behavior to Replace for SecurityPolicy

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* add another http route

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

---------

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* e2e: add weighted backend  (#2863)

* e2e: add backend weighted

Signed-off-by: ShyunnY <1147212064@qq.com>

* fix: Fix weight calculation issue and use AlmostEqual func

Signed-off-by: ShyunnY <1147212064@qq.com>

* fix: add additional comments

Signed-off-by: ShyunnY <1147212064@qq.com>

---------

Signed-off-by: ShyunnY <1147212064@qq.com>
Co-authored-by: Xunzhuo <bitliu@tencent.com>

* http3: use service port in alt-svc header (#2886)

Fixes: #2882

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* bug: add h3 alpn by default if http3 is enabled (#2887)

Fixes: #2875

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* fix: prevent policies targeting non-TLS listeners on the same port from conflicting (#2786)

* * Validate that multiple policies that affect listener configuration don't map to
  the same listener filter chain.
* Change the XDS listener generation so that instead of
  defaultFilterChain for non-TLS routes, a filterChain with a
  destinationPort matcher is used.
  This allows multiple policies attached to non-TLS listeners that
  differ on the destination port to provide different policies without
  conflicting.

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Make hostname based routing work again for non-TLS listeners

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Fixed testdata for egctl

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Make the linter happy

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Added a unit-test

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Make the linter happy

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Update an e2e test with the new filterChain patch

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Revert changing the XDS translation, since a new listener is created
anyways for each port.

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Also revert the xds change in the e2e test.

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Don't need to go over the full XDSIR map - just the current gateway.

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Refactored to separate the validation and the translation.

Renamed the helper method to a more generic name.

Signed-off-by: Lior Okman <lior.okman@sap.com>

---------

Signed-off-by: Lior Okman <lior.okman@sap.com>
Co-authored-by: Guy Daich <guy.daich@sap.com>

* chore: remove ProcessBackendTLSPoliciesAncestorRef (#2845)

* remove ProcessBackendTLSPoliciesAncestorRef

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* address comments

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

---------

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* Change the Merge behavior to Replace for BackendTrafficPolicy (#2888)

* Change the Merge behavior to Replace for BackendTrafficPolicy

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* address comments

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

---------

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* shutdown drainTimeout should also affect envoy drain time (#2898)

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* skip publishing empty status for policies (#2902)

* skip publishing empty status for policies

* #2802 skips computing status
if a target resource cannot be found, mainly because that target maybe
irrelevant to this specific translation, its hard to proactively find
that out in the provider layer

* This fix ensures that any empty status is not published and resets any
existing status for a policy

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* also fix for envoypatchpolicy

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* also discard status for backendtlspolicy

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

---------

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* docs: multiple gatewayclass and merge gateways deployment mode (#2881)

* docs: multiple gatewayclass and merge gateways deployment mode

Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>

* add merged-gateways example

Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>

* md lint

Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>

* yaml lint

Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>

* add user guides

Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>

---------

Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>
Co-authored-by: Xunzhuo <bitliu@tencent.com>

* feat: add PolicyStatus for ClientTrafficPolicy (#2895)

* add PolicyStatus for CTP

Signed-off-by: shawnh2 <shawnhxh@outlook.com>

* fix gen-check

Signed-off-by: shawnh2 <shawnhxh@outlook.com>

* revert discard policy status

Signed-off-by: shawnh2 <shawnhxh@outlook.com>

---------

Signed-off-by: shawnh2 <shawnhxh@outlook.com>

* Use gwapiv1a2.PolicyStatus for SecurityPolicy Status (#2848)

* use gwapiv1a2.PolicyStatus for SecurityPolicy Status

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* fix lint

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* add test for cross-ns refs

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* add todo

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* Update internal/gatewayapi/securitypolicy.go

Co-authored-by: sh2 <shawnhxh@outlook.com>
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>

* address comments

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

---------

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
Co-authored-by: sh2 <shawnhxh@outlook.com>

* Fix oidc doc (#2905)

fix oidc doc

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

* Release v1.0 (#2909)

* add v1.0.0 release note

Signed-off-by: bitliu <bitliu@tencent.com>

* generate v1.0 release page

Signed-off-by: bitliu <bitliu@tencent.com>

* add v1.0.0 release announcement

Signed-off-by: bitliu <bitliu@tencent.com>

* generate v1.0.0 docs

Signed-off-by: bitliu <bitliu@tencent.com>

* update site links

Signed-off-by: bitliu <bitliu@tencent.com>

* fix linter

Signed-off-by: bitliu <bitliu@tencent.com>

---------

Signed-off-by: bitliu <bitliu@tencent.com>

---------

Signed-off-by: bitliu <bitliu@tencent.com>
Signed-off-by: yeedove <yeedove@gmail.com>
Signed-off-by: Yuneui Jeong <uniglot@proton.me>
Signed-off-by: Yuneui <uniglot@proton.me>
Signed-off-by: Arko Dasgupta <arko@tetrate.io>
Signed-off-by: Lior Okman <lior.okman@sap.com>
Signed-off-by: Dennis Zhou <idennis.zhou@gmail.com>
Signed-off-by: phantooom <xiaorui.zou@gmail.com>
Signed-off-by: zou rui <xiaorui.zou@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>
Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
Signed-off-by: shawnh2 <shawnhxh@outlook.com>
Signed-off-by: Ardika Bagus <me@ardikabs.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
Signed-off-by: David Alger <davidmalger@gmail.com>
Signed-off-by: Guy Daich <guy.daich@sap.com>
Signed-off-by: Alexander Volchok <alex.volchok@sap.com>
Signed-off-by: Alex Volchok <alex.volchok@sap.com>
Signed-off-by: ShyunnY <1147212064@qq.com>
Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>
Co-authored-by: Guy Daich <guy.daich@sap.com>
Co-authored-by: Dennis Zhou <yeedove@gmail.com>
Co-authored-by: Yuneui Jeong <uniglot@proton.me>
Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com>
Co-authored-by: Lior Okman <lior.okman@sap.com>
Co-authored-by: Dennis Zhou <idennis.zhou@gmail.com>
Co-authored-by: zou rui <xiaorui.zou@gmail.com>
Co-authored-by: Huabing Zhao <zhaohuabing@gmail.com>
Co-authored-by: zirain <zirain2009@gmail.com>
Co-authored-by: sh2 <shawnhxh@outlook.com>
Co-authored-by: Ardika <me@ardikabs.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Alger <davidmalger@gmail.com>
Co-authored-by: Alex Volchok <alex.volchok@sap.com>
Co-authored-by: Shyunn <1147212064@qq.com>
Co-authored-by: Karol Szwaj <karol.szwaj@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
No open projects
Development

Successfully merging this pull request may close these issues.

Delete unused status keys from watchable
3 participants