From 1d8c0355e4ed4bd9321a39566981cff76e578b58 Mon Sep 17 00:00:00 2001 From: qi Date: Mon, 5 Aug 2024 14:46:51 +0800 Subject: [PATCH 01/12] bugfix: fix upstream get unwanted /. (#3990) * bugfix: fix upstream get unwanted /. Signed-off-by: qicz * ut for bugfix Signed-off-by: qicz --------- Signed-off-by: qicz Co-authored-by: Xunzhuo (cherry picked from commit b77f6a4e654786d1f8c9b3ee2c351472dd71209d) Signed-off-by: Arko Dasgupta --- internal/xds/translator/route.go | 5 ++- ...-rewrite-sufixx-with-slash-url-prefix.yaml | 27 ++++++++++++++ ...sufixx-with-slash-url-prefix.clusters.yaml | 17 +++++++++ ...ufixx-with-slash-url-prefix.endpoints.yaml | 12 +++++++ ...ufixx-with-slash-url-prefix.listeners.yaml | 35 +++++++++++++++++++ ...e-sufixx-with-slash-url-prefix.routes.yaml | 19 ++++++++++ 6 files changed, 114 insertions(+), 1 deletion(-) create mode 100644 internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.yaml create mode 100644 internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.clusters.yaml create mode 100644 internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.endpoints.yaml create mode 100644 internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.listeners.yaml create mode 100644 internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.routes.yaml diff --git a/internal/xds/translator/route.go b/internal/xds/translator/route.go index 2b9c75a2e91..8a56e9e42b1 100644 --- a/internal/xds/translator/route.go +++ b/internal/xds/translator/route.go @@ -401,7 +401,10 @@ func buildXdsURLRewriteAction(destName string, urlRewrite *ir.URLRewrite, pathMa if useRegexRewriteForPrefixMatchReplace(pathMatch, *urlRewrite.Path.PrefixMatchReplace) { routeAction.RegexRewrite = prefix2RegexRewrite(*pathMatch.Prefix) } else { - routeAction.PrefixRewrite = *urlRewrite.Path.PrefixMatchReplace + // remove trailing / to fix #3989 + // when the pathMath.Prefix has suffix / but EG has removed it, + // and the urlRewrite.Path.PrefixMatchReplace suffix with / the upstream will get unwanted / + routeAction.PrefixRewrite = strings.TrimSuffix(*urlRewrite.Path.PrefixMatchReplace, "/") } } } diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.yaml new file mode 100644 index 00000000000..97d0b5457cd --- /dev/null +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.yaml @@ -0,0 +1,27 @@ +name: "http-route" +http: +- name: "first-listener" + address: "0.0.0.0" + port: 10080 + hostnames: + - "*" + path: + mergeSlashes: true + escapedSlashesAction: UnescapeAndRedirect + routes: + - name: "rewrite-route" + pathMatch: + prefix: "/origin/" + hostname: gateway.envoyproxy.io + headerMatches: + - name: ":authority" + exact: gateway.envoyproxy.io + destination: + name: "rewrite-route-dest" + settings: + - endpoints: + - host: "1.2.3.4" + port: 50000 + urlRewrite: + path: + prefixMatchReplace: /rewrite/ diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.clusters.yaml new file mode 100644 index 00000000000..027db39fb29 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.clusters.yaml @@ -0,0 +1,17 @@ +- circuitBreakers: + thresholds: + - maxRetries: 1024 + commonLbConfig: + localityWeightedLbConfig: {} + connectTimeout: 10s + dnsLookupFamily: V4_ONLY + edsClusterConfig: + edsConfig: + ads: {} + resourceApiVersion: V3 + serviceName: rewrite-route-dest + lbPolicy: LEAST_REQUEST + name: rewrite-route-dest + outlierDetection: {} + perConnectionBufferLimitBytes: 32768 + type: EDS diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.endpoints.yaml new file mode 100644 index 00000000000..256dda09089 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.endpoints.yaml @@ -0,0 +1,12 @@ +- clusterName: rewrite-route-dest + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: 1.2.3.4 + portValue: 50000 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + locality: + region: rewrite-route-dest/backend/0 diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.listeners.yaml new file mode 100644 index 00000000000..67922c7444f --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.listeners.yaml @@ -0,0 +1,35 @@ +- address: + socketAddress: + address: 0.0.0.0 + portValue: 10080 + defaultFilterChain: + filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + commonHttpProtocolOptions: + headersWithUnderscoresAction: REJECT_REQUEST + http2ProtocolOptions: + initialConnectionWindowSize: 1048576 + initialStreamWindowSize: 65536 + maxConcurrentStreams: 100 + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + suppressEnvoyHeaders: true + mergeSlashes: true + normalizePath: true + pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT + rds: + configSource: + ads: {} + resourceApiVersion: V3 + routeConfigName: first-listener + serverHeaderTransformation: PASS_THROUGH + statPrefix: http + useRemoteAddress: true + name: first-listener + drainType: MODIFY_ONLY + name: first-listener + perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.routes.yaml new file mode 100644 index 00000000000..84bc70f04bd --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.routes.yaml @@ -0,0 +1,19 @@ +- ignorePortInHostMatching: true + name: first-listener + virtualHosts: + - domains: + - gateway.envoyproxy.io + name: first-listener/gateway_envoyproxy_io + routes: + - match: + headers: + - name: :authority + stringMatch: + exact: gateway.envoyproxy.io + pathSeparatedPrefix: /origin + name: rewrite-route + route: + cluster: rewrite-route-dest + prefixRewrite: /rewrite + upgradeConfigs: + - upgradeType: websocket From ce900c68277d605ae61e1c8a7299b2d5c4ad1c2a Mon Sep 17 00:00:00 2001 From: Kobi Levi <56400138+levikobi@users.noreply.github.com> Date: Thu, 15 Aug 2024 22:19:40 +0300 Subject: [PATCH 02/12] feat: gateway http listener isolation (#4000) Signed-off-by: Kobi Levi (cherry picked from commit 97830e99556745f6003208b2ad33b30e9c711988) Signed-off-by: Arko Dasgupta --- internal/gatewayapi/conformance/suite.go | 1 - internal/gatewayapi/helpers.go | 45 +++- internal/gatewayapi/route.go | 4 +- ...istener-with-hostname-intersection.in.yaml | 65 +++++ ...stener-with-hostname-intersection.out.yaml | 238 ++++++++++++++++++ internal/gatewayapi/tls.go | 7 +- 6 files changed, 345 insertions(+), 15 deletions(-) create mode 100644 internal/gatewayapi/testdata/gateway-http-listener-with-hostname-intersection.in.yaml create mode 100644 internal/gatewayapi/testdata/gateway-http-listener-with-hostname-intersection.out.yaml diff --git a/internal/gatewayapi/conformance/suite.go b/internal/gatewayapi/conformance/suite.go index 4637e023779..4fafa008983 100644 --- a/internal/gatewayapi/conformance/suite.go +++ b/internal/gatewayapi/conformance/suite.go @@ -15,7 +15,6 @@ import ( // SkipTests is a list of tests that are skipped in the conformance suite. var SkipTests = []suite.ConformanceTest{ tests.GatewayStaticAddresses, - tests.GatewayHTTPListenerIsolation, // https://github.com/envoyproxy/gateway/issues/3352 } func skipTestsShortNames(skipTests []suite.ConformanceTest) []string { diff --git a/internal/gatewayapi/helpers.go b/internal/gatewayapi/helpers.go index 22c81032ebb..076a892bbe5 100644 --- a/internal/gatewayapi/helpers.go +++ b/internal/gatewayapi/helpers.go @@ -262,12 +262,12 @@ func servicePortToContainerPort(servicePort int32, envoyProxy *egv1a1.EnvoyProxy return servicePort } -// computeHosts returns a list of the intersecting hostnames between the route -// and the listener. -func computeHosts(routeHostnames []string, listenerHostname *gwapiv1.Hostname) []string { +// computeHosts returns a list of intersecting listener hostnames and route hostnames +// that don't intersect with other listener hostnames. +func computeHosts(routeHostnames []string, listenerContext *ListenerContext) []string { var listenerHostnameVal string - if listenerHostname != nil { - listenerHostnameVal = string(*listenerHostname) + if listenerContext != nil && listenerContext.Hostname != nil { + listenerHostnameVal = string(*listenerContext.Hostname) } // No route hostnames specified: use the listener hostname if specified, @@ -280,8 +280,9 @@ func computeHosts(routeHostnames []string, listenerHostname *gwapiv1.Hostname) [ return []string{"*"} } - var hostnames []string + hostnamesSet := map[string]struct{}{} + // Find intersecting hostnames for i := range routeHostnames { routeHostname := routeHostnames[i] @@ -290,27 +291,51 @@ func computeHosts(routeHostnames []string, listenerHostname *gwapiv1.Hostname) [ switch { // No listener hostname: use the route hostname. case len(listenerHostnameVal) == 0: - hostnames = append(hostnames, routeHostname) + hostnamesSet[routeHostname] = struct{}{} // Listener hostname matches the route hostname: use it. case listenerHostnameVal == routeHostname: - hostnames = append(hostnames, routeHostname) + hostnamesSet[routeHostname] = struct{}{} // Listener has a wildcard hostname: check if the route hostname matches. case strings.HasPrefix(listenerHostnameVal, "*"): if hostnameMatchesWildcardHostname(routeHostname, listenerHostnameVal) { - hostnames = append(hostnames, routeHostname) + hostnamesSet[routeHostname] = struct{}{} } // Route has a wildcard hostname: check if the listener hostname matches. case strings.HasPrefix(routeHostname, "*"): if hostnameMatchesWildcardHostname(listenerHostnameVal, routeHostname) { - hostnames = append(hostnames, listenerHostnameVal) + hostnamesSet[listenerHostnameVal] = struct{}{} } } } + // Filter out route hostnames that intersect with other listener hostnames + var listeners []*ListenerContext + if listenerContext != nil && listenerContext.gateway != nil { + listeners = listenerContext.gateway.listeners + } + + for _, listener := range listeners { + if listenerContext == listener { + continue + } + if listenerContext != nil && listenerContext.Port != listener.Port { + continue + } + if listener.Hostname == nil { + continue + } + delete(hostnamesSet, string(*listener.Hostname)) + } + + var hostnames []string + for host := range hostnamesSet { + hostnames = append(hostnames, host) + } + return hostnames } diff --git a/internal/gatewayapi/route.go b/internal/gatewayapi/route.go index 336e931cfce..b113411b3df 100644 --- a/internal/gatewayapi/route.go +++ b/internal/gatewayapi/route.go @@ -651,7 +651,7 @@ func (t *Translator) processHTTPRouteParentRefListener(route RouteContext, route var hasHostnameIntersection bool for _, listener := range parentRef.listeners { - hosts := computeHosts(GetHostnames(route), listener.Hostname) + hosts := computeHosts(GetHostnames(route), listener) if len(hosts) == 0 { continue } @@ -818,7 +818,7 @@ func (t *Translator) processTLSRouteParentRefs(tlsRoute *TLSRouteContext, resour var hasHostnameIntersection bool for _, listener := range parentRef.listeners { - hosts := computeHosts(GetHostnames(tlsRoute), listener.Hostname) + hosts := computeHosts(GetHostnames(tlsRoute), listener) if len(hosts) == 0 { continue } diff --git a/internal/gatewayapi/testdata/gateway-http-listener-with-hostname-intersection.in.yaml b/internal/gatewayapi/testdata/gateway-http-listener-with-hostname-intersection.in.yaml new file mode 100644 index 00000000000..267fcbba54b --- /dev/null +++ b/internal/gatewayapi/testdata/gateway-http-listener-with-hostname-intersection.in.yaml @@ -0,0 +1,65 @@ +gateways: + - apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + name: gateway-1 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + listeners: + - name: empty-hostname + port: 80 + protocol: HTTP + allowedRoutes: + namespaces: + from: All + - name: wildcard-example-com + port: 80 + protocol: HTTP + hostname: "*.example.com" + allowedRoutes: + namespaces: + from: All +httpRoutes: + - apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + name: httproute-1 + namespace: envoy-gateway + spec: + parentRefs: + - name: gateway-1 + namespace: envoy-gateway + sectionName: empty-hostname + hostnames: + - "bar.com" + - "*.example.com" # request matching is prevented by the isolation wildcard-example-com listener + rules: + - matches: + - path: + type: PathPrefix + value: /empty-hostname + backendRefs: + - name: service-1 + port: 8080 + - apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + name: httproute-2 + namespace: envoy-gateway + spec: + parentRefs: + - name: gateway-1 + namespace: envoy-gateway + sectionName: wildcard-example-com + hostnames: + - "bar.com" # doesn't match wildcard-example-com listener + - "*.example.com" + rules: + - matches: + - path: + type: PathPrefix + value: /wildcard-example-com + backendRefs: + - name: service-1 + port: 8080 diff --git a/internal/gatewayapi/testdata/gateway-http-listener-with-hostname-intersection.out.yaml b/internal/gatewayapi/testdata/gateway-http-listener-with-hostname-intersection.out.yaml new file mode 100644 index 00000000000..cb47542a1c7 --- /dev/null +++ b/internal/gatewayapi/testdata/gateway-http-listener-with-hostname-intersection.out.yaml @@ -0,0 +1,238 @@ +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + creationTimestamp: null + name: gateway-1 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + listeners: + - allowedRoutes: + namespaces: + from: All + name: empty-hostname + port: 80 + protocol: HTTP + - allowedRoutes: + namespaces: + from: All + hostname: '*.example.com' + name: wildcard-example-com + port: 80 + protocol: HTTP + status: + listeners: + - attachedRoutes: 1 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: empty-hostname + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute + - attachedRoutes: 1 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: wildcard-example-com + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute +httpRoutes: +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + creationTimestamp: null + name: httproute-1 + namespace: envoy-gateway + spec: + hostnames: + - bar.com + - '*.example.com' + parentRefs: + - name: gateway-1 + namespace: envoy-gateway + sectionName: empty-hostname + rules: + - backendRefs: + - name: service-1 + port: 8080 + matches: + - path: + type: PathPrefix + value: /empty-hostname + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Service envoy-gateway/service-1 not found + reason: BackendNotFound + status: "False" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-1 + namespace: envoy-gateway + sectionName: empty-hostname +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + creationTimestamp: null + name: httproute-2 + namespace: envoy-gateway + spec: + hostnames: + - bar.com + - '*.example.com' + parentRefs: + - name: gateway-1 + namespace: envoy-gateway + sectionName: wildcard-example-com + rules: + - backendRefs: + - name: service-1 + port: 8080 + matches: + - path: + type: PathPrefix + value: /wildcard-example-com + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Service envoy-gateway/service-1 not found + reason: BackendNotFound + status: "False" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-1 + namespace: envoy-gateway + sectionName: wildcard-example-com +infraIR: + envoy-gateway/gateway-1: + proxy: + listeners: + - address: null + name: envoy-gateway/gateway-1/empty-hostname + ports: + - containerPort: 10080 + name: http-80 + protocol: HTTP + servicePort: 80 + metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-1 + gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway + name: envoy-gateway/gateway-1 +xdsIR: + envoy-gateway/gateway-1: + accessLog: + text: + - path: /dev/stdout + http: + - address: 0.0.0.0 + hostnames: + - '*' + isHTTP2: false + metadata: + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: empty-hostname + name: envoy-gateway/gateway-1/empty-hostname + path: + escapedSlashesAction: UnescapeAndRedirect + mergeSlashes: true + port: 10080 + routes: + - destination: + name: httproute/envoy-gateway/httproute-1/rule/0 + settings: + - weight: 1 + directResponse: + statusCode: 500 + hostname: bar.com + isHTTP2: false + metadata: + kind: HTTPRoute + name: httproute-1 + namespace: envoy-gateway + name: httproute/envoy-gateway/httproute-1/rule/0/match/0/bar_com + pathMatch: + distinct: false + name: "" + prefix: /empty-hostname + - address: 0.0.0.0 + hostnames: + - '*.example.com' + isHTTP2: false + metadata: + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: wildcard-example-com + name: envoy-gateway/gateway-1/wildcard-example-com + path: + escapedSlashesAction: UnescapeAndRedirect + mergeSlashes: true + port: 10080 + routes: + - destination: + name: httproute/envoy-gateway/httproute-2/rule/0 + settings: + - weight: 1 + directResponse: + statusCode: 500 + hostname: '*.example.com' + isHTTP2: false + metadata: + kind: HTTPRoute + name: httproute-2 + namespace: envoy-gateway + name: httproute/envoy-gateway/httproute-2/rule/0/match/0/*_example_com + pathMatch: + distinct: false + name: "" + prefix: /wildcard-example-com diff --git a/internal/gatewayapi/tls.go b/internal/gatewayapi/tls.go index 1d38897ed26..acde9bed339 100644 --- a/internal/gatewayapi/tls.go +++ b/internal/gatewayapi/tls.go @@ -88,10 +88,13 @@ func validateTLSSecretsData(secrets []*corev1.Secret, host *gwapiv1.Hostname) er func verifyHostname(cert *x509.Certificate, host *gwapiv1.Hostname) ([]string, error) { var matchedHosts []string + listenerContext := ListenerContext{ + Listener: &gwapiv1.Listener{Hostname: host}, + } if len(cert.DNSNames) > 0 { - matchedHosts = computeHosts(cert.DNSNames, host) + matchedHosts = computeHosts(cert.DNSNames, &listenerContext) } else { - matchedHosts = computeHosts([]string{cert.Subject.CommonName}, host) + matchedHosts = computeHosts([]string{cert.Subject.CommonName}, &listenerContext) } if len(matchedHosts) > 0 { From cf443bb3c526db20467933699d690dfab8fdecf8 Mon Sep 17 00:00:00 2001 From: Ardika Date: Fri, 9 Aug 2024 06:38:33 +0700 Subject: [PATCH 03/12] fix: multiple reference grants in same namespace (#4008) * fix: multiple reference grants in same namespace Signed-off-by: Ardika Bagus * test: add e2e test Signed-off-by: Ardika Bagus * chore: wrong service port Signed-off-by: Ardika Bagus --------- Signed-off-by: Ardika Bagus (cherry picked from commit b82f4b24791ea5fdf9e498da6d35cd123d7846bf) Signed-off-by: Arko Dasgupta --- internal/provider/kubernetes/controller.go | 32 +++- ...ferencegrants-same-namespace-services.yaml | 148 ++++++++++++++++++ .../multi-referencegrants-same-namespace.yaml | 92 +++++++++++ test/e2e/tests/referencegrants.go | 79 ++++++++++ 4 files changed, 346 insertions(+), 5 deletions(-) create mode 100644 test/e2e/testdata/multi-referencegrants-same-namespace-services.yaml create mode 100644 test/e2e/testdata/multi-referencegrants-same-namespace.yaml create mode 100644 test/e2e/tests/referencegrants.go diff --git a/internal/provider/kubernetes/controller.go b/internal/provider/kubernetes/controller.go index f7e88da222d..73d8799e900 100644 --- a/internal/provider/kubernetes/controller.go +++ b/internal/provider/kubernetes/controller.go @@ -769,13 +769,35 @@ func (r *gatewayAPIReconciler) findReferenceGrant(ctx context.Context, from, to } for _, refGrant := range refGrants { - if refGrant.Namespace == to.namespace { - for _, src := range refGrant.Spec.From { - if src.Kind == gwapiv1a2.Kind(from.kind) && string(src.Namespace) == from.namespace { - return &refGrant, nil - } + if refGrant.Namespace != to.namespace { + continue + } + + var fromAllowed bool + for _, refGrantFrom := range refGrant.Spec.From { + if string(refGrantFrom.Kind) == from.kind && string(refGrantFrom.Namespace) == from.namespace { + fromAllowed = true + break } } + + if !fromAllowed { + continue + } + + var toAllowed bool + for _, refGrantTo := range refGrant.Spec.To { + if string(refGrantTo.Kind) == to.kind && (refGrantTo.Name == nil || *refGrantTo.Name == "" || string(*refGrantTo.Name) == to.name) { + toAllowed = true + break + } + } + + if !toAllowed { + continue + } + + return &refGrant, nil } // No ReferenceGrant found. diff --git a/test/e2e/testdata/multi-referencegrants-same-namespace-services.yaml b/test/e2e/testdata/multi-referencegrants-same-namespace-services.yaml new file mode 100644 index 00000000000..948503bea3d --- /dev/null +++ b/test/e2e/testdata/multi-referencegrants-same-namespace-services.yaml @@ -0,0 +1,148 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: multireferencegrants-ns +--- +apiVersion: v1 +kind: Service +metadata: + name: app-backend-v1 + namespace: multireferencegrants-ns +spec: + selector: + app: app-backend-v1 + ports: + - protocol: TCP + port: 8080 + targetPort: 3000 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: app-backend-v1 + namespace: multireferencegrants-ns + labels: + app: app-backend-v1 +spec: + replicas: 1 + selector: + matchLabels: + app: app-backend-v1 + template: + metadata: + labels: + app: app-backend-v1 + spec: + containers: + - name: app-backend-v1 + image: gcr.io/k8s-staging-gateway-api/echo-basic:v20231214-v1.0.0-140-gf544a46e + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SERVICE_NAME + value: app-backend-v1 + resources: + requests: + cpu: 10m +--- +apiVersion: v1 +kind: Service +metadata: + name: app-backend-v2 + namespace: multireferencegrants-ns +spec: + selector: + app: app-backend-v2 + ports: + - protocol: TCP + port: 8080 + targetPort: 3000 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: app-backend-v2 + namespace: multireferencegrants-ns + labels: + app: app-backend-v2 +spec: + replicas: 1 + selector: + matchLabels: + app: app-backend-v2 + template: + metadata: + labels: + app: app-backend-v2 + spec: + containers: + - name: app-backend-v2 + image: gcr.io/k8s-staging-gateway-api/echo-basic:v20231214-v1.0.0-140-gf544a46e + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SERVICE_NAME + value: app-backend-v2 + resources: + requests: + cpu: 10m +--- +apiVersion: v1 +kind: Service +metadata: + name: app-backend-v3 + namespace: multireferencegrants-ns +spec: + selector: + app: app-backend-v3 + ports: + - protocol: TCP + port: 8080 + targetPort: 3000 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: app-backend-v3 + namespace: multireferencegrants-ns + labels: + app: app-backend-v3 +spec: + replicas: 1 + selector: + matchLabels: + app: app-backend-v3 + template: + metadata: + labels: + app: app-backend-v3 + spec: + containers: + - name: app-backend-v3 + image: gcr.io/k8s-staging-gateway-api/echo-basic:v20231214-v1.0.0-140-gf544a46e + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SERVICE_NAME + value: app-backend-v3 + resources: + requests: + cpu: 10m diff --git a/test/e2e/testdata/multi-referencegrants-same-namespace.yaml b/test/e2e/testdata/multi-referencegrants-same-namespace.yaml new file mode 100644 index 00000000000..f9940185e5c --- /dev/null +++ b/test/e2e/testdata/multi-referencegrants-same-namespace.yaml @@ -0,0 +1,92 @@ +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: HTTPRoute +metadata: + name: multi-referencegrant-same-namespace + namespace: gateway-conformance-infra +spec: + hostnames: + - multireferencegrant.local + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: same-namespace + namespace: gateway-conformance-infra + rules: + - backendRefs: + - group: "" + kind: Service + name: app-backend-v3 + namespace: multireferencegrants-ns + port: 8080 + weight: 1 + matches: + - path: + type: PathPrefix + value: /v3/echo + - backendRefs: + - group: "" + kind: Service + name: app-backend-v2 + namespace: multireferencegrants-ns + port: 8080 + weight: 1 + matches: + - path: + type: PathPrefix + value: /v2/echo + - backendRefs: + - group: "" + kind: Service + name: app-backend-v1 + namespace: multireferencegrants-ns + port: 8080 + weight: 1 + matches: + - path: + type: PathPrefix + value: /v1/echo +--- +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: ReferenceGrant +metadata: + name: app-backend-v1-rg + namespace: multireferencegrants-ns +spec: + from: + - group: gateway.networking.k8s.io + kind: HTTPRoute + namespace: gateway-conformance-infra + to: + - group: "" + kind: Service + name: app-backend-v1 +--- +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: ReferenceGrant +metadata: + name: app-backend-v2-rg + namespace: multireferencegrants-ns +spec: + from: + - group: gateway.networking.k8s.io + kind: HTTPRoute + namespace: gateway-conformance-infra + to: + - group: "" + kind: Service + name: app-backend-v2 +--- +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: ReferenceGrant +metadata: + name: app-backend-v3-rg + namespace: multireferencegrants-ns +spec: + from: + - group: gateway.networking.k8s.io + kind: HTTPRoute + namespace: gateway-conformance-infra + to: + - group: "" + kind: Service + name: app-backend-v3 diff --git a/test/e2e/tests/referencegrants.go b/test/e2e/tests/referencegrants.go new file mode 100644 index 00000000000..903e64598bc --- /dev/null +++ b/test/e2e/tests/referencegrants.go @@ -0,0 +1,79 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +//go:build e2e +// +build e2e + +package tests + +import ( + "testing" + + "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/gateway-api/conformance/utils/http" + "sigs.k8s.io/gateway-api/conformance/utils/kubernetes" + "sigs.k8s.io/gateway-api/conformance/utils/suite" +) + +func init() { + ConformanceTests = append(ConformanceTests, MultiReferenceGrantsSameNamespaceTest) +} + +var MultiReferenceGrantsSameNamespaceTest = suite.ConformanceTest{ + ShortName: "MultiReferenceGrantsSameNamespace", + Description: "Test for multiple reference grants in the same namespace", + Manifests: []string{"testdata/multi-referencegrants-same-namespace-services.yaml", "testdata/multi-referencegrants-same-namespace.yaml"}, + Test: func(t *testing.T, suite *suite.ConformanceTestSuite) { + resourceNS := "gateway-conformance-infra" + routeNN := types.NamespacedName{Name: "multi-referencegrant-same-namespace", Namespace: resourceNS} + gwNN := types.NamespacedName{Name: "same-namespace", Namespace: resourceNS} + gwAddr := kubernetes.GatewayAndHTTPRoutesMustBeAccepted(t, suite.Client, suite.TimeoutConfig, suite.ControllerName, kubernetes.NewGatewayRef(gwNN), routeNN) + + targetHost := "multireferencegrant.local" + targetNS := "multireferencegrants-ns" + testcases := []http.ExpectedResponse{ + { + Request: http.Request{ + Host: targetHost, + Path: "/v1/echo", + }, + Response: http.Response{ + StatusCode: 200, + }, + Backend: "app-backend-v1", + Namespace: targetNS, + }, + { + Request: http.Request{ + Host: targetHost, + Path: "/v2/echo", + }, + Response: http.Response{ + StatusCode: 200, + }, + Backend: "app-backend-v2", + Namespace: targetNS, + }, + { + Request: http.Request{ + Host: targetHost, + Path: "/v3/echo", + }, + Response: http.Response{ + StatusCode: 200, + }, + Backend: "app-backend-v3", + Namespace: targetNS, + }, + } + + for i, tc := range testcases { + t.Run(tc.GetTestCaseName(i), func(t *testing.T) { + t.Parallel() + http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr, tc) + }) + } + }, +} From cbd14ed08ccc4228d8e5c2126eb8b925c915933c Mon Sep 17 00:00:00 2001 From: Arko Dasgupta Date: Fri, 9 Aug 2024 15:13:17 -0700 Subject: [PATCH 04/12] reduce readinessProbe failureThreshold and periodSeconds (#4021) * Reduces time for the endpoint to be removed from the endpointSlice from `30s` (3 * 10) to `5s` (1 * 5) * Since kube-proxy and CNIs rely on this info and so do external LBs like GKE https://cloud.google.com/kubernetes-engine/docs/concepts/service-load-balancer Signed-off-by: Arko Dasgupta (cherry picked from commit 67575b8b7be29ce3ccbf8b20bea18201f6b45a0e) Signed-off-by: Arko Dasgupta --- internal/infrastructure/kubernetes/proxy/resource.go | 4 ++-- .../kubernetes/proxy/testdata/daemonsets/component-level.yaml | 4 ++-- .../kubernetes/proxy/testdata/daemonsets/custom.yaml | 4 ++-- .../kubernetes/proxy/testdata/daemonsets/default-env.yaml | 4 ++-- .../kubernetes/proxy/testdata/daemonsets/default.yaml | 4 ++-- .../proxy/testdata/daemonsets/disable-prometheus.yaml | 4 ++-- .../kubernetes/proxy/testdata/daemonsets/extension-env.yaml | 4 ++-- .../testdata/daemonsets/override-labels-and-annotations.yaml | 4 ++-- .../kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml | 4 ++-- .../proxy/testdata/daemonsets/shutdown-manager.yaml | 4 ++-- .../kubernetes/proxy/testdata/daemonsets/volumes.yaml | 4 ++-- .../proxy/testdata/daemonsets/with-annotations.yaml | 4 ++-- .../proxy/testdata/daemonsets/with-concurrency.yaml | 4 ++-- .../kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml | 4 ++-- .../proxy/testdata/daemonsets/with-image-pull-secrets.yaml | 4 ++-- .../kubernetes/proxy/testdata/daemonsets/with-name.yaml | 4 ++-- .../proxy/testdata/daemonsets/with-node-selector.yaml | 4 ++-- .../testdata/daemonsets/with-topology-spread-constraints.yaml | 4 ++-- .../kubernetes/proxy/testdata/deployments/bootstrap.yaml | 4 ++-- .../proxy/testdata/deployments/component-level.yaml | 4 ++-- .../kubernetes/proxy/testdata/deployments/custom.yaml | 4 ++-- .../testdata/deployments/custom_with_initcontainers.yaml | 4 ++-- .../kubernetes/proxy/testdata/deployments/default-env.yaml | 4 ++-- .../kubernetes/proxy/testdata/deployments/default.yaml | 4 ++-- .../proxy/testdata/deployments/disable-prometheus.yaml | 4 ++-- .../kubernetes/proxy/testdata/deployments/extension-env.yaml | 4 ++-- .../testdata/deployments/override-labels-and-annotations.yaml | 4 ++-- .../proxy/testdata/deployments/patch-deployment.yaml | 4 ++-- .../proxy/testdata/deployments/shutdown-manager.yaml | 4 ++-- .../kubernetes/proxy/testdata/deployments/volumes.yaml | 4 ++-- .../proxy/testdata/deployments/with-annotations.yaml | 4 ++-- .../proxy/testdata/deployments/with-concurrency.yaml | 4 ++-- .../proxy/testdata/deployments/with-empty-memory-limits.yaml | 4 ++-- .../proxy/testdata/deployments/with-extra-args.yaml | 4 ++-- .../proxy/testdata/deployments/with-image-pull-secrets.yaml | 4 ++-- .../kubernetes/proxy/testdata/deployments/with-name.yaml | 4 ++-- .../proxy/testdata/deployments/with-node-selector.yaml | 4 ++-- .../deployments/with-topology-spread-constraints.yaml | 4 ++-- internal/infrastructure/kubernetes/ratelimit/resource.go | 4 ++-- .../kubernetes/ratelimit/testdata/deployments/custom.yaml | 4 ++-- .../ratelimit/testdata/deployments/default-env.yaml | 4 ++-- .../kubernetes/ratelimit/testdata/deployments/default.yaml | 4 ++-- .../ratelimit/testdata/deployments/disable-prometheus.yaml | 4 ++-- .../ratelimit/testdata/deployments/enable-tracing-custom.yaml | 4 ++-- .../ratelimit/testdata/deployments/enable-tracing.yaml | 4 ++-- .../ratelimit/testdata/deployments/extension-env.yaml | 4 ++-- .../ratelimit/testdata/deployments/override-env.yaml | 4 ++-- .../ratelimit/testdata/deployments/patch-deployment.yaml | 4 ++-- .../ratelimit/testdata/deployments/redis-tls-settings.yaml | 4 ++-- .../ratelimit/testdata/deployments/tolerations.yaml | 4 ++-- .../kubernetes/ratelimit/testdata/deployments/volumes.yaml | 4 ++-- .../ratelimit/testdata/deployments/with-node-selector.yaml | 4 ++-- .../deployments/with-topology-spread-constraints.yaml | 4 ++-- 53 files changed, 106 insertions(+), 106 deletions(-) diff --git a/internal/infrastructure/kubernetes/proxy/resource.go b/internal/infrastructure/kubernetes/proxy/resource.go index f89491f4380..6ff2c7b158e 100644 --- a/internal/infrastructure/kubernetes/proxy/resource.go +++ b/internal/infrastructure/kubernetes/proxy/resource.go @@ -226,9 +226,9 @@ func expectedProxyContainers(infra *ir.ProxyInfra, }, }, TimeoutSeconds: 1, - PeriodSeconds: 10, + PeriodSeconds: 5, SuccessThreshold: 1, - FailureThreshold: 3, + FailureThreshold: 1, }, Lifecycle: &corev1.Lifecycle{ PreStop: &corev1.LifecycleHandler{ diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/component-level.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/component-level.yaml index 9065d07a543..7d6204be14b 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/component-level.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/component-level.yaml @@ -74,12 +74,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml index fc524284fb4..14e8aca43c8 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml @@ -258,12 +258,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml index fbeddc169b8..0800a0a2aa4 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml @@ -256,12 +256,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml index 80cf7c12e75..b8f895a1194 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml @@ -241,12 +241,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml index 81dda722f1c..803ef132d02 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml @@ -212,12 +212,12 @@ spec: name: EnvoyHTTPSPort protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml index 314e8bcea7a..8113f680b31 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml @@ -260,12 +260,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml index 9ce0aa5a085..45a2000cbf5 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml @@ -252,12 +252,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml index 518f239a5d4..e752b1eb4ee 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml @@ -241,12 +241,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml index 506a2824f80..12cbeed208c 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml @@ -242,12 +242,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml index fc59ec6739b..5d35aacf52c 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml @@ -260,12 +260,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml index c19e55794ef..154049686f5 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml @@ -246,12 +246,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-concurrency.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-concurrency.yaml index f941541e76b..ffe4bfe4b8b 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-concurrency.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-concurrency.yaml @@ -74,12 +74,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml index 1d5c3c4154d..7d90fe7505a 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml @@ -243,12 +243,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml index f2353034499..0287eadbc8f 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml @@ -241,12 +241,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml index a7e467f7a6c..e4343479fd3 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml @@ -241,12 +241,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml index bacf7118001..1dacf4db5f8 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml @@ -241,12 +241,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml index 552012f7728..61764b6a1ab 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml @@ -241,12 +241,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml index e6574edec1c..26154b19bf2 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml @@ -77,12 +77,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml index 19cd5ebb2c9..872d09449ec 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml @@ -78,12 +78,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml index 0434fb4cab4..919956eebea 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml @@ -263,12 +263,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml index 89c92870887..437daee023b 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml @@ -263,12 +263,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml index c5e2d4ce3c1..879d611edfd 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml @@ -261,12 +261,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml index c5c17adaafc..f022d0f8e0f 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml @@ -245,12 +245,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml index acaad907b24..8a3094fdd77 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml @@ -216,12 +216,12 @@ spec: name: EnvoyHTTPSPort protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml index 4ff157e8cd8..3103d617564 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml @@ -265,12 +265,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml index bfaf6686d14..992b63441f1 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml @@ -256,12 +256,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml index 2c4e97641db..3095f5fb3ea 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml @@ -245,12 +245,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml index c4c7be51fc4..f8c2ff795d8 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml @@ -246,12 +246,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml index ea54e6252d5..697161e3f02 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml @@ -265,12 +265,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml index 819d66a8f5a..5d77a2414bf 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml @@ -250,12 +250,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml index cc626d7eb58..c13f44a1c2e 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml @@ -78,12 +78,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml index c20a70d36ff..1f2fca1380a 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml @@ -245,12 +245,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml index f5fcb2bd848..86147f1fd5d 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml @@ -247,12 +247,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml index ebfa5b5fcd1..8be98c210f9 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml @@ -245,12 +245,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml index 1797b157e10..19efd6b4730 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml @@ -245,12 +245,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml index 13f8d10c719..b3568a146ef 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml @@ -245,12 +245,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml index 7d2fa77e462..c1a81992c68 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml @@ -245,12 +245,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/resource.go b/internal/infrastructure/kubernetes/ratelimit/resource.go index 9353b0ced00..6af16989cec 100644 --- a/internal/infrastructure/kubernetes/ratelimit/resource.go +++ b/internal/infrastructure/kubernetes/ratelimit/resource.go @@ -184,9 +184,9 @@ func expectedRateLimitContainers(rateLimit *egv1a1.RateLimit, rateLimitDeploymen }, }, TimeoutSeconds: 1, - PeriodSeconds: 10, + PeriodSeconds: 5, SuccessThreshold: 1, - FailureThreshold: 3, + FailureThreshold: 1, }, }, } diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/custom.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/custom.yaml index bfd2c28cc6a..bc0d8276a50 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/custom.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/custom.yaml @@ -87,12 +87,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default-env.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default-env.yaml index bfd2c28cc6a..bc0d8276a50 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default-env.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default-env.yaml @@ -87,12 +87,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default.yaml index 17536708a1b..bc37b160b08 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default.yaml @@ -88,12 +88,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/disable-prometheus.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/disable-prometheus.yaml index cc20111528c..5723f873dd0 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/disable-prometheus.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/disable-prometheus.yaml @@ -84,12 +84,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/enable-tracing-custom.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/enable-tracing-custom.yaml index fa8916ed89e..c18bb04e97a 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/enable-tracing-custom.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/enable-tracing-custom.yaml @@ -103,12 +103,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/enable-tracing.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/enable-tracing.yaml index 9b364f88752..44e193a8ff1 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/enable-tracing.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/enable-tracing.yaml @@ -103,12 +103,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/extension-env.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/extension-env.yaml index 95516ce6c46..d1d22324714 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/extension-env.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/extension-env.yaml @@ -91,12 +91,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/override-env.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/override-env.yaml index 8a9cfb60c97..9c3c1753a63 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/override-env.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/override-env.yaml @@ -87,12 +87,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/patch-deployment.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/patch-deployment.yaml index 7e0f600c016..fddd7199b36 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/patch-deployment.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/patch-deployment.yaml @@ -88,12 +88,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/redis-tls-settings.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/redis-tls-settings.yaml index 9854f37f4e2..21eed472e95 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/redis-tls-settings.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/redis-tls-settings.yaml @@ -95,12 +95,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/tolerations.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/tolerations.yaml index 56fdb156dcf..ca9d49837c5 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/tolerations.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/tolerations.yaml @@ -95,12 +95,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/volumes.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/volumes.yaml index 01e779e9e49..4a780c9cd45 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/volumes.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/volumes.yaml @@ -95,12 +95,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/with-node-selector.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/with-node-selector.yaml index e6105d59114..39fe788f4f3 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/with-node-selector.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/with-node-selector.yaml @@ -88,12 +88,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/with-topology-spread-constraints.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/with-topology-spread-constraints.yaml index d5c9a6d7460..2ed1b9786cf 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/with-topology-spread-constraints.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/with-topology-spread-constraints.yaml @@ -88,12 +88,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: From 3190cde81df60bc4df8b0e894edfe3a4c67998c1 Mon Sep 17 00:00:00 2001 From: Lior Okman Date: Tue, 13 Aug 2024 05:26:07 +0300 Subject: [PATCH 05/12] fix: add header values as described in the documentation (#4031) Add header values after splitting the provided value string on ',', like described in the documentation. Signed-off-by: Lior Okman (cherry picked from commit eac30d6002dd4ccf7240a0eab66799b020ff560c) Signed-off-by: Arko Dasgupta --- internal/gatewayapi/filters.go | 8 ++--- ...route-with-request-header-modifier.in.yaml | 5 +++ ...oute-with-request-header-modifier.out.yaml | 13 ++++++- ...h-backendref-add-multiple-filters.out.yaml | 9 +++-- ...er-duplicate-add-multiple-filters.out.yaml | 9 +++-- ...with-header-filter-duplicate-adds.out.yaml | 15 +++++--- ...header-filter-empty-header-values.out.yaml | 6 ++-- ...route-with-mirror-filter-multiple.out.yaml | 9 +++-- ...-with-response-header-filter-adds.out.yaml | 15 +++++--- ...er-duplicate-add-multiple-filters.out.yaml | 9 +++-- ...onse-header-filter-duplicate-adds.out.yaml | 15 +++++--- ...header-filter-empty-header-values.out.yaml | 6 ++-- internal/ir/xds.go | 6 ++-- internal/ir/xds_test.go | 22 ++++++------ internal/ir/zz_generated.deepcopy.go | 21 +++++++++--- internal/xds/translator/route.go | 34 ++++++++++++------- .../in/xds-ir/http-route-request-headers.yaml | 20 ++++++++--- .../http-route-response-add-headers.yaml | 15 +++++--- ...ttp-route-response-add-remove-headers.yaml | 15 +++++--- ...p-route-weighted-backend-with-filters.yaml | 9 +++-- .../http-route-request-headers.routes.yaml | 6 ++++ 21 files changed, 181 insertions(+), 86 deletions(-) diff --git a/internal/gatewayapi/filters.go b/internal/gatewayapi/filters.go index b3d2ddb4074..aecc2e81131 100644 --- a/internal/gatewayapi/filters.go +++ b/internal/gatewayapi/filters.go @@ -445,7 +445,7 @@ func (t *Translator) processRequestHeaderModifierFilter( newHeader := ir.AddHeader{ Name: headerKey, Append: true, - Value: addHeader.Value, + Value: strings.Split(addHeader.Value, ","), } filterContext.AddRequestHeaders = append(filterContext.AddRequestHeaders, newHeader) @@ -500,7 +500,7 @@ func (t *Translator) processRequestHeaderModifierFilter( newHeader := ir.AddHeader{ Name: string(setHeader.Name), Append: false, - Value: setHeader.Value, + Value: strings.Split(setHeader.Value, ","), } filterContext.AddRequestHeaders = append(filterContext.AddRequestHeaders, newHeader) @@ -617,7 +617,7 @@ func (t *Translator) processResponseHeaderModifierFilter( newHeader := ir.AddHeader{ Name: headerKey, Append: true, - Value: addHeader.Value, + Value: strings.Split(addHeader.Value, ","), } filterContext.AddResponseHeaders = append(filterContext.AddResponseHeaders, newHeader) @@ -672,7 +672,7 @@ func (t *Translator) processResponseHeaderModifierFilter( newHeader := ir.AddHeader{ Name: string(setHeader.Name), Append: false, - Value: setHeader.Value, + Value: strings.Split(setHeader.Value, ","), } filterContext.AddResponseHeaders = append(filterContext.AddResponseHeaders, newHeader) diff --git a/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.in.yaml b/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.in.yaml index 2c48dad582e..29fcb5a75a1 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.in.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.in.yaml @@ -26,6 +26,11 @@ grpcRoutes: sectionName: http rules: - filters: + - type: "RequestHeaderModifier" + requestHeaderModifier: + add: + - name: "my-header-multi-value" + value: "foo,bar" - type: "RequestHeaderModifier" requestHeaderModifier: add: diff --git a/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml index f36c9c969cc..110d404c44f 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml @@ -56,6 +56,11 @@ grpcRoutes: - name: service-1 port: 8080 filters: + - requestHeaderModifier: + add: + - name: my-header-multi-value + value: foo,bar + type: RequestHeaderModifier - requestHeaderModifier: add: - name: my-header @@ -117,9 +122,15 @@ xdsIR: port: 10080 routes: - addRequestHeaders: + - append: true + name: my-header-multi-value + value: + - foo + - bar - append: true name: my-header - value: foo + value: + - foo destination: name: grpcroute/default/grpcroute-1/rule/0 settings: diff --git a/internal/gatewayapi/testdata/httproute-with-backendref-add-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-backendref-add-multiple-filters.out.yaml index 78655fc8476..122d09efdeb 100644 --- a/internal/gatewayapi/testdata/httproute-with-backendref-add-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-backendref-add-multiple-filters.out.yaml @@ -147,7 +147,8 @@ xdsIR: addRequestHeaders: - append: false name: add-header-3 - value: some-value + value: + - some-value protocol: HTTP weight: 1 hostname: '*' @@ -172,10 +173,12 @@ xdsIR: addRequestHeaders: - append: true name: add-header-1 - value: some-value + value: + - some-value - append: true name: add-header-2 - value: some-value + value: + - some-value protocol: HTTP weight: 8 - addressType: IP diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml index a86e71b4534..605aa384f3e 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml @@ -134,13 +134,16 @@ xdsIR: - addRequestHeaders: - append: true name: add-header-1 - value: some-value + value: + - some-value - append: true name: add-header-2 - value: some-value + value: + - some-value - append: true name: add-header-3 - value: some-value + value: + - some-value destination: name: httproute/default/httproute-1/rule/0 settings: diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml index 39cc44429f6..f122fc17d5b 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml @@ -144,19 +144,24 @@ xdsIR: - addRequestHeaders: - append: true name: Set-Header-1 - value: some-value + value: + - some-value - append: true name: set-header-2 - value: some-value + value: + - some-value - append: true name: set-header-3 - value: some-value + value: + - some-value - append: true name: set-header-5 - value: some-value + value: + - some-value - append: false name: set-header-4 - value: some-value + value: + - some-value destination: name: httproute/default/httproute-1/rule/0 settings: diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml index b3814e2d41d..67c14e133a7 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml @@ -128,10 +128,12 @@ xdsIR: - addRequestHeaders: - append: true name: example-header-2 - value: "" + value: + - "" - append: false name: example-header-1 - value: "" + value: + - "" destination: name: httproute/default/httproute-1/rule/0 settings: diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml index 9aa6f0bf23b..c6e534c9c63 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml @@ -144,13 +144,16 @@ xdsIR: - addRequestHeaders: - append: true name: X-Header-Add - value: header-val-1 + value: + - header-val-1 - append: true name: X-Header-Add-Append - value: header-val-2 + value: + - header-val-2 - append: false name: X-Header-Set - value: set-overwrites-values + value: + - set-overwrites-values destination: name: httproute/default/httproute-1/rule/0 settings: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml index 7b53542bdfa..6dcb4b28779 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml @@ -140,19 +140,24 @@ xdsIR: - addResponseHeaders: - append: true name: Set-Header-1 - value: some-value + value: + - some-value - append: true name: set-header-2 - value: some-value + value: + - some-value - append: true name: set-header-3 - value: some-value + value: + - some-value - append: true name: set-header-5 - value: some-value + value: + - some-value - append: false name: set-header-4 - value: some-value + value: + - some-value destination: name: httproute/default/httproute-1/rule/0 settings: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml index 459c4264740..47d61c9fcfa 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml @@ -134,13 +134,16 @@ xdsIR: - addResponseHeaders: - append: true name: add-header-1 - value: some-value + value: + - some-value - append: true name: add-header-2 - value: some-value + value: + - some-value - append: true name: add-header-3 - value: some-value + value: + - some-value destination: name: httproute/default/httproute-1/rule/0 settings: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml index d2b4ffbe3f2..1d2f4f7124c 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml @@ -144,19 +144,24 @@ xdsIR: - addResponseHeaders: - append: true name: Set-Header-1 - value: some-value + value: + - some-value - append: true name: set-header-2 - value: some-value + value: + - some-value - append: true name: set-header-3 - value: some-value + value: + - some-value - append: true name: set-header-5 - value: some-value + value: + - some-value - append: false name: set-header-4 - value: some-value + value: + - some-value destination: name: httproute/default/httproute-1/rule/0 settings: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml index 9d188a03dc0..723cabbe6f7 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml @@ -128,10 +128,12 @@ xdsIR: - addResponseHeaders: - append: true name: example-header-2 - value: "" + value: + - "" - append: false name: example-header-1 - value: "" + value: + - "" destination: name: httproute/default/httproute-1/rule/0 settings: diff --git a/internal/ir/xds.go b/internal/ir/xds.go index 3d300f1a539..68f16439400 100644 --- a/internal/ir/xds.go +++ b/internal/ir/xds.go @@ -1178,9 +1178,9 @@ func NewDestEndpoint(host string, port uint32) *DestinationEndpoint { // AddHeader configures a header to be added to a request or response. // +k8s:deepcopy-gen=true type AddHeader struct { - Name string `json:"name" yaml:"name"` - Value string `json:"value" yaml:"value"` - Append bool `json:"append" yaml:"append"` + Name string `json:"name" yaml:"name"` + Value []string `json:"value" yaml:"value"` + Append bool `json:"append" yaml:"append"` } // Validate the fields within the AddHeader structure diff --git a/internal/ir/xds_test.go b/internal/ir/xds_test.go index 9492c378344..6724549e39f 100644 --- a/internal/ir/xds_test.go +++ b/internal/ir/xds_test.go @@ -338,17 +338,16 @@ var ( AddRequestHeaders: []AddHeader{ { Name: "example-header", - Value: "example-value", + Value: []string{"example-value"}, Append: true, }, { Name: "example-header-2", - Value: "example-value-2", + Value: []string{"example-value-2"}, Append: false, }, { Name: "empty-header", - Value: "", Append: false, }, }, @@ -376,12 +375,12 @@ var ( AddRequestHeaders: []AddHeader{ { Name: "example-header", - Value: "example-value", + Value: []string{"example-value"}, Append: true, }, { Name: "example-header", - Value: "example-value-2", + Value: []string{"example-value-2"}, Append: false, }, }, @@ -401,7 +400,7 @@ var ( AddRequestHeaders: []AddHeader{ { Name: "", - Value: "example-value", + Value: []string{"example-value"}, Append: true, }, }, @@ -416,17 +415,16 @@ var ( AddResponseHeaders: []AddHeader{ { Name: "example-header", - Value: "example-value", + Value: []string{"example-value"}, Append: true, }, { Name: "example-header-2", - Value: "example-value-2", + Value: []string{"example-value-2"}, Append: false, }, { Name: "empty-header", - Value: "", Append: false, }, }, @@ -454,12 +452,12 @@ var ( AddResponseHeaders: []AddHeader{ { Name: "example-header", - Value: "example-value", + Value: []string{"example-value"}, Append: true, }, { Name: "example-header", - Value: "example-value-2", + Value: []string{"example-value-2"}, Append: false, }, }, @@ -479,7 +477,7 @@ var ( AddResponseHeaders: []AddHeader{ { Name: "", - Value: "example-value", + Value: []string{"example-value"}, Append: true, }, }, diff --git a/internal/ir/zz_generated.deepcopy.go b/internal/ir/zz_generated.deepcopy.go index 273eeb1c3ca..3262cf8d721 100644 --- a/internal/ir/zz_generated.deepcopy.go +++ b/internal/ir/zz_generated.deepcopy.go @@ -191,6 +191,11 @@ func (in *ActiveHealthCheck) DeepCopy() *ActiveHealthCheck { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AddHeader) DeepCopyInto(out *AddHeader) { *out = *in + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = make([]string, len(*in)) + copy(*out, *in) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AddHeader. @@ -588,7 +593,9 @@ func (in *DestinationFilters) DeepCopyInto(out *DestinationFilters) { if in.AddRequestHeaders != nil { in, out := &in.AddRequestHeaders, &out.AddRequestHeaders *out = make([]AddHeader, len(*in)) - copy(*out, *in) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } if in.RemoveRequestHeaders != nil { in, out := &in.RemoveRequestHeaders, &out.RemoveRequestHeaders @@ -598,7 +605,9 @@ func (in *DestinationFilters) DeepCopyInto(out *DestinationFilters) { if in.AddResponseHeaders != nil { in, out := &in.AddResponseHeaders, &out.AddResponseHeaders *out = make([]AddHeader, len(*in)) - copy(*out, *in) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } if in.RemoveResponseHeaders != nil { in, out := &in.RemoveResponseHeaders, &out.RemoveResponseHeaders @@ -1234,7 +1243,9 @@ func (in *HTTPRoute) DeepCopyInto(out *HTTPRoute) { if in.AddRequestHeaders != nil { in, out := &in.AddRequestHeaders, &out.AddRequestHeaders *out = make([]AddHeader, len(*in)) - copy(*out, *in) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } if in.RemoveRequestHeaders != nil { in, out := &in.RemoveRequestHeaders, &out.RemoveRequestHeaders @@ -1244,7 +1255,9 @@ func (in *HTTPRoute) DeepCopyInto(out *HTTPRoute) { if in.AddResponseHeaders != nil { in, out := &in.AddResponseHeaders, &out.AddResponseHeaders *out = make([]AddHeader, len(*in)) - copy(*out, *in) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } if in.RemoveResponseHeaders != nil { in, out := &in.RemoveResponseHeaders, &out.RemoveResponseHeaders diff --git a/internal/xds/translator/route.go b/internal/xds/translator/route.go index 8a56e9e42b1..6a9e72f498c 100644 --- a/internal/xds/translator/route.go +++ b/internal/xds/translator/route.go @@ -438,9 +438,9 @@ func buildXdsRequestMirrorPolicies(mirrorDestinations []*ir.RouteDestination) [] } func buildXdsAddedHeaders(headersToAdd []ir.AddHeader) []*corev3.HeaderValueOption { - headerValueOptions := make([]*corev3.HeaderValueOption, len(headersToAdd)) + headerValueOptions := []*corev3.HeaderValueOption{} - for i, header := range headersToAdd { + for _, header := range headersToAdd { var appendAction corev3.HeaderValueOption_HeaderAppendAction if header.Append { @@ -448,18 +448,26 @@ func buildXdsAddedHeaders(headersToAdd []ir.AddHeader) []*corev3.HeaderValueOpti } else { appendAction = corev3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD } - - headerValueOptions[i] = &corev3.HeaderValueOption{ - Header: &corev3.HeaderValue{ - Key: header.Name, - Value: header.Value, - }, - AppendAction: appendAction, - } - // Allow empty headers to be set, but don't add the config to do so unless necessary - if header.Value == "" { - headerValueOptions[i].KeepEmptyValue = true + if len(header.Value) == 0 { + headerValueOptions = append(headerValueOptions, &corev3.HeaderValueOption{ + Header: &corev3.HeaderValue{ + Key: header.Name, + }, + AppendAction: appendAction, + KeepEmptyValue: true, + }) + } else { + for _, val := range header.Value { + headerValueOptions = append(headerValueOptions, &corev3.HeaderValueOption{ + Header: &corev3.HeaderValue{ + Key: header.Name, + Value: val, + }, + AppendAction: appendAction, + KeepEmptyValue: val == "", + }) + } } } diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-request-headers.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-request-headers.yaml index c3dc4417dcc..fb45b8db724 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-request-headers.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-request-headers.yaml @@ -18,20 +18,30 @@ http: - host: "1.2.3.4" port: 50000 addRequestHeaders: + - name: "some-header-multi-value" + value: + - "some-value" + - "some-additional-value" + append: true - name: "some-header" - value: "some-value" + value: + - "some-value" append: true - name: "some-header-2" - value: "some-value" + value: + - "some-value" append: true - name: "some-header3" - value: "some-value" + value: + - "some-value" append: false - name: "some-header4" - value: "some-value" + value: + - "some-value" append: false - name: "empty-header" - value: "" + value: + - "" append: false removeRequestHeaders: - "some-header5" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-headers.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-headers.yaml index e3114e2d252..3cfaf5e4945 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-headers.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-headers.yaml @@ -19,17 +19,22 @@ http: port: 50000 addResponseHeaders: - name: "some-header" - value: "some-value" + value: + - "some-value" append: true - name: "some-header-2" - value: "some-value" + value: + - "some-value" append: true - name: "some-header3" - value: "some-value" + value: + - "some-value" append: false - name: "some-header4" - value: "some-value" + value: + - "some-value" append: false - name: "empty-header" - value: "" + value: + - "" append: false diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-remove-headers.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-remove-headers.yaml index 0e59f8f124d..c97d927dff6 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-remove-headers.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-remove-headers.yaml @@ -19,19 +19,24 @@ http: port: 50000 addResponseHeaders: - name: "some-header" - value: "some-value" + value: + - "some-value" append: true - name: "some-header-2" - value: "some-value" + value: + - "some-value" append: true - name: "some-header3" - value: "some-value" + value: + - "some-value" append: false - name: "some-header4" - value: "some-value" + value: + - "some-value" append: false - name: "empty-header" - value: "" + value: + - "" append: false removeResponseHeaders: - "some-header5" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend-with-filters.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend-with-filters.yaml index f8943d07f01..8745e9893bc 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend-with-filters.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend-with-filters.yaml @@ -19,7 +19,8 @@ http: addRequestHeaders: - append: false name: add-header-3 - value: some-value + value: + - some-value protocol: HTTP weight: 1 hostname: '*' @@ -37,10 +38,12 @@ http: addRequestHeaders: - append: true name: add-header-1 - value: some-value + value: + - some-value - append: true name: add-header-2 - value: some-value + value: + - some-value protocol: HTTP weight: 8 - addressType: IP diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.routes.yaml index f91a70cb2ee..1f2c6be4057 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.routes.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.routes.yaml @@ -9,6 +9,12 @@ prefix: / name: request-header-route requestHeadersToAdd: + - header: + key: some-header-multi-value + value: some-value + - header: + key: some-header-multi-value + value: some-additional-value - header: key: some-header value: some-value From 1d83511a2aaa793f77ffa77c8b4aac58fe393f14 Mon Sep 17 00:00:00 2001 From: zirain Date: Tue, 20 Aug 2024 06:31:11 +0800 Subject: [PATCH 06/12] fix ratelimit statsd not working (#4073) fix ratelimit statd not working Signed-off-by: zirain (cherry picked from commit 6ab6482dd7c807e64d4e87d78dfb06c0a1e16731) Signed-off-by: Arko Dasgupta --- internal/infrastructure/kubernetes/ratelimit/resource.go | 6 +++++- .../kubernetes/ratelimit/testdata/deployments/custom.yaml | 4 +++- .../ratelimit/testdata/deployments/default-env.yaml | 4 +++- .../kubernetes/ratelimit/testdata/deployments/default.yaml | 4 +++- .../ratelimit/testdata/deployments/disable-prometheus.yaml | 4 +++- .../testdata/deployments/enable-tracing-custom.yaml | 4 +++- .../ratelimit/testdata/deployments/enable-tracing.yaml | 4 +++- .../ratelimit/testdata/deployments/extension-env.yaml | 4 +++- .../ratelimit/testdata/deployments/override-env.yaml | 2 ++ .../ratelimit/testdata/deployments/patch-deployment.yaml | 4 +++- .../ratelimit/testdata/deployments/redis-tls-settings.yaml | 2 ++ .../ratelimit/testdata/deployments/tolerations.yaml | 2 ++ .../kubernetes/ratelimit/testdata/deployments/volumes.yaml | 2 ++ .../ratelimit/testdata/deployments/with-node-selector.yaml | 4 +++- .../deployments/with-topology-spread-constraints.yaml | 4 +++- 15 files changed, 43 insertions(+), 11 deletions(-) diff --git a/internal/infrastructure/kubernetes/ratelimit/resource.go b/internal/infrastructure/kubernetes/ratelimit/resource.go index 6af16989cec..a0c09aef23d 100644 --- a/internal/infrastructure/kubernetes/ratelimit/resource.go +++ b/internal/infrastructure/kubernetes/ratelimit/resource.go @@ -327,7 +327,11 @@ func expectedRateLimitContainerEnv(rateLimit *egv1a1.RateLimit, rateLimitDeploym }, { Name: UseStatsdEnvVar, - Value: "false", + Value: "true", + }, + { + Name: "STATSD_PORT", + Value: "9125", }, { Name: ConfigTypeEnvVar, diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/custom.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/custom.yaml index bc0d8276a50..8ce3ed3e700 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/custom.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/custom.yaml @@ -50,7 +50,9 @@ spec: - name: LOG_LEVEL value: info - name: USE_STATSD - value: "false" + value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default-env.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default-env.yaml index bc0d8276a50..8ce3ed3e700 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default-env.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default-env.yaml @@ -50,7 +50,9 @@ spec: - name: LOG_LEVEL value: info - name: USE_STATSD - value: "false" + value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default.yaml index bc37b160b08..80c2be45188 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default.yaml @@ -51,7 +51,9 @@ spec: - name: LOG_LEVEL value: info - name: USE_STATSD - value: "false" + value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/disable-prometheus.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/disable-prometheus.yaml index 5723f873dd0..f145d719971 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/disable-prometheus.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/disable-prometheus.yaml @@ -47,7 +47,9 @@ spec: - name: LOG_LEVEL value: info - name: USE_STATSD - value: "false" + value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/enable-tracing-custom.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/enable-tracing-custom.yaml index c18bb04e97a..fd50e02d03d 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/enable-tracing-custom.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/enable-tracing-custom.yaml @@ -51,7 +51,9 @@ spec: - name: LOG_LEVEL value: info - name: USE_STATSD - value: "false" + value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/enable-tracing.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/enable-tracing.yaml index 44e193a8ff1..052015be011 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/enable-tracing.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/enable-tracing.yaml @@ -51,7 +51,9 @@ spec: - name: LOG_LEVEL value: info - name: USE_STATSD - value: "false" + value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/extension-env.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/extension-env.yaml index d1d22324714..954c9f5ebbe 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/extension-env.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/extension-env.yaml @@ -50,7 +50,9 @@ spec: - name: LOG_LEVEL value: info - name: USE_STATSD - value: "false" + value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/override-env.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/override-env.yaml index 9c3c1753a63..8ce3ed3e700 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/override-env.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/override-env.yaml @@ -51,6 +51,8 @@ spec: value: info - name: USE_STATSD value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/patch-deployment.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/patch-deployment.yaml index fddd7199b36..78ce0a2aa57 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/patch-deployment.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/patch-deployment.yaml @@ -51,7 +51,9 @@ spec: - name: LOG_LEVEL value: info - name: USE_STATSD - value: "false" + value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/redis-tls-settings.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/redis-tls-settings.yaml index 21eed472e95..7a8cc10e8ec 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/redis-tls-settings.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/redis-tls-settings.yaml @@ -51,6 +51,8 @@ spec: value: info - name: USE_STATSD value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/tolerations.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/tolerations.yaml index ca9d49837c5..d34ee5a9e9d 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/tolerations.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/tolerations.yaml @@ -51,6 +51,8 @@ spec: value: info - name: USE_STATSD value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/volumes.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/volumes.yaml index 4a780c9cd45..78b9d1d8376 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/volumes.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/volumes.yaml @@ -51,6 +51,8 @@ spec: value: info - name: USE_STATSD value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/with-node-selector.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/with-node-selector.yaml index 39fe788f4f3..fbd7c3af0f8 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/with-node-selector.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/with-node-selector.yaml @@ -51,7 +51,9 @@ spec: - name: LOG_LEVEL value: info - name: USE_STATSD - value: "false" + value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/with-topology-spread-constraints.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/with-topology-spread-constraints.yaml index 2ed1b9786cf..e3cae44e0b9 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/with-topology-spread-constraints.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/with-topology-spread-constraints.yaml @@ -51,7 +51,9 @@ spec: - name: LOG_LEVEL value: info - name: USE_STATSD - value: "false" + value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL From 108b464bc90b86fc7963fa7f78a5aae6fd1080e6 Mon Sep 17 00:00:00 2001 From: Lior Okman Date: Wed, 21 Aug 2024 17:55:39 +0300 Subject: [PATCH 07/12] fix: active http healthcheck documents a default for expected status, but doesn't use it (#4090) If no expected status was explicitly set, use the default value as described in the documentation. Signed-off-by: Lior Okman (cherry picked from commit 0926b38a5abff4d19546bbe780136db5cba2a80a) Signed-off-by: Arko Dasgupta --- internal/gatewayapi/backendtrafficpolicy.go | 7 + internal/gatewayapi/clustersettings.go | 509 ++++++++++++++++++ ...kendtrafficpolicy-with-healthcheck.in.yaml | 42 ++ ...endtrafficpolicy-with-healthcheck.out.yaml | 114 +++- 4 files changed, 671 insertions(+), 1 deletion(-) create mode 100644 internal/gatewayapi/clustersettings.go diff --git a/internal/gatewayapi/backendtrafficpolicy.go b/internal/gatewayapi/backendtrafficpolicy.go index 6babdfa81d8..190df4f5dc0 100644 --- a/internal/gatewayapi/backendtrafficpolicy.go +++ b/internal/gatewayapi/backendtrafficpolicy.go @@ -10,6 +10,7 @@ import ( "fmt" "math" "math/big" + "net/http" "sort" "strings" "time" @@ -962,6 +963,12 @@ func (t *Translator) buildHTTPActiveHealthChecker(h *egv1a1.HTTPActiveHealthChec for _, r := range h.ExpectedStatuses { statusSet.Insert(int(r)) } + + // If no ExpectedStatus was set, use the default value (200) + if statusSet.Len() == 0 { + statusSet.Insert(http.StatusOK) + } + irStatuses := make([]ir.HTTPStatus, 0, statusSet.Len()) for _, r := range statusSet.List() { diff --git a/internal/gatewayapi/clustersettings.go b/internal/gatewayapi/clustersettings.go new file mode 100644 index 00000000000..a0e8dcb32d6 --- /dev/null +++ b/internal/gatewayapi/clustersettings.go @@ -0,0 +1,509 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package gatewayapi + +import ( + "errors" + "fmt" + "math" + "math/big" + "net/http" + "strings" + "time" + + perr "github.com/pkg/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/sets" + "k8s.io/utils/ptr" + + egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" + "github.com/envoyproxy/gateway/internal/ir" +) + +func translateTrafficFeatures(policy *egv1a1.ClusterSettings) (*ir.TrafficFeatures, error) { + if policy == nil { + return nil, nil + } + ret := &ir.TrafficFeatures{} + + if timeout, err := buildTimeout(*policy, nil); err != nil { + return nil, err + } else { + ret.Timeout = timeout + } + + if bc, err := buildBackendConnection(*policy); err != nil { + return nil, err + } else { + ret.BackendConnection = bc + } + + if ka, err := buildTCPKeepAlive(*policy); err != nil { + return nil, err + } else { + ret.TCPKeepalive = ka + } + + if cb, err := buildCircuitBreaker(*policy); err != nil { + return nil, err + } else { + ret.CircuitBreaker = cb + } + + if lb, err := buildLoadBalancer(*policy); err != nil { + return nil, err + } else { + ret.LoadBalancer = lb + } + + ret.ProxyProtocol = buildProxyProtocol(*policy) + + ret.HealthCheck = buildHealthCheck(*policy) + + ret.DNS = translateDNS(*policy) + + if h2, err := buildIRHTTP2Settings(policy.HTTP2); err != nil { + return nil, err + } else { + ret.HTTP2 = h2 + } + + // If nothing was set in any of the above calls, return nil instead of an empty + // container + var empty ir.TrafficFeatures + if empty == *ret { + ret = nil + } + + return ret, nil +} + +func buildTimeout(policy egv1a1.ClusterSettings, r *ir.HTTPRoute) (*ir.Timeout, error) { + if policy.Timeout == nil { + return nil, nil + } + var ( + tto *ir.TCPTimeout + hto *ir.HTTPTimeout + terr bool + errs error + ) + + pto := policy.Timeout + + if pto.TCP != nil && pto.TCP.ConnectTimeout != nil { + d, err := time.ParseDuration(string(*pto.TCP.ConnectTimeout)) + if err != nil { + terr = true + errs = errors.Join(errs, fmt.Errorf("invalid ConnectTimeout value %s", *pto.TCP.ConnectTimeout)) + } else { + tto = &ir.TCPTimeout{ + ConnectTimeout: ptr.To(metav1.Duration{Duration: d}), + } + } + } + + if pto.HTTP != nil { + var cit *metav1.Duration + var mcd *metav1.Duration + + if pto.HTTP.ConnectionIdleTimeout != nil { + d, err := time.ParseDuration(string(*pto.HTTP.ConnectionIdleTimeout)) + if err != nil { + terr = true + errs = errors.Join(errs, fmt.Errorf("invalid ConnectionIdleTimeout value %s", *pto.HTTP.ConnectionIdleTimeout)) + } else { + cit = ptr.To(metav1.Duration{Duration: d}) + } + } + + if pto.HTTP.MaxConnectionDuration != nil { + d, err := time.ParseDuration(string(*pto.HTTP.MaxConnectionDuration)) + if err != nil { + terr = true + errs = errors.Join(errs, fmt.Errorf("invalid MaxConnectionDuration value %s", *pto.HTTP.MaxConnectionDuration)) + } else { + mcd = ptr.To(metav1.Duration{Duration: d}) + } + } + + hto = &ir.HTTPTimeout{ + ConnectionIdleTimeout: cit, + MaxConnectionDuration: mcd, + } + } + + // http request timeout is translated during the gateway-api route resource translation + // merge route timeout setting with backendtrafficpolicy timeout settings + if terr { + if r != nil && r.Traffic != nil && r.Traffic.Timeout != nil { + return r.Traffic.Timeout.DeepCopy(), errs + } + } else { + // http request timeout is translated during the gateway-api route resource translation + // merge route timeout setting with backendtrafficpolicy timeout settings + if r != nil && + r.Traffic != nil && + r.Traffic.Timeout != nil && + r.Traffic.Timeout.HTTP != nil && + r.Traffic.Timeout.HTTP.RequestTimeout != nil { + if hto == nil { + hto = &ir.HTTPTimeout{ + RequestTimeout: r.Traffic.Timeout.HTTP.RequestTimeout, + } + } else { + hto.RequestTimeout = r.Traffic.Timeout.HTTP.RequestTimeout + } + } + + if hto != nil || tto != nil { + return &ir.Timeout{ + TCP: tto, + HTTP: hto, + }, nil + } + } + + return nil, errs +} + +func buildBackendConnection(policy egv1a1.ClusterSettings) (*ir.BackendConnection, error) { + if policy.Connection == nil { + return nil, nil + } + var ( + bcIR = &ir.BackendConnection{} + bc = &egv1a1.BackendConnection{} + ) + + if policy.Connection != nil { + bc = policy.Connection + + if bc.BufferLimit != nil { + bf, ok := bc.BufferLimit.AsInt64() + if !ok { + return nil, fmt.Errorf("invalid BufferLimit value %s", bc.BufferLimit.String()) + } + if bf < 0 || bf > math.MaxUint32 { + return nil, fmt.Errorf("BufferLimit value %s is out of range", bc.BufferLimit.String()) + } + + bcIR.BufferLimitBytes = ptr.To(uint32(bf)) + } + } + + return bcIR, nil +} + +func buildTCPKeepAlive(policy egv1a1.ClusterSettings) (*ir.TCPKeepalive, error) { + if policy.TCPKeepalive == nil { + return nil, nil + } + + pka := policy.TCPKeepalive + ka := &ir.TCPKeepalive{} + + if pka.Probes != nil { + ka.Probes = pka.Probes + } + + if pka.IdleTime != nil { + d, err := time.ParseDuration(string(*pka.IdleTime)) + if err != nil { + return nil, fmt.Errorf("invalid IdleTime value %s", *pka.IdleTime) + } + ka.IdleTime = ptr.To(uint32(d.Seconds())) + } + + if pka.Interval != nil { + d, err := time.ParseDuration(string(*pka.Interval)) + if err != nil { + return nil, fmt.Errorf("invalid Interval value %s", *pka.Interval) + } + ka.Interval = ptr.To(uint32(d.Seconds())) + } + return ka, nil +} + +func buildCircuitBreaker(policy egv1a1.ClusterSettings) (*ir.CircuitBreaker, error) { + if policy.CircuitBreaker == nil { + return nil, nil + } + + var cb *ir.CircuitBreaker + pcb := policy.CircuitBreaker + + if pcb != nil { + cb = &ir.CircuitBreaker{} + + if pcb.MaxConnections != nil { + if ui32, ok := int64ToUint32(*pcb.MaxConnections); ok { + cb.MaxConnections = &ui32 + } else { + return nil, fmt.Errorf("invalid MaxConnections value %d", *pcb.MaxConnections) + } + } + + if pcb.MaxParallelRequests != nil { + if ui32, ok := int64ToUint32(*pcb.MaxParallelRequests); ok { + cb.MaxParallelRequests = &ui32 + } else { + return nil, fmt.Errorf("invalid MaxParallelRequests value %d", *pcb.MaxParallelRequests) + } + } + + if pcb.MaxPendingRequests != nil { + if ui32, ok := int64ToUint32(*pcb.MaxPendingRequests); ok { + cb.MaxPendingRequests = &ui32 + } else { + return nil, fmt.Errorf("invalid MaxPendingRequests value %d", *pcb.MaxPendingRequests) + } + } + + if pcb.MaxParallelRetries != nil { + if ui32, ok := int64ToUint32(*pcb.MaxParallelRetries); ok { + cb.MaxParallelRetries = &ui32 + } else { + return nil, fmt.Errorf("invalid MaxParallelRetries value %d", *pcb.MaxParallelRetries) + } + } + + if pcb.MaxRequestsPerConnection != nil { + if ui32, ok := int64ToUint32(*pcb.MaxRequestsPerConnection); ok { + cb.MaxRequestsPerConnection = &ui32 + } else { + return nil, fmt.Errorf("invalid MaxRequestsPerConnection value %d", *pcb.MaxRequestsPerConnection) + } + } + + } + + return cb, nil +} + +func buildLoadBalancer(policy egv1a1.ClusterSettings) (*ir.LoadBalancer, error) { + if policy.LoadBalancer == nil { + return nil, nil + } + var lb *ir.LoadBalancer + switch policy.LoadBalancer.Type { + case egv1a1.ConsistentHashLoadBalancerType: + consistentHash, err := buildConsistentHashLoadBalancer(*policy.LoadBalancer) + if err != nil { + return nil, perr.WithMessage(err, "ConsistentHash") + } + + lb = &ir.LoadBalancer{ + ConsistentHash: consistentHash, + } + case egv1a1.LeastRequestLoadBalancerType: + lb = &ir.LoadBalancer{} + if policy.LoadBalancer.SlowStart != nil { + if policy.LoadBalancer.SlowStart.Window != nil { + lb.LeastRequest = &ir.LeastRequest{ + SlowStart: &ir.SlowStart{ + Window: policy.LoadBalancer.SlowStart.Window, + }, + } + } + } + case egv1a1.RandomLoadBalancerType: + lb = &ir.LoadBalancer{ + Random: &ir.Random{}, + } + case egv1a1.RoundRobinLoadBalancerType: + lb = &ir.LoadBalancer{ + RoundRobin: &ir.RoundRobin{ + SlowStart: &ir.SlowStart{}, + }, + } + if policy.LoadBalancer.SlowStart != nil { + if policy.LoadBalancer.SlowStart.Window != nil { + lb.RoundRobin = &ir.RoundRobin{ + SlowStart: &ir.SlowStart{ + Window: policy.LoadBalancer.SlowStart.Window, + }, + } + } + } + } + + return lb, nil +} + +func buildConsistentHashLoadBalancer(policy egv1a1.LoadBalancer) (*ir.ConsistentHash, error) { + consistentHash := &ir.ConsistentHash{} + + if policy.ConsistentHash.TableSize != nil { + tableSize := policy.ConsistentHash.TableSize + + if *tableSize > MaxConsistentHashTableSize || !big.NewInt(int64(*tableSize)).ProbablyPrime(0) { + return nil, fmt.Errorf("invalid TableSize value %d", *tableSize) + } + + consistentHash.TableSize = tableSize + } + + switch policy.ConsistentHash.Type { + case egv1a1.SourceIPConsistentHashType: + consistentHash.SourceIP = ptr.To(true) + case egv1a1.HeaderConsistentHashType: + consistentHash.Header = &ir.Header{ + Name: policy.ConsistentHash.Header.Name, + } + case egv1a1.CookieConsistentHashType: + consistentHash.Cookie = policy.ConsistentHash.Cookie + } + + return consistentHash, nil +} + +func buildProxyProtocol(policy egv1a1.ClusterSettings) *ir.ProxyProtocol { + if policy.ProxyProtocol == nil { + return nil + } + var pp *ir.ProxyProtocol + switch policy.ProxyProtocol.Version { + case egv1a1.ProxyProtocolVersionV1: + pp = &ir.ProxyProtocol{ + Version: ir.ProxyProtocolVersionV1, + } + case egv1a1.ProxyProtocolVersionV2: + pp = &ir.ProxyProtocol{ + Version: ir.ProxyProtocolVersionV2, + } + } + + return pp +} + +func buildHealthCheck(policy egv1a1.ClusterSettings) *ir.HealthCheck { + if policy.HealthCheck == nil { + return nil + } + + irhc := &ir.HealthCheck{} + irhc.Passive = buildPassiveHealthCheck(*policy.HealthCheck) + irhc.Active = buildActiveHealthCheck(*policy.HealthCheck) + + return irhc +} + +func buildPassiveHealthCheck(policy egv1a1.HealthCheck) *ir.OutlierDetection { + if policy.Passive == nil { + return nil + } + + hc := policy.Passive + irOD := &ir.OutlierDetection{ + Interval: hc.Interval, + SplitExternalLocalOriginErrors: hc.SplitExternalLocalOriginErrors, + ConsecutiveLocalOriginFailures: hc.ConsecutiveLocalOriginFailures, + ConsecutiveGatewayErrors: hc.ConsecutiveGatewayErrors, + Consecutive5xxErrors: hc.Consecutive5xxErrors, + BaseEjectionTime: hc.BaseEjectionTime, + MaxEjectionPercent: hc.MaxEjectionPercent, + } + return irOD +} + +func buildActiveHealthCheck(policy egv1a1.HealthCheck) *ir.ActiveHealthCheck { + if policy.Active == nil { + return nil + } + + hc := policy.Active + irHC := &ir.ActiveHealthCheck{ + Timeout: hc.Timeout, + Interval: hc.Interval, + UnhealthyThreshold: hc.UnhealthyThreshold, + HealthyThreshold: hc.HealthyThreshold, + } + switch hc.Type { + case egv1a1.ActiveHealthCheckerTypeHTTP: + irHC.HTTP = buildHTTPActiveHealthChecker(hc.HTTP) + case egv1a1.ActiveHealthCheckerTypeTCP: + irHC.TCP = buildTCPActiveHealthChecker(hc.TCP) + case egv1a1.ActiveHealthCheckerTypeGRPC: + irHC.GRPC = &ir.GRPCHealthChecker{ + Service: ptr.Deref(hc.GRPC, egv1a1.GRPCActiveHealthChecker{}).Service, + } + } + + return irHC +} + +func buildHTTPActiveHealthChecker(h *egv1a1.HTTPActiveHealthChecker) *ir.HTTPHealthChecker { + if h == nil { + return nil + } + + irHTTP := &ir.HTTPHealthChecker{ + Path: h.Path, + Method: h.Method, + } + if irHTTP.Method != nil { + *irHTTP.Method = strings.ToUpper(*irHTTP.Method) + } + + // deduplicate http statuses + statusSet := sets.NewInt() + for _, r := range h.ExpectedStatuses { + statusSet.Insert(int(r)) + } + // If no ExpectedStatus was set, use the default value (200) + if statusSet.Len() == 0 { + statusSet.Insert(http.StatusOK) + } + irStatuses := make([]ir.HTTPStatus, 0, statusSet.Len()) + + for _, r := range statusSet.List() { + irStatuses = append(irStatuses, ir.HTTPStatus(r)) + } + irHTTP.ExpectedStatuses = irStatuses + + irHTTP.ExpectedResponse = translateActiveHealthCheckPayload(h.ExpectedResponse) + return irHTTP +} + +func buildTCPActiveHealthChecker(h *egv1a1.TCPActiveHealthChecker) *ir.TCPHealthChecker { + if h == nil { + return nil + } + + irTCP := &ir.TCPHealthChecker{ + Send: translateActiveHealthCheckPayload(h.Send), + Receive: translateActiveHealthCheckPayload(h.Receive), + } + return irTCP +} + +func translateActiveHealthCheckPayload(p *egv1a1.ActiveHealthCheckPayload) *ir.HealthCheckPayload { + if p == nil { + return nil + } + + irPayload := &ir.HealthCheckPayload{} + switch p.Type { + case egv1a1.ActiveHealthCheckPayloadTypeText: + irPayload.Text = p.Text + case egv1a1.ActiveHealthCheckPayloadTypeBinary: + irPayload.Binary = make([]byte, len(p.Binary)) + copy(irPayload.Binary, p.Binary) + } + + return irPayload +} + +func translateDNS(policy egv1a1.ClusterSettings) *ir.DNS { + if policy.DNS == nil { + return nil + } + return &ir.DNS{ + RespectDNSTTL: policy.DNS.RespectDNSTTL, + DNSRefreshRate: policy.DNS.DNSRefreshRate, + } +} diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.in.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.in.yaml index 5cb832646b3..35f54fe3dd1 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.in.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.in.yaml @@ -100,6 +100,25 @@ httpRoutes: backendRefs: - name: service-3 port: 8080 +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + namespace: default + name: httproute-4 + spec: + hostnames: + - gateway.envoyproxy.io + parentRefs: + - namespace: envoy-gateway + name: gateway-2 + sectionName: http + rules: + - matches: + - path: + value: "/v2" + backendRefs: + - name: service-2 + port: 8080 backendTrafficPolicies: - apiVersion: gateway.envoyproxy.io/v1alpha1 kind: BackendTrafficPolicy @@ -169,6 +188,29 @@ backendTrafficPolicies: consecutiveGatewayErrors: 0 consecutiveLocalOriginFailures: 5 splitExternalLocalOriginErrors: false +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: BackendTrafficPolicy + metadata: + namespace: default + name: policy-for-route-4 + spec: + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: httproute-4 + healthCheck: + active: + timeout: "1s" + interval: "5s" + unhealthyThreshold: 3 + healthyThreshold: 3 + type: HTTP + http: + path: "/healthz" + method: "GET" + expectedResponse: + type: Text + text: pong - apiVersion: gateway.envoyproxy.io/v1alpha1 kind: BackendTrafficPolicy metadata: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.out.yaml index 447a7df485e..ef22b8bc072 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.out.yaml @@ -49,6 +49,45 @@ backendTrafficPolicies: status: "True" type: Accepted controllerName: gateway.envoyproxy.io/gatewayclass-controller +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: BackendTrafficPolicy + metadata: + creationTimestamp: null + name: policy-for-route-4 + namespace: default + spec: + healthCheck: + active: + healthyThreshold: 3 + http: + expectedResponse: + text: pong + type: Text + method: GET + path: /healthz + interval: 5s + timeout: 1s + type: HTTP + unhealthyThreshold: 3 + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: httproute-4 + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-2 + namespace: envoy-gateway + sectionName: http + conditions: + - lastTransitionTime: null + message: Policy has been accepted. + reason: Accepted + status: "True" + type: Accepted + controllerName: gateway.envoyproxy.io/gatewayclass-controller - apiVersion: gateway.envoyproxy.io/v1alpha1 kind: BackendTrafficPolicy metadata: @@ -252,7 +291,7 @@ gateways: protocol: HTTP status: listeners: - - attachedRoutes: 3 + - attachedRoutes: 4 conditions: - lastTransitionTime: null message: Sending translated listener configuration to the data plane @@ -424,6 +463,44 @@ httpRoutes: name: gateway-2 namespace: envoy-gateway sectionName: http +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + creationTimestamp: null + name: httproute-4 + namespace: default + spec: + hostnames: + - gateway.envoyproxy.io + parentRefs: + - name: gateway-2 + namespace: envoy-gateway + sectionName: http + rules: + - backendRefs: + - name: service-2 + port: 8080 + matches: + - path: + value: /v2 + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Resolved all the Object references for the Route + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-2 + namespace: envoy-gateway + sectionName: http infraIR: envoy-gateway/gateway-1: proxy: @@ -616,6 +693,41 @@ xdsIR: interval: 8ms maxEjectionPercent: 11 splitExternalLocalOriginErrors: false + - destination: + name: httproute/default/httproute-4/rule/0 + settings: + - addressType: IP + endpoints: + - host: 7.7.7.7 + port: 8080 + protocol: HTTP + weight: 1 + hostname: gateway.envoyproxy.io + isHTTP2: false + metadata: + kind: HTTPRoute + name: httproute-4 + namespace: default + name: httproute/default/httproute-4/rule/0/match/0/gateway_envoyproxy_io + pathMatch: + distinct: false + name: "" + prefix: /v2 + traffic: + healthCheck: + active: + healthyThreshold: 3 + http: + expectedResponse: + text: pong + expectedStatuses: + - 200 + host: gateway.envoyproxy.io + method: GET + path: /healthz + interval: 5s + timeout: 1s + unhealthyThreshold: 3 - destination: name: httproute/default/httproute-1/rule/0 settings: From ca4bc61b7bf726cf494b16f98c6096d470155511 Mon Sep 17 00:00:00 2001 From: Tasdidur Rahman <52253951+TasdidurRahman@users.noreply.github.com> Date: Sun, 1 Sep 2024 06:47:41 +0600 Subject: [PATCH 08/12] Fix IsNotFound check for secret and configmap (#4126) fix IsNotFound check for secret and configmap Signed-off-by: TasdidurRahman (cherry picked from commit c20315f554e9522b9f98f337dcb5747b1e8f3495) Signed-off-by: Arko Dasgupta --- internal/provider/kubernetes/controller.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/provider/kubernetes/controller.go b/internal/provider/kubernetes/controller.go index 73d8799e900..31a54ec71b6 100644 --- a/internal/provider/kubernetes/controller.go +++ b/internal/provider/kubernetes/controller.go @@ -597,7 +597,7 @@ func (r *gatewayAPIReconciler) processSecretRef( types.NamespacedName{Namespace: secretNS, Name: string(secretRef.Name)}, secret, ) - if err != nil && !kerrors.IsNotFound(err) { + if err != nil && kerrors.IsNotFound(err) { return fmt.Errorf("unable to find the Secret: %s/%s", secretNS, string(secretRef.Name)) } @@ -699,7 +699,7 @@ func (r *gatewayAPIReconciler) processConfigMapRef( types.NamespacedName{Namespace: configMapNS, Name: string(configMapRef.Name)}, configMap, ) - if err != nil && !kerrors.IsNotFound(err) { + if err != nil && kerrors.IsNotFound(err) { return fmt.Errorf("unable to find the ConfigMap: %s/%s", configMapNS, string(configMapRef.Name)) } From 7ac4aee097407fb6dcea66a827df9bb2ed2d1697 Mon Sep 17 00:00:00 2001 From: qi Date: Wed, 4 Sep 2024 12:43:54 +0800 Subject: [PATCH 09/12] fix: assign sugar logger name. (#4144) Signed-off-by: qicz Co-authored-by: zirain (cherry picked from commit b50f5fa0273f410dc9270a9c23698110a4266822) Signed-off-by: Arko Dasgupta --- internal/logging/log.go | 2 +- internal/logging/log_test.go | 29 +++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/internal/logging/log.go b/internal/logging/log.go index a4fb787f9c2..274f11f05a4 100644 --- a/internal/logging/log.go +++ b/internal/logging/log.go @@ -72,7 +72,7 @@ func (l Logger) WithName(name string) Logger { return Logger{ Logger: zapr.NewLogger(logger).WithName(name), logging: l.logging, - sugaredLogger: logger.Sugar(), + sugaredLogger: logger.Sugar().Named(name), } } diff --git a/internal/logging/log_test.go b/internal/logging/log_test.go index 999f922759c..0942910f71c 100644 --- a/internal/logging/log_test.go +++ b/internal/logging/log_test.go @@ -75,3 +75,32 @@ func TestLoggerWithName(t *testing.T) { assert.Contains(t, capturedOutput, "info message") assert.Contains(t, capturedOutput, "debug message") } + +func TestLoggerSugarName(t *testing.T) { + originalStdout := os.Stdout + r, w, _ := os.Pipe() + os.Stdout = w + + defer func() { + // Restore the original stdout and close the pipe + os.Stdout = originalStdout + err := w.Close() + require.NoError(t, err) + }() + + const logName = "loggerName" + + config := egv1a1.DefaultEnvoyGatewayLogging() + config.Level[logName] = egv1a1.LogLevelDebug + + logger := NewLogger(config).WithName(logName) + + logger.Sugar().Debugf("debugging message") + + // Read from the pipe (captured stdout) + outputBytes := make([]byte, 200) + _, err := r.Read(outputBytes) + require.NoError(t, err) + capturedOutput := string(outputBytes) + assert.Contains(t, capturedOutput, "debugging message", logName) +} From b87b7deffa29c570fdffb0b8becf71bacf4f69c6 Mon Sep 17 00:00:00 2001 From: zirain Date: Mon, 19 Aug 2024 01:27:02 +0800 Subject: [PATCH 10/12] use sets and return stable result (#4074) Signed-off-by: zirain (cherry picked from commit 6066f5a6ad65d30f5d2327b03de04361bb6de004) Signed-off-by: Arko Dasgupta --- internal/gatewayapi/helpers.go | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/internal/gatewayapi/helpers.go b/internal/gatewayapi/helpers.go index 076a892bbe5..a6e13720e44 100644 --- a/internal/gatewayapi/helpers.go +++ b/internal/gatewayapi/helpers.go @@ -280,7 +280,7 @@ func computeHosts(routeHostnames []string, listenerContext *ListenerContext) []s return []string{"*"} } - hostnamesSet := map[string]struct{}{} + hostnamesSet := sets.NewString() // Find intersecting hostnames for i := range routeHostnames { @@ -291,22 +291,22 @@ func computeHosts(routeHostnames []string, listenerContext *ListenerContext) []s switch { // No listener hostname: use the route hostname. case len(listenerHostnameVal) == 0: - hostnamesSet[routeHostname] = struct{}{} + hostnamesSet.Insert(routeHostname) // Listener hostname matches the route hostname: use it. case listenerHostnameVal == routeHostname: - hostnamesSet[routeHostname] = struct{}{} + hostnamesSet.Insert(routeHostname) // Listener has a wildcard hostname: check if the route hostname matches. case strings.HasPrefix(listenerHostnameVal, "*"): if hostnameMatchesWildcardHostname(routeHostname, listenerHostnameVal) { - hostnamesSet[routeHostname] = struct{}{} + hostnamesSet.Insert(routeHostname) } // Route has a wildcard hostname: check if the listener hostname matches. case strings.HasPrefix(routeHostname, "*"): if hostnameMatchesWildcardHostname(listenerHostnameVal, routeHostname) { - hostnamesSet[listenerHostnameVal] = struct{}{} + hostnamesSet.Insert(listenerHostnameVal) } } @@ -328,15 +328,10 @@ func computeHosts(routeHostnames []string, listenerContext *ListenerContext) []s if listener.Hostname == nil { continue } - delete(hostnamesSet, string(*listener.Hostname)) + hostnamesSet.Delete(string(*listener.Hostname)) } - var hostnames []string - for host := range hostnamesSet { - hostnames = append(hostnames, host) - } - - return hostnames + return hostnamesSet.List() } // hostnameMatchesWildcardHostname returns true if hostname has the non-wildcard From 9a5e78c1085869139238847efac2683b60d23105 Mon Sep 17 00:00:00 2001 From: Arko Dasgupta Date: Fri, 6 Sep 2024 19:24:52 -0700 Subject: [PATCH 11/12] delete internal/gatewayapi/clustersettings.go NA for v1.1 Signed-off-by: Arko Dasgupta --- internal/gatewayapi/clustersettings.go | 509 ------------------------- 1 file changed, 509 deletions(-) delete mode 100644 internal/gatewayapi/clustersettings.go diff --git a/internal/gatewayapi/clustersettings.go b/internal/gatewayapi/clustersettings.go deleted file mode 100644 index a0e8dcb32d6..00000000000 --- a/internal/gatewayapi/clustersettings.go +++ /dev/null @@ -1,509 +0,0 @@ -// Copyright Envoy Gateway Authors -// SPDX-License-Identifier: Apache-2.0 -// The full text of the Apache license is available in the LICENSE file at -// the root of the repo. - -package gatewayapi - -import ( - "errors" - "fmt" - "math" - "math/big" - "net/http" - "strings" - "time" - - perr "github.com/pkg/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/utils/ptr" - - egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" - "github.com/envoyproxy/gateway/internal/ir" -) - -func translateTrafficFeatures(policy *egv1a1.ClusterSettings) (*ir.TrafficFeatures, error) { - if policy == nil { - return nil, nil - } - ret := &ir.TrafficFeatures{} - - if timeout, err := buildTimeout(*policy, nil); err != nil { - return nil, err - } else { - ret.Timeout = timeout - } - - if bc, err := buildBackendConnection(*policy); err != nil { - return nil, err - } else { - ret.BackendConnection = bc - } - - if ka, err := buildTCPKeepAlive(*policy); err != nil { - return nil, err - } else { - ret.TCPKeepalive = ka - } - - if cb, err := buildCircuitBreaker(*policy); err != nil { - return nil, err - } else { - ret.CircuitBreaker = cb - } - - if lb, err := buildLoadBalancer(*policy); err != nil { - return nil, err - } else { - ret.LoadBalancer = lb - } - - ret.ProxyProtocol = buildProxyProtocol(*policy) - - ret.HealthCheck = buildHealthCheck(*policy) - - ret.DNS = translateDNS(*policy) - - if h2, err := buildIRHTTP2Settings(policy.HTTP2); err != nil { - return nil, err - } else { - ret.HTTP2 = h2 - } - - // If nothing was set in any of the above calls, return nil instead of an empty - // container - var empty ir.TrafficFeatures - if empty == *ret { - ret = nil - } - - return ret, nil -} - -func buildTimeout(policy egv1a1.ClusterSettings, r *ir.HTTPRoute) (*ir.Timeout, error) { - if policy.Timeout == nil { - return nil, nil - } - var ( - tto *ir.TCPTimeout - hto *ir.HTTPTimeout - terr bool - errs error - ) - - pto := policy.Timeout - - if pto.TCP != nil && pto.TCP.ConnectTimeout != nil { - d, err := time.ParseDuration(string(*pto.TCP.ConnectTimeout)) - if err != nil { - terr = true - errs = errors.Join(errs, fmt.Errorf("invalid ConnectTimeout value %s", *pto.TCP.ConnectTimeout)) - } else { - tto = &ir.TCPTimeout{ - ConnectTimeout: ptr.To(metav1.Duration{Duration: d}), - } - } - } - - if pto.HTTP != nil { - var cit *metav1.Duration - var mcd *metav1.Duration - - if pto.HTTP.ConnectionIdleTimeout != nil { - d, err := time.ParseDuration(string(*pto.HTTP.ConnectionIdleTimeout)) - if err != nil { - terr = true - errs = errors.Join(errs, fmt.Errorf("invalid ConnectionIdleTimeout value %s", *pto.HTTP.ConnectionIdleTimeout)) - } else { - cit = ptr.To(metav1.Duration{Duration: d}) - } - } - - if pto.HTTP.MaxConnectionDuration != nil { - d, err := time.ParseDuration(string(*pto.HTTP.MaxConnectionDuration)) - if err != nil { - terr = true - errs = errors.Join(errs, fmt.Errorf("invalid MaxConnectionDuration value %s", *pto.HTTP.MaxConnectionDuration)) - } else { - mcd = ptr.To(metav1.Duration{Duration: d}) - } - } - - hto = &ir.HTTPTimeout{ - ConnectionIdleTimeout: cit, - MaxConnectionDuration: mcd, - } - } - - // http request timeout is translated during the gateway-api route resource translation - // merge route timeout setting with backendtrafficpolicy timeout settings - if terr { - if r != nil && r.Traffic != nil && r.Traffic.Timeout != nil { - return r.Traffic.Timeout.DeepCopy(), errs - } - } else { - // http request timeout is translated during the gateway-api route resource translation - // merge route timeout setting with backendtrafficpolicy timeout settings - if r != nil && - r.Traffic != nil && - r.Traffic.Timeout != nil && - r.Traffic.Timeout.HTTP != nil && - r.Traffic.Timeout.HTTP.RequestTimeout != nil { - if hto == nil { - hto = &ir.HTTPTimeout{ - RequestTimeout: r.Traffic.Timeout.HTTP.RequestTimeout, - } - } else { - hto.RequestTimeout = r.Traffic.Timeout.HTTP.RequestTimeout - } - } - - if hto != nil || tto != nil { - return &ir.Timeout{ - TCP: tto, - HTTP: hto, - }, nil - } - } - - return nil, errs -} - -func buildBackendConnection(policy egv1a1.ClusterSettings) (*ir.BackendConnection, error) { - if policy.Connection == nil { - return nil, nil - } - var ( - bcIR = &ir.BackendConnection{} - bc = &egv1a1.BackendConnection{} - ) - - if policy.Connection != nil { - bc = policy.Connection - - if bc.BufferLimit != nil { - bf, ok := bc.BufferLimit.AsInt64() - if !ok { - return nil, fmt.Errorf("invalid BufferLimit value %s", bc.BufferLimit.String()) - } - if bf < 0 || bf > math.MaxUint32 { - return nil, fmt.Errorf("BufferLimit value %s is out of range", bc.BufferLimit.String()) - } - - bcIR.BufferLimitBytes = ptr.To(uint32(bf)) - } - } - - return bcIR, nil -} - -func buildTCPKeepAlive(policy egv1a1.ClusterSettings) (*ir.TCPKeepalive, error) { - if policy.TCPKeepalive == nil { - return nil, nil - } - - pka := policy.TCPKeepalive - ka := &ir.TCPKeepalive{} - - if pka.Probes != nil { - ka.Probes = pka.Probes - } - - if pka.IdleTime != nil { - d, err := time.ParseDuration(string(*pka.IdleTime)) - if err != nil { - return nil, fmt.Errorf("invalid IdleTime value %s", *pka.IdleTime) - } - ka.IdleTime = ptr.To(uint32(d.Seconds())) - } - - if pka.Interval != nil { - d, err := time.ParseDuration(string(*pka.Interval)) - if err != nil { - return nil, fmt.Errorf("invalid Interval value %s", *pka.Interval) - } - ka.Interval = ptr.To(uint32(d.Seconds())) - } - return ka, nil -} - -func buildCircuitBreaker(policy egv1a1.ClusterSettings) (*ir.CircuitBreaker, error) { - if policy.CircuitBreaker == nil { - return nil, nil - } - - var cb *ir.CircuitBreaker - pcb := policy.CircuitBreaker - - if pcb != nil { - cb = &ir.CircuitBreaker{} - - if pcb.MaxConnections != nil { - if ui32, ok := int64ToUint32(*pcb.MaxConnections); ok { - cb.MaxConnections = &ui32 - } else { - return nil, fmt.Errorf("invalid MaxConnections value %d", *pcb.MaxConnections) - } - } - - if pcb.MaxParallelRequests != nil { - if ui32, ok := int64ToUint32(*pcb.MaxParallelRequests); ok { - cb.MaxParallelRequests = &ui32 - } else { - return nil, fmt.Errorf("invalid MaxParallelRequests value %d", *pcb.MaxParallelRequests) - } - } - - if pcb.MaxPendingRequests != nil { - if ui32, ok := int64ToUint32(*pcb.MaxPendingRequests); ok { - cb.MaxPendingRequests = &ui32 - } else { - return nil, fmt.Errorf("invalid MaxPendingRequests value %d", *pcb.MaxPendingRequests) - } - } - - if pcb.MaxParallelRetries != nil { - if ui32, ok := int64ToUint32(*pcb.MaxParallelRetries); ok { - cb.MaxParallelRetries = &ui32 - } else { - return nil, fmt.Errorf("invalid MaxParallelRetries value %d", *pcb.MaxParallelRetries) - } - } - - if pcb.MaxRequestsPerConnection != nil { - if ui32, ok := int64ToUint32(*pcb.MaxRequestsPerConnection); ok { - cb.MaxRequestsPerConnection = &ui32 - } else { - return nil, fmt.Errorf("invalid MaxRequestsPerConnection value %d", *pcb.MaxRequestsPerConnection) - } - } - - } - - return cb, nil -} - -func buildLoadBalancer(policy egv1a1.ClusterSettings) (*ir.LoadBalancer, error) { - if policy.LoadBalancer == nil { - return nil, nil - } - var lb *ir.LoadBalancer - switch policy.LoadBalancer.Type { - case egv1a1.ConsistentHashLoadBalancerType: - consistentHash, err := buildConsistentHashLoadBalancer(*policy.LoadBalancer) - if err != nil { - return nil, perr.WithMessage(err, "ConsistentHash") - } - - lb = &ir.LoadBalancer{ - ConsistentHash: consistentHash, - } - case egv1a1.LeastRequestLoadBalancerType: - lb = &ir.LoadBalancer{} - if policy.LoadBalancer.SlowStart != nil { - if policy.LoadBalancer.SlowStart.Window != nil { - lb.LeastRequest = &ir.LeastRequest{ - SlowStart: &ir.SlowStart{ - Window: policy.LoadBalancer.SlowStart.Window, - }, - } - } - } - case egv1a1.RandomLoadBalancerType: - lb = &ir.LoadBalancer{ - Random: &ir.Random{}, - } - case egv1a1.RoundRobinLoadBalancerType: - lb = &ir.LoadBalancer{ - RoundRobin: &ir.RoundRobin{ - SlowStart: &ir.SlowStart{}, - }, - } - if policy.LoadBalancer.SlowStart != nil { - if policy.LoadBalancer.SlowStart.Window != nil { - lb.RoundRobin = &ir.RoundRobin{ - SlowStart: &ir.SlowStart{ - Window: policy.LoadBalancer.SlowStart.Window, - }, - } - } - } - } - - return lb, nil -} - -func buildConsistentHashLoadBalancer(policy egv1a1.LoadBalancer) (*ir.ConsistentHash, error) { - consistentHash := &ir.ConsistentHash{} - - if policy.ConsistentHash.TableSize != nil { - tableSize := policy.ConsistentHash.TableSize - - if *tableSize > MaxConsistentHashTableSize || !big.NewInt(int64(*tableSize)).ProbablyPrime(0) { - return nil, fmt.Errorf("invalid TableSize value %d", *tableSize) - } - - consistentHash.TableSize = tableSize - } - - switch policy.ConsistentHash.Type { - case egv1a1.SourceIPConsistentHashType: - consistentHash.SourceIP = ptr.To(true) - case egv1a1.HeaderConsistentHashType: - consistentHash.Header = &ir.Header{ - Name: policy.ConsistentHash.Header.Name, - } - case egv1a1.CookieConsistentHashType: - consistentHash.Cookie = policy.ConsistentHash.Cookie - } - - return consistentHash, nil -} - -func buildProxyProtocol(policy egv1a1.ClusterSettings) *ir.ProxyProtocol { - if policy.ProxyProtocol == nil { - return nil - } - var pp *ir.ProxyProtocol - switch policy.ProxyProtocol.Version { - case egv1a1.ProxyProtocolVersionV1: - pp = &ir.ProxyProtocol{ - Version: ir.ProxyProtocolVersionV1, - } - case egv1a1.ProxyProtocolVersionV2: - pp = &ir.ProxyProtocol{ - Version: ir.ProxyProtocolVersionV2, - } - } - - return pp -} - -func buildHealthCheck(policy egv1a1.ClusterSettings) *ir.HealthCheck { - if policy.HealthCheck == nil { - return nil - } - - irhc := &ir.HealthCheck{} - irhc.Passive = buildPassiveHealthCheck(*policy.HealthCheck) - irhc.Active = buildActiveHealthCheck(*policy.HealthCheck) - - return irhc -} - -func buildPassiveHealthCheck(policy egv1a1.HealthCheck) *ir.OutlierDetection { - if policy.Passive == nil { - return nil - } - - hc := policy.Passive - irOD := &ir.OutlierDetection{ - Interval: hc.Interval, - SplitExternalLocalOriginErrors: hc.SplitExternalLocalOriginErrors, - ConsecutiveLocalOriginFailures: hc.ConsecutiveLocalOriginFailures, - ConsecutiveGatewayErrors: hc.ConsecutiveGatewayErrors, - Consecutive5xxErrors: hc.Consecutive5xxErrors, - BaseEjectionTime: hc.BaseEjectionTime, - MaxEjectionPercent: hc.MaxEjectionPercent, - } - return irOD -} - -func buildActiveHealthCheck(policy egv1a1.HealthCheck) *ir.ActiveHealthCheck { - if policy.Active == nil { - return nil - } - - hc := policy.Active - irHC := &ir.ActiveHealthCheck{ - Timeout: hc.Timeout, - Interval: hc.Interval, - UnhealthyThreshold: hc.UnhealthyThreshold, - HealthyThreshold: hc.HealthyThreshold, - } - switch hc.Type { - case egv1a1.ActiveHealthCheckerTypeHTTP: - irHC.HTTP = buildHTTPActiveHealthChecker(hc.HTTP) - case egv1a1.ActiveHealthCheckerTypeTCP: - irHC.TCP = buildTCPActiveHealthChecker(hc.TCP) - case egv1a1.ActiveHealthCheckerTypeGRPC: - irHC.GRPC = &ir.GRPCHealthChecker{ - Service: ptr.Deref(hc.GRPC, egv1a1.GRPCActiveHealthChecker{}).Service, - } - } - - return irHC -} - -func buildHTTPActiveHealthChecker(h *egv1a1.HTTPActiveHealthChecker) *ir.HTTPHealthChecker { - if h == nil { - return nil - } - - irHTTP := &ir.HTTPHealthChecker{ - Path: h.Path, - Method: h.Method, - } - if irHTTP.Method != nil { - *irHTTP.Method = strings.ToUpper(*irHTTP.Method) - } - - // deduplicate http statuses - statusSet := sets.NewInt() - for _, r := range h.ExpectedStatuses { - statusSet.Insert(int(r)) - } - // If no ExpectedStatus was set, use the default value (200) - if statusSet.Len() == 0 { - statusSet.Insert(http.StatusOK) - } - irStatuses := make([]ir.HTTPStatus, 0, statusSet.Len()) - - for _, r := range statusSet.List() { - irStatuses = append(irStatuses, ir.HTTPStatus(r)) - } - irHTTP.ExpectedStatuses = irStatuses - - irHTTP.ExpectedResponse = translateActiveHealthCheckPayload(h.ExpectedResponse) - return irHTTP -} - -func buildTCPActiveHealthChecker(h *egv1a1.TCPActiveHealthChecker) *ir.TCPHealthChecker { - if h == nil { - return nil - } - - irTCP := &ir.TCPHealthChecker{ - Send: translateActiveHealthCheckPayload(h.Send), - Receive: translateActiveHealthCheckPayload(h.Receive), - } - return irTCP -} - -func translateActiveHealthCheckPayload(p *egv1a1.ActiveHealthCheckPayload) *ir.HealthCheckPayload { - if p == nil { - return nil - } - - irPayload := &ir.HealthCheckPayload{} - switch p.Type { - case egv1a1.ActiveHealthCheckPayloadTypeText: - irPayload.Text = p.Text - case egv1a1.ActiveHealthCheckPayloadTypeBinary: - irPayload.Binary = make([]byte, len(p.Binary)) - copy(irPayload.Binary, p.Binary) - } - - return irPayload -} - -func translateDNS(policy egv1a1.ClusterSettings) *ir.DNS { - if policy.DNS == nil { - return nil - } - return &ir.DNS{ - RespectDNSTTL: policy.DNS.RespectDNSTTL, - DNSRefreshRate: policy.DNS.DNSRefreshRate, - } -} From 7b6750df357bdf2c684ac37489b6da171fda4d0c Mon Sep 17 00:00:00 2001 From: zirain Date: Sat, 7 Sep 2024 16:09:28 +0800 Subject: [PATCH 12/12] bump to go1.22.7 (#4175) * bump to go1.22.6 Signed-off-by: zirain * bump to 1.22.7 Signed-off-by: zirain --------- Signed-off-by: zirain (cherry picked from commit 69bf8825422db0cb7b34097b8db5dfca19b8d477) Signed-off-by: Arko Dasgupta --- examples/extension-server/go.mod | 2 +- examples/extension-server/tools/src/controller-gen/go.mod | 2 +- examples/kubernetes/ext-proc-grpc-service.yaml | 2 +- go.mod | 2 +- site/go.mod | 2 +- tools/src/buf/go.mod | 2 +- tools/src/controller-gen/go.mod | 2 +- tools/src/crd-ref-docs/go.mod | 2 +- tools/src/gci/go.mod | 2 +- tools/src/golangci-lint/go.mod | 2 +- tools/src/helm-docs/go.mod | 2 +- tools/src/jb/go.mod | 2 +- tools/src/jsonnet/go.mod | 2 +- tools/src/kind/go.mod | 2 +- tools/src/protoc-gen-go-grpc/go.mod | 2 +- tools/src/protoc-gen-go/go.mod | 2 +- tools/src/setup-envtest/go.mod | 2 +- 17 files changed, 17 insertions(+), 17 deletions(-) diff --git a/examples/extension-server/go.mod b/examples/extension-server/go.mod index b5ebd93dce6..91f5323ca58 100644 --- a/examples/extension-server/go.mod +++ b/examples/extension-server/go.mod @@ -1,6 +1,6 @@ module github.com/exampleorg/envoygateway-extension -go 1.22.5 +go 1.22.7 require ( github.com/envoyproxy/gateway v1.0.2 diff --git a/examples/extension-server/tools/src/controller-gen/go.mod b/examples/extension-server/tools/src/controller-gen/go.mod index 3b5da982d27..e1eab3409bc 100644 --- a/examples/extension-server/tools/src/controller-gen/go.mod +++ b/examples/extension-server/tools/src/controller-gen/go.mod @@ -1,6 +1,6 @@ module local -go 1.22.5 +go 1.22.7 require sigs.k8s.io/controller-tools v0.15.0 diff --git a/examples/kubernetes/ext-proc-grpc-service.yaml b/examples/kubernetes/ext-proc-grpc-service.yaml index 23b90b104cb..de94ccf905c 100644 --- a/examples/kubernetes/ext-proc-grpc-service.yaml +++ b/examples/kubernetes/ext-proc-grpc-service.yaml @@ -361,7 +361,7 @@ spec: - sh - "-c" - "cp -a /app /app-live && cd /app-live && go run . --certPath=/app-live/certs/ " - image: golang:1.22.5-alpine + image: golang:1.22.7-alpine ports: - containerPort: 8000 volumeMounts: diff --git a/go.mod b/go.mod index 9f3ccfb9508..6891c1acb2b 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway -go 1.22.5 +go 1.22.7 replace github.com/imdario/mergo => github.com/imdario/mergo v0.3.16 diff --git a/site/go.mod b/site/go.mod index 29d91dd00e8..c6b0df811f3 100644 --- a/site/go.mod +++ b/site/go.mod @@ -1,6 +1,6 @@ module github.com/google/docsy-example -go 1.22.5 +go 1.22.7 require ( github.com/FortAwesome/Font-Awesome v0.0.0-20240402185447-c0f460dca7f7 // indirect diff --git a/tools/src/buf/go.mod b/tools/src/buf/go.mod index d2d02735a03..a97763b29b0 100644 --- a/tools/src/buf/go.mod +++ b/tools/src/buf/go.mod @@ -1,6 +1,6 @@ module local -go 1.22.5 +go 1.22.7 require github.com/bufbuild/buf v1.34.0 diff --git a/tools/src/controller-gen/go.mod b/tools/src/controller-gen/go.mod index 3b5da982d27..e1eab3409bc 100644 --- a/tools/src/controller-gen/go.mod +++ b/tools/src/controller-gen/go.mod @@ -1,6 +1,6 @@ module local -go 1.22.5 +go 1.22.7 require sigs.k8s.io/controller-tools v0.15.0 diff --git a/tools/src/crd-ref-docs/go.mod b/tools/src/crd-ref-docs/go.mod index e6ce178a997..c3f94ef1ede 100644 --- a/tools/src/crd-ref-docs/go.mod +++ b/tools/src/crd-ref-docs/go.mod @@ -1,6 +1,6 @@ module local -go 1.22.5 +go 1.22.7 require github.com/elastic/crd-ref-docs v0.0.13-0.20240413123740-ea9fcaa0230f diff --git a/tools/src/gci/go.mod b/tools/src/gci/go.mod index dfb21a706d3..7d4fd7ca6d3 100644 --- a/tools/src/gci/go.mod +++ b/tools/src/gci/go.mod @@ -1,6 +1,6 @@ module local -go 1.22.5 +go 1.22.7 require github.com/daixiang0/gci v0.13.4 diff --git a/tools/src/golangci-lint/go.mod b/tools/src/golangci-lint/go.mod index 9442b7aa814..4b92c196c43 100644 --- a/tools/src/golangci-lint/go.mod +++ b/tools/src/golangci-lint/go.mod @@ -1,6 +1,6 @@ module local -go 1.22.5 +go 1.22.7 require github.com/golangci/golangci-lint v1.59.1 diff --git a/tools/src/helm-docs/go.mod b/tools/src/helm-docs/go.mod index f90603ca8cb..84484217b90 100644 --- a/tools/src/helm-docs/go.mod +++ b/tools/src/helm-docs/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway/tools/src/helm-docs -go 1.22.5 +go 1.22.7 require github.com/norwoodj/helm-docs v1.14.2 diff --git a/tools/src/jb/go.mod b/tools/src/jb/go.mod index f781b6f98f7..4b500d8ac15 100644 --- a/tools/src/jb/go.mod +++ b/tools/src/jb/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway/tools/src/jb -go 1.22.5 +go 1.22.7 require github.com/jsonnet-bundler/jsonnet-bundler v0.5.1 diff --git a/tools/src/jsonnet/go.mod b/tools/src/jsonnet/go.mod index 2abb020097d..27537f28221 100644 --- a/tools/src/jsonnet/go.mod +++ b/tools/src/jsonnet/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway/tools/src/jsonnet -go 1.22.5 +go 1.22.7 require github.com/google/go-jsonnet v0.20.0 diff --git a/tools/src/kind/go.mod b/tools/src/kind/go.mod index ee24990f491..91c367c5987 100644 --- a/tools/src/kind/go.mod +++ b/tools/src/kind/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway/tools/src/kind -go 1.22.5 +go 1.22.7 require sigs.k8s.io/kind v0.23.0 diff --git a/tools/src/protoc-gen-go-grpc/go.mod b/tools/src/protoc-gen-go-grpc/go.mod index f55603269c3..1e73e1c5269 100644 --- a/tools/src/protoc-gen-go-grpc/go.mod +++ b/tools/src/protoc-gen-go-grpc/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway/tools/src/protoc-gen-go-grpc -go 1.22.5 +go 1.22.7 require google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.3.0 diff --git a/tools/src/protoc-gen-go/go.mod b/tools/src/protoc-gen-go/go.mod index 8f65aeda683..e24ee052913 100644 --- a/tools/src/protoc-gen-go/go.mod +++ b/tools/src/protoc-gen-go/go.mod @@ -1,5 +1,5 @@ module github.com/envoyproxy/gateway/tools/src/protoc-gen-go -go 1.22.5 +go 1.22.7 require google.golang.org/protobuf v1.33.0 diff --git a/tools/src/setup-envtest/go.mod b/tools/src/setup-envtest/go.mod index cef388c9cfd..53668dc72b2 100644 --- a/tools/src/setup-envtest/go.mod +++ b/tools/src/setup-envtest/go.mod @@ -1,6 +1,6 @@ module local -go 1.22.5 +go 1.22.7 require sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20240423173400-ed81fa696dea