Skip to content

Commit

Permalink
Merge branch 'main' into api-extproc-attrs-metadata
Browse files Browse the repository at this point in the history
  • Loading branch information
guydc authored May 7, 2024
2 parents 3720051 + ed4222b commit 5866854
Show file tree
Hide file tree
Showing 457 changed files with 17,577 additions and 9,545 deletions.
2 changes: 1 addition & 1 deletion api/v1alpha1/backendtrafficpolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ type BackendTrafficPolicySpec struct {
// is being attached to.
// This Policy and the TargetRef MUST be in the same namespace
// for this Policy to have effect and be applied to the Gateway.
TargetRef gwapiv1a2.PolicyTargetReferenceWithSectionName `json:"targetRef"`
TargetRef gwapiv1a2.LocalPolicyTargetReferenceWithSectionName `json:"targetRef"`

// RateLimit allows the user to limit the number of incoming requests
// to a predefined value based on attributes within the traffic flow.
Expand Down
2 changes: 1 addition & 1 deletion api/v1alpha1/clienttrafficpolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ type ClientTrafficPolicySpec struct {
// This Policy and the TargetRef MUST be in the same namespace
// for this Policy to have effect and be applied to the Gateway.
// TargetRef
TargetRef gwapiv1a2.PolicyTargetReferenceWithSectionName `json:"targetRef"`
TargetRef gwapiv1a2.LocalPolicyTargetReferenceWithSectionName `json:"targetRef"`
// TcpKeepalive settings associated with the downstream client connection.
// If defined, sets SO_KEEPALIVE on the listener socket to enable TCP Keepalives.
// Disabled by default.
Expand Down
4 changes: 3 additions & 1 deletion api/v1alpha1/envoyextensionypolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,18 +42,20 @@ type EnvoyExtensionPolicySpec struct {
// is being attached to.
// This Policy and the TargetRef MUST be in the same namespace
// for this Policy to have effect and be applied to the Gateway or xRoute.
TargetRef gwapiv1a2.PolicyTargetReferenceWithSectionName `json:"targetRef"`
TargetRef gwapiv1a2.LocalPolicyTargetReferenceWithSectionName `json:"targetRef"`

// Wasm is a list of Wasm extensions to be loaded by the Gateway.
// Order matters, as the extensions will be loaded in the order they are
// defined in this list.
//
// +kubebuilder:validation:MaxItems=16
// +optional
Wasm []Wasm `json:"wasm,omitempty"`

// ExtProc is an ordered list of external processing filters
// that should added to the envoy filter chain
//
// +kubebuilder:validation:MaxItems=16
// +optional
ExtProc []ExtProc `json:"extProc,omitempty"`
}
Expand Down
3 changes: 3 additions & 0 deletions api/v1alpha1/envoygateway_helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -234,6 +234,9 @@ func (r *EnvoyGatewayProvider) GetEnvoyGatewayKubeProvider() *EnvoyGatewayKubern

r.Kubernetes.RateLimitDeployment.defaultKubernetesDeploymentSpec(DefaultRateLimitImage)

if r.Kubernetes.ShutdownManager == nil {
r.Kubernetes.ShutdownManager = &ShutdownManager{Image: ptr.To(DefaultShutdownManagerImage)}
}
return r.Kubernetes
}

Expand Down
10 changes: 10 additions & 0 deletions api/v1alpha1/envoygateway_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -213,6 +213,10 @@ type EnvoyGatewayKubernetesProvider struct {
// If it's not set up, leader election will be active by default, using Kubernetes' standard settings.
// +optional
LeaderElection *LeaderElection `json:"leaderElection,omitempty"`

// ShutdownManager defines the configuration for the shutdown manager.
// +optional
ShutdownManager *ShutdownManager `json:"shutdownManager,omitempty"`
}

const (
Expand Down Expand Up @@ -535,6 +539,12 @@ type EnvoyGatewayAdminAddress struct {
Host string `json:"host,omitempty"`
}

// ShutdownManager defines the configuration for the shutdown manager.
type ShutdownManager struct {
// Image specifies the ShutdownManager container image to be used, instead of the default image.
Image *string `json:"image,omitempty"`
}

func init() {
SchemeBuilder.Register(&EnvoyGateway{})
}
4 changes: 2 additions & 2 deletions api/v1alpha1/envoypatchpolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,12 +49,12 @@ type EnvoyPatchPolicySpec struct {
JSONPatches []EnvoyJSONPatchConfig `json:"jsonPatches,omitempty"`
// TargetRef is the name of the Gateway API resource this policy
// is being attached to.
// By default attaching to Gateway is supported and
// By default, attaching to Gateway is supported and
// when mergeGateways is enabled it should attach to GatewayClass.
// This Policy and the TargetRef MUST be in the same namespace
// for this Policy to have effect and be applied to the Gateway
// TargetRef
TargetRef gwapiv1a2.PolicyTargetReference `json:"targetRef"`
TargetRef gwapiv1a2.LocalPolicyTargetReference `json:"targetRef"`
// Priority of the EnvoyPatchPolicy.
// If multiple EnvoyPatchPolicies are applied to the same
// TargetRef, they will be applied in the ascending order of
Expand Down
3 changes: 2 additions & 1 deletion api/v1alpha1/envoyproxy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ type EnvoyProxySpec struct {
Shutdown *ShutdownConfig `json:"shutdown,omitempty"`

// FilterOrder defines the order of filters in the Envoy proxy's HTTP filter chain.
// The FilterPosition in the list will be applied in the order they are defined.
// If unspecified, the default filter order is applied.
// Default filter order is:
//
Expand Down Expand Up @@ -138,7 +139,7 @@ type BackendTLSConfig struct {
// +kubebuilder:validation:XValidation:rule="(has(self.before) && !has(self.after)) || (!has(self.before) && has(self.after))",message="only one of before or after can be specified"
type FilterPosition struct {
// Name of the filter.
Name EnvoyFilter `json:"filter"`
Name EnvoyFilter `json:"name"`

// Before defines the filter that should come before the filter.
// Only one of Before or After must be set.
Expand Down
2 changes: 1 addition & 1 deletion api/v1alpha1/securitypolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ type SecurityPolicySpec struct {
// is being attached to.
// This Policy and the TargetRef MUST be in the same namespace
// for this Policy to have effect and be applied to the Gateway.
TargetRef gwapiv1a2.PolicyTargetReferenceWithSectionName `json:"targetRef"`
TargetRef gwapiv1a2.LocalPolicyTargetReferenceWithSectionName `json:"targetRef"`

// CORS defines the configuration for Cross-Origin Resource Sharing (CORS).
//
Expand Down
41 changes: 41 additions & 0 deletions api/v1alpha1/validation/envoyproxy_validate.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (
"net"
"net/netip"

"github.com/dominikbraun/graph"
bootstrapv3 "github.com/envoyproxy/go-control-plane/envoy/config/bootstrap/v3"
clusterv3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
"github.com/google/go-cmp/cmp"
Expand Down Expand Up @@ -62,6 +63,13 @@ func validateEnvoyProxySpec(spec *egv1a1.EnvoyProxySpec) error {
errs = append(errs, validateProxyTelemetryErrs...)
}

// validate filter order
if spec != nil && spec.FilterOrder != nil {
if err := validateFilterOrder(spec.FilterOrder); err != nil {
errs = append(errs, err)
}
}

return utilerrors.NewAggregate(errs)
}

Expand Down Expand Up @@ -269,3 +277,36 @@ func validateProxyAccessLog(accessLog *egv1a1.ProxyAccessLog) []error {

return errs
}

func validateFilterOrder(filterOrder []egv1a1.FilterPosition) error {
g := graph.New(graph.StringHash, graph.Directed(), graph.PreventCycles())

for _, filter := range filterOrder {
// Ignore the error since the same filter can be added multiple times
_ = g.AddVertex(string(filter.Name))
if filter.Before != nil {
_ = g.AddVertex(string(*filter.Before))
}
if filter.After != nil {
_ = g.AddVertex(string(*filter.After))
}
}

for _, filter := range filterOrder {
var from, to string
if filter.Before != nil {
from = string(filter.Name)
to = string(*filter.Before)
} else {
from = string(*filter.After)
to = string(filter.Name)
}
if err := g.AddEdge(from, to); err != nil {
if errors.Is(err, graph.ErrEdgeCreatesCycle) {
return fmt.Errorf("there is a cycle in the filter order: %s -> %s", from, to)
}
}
}

return nil
}
48 changes: 48 additions & 0 deletions api/v1alpha1/validation/envoyproxy_validate_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -613,6 +613,54 @@ func TestValidateEnvoyProxy(t *testing.T) {
},
expected: true,
},
{
name: "valid filter order",
proxy: &egv1a1.EnvoyProxy{
ObjectMeta: metav1.ObjectMeta{
Namespace: "test",
Name: "test",
},
Spec: egv1a1.EnvoyProxySpec{
FilterOrder: []egv1a1.FilterPosition{
{
Name: egv1a1.EnvoyFilterOAuth2,
Before: ptr.To(egv1a1.EnvoyFilterJWTAuthn),
},
{
Name: egv1a1.EnvoyFilterExtProc,
After: ptr.To(egv1a1.EnvoyFilterJWTAuthn),
},
},
},
},
expected: true,
},
{
name: "invalid filter order with circular dependency",
proxy: &egv1a1.EnvoyProxy{
ObjectMeta: metav1.ObjectMeta{
Namespace: "test",
Name: "test",
},
Spec: egv1a1.EnvoyProxySpec{
FilterOrder: []egv1a1.FilterPosition{
{
Name: egv1a1.EnvoyFilterOAuth2,
Before: ptr.To(egv1a1.EnvoyFilterJWTAuthn),
},
{
Name: egv1a1.EnvoyFilterJWTAuthn,
Before: ptr.To(egv1a1.EnvoyFilterExtProc),
},
{
Name: egv1a1.EnvoyFilterExtProc,
Before: ptr.To(egv1a1.EnvoyFilterOAuth2),
},
},
},
},
expected: false,
},
}

for i := range testCases {
Expand Down
27 changes: 26 additions & 1 deletion api/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 5866854

Please sign in to comment.