diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml index a03fe40a02a..66bf96ebd77 100644 --- a/.github/workflows/build_and_test.yaml +++ b/.github/workflows/build_and_test.yaml @@ -22,9 +22,9 @@ jobs: steps: - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - uses: ./tools/github-actions/setup-deps - # Generate the install manifests first so it can checked + # Generate the installation manifests first, so it can check # for errors while running `make -k lint` - - run: make generate-manifests + - run: IMAGE_PULL_POLICY=Always make generate-manifests - run: make lint-deps - run: make -k lint @@ -174,4 +174,5 @@ jobs: - name: Build and Push EG Latest Helm Chart if: github.event_name == 'push' && github.ref == 'refs/heads/main' # use `0.0.0` as the default latest version. + # use `Always` image pull policy for latest version. run: IMAGE_PULL_POLICY=Always OCI_REGISTRY=oci://docker.io/envoyproxy CHART_VERSION=v0.0.0-latest TAG=latest make helm-package helm-push diff --git a/.github/workflows/latest_release.yaml b/.github/workflows/latest_release.yaml index de577267da3..9a3f8b46803 100644 --- a/.github/workflows/latest_release.yaml +++ b/.github/workflows/latest_release.yaml @@ -26,7 +26,8 @@ jobs: - uses: ./tools/github-actions/setup-deps - name: Generate Release Manifests - run: make generate-manifests IMAGE=envoyproxy/gateway-dev TAG=latest OUTPUT_DIR=release-artifacts + # Use `Always` image pull policy for latest version. + run: IMAGE_PULL_POLICY=Always make generate-manifests IMAGE=envoyproxy/gateway-dev TAG=latest OUTPUT_DIR=release-artifacts - name: Build egctl latest multiarch binaries run: | diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a104b0f1daf..f69ef41648e 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -34,10 +34,10 @@ jobs: skopeo copy --all docker://docker.io/envoyproxy/gateway-dev:${{ env.sha_short }} docker://docker.io/envoyproxy/gateway:${{ env.release_tag }} - name: Generate Release Artifacts - run: make generate-artifacts IMAGE=envoyproxy/gateway TAG=${{ env.release_tag }} OUTPUT_DIR=release-artifacts + run: IMAGE_PULL_POLICY=IfNotPresent make generate-artifacts IMAGE=envoyproxy/gateway TAG=${{ env.release_tag }} OUTPUT_DIR=release-artifacts - name: Build and Push EG Release Helm Chart - run: OCI_REGISTRY=oci://docker.io/envoyproxy CHART_VERSION=${{ env.release_tag }} IMAGE=docker.io/envoyproxy/gateway TAG=${{ env.release_tag }} make helm-package helm-push + run: IMAGE_PULL_POLICY=IfNotPresent OCI_REGISTRY=oci://docker.io/envoyproxy CHART_VERSION=${{ env.release_tag }} IMAGE=docker.io/envoyproxy/gateway TAG=${{ env.release_tag }} make helm-package helm-push - name: Upload Release Manifests uses: softprops/action-gh-release@9d7c94cfd0a1f3ed45544c887983e9fa900f0564 # v0.1.15 diff --git a/charts/gateway-helm/values.tmpl.yaml b/charts/gateway-helm/values.tmpl.yaml index 5ebcd1f3438..c0dbfaa762a 100644 --- a/charts/gateway-helm/values.tmpl.yaml +++ b/charts/gateway-helm/values.tmpl.yaml @@ -3,7 +3,7 @@ deployment: image: repository: ${ImageRepository} tag: '${ImageTag}' - imagePullPolicy: IfNotPresent + imagePullPolicy: ${ImagePullPolicy} imagePullSecrets: [] resources: limits: diff --git a/go.mod b/go.mod index ba3e100d73a..bd953f83fe5 100644 --- a/go.mod +++ b/go.mod @@ -6,9 +6,9 @@ require ( fortio.org/fortio v1.63.7 fortio.org/log v1.12.2 github.com/Masterminds/semver/v3 v3.2.1 - github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa + github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b github.com/davecgh/go-spew v1.1.1 - github.com/envoyproxy/go-control-plane v0.12.1-0.20240410145647-bdba4bba15fc + github.com/envoyproxy/go-control-plane v0.12.1-0.20240425230418-212e93054f1a github.com/envoyproxy/ratelimit v1.4.1-0.20230427142404-e2a87f41d3a7 github.com/evanphx/json-patch/v5 v5.9.0 github.com/fatih/color v1.16.0 @@ -56,6 +56,7 @@ require ( ) require ( + cel.dev/expr v0.15.0 // indirect fortio.org/dflag v1.7.1 // indirect fortio.org/sets v1.0.4 // indirect fortio.org/struct2env v0.4.0 // indirect diff --git a/go.sum b/go.sum index 0d42859e767..e831080cc91 100644 --- a/go.sum +++ b/go.sum @@ -1,3 +1,5 @@ +cel.dev/expr v0.15.0 h1:O1jzfJCQBfL5BFoYktaxwIhuttaQPsVWerH9/EEKx0w= +cel.dev/expr v0.15.0/go.mod h1:TRSuuV7DlVCE/uwv5QbAiW/v8l5O8C4eEPHeu7gf7Sg= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= @@ -96,8 +98,8 @@ github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWR github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa h1:jQCWAUqqlij9Pgj2i/PB79y4KOPYVyFYdROxgaCwdTQ= -github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa/go.mod h1:x/1Gn8zydmfq8dk6e9PdstVsDgu9RuyIIJqAaF//0IM= +github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b h1:ga8SEFjZ60pxLcmhnThWgvH2wg8376yUJmPhEH4H3kw= +github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= @@ -167,8 +169,8 @@ github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.12.1-0.20240410145647-bdba4bba15fc h1:FJoupBhZkbUXmzGxgAic3rEHeZf8jgvREB7uMfBI23w= -github.com/envoyproxy/go-control-plane v0.12.1-0.20240410145647-bdba4bba15fc/go.mod h1:Dj0RQ153G7gNYzcQCihXUreYTQbuJNuL7IT7v9+jTr4= +github.com/envoyproxy/go-control-plane v0.12.1-0.20240425230418-212e93054f1a h1:OmSlDWdXUzNgoMWOtrcEAmiO9BxTt6cGotwz7cZwIyw= +github.com/envoyproxy/go-control-plane v0.12.1-0.20240425230418-212e93054f1a/go.mod h1:5Wkq+JduFtdAXihLmeTJf+tRYIT4KBc2vPXDhwVo1pA= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A= github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew= diff --git a/internal/xds/translator/cors.go b/internal/xds/translator/cors.go index 6090bc21689..f5a83308722 100644 --- a/internal/xds/translator/cors.go +++ b/internal/xds/translator/cors.go @@ -16,8 +16,8 @@ import ( hcmv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" matcherv3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" - "github.com/golang/protobuf/ptypes/wrappers" "google.golang.org/protobuf/types/known/anypb" + "google.golang.org/protobuf/types/known/wrapperspb" "github.com/envoyproxy/gateway/internal/ir" "github.com/envoyproxy/gateway/internal/xds/types" @@ -125,7 +125,7 @@ func (*cors) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error { allowHeaders string exposeHeaders string maxAge string - allowCredentials *wrappers.BoolValue + allowCredentials *wrapperspb.BoolValue c = irRoute.Security.CORS ) @@ -141,7 +141,7 @@ func (*cors) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error { if c.MaxAge != nil { maxAge = strconv.Itoa(int(c.MaxAge.Seconds())) } - allowCredentials = &wrappers.BoolValue{Value: c.AllowCredentials} + allowCredentials = &wrapperspb.BoolValue{Value: c.AllowCredentials} routeCfgProto := &corsv3.CorsPolicy{ AllowOriginStringMatch: allowOrigins, @@ -150,7 +150,7 @@ func (*cors) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error { ExposeHeaders: exposeHeaders, MaxAge: maxAge, AllowCredentials: allowCredentials, - ForwardNotMatchingPreflights: &wrappers.BoolValue{Value: false}, + ForwardNotMatchingPreflights: &wrapperspb.BoolValue{Value: false}, } routeCfgAny, err := anypb.New(routeCfgProto) diff --git a/internal/xds/translator/extauth.go b/internal/xds/translator/extauth.go index ead7ceccdf9..0d8edfce242 100644 --- a/internal/xds/translator/extauth.go +++ b/internal/xds/translator/extauth.go @@ -14,8 +14,8 @@ import ( extauthv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v3" hcmv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" matcherv3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" - "github.com/golang/protobuf/ptypes/duration" "google.golang.org/protobuf/types/known/anypb" + "google.golang.org/protobuf/types/known/durationpb" "github.com/envoyproxy/gateway/internal/ir" "github.com/envoyproxy/gateway/internal/xds/types" @@ -132,7 +132,7 @@ func extAuthConfig(extAuth *ir.ExtAuth) *extauthv3.ExtAuthz { TargetSpecifier: &corev3.GrpcService_EnvoyGrpc_{ EnvoyGrpc: grpcService(extAuth.GRPC), }, - Timeout: &duration.Duration{ + Timeout: &durationpb.Duration{ Seconds: defaultExtServiceRequestTimeout, }, }, @@ -168,7 +168,7 @@ func httpService(http *ir.HTTPExtAuthService) *extauthv3.HttpService { HttpUpstreamType: &corev3.HttpUri_Cluster{ Cluster: http.Destination.Name, }, - Timeout: &duration.Duration{ + Timeout: &durationpb.Duration{ Seconds: defaultExtServiceRequestTimeout, }, } diff --git a/internal/xds/translator/extproc.go b/internal/xds/translator/extproc.go index c31185211d4..9a397484ed9 100644 --- a/internal/xds/translator/extproc.go +++ b/internal/xds/translator/extproc.go @@ -16,7 +16,6 @@ import ( "github.com/envoyproxy/gateway/internal/ir" "github.com/envoyproxy/gateway/internal/xds/types" - "github.com/golang/protobuf/ptypes/duration" "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/durationpb" ) @@ -104,7 +103,7 @@ func extProcConfig(extProc ir.ExtProc) *extprocv3.ExternalProcessor { TargetSpecifier: &corev3.GrpcService_EnvoyGrpc_{ EnvoyGrpc: grpcExtProcService(extProc), }, - Timeout: &duration.Duration{ + Timeout: &durationpb.Duration{ Seconds: defaultExtServiceRequestTimeout, }, }, diff --git a/internal/xds/translator/listener.go b/internal/xds/translator/listener.go index af81f20aa89..64004c9460b 100644 --- a/internal/xds/translator/listener.go +++ b/internal/xds/translator/listener.go @@ -24,7 +24,6 @@ import ( typev3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" "github.com/envoyproxy/go-control-plane/pkg/resource/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" - "github.com/golang/protobuf/ptypes/wrappers" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/durationpb" @@ -85,13 +84,13 @@ func http2ProtocolOptions(opts *ir.HTTP2Settings) *corev3.Http2ProtocolOptions { } return &corev3.Http2ProtocolOptions{ - MaxConcurrentStreams: &wrappers.UInt32Value{ + MaxConcurrentStreams: &wrapperspb.UInt32Value{ Value: ptr.Deref(opts.MaxConcurrentStreams, http2MaxConcurrentStreamsLimit), }, - InitialStreamWindowSize: &wrappers.UInt32Value{ + InitialStreamWindowSize: &wrapperspb.UInt32Value{ Value: ptr.Deref(opts.InitialStreamWindowSize, http2InitialStreamWindowSize), }, - InitialConnectionWindowSize: &wrappers.UInt32Value{ + InitialConnectionWindowSize: &wrapperspb.UInt32Value{ Value: ptr.Deref(opts.InitialConnectionWindowSize, http2InitialConnectionWindowSize), }, } @@ -251,7 +250,7 @@ func (t *Translator) addHCMToXDSListener(xdsListener *listenerv3.Listener, irLis // Set it by default to also support HTTP1.1 to HTTP2 Upgrades Http2ProtocolOptions: http2ProtocolOptions(irListener.HTTP2), // https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for - UseRemoteAddress: &wrappers.BoolValue{Value: useRemoteAddress}, + UseRemoteAddress: &wrapperspb.BoolValue{Value: useRemoteAddress}, XffNumTrustedHops: xffNumTrustedHops(irListener.ClientIPDetection), OriginalIpDetectionExtensions: originalIPDetectionExtensions, // normalize paths according to RFC 3986 @@ -508,7 +507,7 @@ func buildDownstreamQUICTransportSocket(tlsConfig *ir.TLSConfig) (*corev3.Transp } if tlsConfig.CACertificate != nil { - tlsCtx.DownstreamTlsContext.RequireClientCertificate = &wrappers.BoolValue{Value: true} + tlsCtx.DownstreamTlsContext.RequireClientCertificate = &wrapperspb.BoolValue{Value: true} tlsCtx.DownstreamTlsContext.CommonTlsContext.ValidationContextType = &tlsv3.CommonTlsContext_ValidationContextSdsSecretConfig{ ValidationContextSdsSecretConfig: &tlsv3.SdsSecretConfig{ Name: tlsConfig.CACertificate.Name, @@ -548,7 +547,7 @@ func buildXdsDownstreamTLSSocket(tlsConfig *ir.TLSConfig) (*corev3.TransportSock } if tlsConfig.CACertificate != nil { - tlsCtx.RequireClientCertificate = &wrappers.BoolValue{Value: tlsConfig.RequireClientCertificate} + tlsCtx.RequireClientCertificate = &wrapperspb.BoolValue{Value: tlsConfig.RequireClientCertificate} tlsCtx.CommonTlsContext.ValidationContextType = &tlsv3.CommonTlsContext_ValidationContextSdsSecretConfig{ ValidationContextSdsSecretConfig: &tlsv3.SdsSecretConfig{ Name: tlsConfig.CACertificate.Name, diff --git a/internal/xds/translator/local_ratelimit.go b/internal/xds/translator/local_ratelimit.go index adbcca6e749..688461e9fa2 100644 --- a/internal/xds/translator/local_ratelimit.go +++ b/internal/xds/translator/local_ratelimit.go @@ -15,9 +15,8 @@ import ( localrlv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/local_ratelimit/v3" hcmv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" typev3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" - "github.com/golang/protobuf/ptypes/duration" - "github.com/golang/protobuf/ptypes/wrappers" "google.golang.org/protobuf/types/known/anypb" + "google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/wrapperspb" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" @@ -169,7 +168,7 @@ func (*localRateLimit) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) e // won't consume the default token bucket. This means that a request only // counts towards the default token bucket if it does not match any of the // descriptors. - AlwaysConsumeDefaultTokenBucket: &wrappers.BoolValue{ + AlwaysConsumeDefaultTokenBucket: &wrapperspb.BoolValue{ Value: false, }, } @@ -285,7 +284,7 @@ func buildRouteLocalRateLimits(local *ir.LocalRateLimit) ( return rateLimits, descriptors, nil } -func ratelimitUnitToDuration(unit ir.RateLimitUnit) *duration.Duration { +func ratelimitUnitToDuration(unit ir.RateLimitUnit) *durationpb.Duration { var seconds int64 switch egv1a1.RateLimitUnit(unit) { @@ -298,7 +297,7 @@ func ratelimitUnitToDuration(unit ir.RateLimitUnit) *duration.Duration { case egv1a1.RateLimitUnitDay: seconds = 60 * 60 * 24 } - return &duration.Duration{ + return &durationpb.Duration{ Seconds: seconds, } } diff --git a/internal/xds/translator/oidc.go b/internal/xds/translator/oidc.go index d005f4b4914..183fb7944aa 100644 --- a/internal/xds/translator/oidc.go +++ b/internal/xds/translator/oidc.go @@ -15,8 +15,8 @@ import ( hcmv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" tlsv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" matcherv3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" - "github.com/golang/protobuf/ptypes/duration" "google.golang.org/protobuf/types/known/anypb" + "google.golang.org/protobuf/types/known/durationpb" "k8s.io/utils/ptr" "github.com/envoyproxy/gateway/internal/ir" @@ -121,7 +121,7 @@ func oauth2Config(oidc *ir.OIDC) (*oauth2v3.OAuth2, error) { HttpUpstreamType: &corev3.HttpUri_Cluster{ Cluster: cluster.name, }, - Timeout: &duration.Duration{ + Timeout: &durationpb.Duration{ Seconds: defaultExtServiceRequestTimeout, }, }, diff --git a/internal/xds/translator/wasm.go b/internal/xds/translator/wasm.go index 4d358d707f7..1e096318df8 100644 --- a/internal/xds/translator/wasm.go +++ b/internal/xds/translator/wasm.go @@ -13,8 +13,8 @@ import ( wasmfilterv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/wasm/v3" hcmv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" wasmv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/wasm/v3" - "github.com/golang/protobuf/ptypes/duration" "google.golang.org/protobuf/types/known/anypb" + "google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/wrapperspb" "github.com/envoyproxy/gateway/internal/ir" @@ -138,7 +138,7 @@ func wasmConfig(wasm ir.Wasm) (*wasmfilterv3.Wasm, error) { HttpUpstreamType: &corev3.HttpUri_Cluster{ Cluster: uc.name, }, - Timeout: &duration.Duration{ + Timeout: &durationpb.Duration{ Seconds: defaultExtServiceRequestTimeout, }, }, diff --git a/site/content/en/latest/install/api.md b/site/content/en/latest/install/api.md index b156702164a..36fe24f6e5b 100644 --- a/site/content/en/latest/install/api.md +++ b/site/content/en/latest/install/api.md @@ -33,8 +33,8 @@ The Helm chart for Envoy Gateway | config.envoyGateway.logging.level.default | string | `"info"` | | | config.envoyGateway.provider.type | string | `"Kubernetes"` | | | createNamespace | bool | `false` | | -| deployment.envoyGateway.image.repository | string | `"${ImageRepository}"` | | -| deployment.envoyGateway.image.tag | string | `"${ImageTag}"` | | +| deployment.envoyGateway.image.repository | string | `"docker.io/envoyproxy/gateway"` | | +| deployment.envoyGateway.image.tag | string | `"latest"` | | | deployment.envoyGateway.imagePullPolicy | string | `"IfNotPresent"` | | | deployment.envoyGateway.imagePullSecrets | list | `[]` | | | deployment.envoyGateway.resources.limits.cpu | string | `"500m"` | | diff --git a/test/e2e/base/manifests.yaml b/test/e2e/base/manifests.yaml index 1f456581e47..92a1c6e0a9d 100644 --- a/test/e2e/base/manifests.yaml +++ b/test/e2e/base/manifests.yaml @@ -94,7 +94,12 @@ spec: ports: - protocol: TCP port: 8080 + name: http11 targetPort: 3000 + - protocol: TCP + port: 8081 + name: http2 + targetPort: 3001 --- apiVersion: apps/v1 kind: Deployment diff --git a/test/e2e/testdata/use-client-protocol.yaml b/test/e2e/testdata/use-client-protocol.yaml new file mode 100644 index 00000000000..c624da1bc17 --- /dev/null +++ b/test/e2e/testdata/use-client-protocol.yaml @@ -0,0 +1,36 @@ +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: BackendTrafficPolicy +metadata: + name: use-client-protocol-btp + namespace: gateway-conformance-infra +spec: + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: use-client-protocol + namespace: gateway-conformance-infra + useClientProtocol: true +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: use-client-protocol + namespace: gateway-conformance-infra +spec: + parentRefs: + - name: same-namespace + rules: + - matches: + - path: + type: PathPrefix + value: /http11 + backendRefs: + - name: infra-backend-v1 + port: 8080 + - matches: + - path: + type: PathPrefix + value: /http2 + backendRefs: + - name: infra-backend-v1 + port: 8081 diff --git a/test/e2e/tests/use_client_protocol.go b/test/e2e/tests/use_client_protocol.go new file mode 100644 index 00000000000..1ea6029bf4f --- /dev/null +++ b/test/e2e/tests/use_client_protocol.go @@ -0,0 +1,129 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +//go:build e2e +// +build e2e + +package tests + +import ( + "testing" + + "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/gateway-api/conformance/utils/http" + "sigs.k8s.io/gateway-api/conformance/utils/kubernetes" + "sigs.k8s.io/gateway-api/conformance/utils/roundtripper" + "sigs.k8s.io/gateway-api/conformance/utils/suite" +) + +func init() { + ConformanceTests = append(ConformanceTests, UseClientProtocolTest) +} + +var UseClientProtocolTest = suite.ConformanceTest{ + ShortName: "UseClientProtocol", + Description: "Test that the UseClientProtocol knob does what it's supposed to", + Manifests: []string{"testdata/use-client-protocol.yaml"}, + Test: func(t *testing.T, suite *suite.ConformanceTestSuite) { + t.Run("use client protocol", func(t *testing.T) { + ns := "gateway-conformance-infra" + routeNN := types.NamespacedName{Name: "use-client-protocol", Namespace: ns} + gwNN := types.NamespacedName{Name: "same-namespace", Namespace: ns} + gwAddr := kubernetes.GatewayAndHTTPRoutesMustBeAccepted(t, suite.Client, suite.TimeoutConfig, suite.ControllerName, kubernetes.NewGatewayRef(gwNN), routeNN) + + // Send an http/1.1 request to the /http11 path + expectedResponse := http.ExpectedResponse{ + Request: http.Request{ + Path: "/http11/headers", + }, + Response: http.Response{ + StatusCode: 200, + }, + Namespace: ns, + } + + req := http.MakeRequest(t, &expectedResponse, gwAddr, "HTTP", "http") + cReq, cResp, err := suite.RoundTripper.CaptureRoundTrip(req) + if err != nil { + t.Errorf("failed to get expected response: %v", err) + } + + if err := http.CompareRequest(t, &req, cReq, cResp, expectedResponse); err != nil { + t.Errorf("failed to compare request and response: %v", err) + } + if cReq.Protocol != "HTTP/1.1" { + t.Errorf("expected http/1.1 protocol, got %s", cReq.Protocol) + } + + // Send an http/1.1 request to the http/2 path + expectedResponse = http.ExpectedResponse{ + Request: http.Request{ + Path: "/http2/headers", + }, + Response: http.Response{ + StatusCode: 400, + }, + Namespace: ns, + } + + req = http.MakeRequest(t, &expectedResponse, gwAddr, "HTTP", "http") + cReq, cResp, err = suite.RoundTripper.CaptureRoundTrip(req) + if err != nil { + t.Errorf("failed to get expected response: %v", err) + } + + if err := http.CompareRequest(t, &req, cReq, cResp, expectedResponse); err != nil { + t.Errorf("failed to compare request and response: %v", err) + } + + // Send an http/2 request to the /http2 path + expectedResponse = http.ExpectedResponse{ + Request: http.Request{ + Path: "/http2/headers", + Protocol: roundtripper.H2CPriorKnowledgeProtocol, + }, + Response: http.Response{ + StatusCode: 200, + }, + Namespace: ns, + } + + req = http.MakeRequest(t, &expectedResponse, gwAddr, "HTTP", "http") + cReq, cResp, err = suite.RoundTripper.CaptureRoundTrip(req) + if err != nil { + t.Errorf("failed to get expected response: %v", err) + } + + if err := http.CompareRequest(t, &req, cReq, cResp, expectedResponse); err != nil { + t.Errorf("failed to compare request and response: %v", err) + } + if cReq.Protocol != "HTTP/2.0" { + t.Errorf("expected http/2.0 protocol, got %s", cReq.Protocol) + } + + // Send an http/2 request to the http/1.1 path + expectedResponse = http.ExpectedResponse{ + Request: http.Request{ + Path: "/http11/headers", + Protocol: roundtripper.H2CPriorKnowledgeProtocol, + }, + Response: http.Response{ + StatusCode: 502, + }, + Namespace: ns, + } + + req = http.MakeRequest(t, &expectedResponse, gwAddr, "HTTP", "http") + cReq, cResp, err = suite.RoundTripper.CaptureRoundTrip(req) + if err != nil { + t.Errorf("failed to get expected response: %v", err) + } + + if err := http.CompareRequest(t, &req, cReq, cResp, expectedResponse); err != nil { + t.Errorf("failed to compare request and response: %v", err) + } + }) + }, +} diff --git a/tools/make/common.mk b/tools/make/common.mk index 7c5ffa85cda..84865267e6c 100644 --- a/tools/make/common.mk +++ b/tools/make/common.mk @@ -26,7 +26,7 @@ RELEASE_VERSION=$(shell cat VERSION) # Set Root Directory Path ifeq ($(origin ROOT_DIR),undefined) -ROOT_DIR := $(abspath $(shell pwd -P)) +ROOT_DIR := $(abspath $(shell pwd -P)) endif # Set Output Directory Path @@ -119,7 +119,7 @@ export USAGE_OPTIONS .PHONY: generate generate: ## Generate go code from templates and tags -generate: kube-generate helm-generate helm-template go.generate docs-api +generate: kube-generate docs-api helm-generate helm-template go.generate ## help: Show this help info. .PHONY: help diff --git a/tools/make/docs.mk b/tools/make/docs.mk index d280c2c1410..4cec8e458bd 100644 --- a/tools/make/docs.mk +++ b/tools/make/docs.mk @@ -37,7 +37,8 @@ docs-api: docs-api-gen helm-readme-gen docs-api-headings .PHONY: helm-readme-gen helm-readme-gen: $(tools/helm-docs) @$(LOG_TARGET) - $(tools/helm-docs) charts/gateway-helm/ -f values.tmpl.yaml -o api.md + @ImageRepository=docker.io/envoyproxy/gateway ImageTag=latest ImagePullPolicy=IfNotPresent envsubst < charts/gateway-helm/values.tmpl.yaml > ./charts/gateway-helm/values.yaml # use production ENV to generate helm api doc + $(tools/helm-docs) charts/gateway-helm/ -f values.yaml -o api.md mv charts/gateway-helm/api.md site/content/en/latest/install/api.md .PHONY: docs-api-gen diff --git a/tools/make/helm.mk b/tools/make/helm.mk index 6687e0fccc3..5ca7d1c8612 100644 --- a/tools/make/helm.mk +++ b/tools/make/helm.mk @@ -4,6 +4,7 @@ include tools/make/env.mk +IMAGE_PULL_POLICY ?= IfNotPresent OCI_REGISTRY ?= oci://docker.io/envoyproxy CHART_NAME ?= gateway-helm CHART_VERSION ?= ${RELEASE_VERSION} @@ -25,8 +26,9 @@ helm-install: helm-generate ## Install envoy gateway helm chart from OCI registr @$(LOG_TARGET) helm install eg ${OCI_REGISTRY}/${CHART_NAME} --version ${CHART_VERSION} -n envoy-gateway-system --create-namespace +.PHONY: helm-generate helm-generate: - ImageRepository=${IMAGE} ImageTag=${TAG} envsubst < charts/gateway-helm/values.tmpl.yaml > ./charts/gateway-helm/values.yaml + ImageRepository=${IMAGE} ImageTag=${TAG} ImagePullPolicy=${IMAGE_PULL_POLICY} envsubst < charts/gateway-helm/values.tmpl.yaml > ./charts/gateway-helm/values.yaml helm lint charts/gateway-helm helm-template: ## Template envoy gateway helm chart. diff --git a/tools/make/kube.mk b/tools/make/kube.mk index 8d8c96a76d2..eec42ea2395 100644 --- a/tools/make/kube.mk +++ b/tools/make/kube.mk @@ -62,8 +62,6 @@ ifndef ignore-not-found ignore-not-found = true endif -IMAGE_PULL_POLICY ?= Always - .PHONY: kube-deploy kube-deploy: manifests helm-generate ## Install Envoy Gateway into the Kubernetes cluster specified in ~/.kube/config. @$(LOG_TARGET) @@ -225,7 +223,7 @@ generate-manifests: helm-generate ## Generate Kubernetes release manifests. @$(LOG_TARGET) @$(call log, "Generating kubernetes manifests") mkdir -p $(OUTPUT_DIR)/ - helm template --set createNamespace=true eg charts/gateway-helm --include-crds --set deployment.envoyGateway.imagePullPolicy=$(IMAGE_PULL_POLICY) --namespace envoy-gateway-system > $(OUTPUT_DIR)/install.yaml + helm template --set createNamespace=true eg charts/gateway-helm --include-crds --namespace envoy-gateway-system > $(OUTPUT_DIR)/install.yaml @$(call log, "Added: $(OUTPUT_DIR)/install.yaml") cp examples/kubernetes/quickstart.yaml $(OUTPUT_DIR)/quickstart.yaml @$(call log, "Added: $(OUTPUT_DIR)/quickstart.yaml")