From f467007ccf6ad27737b51395a0ad0af7c8f0e8aa Mon Sep 17 00:00:00 2001 From: shahar-h Date: Thu, 12 Dec 2024 02:54:49 +0200 Subject: [PATCH 1/2] ci: ignore vulnerabilities on license scan (#4895) * ci: ignore vulnerabilities on license scan Signed-off-by: Shahar Harari * remove space Signed-off-by: Shahar Harari * remove osv-scanner.toml Signed-off-by: Shahar Harari --------- Signed-off-by: Shahar Harari --- .github/workflows/license-scan.yml | 1 + .../osv-scanner/license-scan-config.toml | 5 +++++ 2 files changed, 6 insertions(+) rename osv-scanner.toml => tools/osv-scanner/license-scan-config.toml (96%) diff --git a/.github/workflows/license-scan.yml b/.github/workflows/license-scan.yml index 649f27fe979..834515bbeb0 100644 --- a/.github/workflows/license-scan.yml +++ b/.github/workflows/license-scan.yml @@ -23,4 +23,5 @@ jobs: scan-args: |- --skip-git --experimental-licenses=Apache-2.0,BSD-2-Clause,BSD-2-Clause-FreeBSD,BSD-3-Clause,MIT,ISC,Python-2.0,PostgreSQL,X11,Zlib + --config tools/osv-scanner/license-scan-config.yaml ./ diff --git a/osv-scanner.toml b/tools/osv-scanner/license-scan-config.toml similarity index 96% rename from osv-scanner.toml rename to tools/osv-scanner/license-scan-config.toml index 9d5626b71ec..79a579ff7f8 100644 --- a/osv-scanner.toml +++ b/tools/osv-scanner/license-scan-config.toml @@ -1,3 +1,8 @@ +# Ignore vulnerabilities on license scan +[[PackageOverrides]] +ecosystem = "Go" +vulnerability.ignore = true + [[PackageOverrides]] name = "github.com/AdaLogics/go-fuzz-headers" version = "0.0.0-20230811130428-ced1acdcaa24" From a41f1f1c1c3d3bcb0d6e55dc678ded2c444c4dcc Mon Sep 17 00:00:00 2001 From: Kevin Date: Thu, 12 Dec 2024 09:57:07 +0900 Subject: [PATCH 2/2] docs: customize envoyproxy dualstack (#4639) * docs: customize envoyproxy dualstack Signed-off-by: Juwon Hwang (Kevin) * docs: customize envoyproxy dualstack Signed-off-by: Juwon Hwang (Kevin) * docs: customize envoyproxy dualstack Signed-off-by: Juwon Hwang (Kevin) --------- Signed-off-by: Juwon Hwang (Kevin) --- .../tasks/operations/customize-envoyproxy.md | 53 +++++++++++++++++-- .../tasks/operations/customize-envoyproxy.md | 53 +++++++++++++++++-- .../tasks/operations/customize-envoyproxy.md | 53 +++++++++++++++++-- 3 files changed, 150 insertions(+), 9 deletions(-) diff --git a/site/content/en/docs/tasks/operations/customize-envoyproxy.md b/site/content/en/docs/tasks/operations/customize-envoyproxy.md index 55ea32557c7..9c5ab5fe177 100644 --- a/site/content/en/docs/tasks/operations/customize-envoyproxy.md +++ b/site/content/en/docs/tasks/operations/customize-envoyproxy.md @@ -720,12 +720,12 @@ spec: {{% /tab %}} {{< /tabpane >}} -You can use [egctl translate][] +You can use [egctl x translate][] to get the default xDS Bootstrap configuration used by Envoy Gateway. After applying the config, the bootstrap config will be overridden by the new config you provided. Any errors in the configuration will be surfaced as status within the `GatewayClass` resource. -You can also validate this configuration using [egctl translate][]. +You can also validate this configuration using [egctl x translate][]. ## Customize EnvoyProxy Horizontal Pod Autoscaler @@ -1043,6 +1043,53 @@ spec: {{% /tab %}} {{< /tabpane >}} +## Customize EnvoyProxy IP Family + +You can customize the IP family configuration for EnvoyProxy via the EnvoyProxy Config. +This allows the Envoy Proxy fleet to serve external clients over IPv4 as well as IPv6. + +The below configuration sets the `ipFamily` to `DualStack` to allow ingressing IPv4 as well as IPv6 traffic. + +**Note**: Envoy Gateway relies on the [Service](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) spec of the BackendRef resource (linked to xRoutes) to decide which type of IP addresses to use to route to them. + +{{< tabpane text=true >}} +{{% tab header="Apply from stdin" %}} + +```shell +cat <}} + +After applying the config, the EnvoyProxy deployment will be configured to use the specified IP family. When set to `DualStack`, both IPv4 and IPv6 networking will be enabled. + +**Note**: Your cluster must support the selected IP family configuration. For DualStack support, ensure your Kubernetes cluster is properly configured for dual-stack networking. + [Gateway API documentation]: https://gateway-api.sigs.k8s.io/ [EnvoyProxy]: ../../../api/extension_types#envoyproxy -[egctl translate]: ../egctl/#validating-gateway-api-configuration +[egctl x translate]: ../operations/egctl#egctl-experimental-translate \ No newline at end of file diff --git a/site/content/en/latest/tasks/operations/customize-envoyproxy.md b/site/content/en/latest/tasks/operations/customize-envoyproxy.md index 55ea32557c7..9c5ab5fe177 100644 --- a/site/content/en/latest/tasks/operations/customize-envoyproxy.md +++ b/site/content/en/latest/tasks/operations/customize-envoyproxy.md @@ -720,12 +720,12 @@ spec: {{% /tab %}} {{< /tabpane >}} -You can use [egctl translate][] +You can use [egctl x translate][] to get the default xDS Bootstrap configuration used by Envoy Gateway. After applying the config, the bootstrap config will be overridden by the new config you provided. Any errors in the configuration will be surfaced as status within the `GatewayClass` resource. -You can also validate this configuration using [egctl translate][]. +You can also validate this configuration using [egctl x translate][]. ## Customize EnvoyProxy Horizontal Pod Autoscaler @@ -1043,6 +1043,53 @@ spec: {{% /tab %}} {{< /tabpane >}} +## Customize EnvoyProxy IP Family + +You can customize the IP family configuration for EnvoyProxy via the EnvoyProxy Config. +This allows the Envoy Proxy fleet to serve external clients over IPv4 as well as IPv6. + +The below configuration sets the `ipFamily` to `DualStack` to allow ingressing IPv4 as well as IPv6 traffic. + +**Note**: Envoy Gateway relies on the [Service](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) spec of the BackendRef resource (linked to xRoutes) to decide which type of IP addresses to use to route to them. + +{{< tabpane text=true >}} +{{% tab header="Apply from stdin" %}} + +```shell +cat <}} + +After applying the config, the EnvoyProxy deployment will be configured to use the specified IP family. When set to `DualStack`, both IPv4 and IPv6 networking will be enabled. + +**Note**: Your cluster must support the selected IP family configuration. For DualStack support, ensure your Kubernetes cluster is properly configured for dual-stack networking. + [Gateway API documentation]: https://gateway-api.sigs.k8s.io/ [EnvoyProxy]: ../../../api/extension_types#envoyproxy -[egctl translate]: ../egctl/#validating-gateway-api-configuration +[egctl x translate]: ../operations/egctl#egctl-experimental-translate \ No newline at end of file diff --git a/site/content/en/v1.2/tasks/operations/customize-envoyproxy.md b/site/content/en/v1.2/tasks/operations/customize-envoyproxy.md index 55ea32557c7..9c5ab5fe177 100644 --- a/site/content/en/v1.2/tasks/operations/customize-envoyproxy.md +++ b/site/content/en/v1.2/tasks/operations/customize-envoyproxy.md @@ -720,12 +720,12 @@ spec: {{% /tab %}} {{< /tabpane >}} -You can use [egctl translate][] +You can use [egctl x translate][] to get the default xDS Bootstrap configuration used by Envoy Gateway. After applying the config, the bootstrap config will be overridden by the new config you provided. Any errors in the configuration will be surfaced as status within the `GatewayClass` resource. -You can also validate this configuration using [egctl translate][]. +You can also validate this configuration using [egctl x translate][]. ## Customize EnvoyProxy Horizontal Pod Autoscaler @@ -1043,6 +1043,53 @@ spec: {{% /tab %}} {{< /tabpane >}} +## Customize EnvoyProxy IP Family + +You can customize the IP family configuration for EnvoyProxy via the EnvoyProxy Config. +This allows the Envoy Proxy fleet to serve external clients over IPv4 as well as IPv6. + +The below configuration sets the `ipFamily` to `DualStack` to allow ingressing IPv4 as well as IPv6 traffic. + +**Note**: Envoy Gateway relies on the [Service](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) spec of the BackendRef resource (linked to xRoutes) to decide which type of IP addresses to use to route to them. + +{{< tabpane text=true >}} +{{% tab header="Apply from stdin" %}} + +```shell +cat <}} + +After applying the config, the EnvoyProxy deployment will be configured to use the specified IP family. When set to `DualStack`, both IPv4 and IPv6 networking will be enabled. + +**Note**: Your cluster must support the selected IP family configuration. For DualStack support, ensure your Kubernetes cluster is properly configured for dual-stack networking. + [Gateway API documentation]: https://gateway-api.sigs.k8s.io/ [EnvoyProxy]: ../../../api/extension_types#envoyproxy -[egctl translate]: ../egctl/#validating-gateway-api-configuration +[egctl x translate]: ../operations/egctl#egctl-experimental-translate \ No newline at end of file