From 9a3f8f79c42fd1fabb8c10d8e037752aa1526763 Mon Sep 17 00:00:00 2001 From: Arko Dasgupta Date: Tue, 10 Sep 2024 05:34:21 -0700 Subject: [PATCH] [release/v1.1] Cherry-pick commits for v1.1.1 (#4173) * bugfix: fix upstream get unwanted /. (#3990) * bugfix: fix upstream get unwanted /. Signed-off-by: qicz * ut for bugfix Signed-off-by: qicz --------- Signed-off-by: qicz Co-authored-by: Xunzhuo (cherry picked from commit b77f6a4e654786d1f8c9b3ee2c351472dd71209d) Signed-off-by: Arko Dasgupta * feat: gateway http listener isolation (#4000) Signed-off-by: Kobi Levi (cherry picked from commit 97830e99556745f6003208b2ad33b30e9c711988) Signed-off-by: Arko Dasgupta * fix: multiple reference grants in same namespace (#4008) * fix: multiple reference grants in same namespace Signed-off-by: Ardika Bagus * test: add e2e test Signed-off-by: Ardika Bagus * chore: wrong service port Signed-off-by: Ardika Bagus --------- Signed-off-by: Ardika Bagus (cherry picked from commit b82f4b24791ea5fdf9e498da6d35cd123d7846bf) Signed-off-by: Arko Dasgupta * reduce readinessProbe failureThreshold and periodSeconds (#4021) * Reduces time for the endpoint to be removed from the endpointSlice from `30s` (3 * 10) to `5s` (1 * 5) * Since kube-proxy and CNIs rely on this info and so do external LBs like GKE https://cloud.google.com/kubernetes-engine/docs/concepts/service-load-balancer Signed-off-by: Arko Dasgupta (cherry picked from commit 67575b8b7be29ce3ccbf8b20bea18201f6b45a0e) Signed-off-by: Arko Dasgupta * fix: add header values as described in the documentation (#4031) Add header values after splitting the provided value string on ',', like described in the documentation. Signed-off-by: Lior Okman (cherry picked from commit eac30d6002dd4ccf7240a0eab66799b020ff560c) Signed-off-by: Arko Dasgupta * fix ratelimit statsd not working (#4073) fix ratelimit statd not working Signed-off-by: zirain (cherry picked from commit 6ab6482dd7c807e64d4e87d78dfb06c0a1e16731) Signed-off-by: Arko Dasgupta * fix: active http healthcheck documents a default for expected status, but doesn't use it (#4090) If no expected status was explicitly set, use the default value as described in the documentation. Signed-off-by: Lior Okman (cherry picked from commit 0926b38a5abff4d19546bbe780136db5cba2a80a) Signed-off-by: Arko Dasgupta * Fix IsNotFound check for secret and configmap (#4126) fix IsNotFound check for secret and configmap Signed-off-by: TasdidurRahman (cherry picked from commit c20315f554e9522b9f98f337dcb5747b1e8f3495) Signed-off-by: Arko Dasgupta * fix: assign sugar logger name. (#4144) Signed-off-by: qicz Co-authored-by: zirain (cherry picked from commit b50f5fa0273f410dc9270a9c23698110a4266822) Signed-off-by: Arko Dasgupta * use sets and return stable result (#4074) Signed-off-by: zirain (cherry picked from commit 6066f5a6ad65d30f5d2327b03de04361bb6de004) Signed-off-by: Arko Dasgupta * delete internal/gatewayapi/clustersettings.go NA for v1.1 Signed-off-by: Arko Dasgupta * bump to go1.22.7 (#4175) * bump to go1.22.6 Signed-off-by: zirain * bump to 1.22.7 Signed-off-by: zirain --------- Signed-off-by: zirain (cherry picked from commit 69bf8825422db0cb7b34097b8db5dfca19b8d477) Signed-off-by: Arko Dasgupta --------- Signed-off-by: qicz Signed-off-by: Arko Dasgupta Signed-off-by: Kobi Levi Signed-off-by: Ardika Bagus Signed-off-by: Lior Okman Signed-off-by: zirain Signed-off-by: TasdidurRahman Co-authored-by: qi Co-authored-by: Xunzhuo Co-authored-by: Kobi Levi <56400138+levikobi@users.noreply.github.com> Co-authored-by: Ardika Co-authored-by: Lior Okman Co-authored-by: zirain Co-authored-by: Tasdidur Rahman <52253951+TasdidurRahman@users.noreply.github.com> --- examples/extension-server/go.mod | 2 +- .../tools/src/controller-gen/go.mod | 2 +- .../kubernetes/ext-proc-grpc-service.yaml | 2 +- go.mod | 2 +- internal/gatewayapi/backendtrafficpolicy.go | 7 + internal/gatewayapi/conformance/suite.go | 1 - internal/gatewayapi/filters.go | 8 +- internal/gatewayapi/helpers.go | 42 +++- internal/gatewayapi/route.go | 4 +- ...kendtrafficpolicy-with-healthcheck.in.yaml | 42 ++++ ...endtrafficpolicy-with-healthcheck.out.yaml | 114 ++++++++- ...istener-with-hostname-intersection.in.yaml | 65 +++++ ...stener-with-hostname-intersection.out.yaml | 238 ++++++++++++++++++ ...route-with-request-header-modifier.in.yaml | 5 + ...oute-with-request-header-modifier.out.yaml | 13 +- ...h-backendref-add-multiple-filters.out.yaml | 9 +- ...er-duplicate-add-multiple-filters.out.yaml | 9 +- ...with-header-filter-duplicate-adds.out.yaml | 15 +- ...header-filter-empty-header-values.out.yaml | 6 +- ...route-with-mirror-filter-multiple.out.yaml | 9 +- ...-with-response-header-filter-adds.out.yaml | 15 +- ...er-duplicate-add-multiple-filters.out.yaml | 9 +- ...onse-header-filter-duplicate-adds.out.yaml | 15 +- ...header-filter-empty-header-values.out.yaml | 6 +- internal/gatewayapi/tls.go | 7 +- .../kubernetes/proxy/resource.go | 4 +- .../testdata/daemonsets/component-level.yaml | 4 +- .../proxy/testdata/daemonsets/custom.yaml | 4 +- .../testdata/daemonsets/default-env.yaml | 4 +- .../proxy/testdata/daemonsets/default.yaml | 4 +- .../daemonsets/disable-prometheus.yaml | 4 +- .../testdata/daemonsets/extension-env.yaml | 4 +- .../override-labels-and-annotations.yaml | 4 +- .../testdata/daemonsets/patch-daemonset.yaml | 4 +- .../testdata/daemonsets/shutdown-manager.yaml | 4 +- .../proxy/testdata/daemonsets/volumes.yaml | 4 +- .../testdata/daemonsets/with-annotations.yaml | 4 +- .../testdata/daemonsets/with-concurrency.yaml | 4 +- .../testdata/daemonsets/with-extra-args.yaml | 4 +- .../daemonsets/with-image-pull-secrets.yaml | 4 +- .../proxy/testdata/daemonsets/with-name.yaml | 4 +- .../daemonsets/with-node-selector.yaml | 4 +- .../with-topology-spread-constraints.yaml | 4 +- .../proxy/testdata/deployments/bootstrap.yaml | 4 +- .../testdata/deployments/component-level.yaml | 4 +- .../proxy/testdata/deployments/custom.yaml | 4 +- .../custom_with_initcontainers.yaml | 4 +- .../testdata/deployments/default-env.yaml | 4 +- .../proxy/testdata/deployments/default.yaml | 4 +- .../deployments/disable-prometheus.yaml | 4 +- .../testdata/deployments/extension-env.yaml | 4 +- .../override-labels-and-annotations.yaml | 4 +- .../deployments/patch-deployment.yaml | 4 +- .../deployments/shutdown-manager.yaml | 4 +- .../proxy/testdata/deployments/volumes.yaml | 4 +- .../deployments/with-annotations.yaml | 4 +- .../deployments/with-concurrency.yaml | 4 +- .../deployments/with-empty-memory-limits.yaml | 4 +- .../testdata/deployments/with-extra-args.yaml | 4 +- .../deployments/with-image-pull-secrets.yaml | 4 +- .../proxy/testdata/deployments/with-name.yaml | 4 +- .../deployments/with-node-selector.yaml | 4 +- .../with-topology-spread-constraints.yaml | 4 +- .../kubernetes/ratelimit/resource.go | 10 +- .../testdata/deployments/custom.yaml | 8 +- .../testdata/deployments/default-env.yaml | 8 +- .../testdata/deployments/default.yaml | 8 +- .../deployments/disable-prometheus.yaml | 8 +- .../deployments/enable-tracing-custom.yaml | 8 +- .../testdata/deployments/enable-tracing.yaml | 8 +- .../testdata/deployments/extension-env.yaml | 8 +- .../testdata/deployments/override-env.yaml | 6 +- .../deployments/patch-deployment.yaml | 8 +- .../deployments/redis-tls-settings.yaml | 6 +- .../testdata/deployments/tolerations.yaml | 6 +- .../testdata/deployments/volumes.yaml | 6 +- .../deployments/with-node-selector.yaml | 8 +- .../with-topology-spread-constraints.yaml | 8 +- internal/ir/xds.go | 6 +- internal/ir/xds_test.go | 22 +- internal/ir/zz_generated.deepcopy.go | 21 +- internal/logging/log.go | 2 +- internal/logging/log_test.go | 29 +++ internal/provider/kubernetes/controller.go | 36 ++- internal/xds/translator/route.go | 39 +-- .../in/xds-ir/http-route-request-headers.yaml | 20 +- .../http-route-response-add-headers.yaml | 15 +- ...ttp-route-response-add-remove-headers.yaml | 15 +- ...-rewrite-sufixx-with-slash-url-prefix.yaml | 27 ++ ...p-route-weighted-backend-with-filters.yaml | 9 +- .../http-route-request-headers.routes.yaml | 6 + ...sufixx-with-slash-url-prefix.clusters.yaml | 17 ++ ...ufixx-with-slash-url-prefix.endpoints.yaml | 12 + ...ufixx-with-slash-url-prefix.listeners.yaml | 35 +++ ...e-sufixx-with-slash-url-prefix.routes.yaml | 19 ++ site/go.mod | 2 +- ...ferencegrants-same-namespace-services.yaml | 148 +++++++++++ .../multi-referencegrants-same-namespace.yaml | 92 +++++++ test/e2e/tests/referencegrants.go | 79 ++++++ tools/src/buf/go.mod | 2 +- tools/src/controller-gen/go.mod | 2 +- tools/src/crd-ref-docs/go.mod | 2 +- tools/src/gci/go.mod | 2 +- tools/src/golangci-lint/go.mod | 2 +- tools/src/helm-docs/go.mod | 2 +- tools/src/jb/go.mod | 2 +- tools/src/jsonnet/go.mod | 2 +- tools/src/kind/go.mod | 2 +- tools/src/protoc-gen-go-grpc/go.mod | 2 +- tools/src/protoc-gen-go/go.mod | 2 +- tools/src/setup-envtest/go.mod | 2 +- 111 files changed, 1342 insertions(+), 246 deletions(-) create mode 100644 internal/gatewayapi/testdata/gateway-http-listener-with-hostname-intersection.in.yaml create mode 100644 internal/gatewayapi/testdata/gateway-http-listener-with-hostname-intersection.out.yaml create mode 100644 internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.yaml create mode 100644 internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.clusters.yaml create mode 100644 internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.endpoints.yaml create mode 100644 internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.listeners.yaml create mode 100644 internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.routes.yaml create mode 100644 test/e2e/testdata/multi-referencegrants-same-namespace-services.yaml create mode 100644 test/e2e/testdata/multi-referencegrants-same-namespace.yaml create mode 100644 test/e2e/tests/referencegrants.go diff --git a/examples/extension-server/go.mod b/examples/extension-server/go.mod index b5ebd93dce6..91f5323ca58 100644 --- a/examples/extension-server/go.mod +++ b/examples/extension-server/go.mod @@ -1,6 +1,6 @@ module github.com/exampleorg/envoygateway-extension -go 1.22.5 +go 1.22.7 require ( github.com/envoyproxy/gateway v1.0.2 diff --git a/examples/extension-server/tools/src/controller-gen/go.mod b/examples/extension-server/tools/src/controller-gen/go.mod index 3b5da982d27..e1eab3409bc 100644 --- a/examples/extension-server/tools/src/controller-gen/go.mod +++ b/examples/extension-server/tools/src/controller-gen/go.mod @@ -1,6 +1,6 @@ module local -go 1.22.5 +go 1.22.7 require sigs.k8s.io/controller-tools v0.15.0 diff --git a/examples/kubernetes/ext-proc-grpc-service.yaml b/examples/kubernetes/ext-proc-grpc-service.yaml index 23b90b104cb..de94ccf905c 100644 --- a/examples/kubernetes/ext-proc-grpc-service.yaml +++ b/examples/kubernetes/ext-proc-grpc-service.yaml @@ -361,7 +361,7 @@ spec: - sh - "-c" - "cp -a /app /app-live && cd /app-live && go run . --certPath=/app-live/certs/ " - image: golang:1.22.5-alpine + image: golang:1.22.7-alpine ports: - containerPort: 8000 volumeMounts: diff --git a/go.mod b/go.mod index 9f3ccfb9508..6891c1acb2b 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway -go 1.22.5 +go 1.22.7 replace github.com/imdario/mergo => github.com/imdario/mergo v0.3.16 diff --git a/internal/gatewayapi/backendtrafficpolicy.go b/internal/gatewayapi/backendtrafficpolicy.go index 6babdfa81d8..190df4f5dc0 100644 --- a/internal/gatewayapi/backendtrafficpolicy.go +++ b/internal/gatewayapi/backendtrafficpolicy.go @@ -10,6 +10,7 @@ import ( "fmt" "math" "math/big" + "net/http" "sort" "strings" "time" @@ -962,6 +963,12 @@ func (t *Translator) buildHTTPActiveHealthChecker(h *egv1a1.HTTPActiveHealthChec for _, r := range h.ExpectedStatuses { statusSet.Insert(int(r)) } + + // If no ExpectedStatus was set, use the default value (200) + if statusSet.Len() == 0 { + statusSet.Insert(http.StatusOK) + } + irStatuses := make([]ir.HTTPStatus, 0, statusSet.Len()) for _, r := range statusSet.List() { diff --git a/internal/gatewayapi/conformance/suite.go b/internal/gatewayapi/conformance/suite.go index 4637e023779..4fafa008983 100644 --- a/internal/gatewayapi/conformance/suite.go +++ b/internal/gatewayapi/conformance/suite.go @@ -15,7 +15,6 @@ import ( // SkipTests is a list of tests that are skipped in the conformance suite. var SkipTests = []suite.ConformanceTest{ tests.GatewayStaticAddresses, - tests.GatewayHTTPListenerIsolation, // https://github.com/envoyproxy/gateway/issues/3352 } func skipTestsShortNames(skipTests []suite.ConformanceTest) []string { diff --git a/internal/gatewayapi/filters.go b/internal/gatewayapi/filters.go index b3d2ddb4074..aecc2e81131 100644 --- a/internal/gatewayapi/filters.go +++ b/internal/gatewayapi/filters.go @@ -445,7 +445,7 @@ func (t *Translator) processRequestHeaderModifierFilter( newHeader := ir.AddHeader{ Name: headerKey, Append: true, - Value: addHeader.Value, + Value: strings.Split(addHeader.Value, ","), } filterContext.AddRequestHeaders = append(filterContext.AddRequestHeaders, newHeader) @@ -500,7 +500,7 @@ func (t *Translator) processRequestHeaderModifierFilter( newHeader := ir.AddHeader{ Name: string(setHeader.Name), Append: false, - Value: setHeader.Value, + Value: strings.Split(setHeader.Value, ","), } filterContext.AddRequestHeaders = append(filterContext.AddRequestHeaders, newHeader) @@ -617,7 +617,7 @@ func (t *Translator) processResponseHeaderModifierFilter( newHeader := ir.AddHeader{ Name: headerKey, Append: true, - Value: addHeader.Value, + Value: strings.Split(addHeader.Value, ","), } filterContext.AddResponseHeaders = append(filterContext.AddResponseHeaders, newHeader) @@ -672,7 +672,7 @@ func (t *Translator) processResponseHeaderModifierFilter( newHeader := ir.AddHeader{ Name: string(setHeader.Name), Append: false, - Value: setHeader.Value, + Value: strings.Split(setHeader.Value, ","), } filterContext.AddResponseHeaders = append(filterContext.AddResponseHeaders, newHeader) diff --git a/internal/gatewayapi/helpers.go b/internal/gatewayapi/helpers.go index 22c81032ebb..a6e13720e44 100644 --- a/internal/gatewayapi/helpers.go +++ b/internal/gatewayapi/helpers.go @@ -262,12 +262,12 @@ func servicePortToContainerPort(servicePort int32, envoyProxy *egv1a1.EnvoyProxy return servicePort } -// computeHosts returns a list of the intersecting hostnames between the route -// and the listener. -func computeHosts(routeHostnames []string, listenerHostname *gwapiv1.Hostname) []string { +// computeHosts returns a list of intersecting listener hostnames and route hostnames +// that don't intersect with other listener hostnames. +func computeHosts(routeHostnames []string, listenerContext *ListenerContext) []string { var listenerHostnameVal string - if listenerHostname != nil { - listenerHostnameVal = string(*listenerHostname) + if listenerContext != nil && listenerContext.Hostname != nil { + listenerHostnameVal = string(*listenerContext.Hostname) } // No route hostnames specified: use the listener hostname if specified, @@ -280,8 +280,9 @@ func computeHosts(routeHostnames []string, listenerHostname *gwapiv1.Hostname) [ return []string{"*"} } - var hostnames []string + hostnamesSet := sets.NewString() + // Find intersecting hostnames for i := range routeHostnames { routeHostname := routeHostnames[i] @@ -290,28 +291,47 @@ func computeHosts(routeHostnames []string, listenerHostname *gwapiv1.Hostname) [ switch { // No listener hostname: use the route hostname. case len(listenerHostnameVal) == 0: - hostnames = append(hostnames, routeHostname) + hostnamesSet.Insert(routeHostname) // Listener hostname matches the route hostname: use it. case listenerHostnameVal == routeHostname: - hostnames = append(hostnames, routeHostname) + hostnamesSet.Insert(routeHostname) // Listener has a wildcard hostname: check if the route hostname matches. case strings.HasPrefix(listenerHostnameVal, "*"): if hostnameMatchesWildcardHostname(routeHostname, listenerHostnameVal) { - hostnames = append(hostnames, routeHostname) + hostnamesSet.Insert(routeHostname) } // Route has a wildcard hostname: check if the listener hostname matches. case strings.HasPrefix(routeHostname, "*"): if hostnameMatchesWildcardHostname(listenerHostnameVal, routeHostname) { - hostnames = append(hostnames, listenerHostnameVal) + hostnamesSet.Insert(listenerHostnameVal) } } } - return hostnames + // Filter out route hostnames that intersect with other listener hostnames + var listeners []*ListenerContext + if listenerContext != nil && listenerContext.gateway != nil { + listeners = listenerContext.gateway.listeners + } + + for _, listener := range listeners { + if listenerContext == listener { + continue + } + if listenerContext != nil && listenerContext.Port != listener.Port { + continue + } + if listener.Hostname == nil { + continue + } + hostnamesSet.Delete(string(*listener.Hostname)) + } + + return hostnamesSet.List() } // hostnameMatchesWildcardHostname returns true if hostname has the non-wildcard diff --git a/internal/gatewayapi/route.go b/internal/gatewayapi/route.go index 336e931cfce..b113411b3df 100644 --- a/internal/gatewayapi/route.go +++ b/internal/gatewayapi/route.go @@ -651,7 +651,7 @@ func (t *Translator) processHTTPRouteParentRefListener(route RouteContext, route var hasHostnameIntersection bool for _, listener := range parentRef.listeners { - hosts := computeHosts(GetHostnames(route), listener.Hostname) + hosts := computeHosts(GetHostnames(route), listener) if len(hosts) == 0 { continue } @@ -818,7 +818,7 @@ func (t *Translator) processTLSRouteParentRefs(tlsRoute *TLSRouteContext, resour var hasHostnameIntersection bool for _, listener := range parentRef.listeners { - hosts := computeHosts(GetHostnames(tlsRoute), listener.Hostname) + hosts := computeHosts(GetHostnames(tlsRoute), listener) if len(hosts) == 0 { continue } diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.in.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.in.yaml index 5cb832646b3..35f54fe3dd1 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.in.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.in.yaml @@ -100,6 +100,25 @@ httpRoutes: backendRefs: - name: service-3 port: 8080 +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + namespace: default + name: httproute-4 + spec: + hostnames: + - gateway.envoyproxy.io + parentRefs: + - namespace: envoy-gateway + name: gateway-2 + sectionName: http + rules: + - matches: + - path: + value: "/v2" + backendRefs: + - name: service-2 + port: 8080 backendTrafficPolicies: - apiVersion: gateway.envoyproxy.io/v1alpha1 kind: BackendTrafficPolicy @@ -169,6 +188,29 @@ backendTrafficPolicies: consecutiveGatewayErrors: 0 consecutiveLocalOriginFailures: 5 splitExternalLocalOriginErrors: false +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: BackendTrafficPolicy + metadata: + namespace: default + name: policy-for-route-4 + spec: + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: httproute-4 + healthCheck: + active: + timeout: "1s" + interval: "5s" + unhealthyThreshold: 3 + healthyThreshold: 3 + type: HTTP + http: + path: "/healthz" + method: "GET" + expectedResponse: + type: Text + text: pong - apiVersion: gateway.envoyproxy.io/v1alpha1 kind: BackendTrafficPolicy metadata: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.out.yaml index 447a7df485e..ef22b8bc072 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.out.yaml @@ -49,6 +49,45 @@ backendTrafficPolicies: status: "True" type: Accepted controllerName: gateway.envoyproxy.io/gatewayclass-controller +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: BackendTrafficPolicy + metadata: + creationTimestamp: null + name: policy-for-route-4 + namespace: default + spec: + healthCheck: + active: + healthyThreshold: 3 + http: + expectedResponse: + text: pong + type: Text + method: GET + path: /healthz + interval: 5s + timeout: 1s + type: HTTP + unhealthyThreshold: 3 + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: httproute-4 + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-2 + namespace: envoy-gateway + sectionName: http + conditions: + - lastTransitionTime: null + message: Policy has been accepted. + reason: Accepted + status: "True" + type: Accepted + controllerName: gateway.envoyproxy.io/gatewayclass-controller - apiVersion: gateway.envoyproxy.io/v1alpha1 kind: BackendTrafficPolicy metadata: @@ -252,7 +291,7 @@ gateways: protocol: HTTP status: listeners: - - attachedRoutes: 3 + - attachedRoutes: 4 conditions: - lastTransitionTime: null message: Sending translated listener configuration to the data plane @@ -424,6 +463,44 @@ httpRoutes: name: gateway-2 namespace: envoy-gateway sectionName: http +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + creationTimestamp: null + name: httproute-4 + namespace: default + spec: + hostnames: + - gateway.envoyproxy.io + parentRefs: + - name: gateway-2 + namespace: envoy-gateway + sectionName: http + rules: + - backendRefs: + - name: service-2 + port: 8080 + matches: + - path: + value: /v2 + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Resolved all the Object references for the Route + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-2 + namespace: envoy-gateway + sectionName: http infraIR: envoy-gateway/gateway-1: proxy: @@ -616,6 +693,41 @@ xdsIR: interval: 8ms maxEjectionPercent: 11 splitExternalLocalOriginErrors: false + - destination: + name: httproute/default/httproute-4/rule/0 + settings: + - addressType: IP + endpoints: + - host: 7.7.7.7 + port: 8080 + protocol: HTTP + weight: 1 + hostname: gateway.envoyproxy.io + isHTTP2: false + metadata: + kind: HTTPRoute + name: httproute-4 + namespace: default + name: httproute/default/httproute-4/rule/0/match/0/gateway_envoyproxy_io + pathMatch: + distinct: false + name: "" + prefix: /v2 + traffic: + healthCheck: + active: + healthyThreshold: 3 + http: + expectedResponse: + text: pong + expectedStatuses: + - 200 + host: gateway.envoyproxy.io + method: GET + path: /healthz + interval: 5s + timeout: 1s + unhealthyThreshold: 3 - destination: name: httproute/default/httproute-1/rule/0 settings: diff --git a/internal/gatewayapi/testdata/gateway-http-listener-with-hostname-intersection.in.yaml b/internal/gatewayapi/testdata/gateway-http-listener-with-hostname-intersection.in.yaml new file mode 100644 index 00000000000..267fcbba54b --- /dev/null +++ b/internal/gatewayapi/testdata/gateway-http-listener-with-hostname-intersection.in.yaml @@ -0,0 +1,65 @@ +gateways: + - apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + name: gateway-1 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + listeners: + - name: empty-hostname + port: 80 + protocol: HTTP + allowedRoutes: + namespaces: + from: All + - name: wildcard-example-com + port: 80 + protocol: HTTP + hostname: "*.example.com" + allowedRoutes: + namespaces: + from: All +httpRoutes: + - apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + name: httproute-1 + namespace: envoy-gateway + spec: + parentRefs: + - name: gateway-1 + namespace: envoy-gateway + sectionName: empty-hostname + hostnames: + - "bar.com" + - "*.example.com" # request matching is prevented by the isolation wildcard-example-com listener + rules: + - matches: + - path: + type: PathPrefix + value: /empty-hostname + backendRefs: + - name: service-1 + port: 8080 + - apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + name: httproute-2 + namespace: envoy-gateway + spec: + parentRefs: + - name: gateway-1 + namespace: envoy-gateway + sectionName: wildcard-example-com + hostnames: + - "bar.com" # doesn't match wildcard-example-com listener + - "*.example.com" + rules: + - matches: + - path: + type: PathPrefix + value: /wildcard-example-com + backendRefs: + - name: service-1 + port: 8080 diff --git a/internal/gatewayapi/testdata/gateway-http-listener-with-hostname-intersection.out.yaml b/internal/gatewayapi/testdata/gateway-http-listener-with-hostname-intersection.out.yaml new file mode 100644 index 00000000000..cb47542a1c7 --- /dev/null +++ b/internal/gatewayapi/testdata/gateway-http-listener-with-hostname-intersection.out.yaml @@ -0,0 +1,238 @@ +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + creationTimestamp: null + name: gateway-1 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + listeners: + - allowedRoutes: + namespaces: + from: All + name: empty-hostname + port: 80 + protocol: HTTP + - allowedRoutes: + namespaces: + from: All + hostname: '*.example.com' + name: wildcard-example-com + port: 80 + protocol: HTTP + status: + listeners: + - attachedRoutes: 1 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: empty-hostname + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute + - attachedRoutes: 1 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: wildcard-example-com + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute +httpRoutes: +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + creationTimestamp: null + name: httproute-1 + namespace: envoy-gateway + spec: + hostnames: + - bar.com + - '*.example.com' + parentRefs: + - name: gateway-1 + namespace: envoy-gateway + sectionName: empty-hostname + rules: + - backendRefs: + - name: service-1 + port: 8080 + matches: + - path: + type: PathPrefix + value: /empty-hostname + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Service envoy-gateway/service-1 not found + reason: BackendNotFound + status: "False" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-1 + namespace: envoy-gateway + sectionName: empty-hostname +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + creationTimestamp: null + name: httproute-2 + namespace: envoy-gateway + spec: + hostnames: + - bar.com + - '*.example.com' + parentRefs: + - name: gateway-1 + namespace: envoy-gateway + sectionName: wildcard-example-com + rules: + - backendRefs: + - name: service-1 + port: 8080 + matches: + - path: + type: PathPrefix + value: /wildcard-example-com + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Service envoy-gateway/service-1 not found + reason: BackendNotFound + status: "False" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-1 + namespace: envoy-gateway + sectionName: wildcard-example-com +infraIR: + envoy-gateway/gateway-1: + proxy: + listeners: + - address: null + name: envoy-gateway/gateway-1/empty-hostname + ports: + - containerPort: 10080 + name: http-80 + protocol: HTTP + servicePort: 80 + metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-1 + gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway + name: envoy-gateway/gateway-1 +xdsIR: + envoy-gateway/gateway-1: + accessLog: + text: + - path: /dev/stdout + http: + - address: 0.0.0.0 + hostnames: + - '*' + isHTTP2: false + metadata: + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: empty-hostname + name: envoy-gateway/gateway-1/empty-hostname + path: + escapedSlashesAction: UnescapeAndRedirect + mergeSlashes: true + port: 10080 + routes: + - destination: + name: httproute/envoy-gateway/httproute-1/rule/0 + settings: + - weight: 1 + directResponse: + statusCode: 500 + hostname: bar.com + isHTTP2: false + metadata: + kind: HTTPRoute + name: httproute-1 + namespace: envoy-gateway + name: httproute/envoy-gateway/httproute-1/rule/0/match/0/bar_com + pathMatch: + distinct: false + name: "" + prefix: /empty-hostname + - address: 0.0.0.0 + hostnames: + - '*.example.com' + isHTTP2: false + metadata: + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: wildcard-example-com + name: envoy-gateway/gateway-1/wildcard-example-com + path: + escapedSlashesAction: UnescapeAndRedirect + mergeSlashes: true + port: 10080 + routes: + - destination: + name: httproute/envoy-gateway/httproute-2/rule/0 + settings: + - weight: 1 + directResponse: + statusCode: 500 + hostname: '*.example.com' + isHTTP2: false + metadata: + kind: HTTPRoute + name: httproute-2 + namespace: envoy-gateway + name: httproute/envoy-gateway/httproute-2/rule/0/match/0/*_example_com + pathMatch: + distinct: false + name: "" + prefix: /wildcard-example-com diff --git a/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.in.yaml b/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.in.yaml index 2c48dad582e..29fcb5a75a1 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.in.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.in.yaml @@ -26,6 +26,11 @@ grpcRoutes: sectionName: http rules: - filters: + - type: "RequestHeaderModifier" + requestHeaderModifier: + add: + - name: "my-header-multi-value" + value: "foo,bar" - type: "RequestHeaderModifier" requestHeaderModifier: add: diff --git a/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml index f36c9c969cc..110d404c44f 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml @@ -56,6 +56,11 @@ grpcRoutes: - name: service-1 port: 8080 filters: + - requestHeaderModifier: + add: + - name: my-header-multi-value + value: foo,bar + type: RequestHeaderModifier - requestHeaderModifier: add: - name: my-header @@ -117,9 +122,15 @@ xdsIR: port: 10080 routes: - addRequestHeaders: + - append: true + name: my-header-multi-value + value: + - foo + - bar - append: true name: my-header - value: foo + value: + - foo destination: name: grpcroute/default/grpcroute-1/rule/0 settings: diff --git a/internal/gatewayapi/testdata/httproute-with-backendref-add-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-backendref-add-multiple-filters.out.yaml index 78655fc8476..122d09efdeb 100644 --- a/internal/gatewayapi/testdata/httproute-with-backendref-add-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-backendref-add-multiple-filters.out.yaml @@ -147,7 +147,8 @@ xdsIR: addRequestHeaders: - append: false name: add-header-3 - value: some-value + value: + - some-value protocol: HTTP weight: 1 hostname: '*' @@ -172,10 +173,12 @@ xdsIR: addRequestHeaders: - append: true name: add-header-1 - value: some-value + value: + - some-value - append: true name: add-header-2 - value: some-value + value: + - some-value protocol: HTTP weight: 8 - addressType: IP diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml index a86e71b4534..605aa384f3e 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml @@ -134,13 +134,16 @@ xdsIR: - addRequestHeaders: - append: true name: add-header-1 - value: some-value + value: + - some-value - append: true name: add-header-2 - value: some-value + value: + - some-value - append: true name: add-header-3 - value: some-value + value: + - some-value destination: name: httproute/default/httproute-1/rule/0 settings: diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml index 39cc44429f6..f122fc17d5b 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml @@ -144,19 +144,24 @@ xdsIR: - addRequestHeaders: - append: true name: Set-Header-1 - value: some-value + value: + - some-value - append: true name: set-header-2 - value: some-value + value: + - some-value - append: true name: set-header-3 - value: some-value + value: + - some-value - append: true name: set-header-5 - value: some-value + value: + - some-value - append: false name: set-header-4 - value: some-value + value: + - some-value destination: name: httproute/default/httproute-1/rule/0 settings: diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml index b3814e2d41d..67c14e133a7 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml @@ -128,10 +128,12 @@ xdsIR: - addRequestHeaders: - append: true name: example-header-2 - value: "" + value: + - "" - append: false name: example-header-1 - value: "" + value: + - "" destination: name: httproute/default/httproute-1/rule/0 settings: diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml index 9aa6f0bf23b..c6e534c9c63 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml @@ -144,13 +144,16 @@ xdsIR: - addRequestHeaders: - append: true name: X-Header-Add - value: header-val-1 + value: + - header-val-1 - append: true name: X-Header-Add-Append - value: header-val-2 + value: + - header-val-2 - append: false name: X-Header-Set - value: set-overwrites-values + value: + - set-overwrites-values destination: name: httproute/default/httproute-1/rule/0 settings: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml index 7b53542bdfa..6dcb4b28779 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml @@ -140,19 +140,24 @@ xdsIR: - addResponseHeaders: - append: true name: Set-Header-1 - value: some-value + value: + - some-value - append: true name: set-header-2 - value: some-value + value: + - some-value - append: true name: set-header-3 - value: some-value + value: + - some-value - append: true name: set-header-5 - value: some-value + value: + - some-value - append: false name: set-header-4 - value: some-value + value: + - some-value destination: name: httproute/default/httproute-1/rule/0 settings: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml index 459c4264740..47d61c9fcfa 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml @@ -134,13 +134,16 @@ xdsIR: - addResponseHeaders: - append: true name: add-header-1 - value: some-value + value: + - some-value - append: true name: add-header-2 - value: some-value + value: + - some-value - append: true name: add-header-3 - value: some-value + value: + - some-value destination: name: httproute/default/httproute-1/rule/0 settings: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml index d2b4ffbe3f2..1d2f4f7124c 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml @@ -144,19 +144,24 @@ xdsIR: - addResponseHeaders: - append: true name: Set-Header-1 - value: some-value + value: + - some-value - append: true name: set-header-2 - value: some-value + value: + - some-value - append: true name: set-header-3 - value: some-value + value: + - some-value - append: true name: set-header-5 - value: some-value + value: + - some-value - append: false name: set-header-4 - value: some-value + value: + - some-value destination: name: httproute/default/httproute-1/rule/0 settings: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml index 9d188a03dc0..723cabbe6f7 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml @@ -128,10 +128,12 @@ xdsIR: - addResponseHeaders: - append: true name: example-header-2 - value: "" + value: + - "" - append: false name: example-header-1 - value: "" + value: + - "" destination: name: httproute/default/httproute-1/rule/0 settings: diff --git a/internal/gatewayapi/tls.go b/internal/gatewayapi/tls.go index 1d38897ed26..acde9bed339 100644 --- a/internal/gatewayapi/tls.go +++ b/internal/gatewayapi/tls.go @@ -88,10 +88,13 @@ func validateTLSSecretsData(secrets []*corev1.Secret, host *gwapiv1.Hostname) er func verifyHostname(cert *x509.Certificate, host *gwapiv1.Hostname) ([]string, error) { var matchedHosts []string + listenerContext := ListenerContext{ + Listener: &gwapiv1.Listener{Hostname: host}, + } if len(cert.DNSNames) > 0 { - matchedHosts = computeHosts(cert.DNSNames, host) + matchedHosts = computeHosts(cert.DNSNames, &listenerContext) } else { - matchedHosts = computeHosts([]string{cert.Subject.CommonName}, host) + matchedHosts = computeHosts([]string{cert.Subject.CommonName}, &listenerContext) } if len(matchedHosts) > 0 { diff --git a/internal/infrastructure/kubernetes/proxy/resource.go b/internal/infrastructure/kubernetes/proxy/resource.go index f89491f4380..6ff2c7b158e 100644 --- a/internal/infrastructure/kubernetes/proxy/resource.go +++ b/internal/infrastructure/kubernetes/proxy/resource.go @@ -226,9 +226,9 @@ func expectedProxyContainers(infra *ir.ProxyInfra, }, }, TimeoutSeconds: 1, - PeriodSeconds: 10, + PeriodSeconds: 5, SuccessThreshold: 1, - FailureThreshold: 3, + FailureThreshold: 1, }, Lifecycle: &corev1.Lifecycle{ PreStop: &corev1.LifecycleHandler{ diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/component-level.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/component-level.yaml index 9065d07a543..7d6204be14b 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/component-level.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/component-level.yaml @@ -74,12 +74,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml index fc524284fb4..14e8aca43c8 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml @@ -258,12 +258,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml index fbeddc169b8..0800a0a2aa4 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml @@ -256,12 +256,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml index 80cf7c12e75..b8f895a1194 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml @@ -241,12 +241,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml index 81dda722f1c..803ef132d02 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml @@ -212,12 +212,12 @@ spec: name: EnvoyHTTPSPort protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml index 314e8bcea7a..8113f680b31 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml @@ -260,12 +260,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml index 9ce0aa5a085..45a2000cbf5 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml @@ -252,12 +252,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml index 518f239a5d4..e752b1eb4ee 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml @@ -241,12 +241,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml index 506a2824f80..12cbeed208c 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml @@ -242,12 +242,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml index fc59ec6739b..5d35aacf52c 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml @@ -260,12 +260,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml index c19e55794ef..154049686f5 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml @@ -246,12 +246,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-concurrency.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-concurrency.yaml index f941541e76b..ffe4bfe4b8b 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-concurrency.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-concurrency.yaml @@ -74,12 +74,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml index 1d5c3c4154d..7d90fe7505a 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml @@ -243,12 +243,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml index f2353034499..0287eadbc8f 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml @@ -241,12 +241,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml index a7e467f7a6c..e4343479fd3 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml @@ -241,12 +241,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml index bacf7118001..1dacf4db5f8 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml @@ -241,12 +241,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml index 552012f7728..61764b6a1ab 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml @@ -241,12 +241,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml index e6574edec1c..26154b19bf2 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml @@ -77,12 +77,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml index 19cd5ebb2c9..872d09449ec 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml @@ -78,12 +78,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml index 0434fb4cab4..919956eebea 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml @@ -263,12 +263,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml index 89c92870887..437daee023b 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml @@ -263,12 +263,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml index c5e2d4ce3c1..879d611edfd 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml @@ -261,12 +261,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml index c5c17adaafc..f022d0f8e0f 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml @@ -245,12 +245,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml index acaad907b24..8a3094fdd77 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml @@ -216,12 +216,12 @@ spec: name: EnvoyHTTPSPort protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml index 4ff157e8cd8..3103d617564 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml @@ -265,12 +265,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml index bfaf6686d14..992b63441f1 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml @@ -256,12 +256,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml index 2c4e97641db..3095f5fb3ea 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml @@ -245,12 +245,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml index c4c7be51fc4..f8c2ff795d8 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml @@ -246,12 +246,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml index ea54e6252d5..697161e3f02 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml @@ -265,12 +265,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml index 819d66a8f5a..5d77a2414bf 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml @@ -250,12 +250,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml index cc626d7eb58..c13f44a1c2e 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml @@ -78,12 +78,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml index c20a70d36ff..1f2fca1380a 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml @@ -245,12 +245,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml index f5fcb2bd848..86147f1fd5d 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml @@ -247,12 +247,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml index ebfa5b5fcd1..8be98c210f9 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml @@ -245,12 +245,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml index 1797b157e10..19efd6b4730 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml @@ -245,12 +245,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml index 13f8d10c719..b3568a146ef 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml @@ -245,12 +245,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml index 7d2fa77e462..c1a81992c68 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml @@ -245,12 +245,12 @@ spec: name: metrics protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /ready port: 19001 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/resource.go b/internal/infrastructure/kubernetes/ratelimit/resource.go index 9353b0ced00..a0c09aef23d 100644 --- a/internal/infrastructure/kubernetes/ratelimit/resource.go +++ b/internal/infrastructure/kubernetes/ratelimit/resource.go @@ -184,9 +184,9 @@ func expectedRateLimitContainers(rateLimit *egv1a1.RateLimit, rateLimitDeploymen }, }, TimeoutSeconds: 1, - PeriodSeconds: 10, + PeriodSeconds: 5, SuccessThreshold: 1, - FailureThreshold: 3, + FailureThreshold: 1, }, }, } @@ -327,7 +327,11 @@ func expectedRateLimitContainerEnv(rateLimit *egv1a1.RateLimit, rateLimitDeploym }, { Name: UseStatsdEnvVar, - Value: "false", + Value: "true", + }, + { + Name: "STATSD_PORT", + Value: "9125", }, { Name: ConfigTypeEnvVar, diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/custom.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/custom.yaml index bfd2c28cc6a..8ce3ed3e700 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/custom.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/custom.yaml @@ -50,7 +50,9 @@ spec: - name: LOG_LEVEL value: info - name: USE_STATSD - value: "false" + value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL @@ -87,12 +89,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default-env.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default-env.yaml index bfd2c28cc6a..8ce3ed3e700 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default-env.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default-env.yaml @@ -50,7 +50,9 @@ spec: - name: LOG_LEVEL value: info - name: USE_STATSD - value: "false" + value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL @@ -87,12 +89,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default.yaml index 17536708a1b..80c2be45188 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default.yaml @@ -51,7 +51,9 @@ spec: - name: LOG_LEVEL value: info - name: USE_STATSD - value: "false" + value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL @@ -88,12 +90,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/disable-prometheus.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/disable-prometheus.yaml index cc20111528c..f145d719971 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/disable-prometheus.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/disable-prometheus.yaml @@ -47,7 +47,9 @@ spec: - name: LOG_LEVEL value: info - name: USE_STATSD - value: "false" + value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL @@ -84,12 +86,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/enable-tracing-custom.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/enable-tracing-custom.yaml index fa8916ed89e..fd50e02d03d 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/enable-tracing-custom.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/enable-tracing-custom.yaml @@ -51,7 +51,9 @@ spec: - name: LOG_LEVEL value: info - name: USE_STATSD - value: "false" + value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL @@ -103,12 +105,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/enable-tracing.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/enable-tracing.yaml index 9b364f88752..052015be011 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/enable-tracing.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/enable-tracing.yaml @@ -51,7 +51,9 @@ spec: - name: LOG_LEVEL value: info - name: USE_STATSD - value: "false" + value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL @@ -103,12 +105,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/extension-env.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/extension-env.yaml index 95516ce6c46..954c9f5ebbe 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/extension-env.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/extension-env.yaml @@ -50,7 +50,9 @@ spec: - name: LOG_LEVEL value: info - name: USE_STATSD - value: "false" + value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL @@ -91,12 +93,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/override-env.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/override-env.yaml index 8a9cfb60c97..8ce3ed3e700 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/override-env.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/override-env.yaml @@ -51,6 +51,8 @@ spec: value: info - name: USE_STATSD value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL @@ -87,12 +89,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/patch-deployment.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/patch-deployment.yaml index 7e0f600c016..78ce0a2aa57 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/patch-deployment.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/patch-deployment.yaml @@ -51,7 +51,9 @@ spec: - name: LOG_LEVEL value: info - name: USE_STATSD - value: "false" + value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL @@ -88,12 +90,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/redis-tls-settings.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/redis-tls-settings.yaml index 9854f37f4e2..7a8cc10e8ec 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/redis-tls-settings.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/redis-tls-settings.yaml @@ -51,6 +51,8 @@ spec: value: info - name: USE_STATSD value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL @@ -95,12 +97,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/tolerations.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/tolerations.yaml index 56fdb156dcf..d34ee5a9e9d 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/tolerations.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/tolerations.yaml @@ -51,6 +51,8 @@ spec: value: info - name: USE_STATSD value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL @@ -95,12 +97,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/volumes.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/volumes.yaml index 01e779e9e49..78b9d1d8376 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/volumes.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/volumes.yaml @@ -51,6 +51,8 @@ spec: value: info - name: USE_STATSD value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL @@ -95,12 +97,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/with-node-selector.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/with-node-selector.yaml index e6105d59114..fbd7c3af0f8 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/with-node-selector.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/with-node-selector.yaml @@ -51,7 +51,9 @@ spec: - name: LOG_LEVEL value: info - name: USE_STATSD - value: "false" + value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL @@ -88,12 +90,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/with-topology-spread-constraints.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/with-topology-spread-constraints.yaml index d5c9a6d7460..e3cae44e0b9 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/with-topology-spread-constraints.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/with-topology-spread-constraints.yaml @@ -51,7 +51,9 @@ spec: - name: LOG_LEVEL value: info - name: USE_STATSD - value: "false" + value: "true" + - name: STATSD_PORT + value: "9125" - name: CONFIG_TYPE value: GRPC_XDS_SOTW - name: CONFIG_GRPC_XDS_SERVER_URL @@ -88,12 +90,12 @@ spec: name: grpc protocol: TCP readinessProbe: - failureThreshold: 3 + failureThreshold: 1 httpGet: path: /healthcheck port: 8080 scheme: HTTP - periodSeconds: 10 + periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: diff --git a/internal/ir/xds.go b/internal/ir/xds.go index 3d300f1a539..68f16439400 100644 --- a/internal/ir/xds.go +++ b/internal/ir/xds.go @@ -1178,9 +1178,9 @@ func NewDestEndpoint(host string, port uint32) *DestinationEndpoint { // AddHeader configures a header to be added to a request or response. // +k8s:deepcopy-gen=true type AddHeader struct { - Name string `json:"name" yaml:"name"` - Value string `json:"value" yaml:"value"` - Append bool `json:"append" yaml:"append"` + Name string `json:"name" yaml:"name"` + Value []string `json:"value" yaml:"value"` + Append bool `json:"append" yaml:"append"` } // Validate the fields within the AddHeader structure diff --git a/internal/ir/xds_test.go b/internal/ir/xds_test.go index 9492c378344..6724549e39f 100644 --- a/internal/ir/xds_test.go +++ b/internal/ir/xds_test.go @@ -338,17 +338,16 @@ var ( AddRequestHeaders: []AddHeader{ { Name: "example-header", - Value: "example-value", + Value: []string{"example-value"}, Append: true, }, { Name: "example-header-2", - Value: "example-value-2", + Value: []string{"example-value-2"}, Append: false, }, { Name: "empty-header", - Value: "", Append: false, }, }, @@ -376,12 +375,12 @@ var ( AddRequestHeaders: []AddHeader{ { Name: "example-header", - Value: "example-value", + Value: []string{"example-value"}, Append: true, }, { Name: "example-header", - Value: "example-value-2", + Value: []string{"example-value-2"}, Append: false, }, }, @@ -401,7 +400,7 @@ var ( AddRequestHeaders: []AddHeader{ { Name: "", - Value: "example-value", + Value: []string{"example-value"}, Append: true, }, }, @@ -416,17 +415,16 @@ var ( AddResponseHeaders: []AddHeader{ { Name: "example-header", - Value: "example-value", + Value: []string{"example-value"}, Append: true, }, { Name: "example-header-2", - Value: "example-value-2", + Value: []string{"example-value-2"}, Append: false, }, { Name: "empty-header", - Value: "", Append: false, }, }, @@ -454,12 +452,12 @@ var ( AddResponseHeaders: []AddHeader{ { Name: "example-header", - Value: "example-value", + Value: []string{"example-value"}, Append: true, }, { Name: "example-header", - Value: "example-value-2", + Value: []string{"example-value-2"}, Append: false, }, }, @@ -479,7 +477,7 @@ var ( AddResponseHeaders: []AddHeader{ { Name: "", - Value: "example-value", + Value: []string{"example-value"}, Append: true, }, }, diff --git a/internal/ir/zz_generated.deepcopy.go b/internal/ir/zz_generated.deepcopy.go index 273eeb1c3ca..3262cf8d721 100644 --- a/internal/ir/zz_generated.deepcopy.go +++ b/internal/ir/zz_generated.deepcopy.go @@ -191,6 +191,11 @@ func (in *ActiveHealthCheck) DeepCopy() *ActiveHealthCheck { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AddHeader) DeepCopyInto(out *AddHeader) { *out = *in + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = make([]string, len(*in)) + copy(*out, *in) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AddHeader. @@ -588,7 +593,9 @@ func (in *DestinationFilters) DeepCopyInto(out *DestinationFilters) { if in.AddRequestHeaders != nil { in, out := &in.AddRequestHeaders, &out.AddRequestHeaders *out = make([]AddHeader, len(*in)) - copy(*out, *in) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } if in.RemoveRequestHeaders != nil { in, out := &in.RemoveRequestHeaders, &out.RemoveRequestHeaders @@ -598,7 +605,9 @@ func (in *DestinationFilters) DeepCopyInto(out *DestinationFilters) { if in.AddResponseHeaders != nil { in, out := &in.AddResponseHeaders, &out.AddResponseHeaders *out = make([]AddHeader, len(*in)) - copy(*out, *in) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } if in.RemoveResponseHeaders != nil { in, out := &in.RemoveResponseHeaders, &out.RemoveResponseHeaders @@ -1234,7 +1243,9 @@ func (in *HTTPRoute) DeepCopyInto(out *HTTPRoute) { if in.AddRequestHeaders != nil { in, out := &in.AddRequestHeaders, &out.AddRequestHeaders *out = make([]AddHeader, len(*in)) - copy(*out, *in) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } if in.RemoveRequestHeaders != nil { in, out := &in.RemoveRequestHeaders, &out.RemoveRequestHeaders @@ -1244,7 +1255,9 @@ func (in *HTTPRoute) DeepCopyInto(out *HTTPRoute) { if in.AddResponseHeaders != nil { in, out := &in.AddResponseHeaders, &out.AddResponseHeaders *out = make([]AddHeader, len(*in)) - copy(*out, *in) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } if in.RemoveResponseHeaders != nil { in, out := &in.RemoveResponseHeaders, &out.RemoveResponseHeaders diff --git a/internal/logging/log.go b/internal/logging/log.go index a4fb787f9c2..274f11f05a4 100644 --- a/internal/logging/log.go +++ b/internal/logging/log.go @@ -72,7 +72,7 @@ func (l Logger) WithName(name string) Logger { return Logger{ Logger: zapr.NewLogger(logger).WithName(name), logging: l.logging, - sugaredLogger: logger.Sugar(), + sugaredLogger: logger.Sugar().Named(name), } } diff --git a/internal/logging/log_test.go b/internal/logging/log_test.go index 999f922759c..0942910f71c 100644 --- a/internal/logging/log_test.go +++ b/internal/logging/log_test.go @@ -75,3 +75,32 @@ func TestLoggerWithName(t *testing.T) { assert.Contains(t, capturedOutput, "info message") assert.Contains(t, capturedOutput, "debug message") } + +func TestLoggerSugarName(t *testing.T) { + originalStdout := os.Stdout + r, w, _ := os.Pipe() + os.Stdout = w + + defer func() { + // Restore the original stdout and close the pipe + os.Stdout = originalStdout + err := w.Close() + require.NoError(t, err) + }() + + const logName = "loggerName" + + config := egv1a1.DefaultEnvoyGatewayLogging() + config.Level[logName] = egv1a1.LogLevelDebug + + logger := NewLogger(config).WithName(logName) + + logger.Sugar().Debugf("debugging message") + + // Read from the pipe (captured stdout) + outputBytes := make([]byte, 200) + _, err := r.Read(outputBytes) + require.NoError(t, err) + capturedOutput := string(outputBytes) + assert.Contains(t, capturedOutput, "debugging message", logName) +} diff --git a/internal/provider/kubernetes/controller.go b/internal/provider/kubernetes/controller.go index f7e88da222d..31a54ec71b6 100644 --- a/internal/provider/kubernetes/controller.go +++ b/internal/provider/kubernetes/controller.go @@ -597,7 +597,7 @@ func (r *gatewayAPIReconciler) processSecretRef( types.NamespacedName{Namespace: secretNS, Name: string(secretRef.Name)}, secret, ) - if err != nil && !kerrors.IsNotFound(err) { + if err != nil && kerrors.IsNotFound(err) { return fmt.Errorf("unable to find the Secret: %s/%s", secretNS, string(secretRef.Name)) } @@ -699,7 +699,7 @@ func (r *gatewayAPIReconciler) processConfigMapRef( types.NamespacedName{Namespace: configMapNS, Name: string(configMapRef.Name)}, configMap, ) - if err != nil && !kerrors.IsNotFound(err) { + if err != nil && kerrors.IsNotFound(err) { return fmt.Errorf("unable to find the ConfigMap: %s/%s", configMapNS, string(configMapRef.Name)) } @@ -769,13 +769,35 @@ func (r *gatewayAPIReconciler) findReferenceGrant(ctx context.Context, from, to } for _, refGrant := range refGrants { - if refGrant.Namespace == to.namespace { - for _, src := range refGrant.Spec.From { - if src.Kind == gwapiv1a2.Kind(from.kind) && string(src.Namespace) == from.namespace { - return &refGrant, nil - } + if refGrant.Namespace != to.namespace { + continue + } + + var fromAllowed bool + for _, refGrantFrom := range refGrant.Spec.From { + if string(refGrantFrom.Kind) == from.kind && string(refGrantFrom.Namespace) == from.namespace { + fromAllowed = true + break } } + + if !fromAllowed { + continue + } + + var toAllowed bool + for _, refGrantTo := range refGrant.Spec.To { + if string(refGrantTo.Kind) == to.kind && (refGrantTo.Name == nil || *refGrantTo.Name == "" || string(*refGrantTo.Name) == to.name) { + toAllowed = true + break + } + } + + if !toAllowed { + continue + } + + return &refGrant, nil } // No ReferenceGrant found. diff --git a/internal/xds/translator/route.go b/internal/xds/translator/route.go index 2b9c75a2e91..6a9e72f498c 100644 --- a/internal/xds/translator/route.go +++ b/internal/xds/translator/route.go @@ -401,7 +401,10 @@ func buildXdsURLRewriteAction(destName string, urlRewrite *ir.URLRewrite, pathMa if useRegexRewriteForPrefixMatchReplace(pathMatch, *urlRewrite.Path.PrefixMatchReplace) { routeAction.RegexRewrite = prefix2RegexRewrite(*pathMatch.Prefix) } else { - routeAction.PrefixRewrite = *urlRewrite.Path.PrefixMatchReplace + // remove trailing / to fix #3989 + // when the pathMath.Prefix has suffix / but EG has removed it, + // and the urlRewrite.Path.PrefixMatchReplace suffix with / the upstream will get unwanted / + routeAction.PrefixRewrite = strings.TrimSuffix(*urlRewrite.Path.PrefixMatchReplace, "/") } } } @@ -435,9 +438,9 @@ func buildXdsRequestMirrorPolicies(mirrorDestinations []*ir.RouteDestination) [] } func buildXdsAddedHeaders(headersToAdd []ir.AddHeader) []*corev3.HeaderValueOption { - headerValueOptions := make([]*corev3.HeaderValueOption, len(headersToAdd)) + headerValueOptions := []*corev3.HeaderValueOption{} - for i, header := range headersToAdd { + for _, header := range headersToAdd { var appendAction corev3.HeaderValueOption_HeaderAppendAction if header.Append { @@ -445,18 +448,26 @@ func buildXdsAddedHeaders(headersToAdd []ir.AddHeader) []*corev3.HeaderValueOpti } else { appendAction = corev3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD } - - headerValueOptions[i] = &corev3.HeaderValueOption{ - Header: &corev3.HeaderValue{ - Key: header.Name, - Value: header.Value, - }, - AppendAction: appendAction, - } - // Allow empty headers to be set, but don't add the config to do so unless necessary - if header.Value == "" { - headerValueOptions[i].KeepEmptyValue = true + if len(header.Value) == 0 { + headerValueOptions = append(headerValueOptions, &corev3.HeaderValueOption{ + Header: &corev3.HeaderValue{ + Key: header.Name, + }, + AppendAction: appendAction, + KeepEmptyValue: true, + }) + } else { + for _, val := range header.Value { + headerValueOptions = append(headerValueOptions, &corev3.HeaderValueOption{ + Header: &corev3.HeaderValue{ + Key: header.Name, + Value: val, + }, + AppendAction: appendAction, + KeepEmptyValue: val == "", + }) + } } } diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-request-headers.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-request-headers.yaml index c3dc4417dcc..fb45b8db724 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-request-headers.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-request-headers.yaml @@ -18,20 +18,30 @@ http: - host: "1.2.3.4" port: 50000 addRequestHeaders: + - name: "some-header-multi-value" + value: + - "some-value" + - "some-additional-value" + append: true - name: "some-header" - value: "some-value" + value: + - "some-value" append: true - name: "some-header-2" - value: "some-value" + value: + - "some-value" append: true - name: "some-header3" - value: "some-value" + value: + - "some-value" append: false - name: "some-header4" - value: "some-value" + value: + - "some-value" append: false - name: "empty-header" - value: "" + value: + - "" append: false removeRequestHeaders: - "some-header5" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-headers.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-headers.yaml index e3114e2d252..3cfaf5e4945 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-headers.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-headers.yaml @@ -19,17 +19,22 @@ http: port: 50000 addResponseHeaders: - name: "some-header" - value: "some-value" + value: + - "some-value" append: true - name: "some-header-2" - value: "some-value" + value: + - "some-value" append: true - name: "some-header3" - value: "some-value" + value: + - "some-value" append: false - name: "some-header4" - value: "some-value" + value: + - "some-value" append: false - name: "empty-header" - value: "" + value: + - "" append: false diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-remove-headers.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-remove-headers.yaml index 0e59f8f124d..c97d927dff6 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-remove-headers.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-remove-headers.yaml @@ -19,19 +19,24 @@ http: port: 50000 addResponseHeaders: - name: "some-header" - value: "some-value" + value: + - "some-value" append: true - name: "some-header-2" - value: "some-value" + value: + - "some-value" append: true - name: "some-header3" - value: "some-value" + value: + - "some-value" append: false - name: "some-header4" - value: "some-value" + value: + - "some-value" append: false - name: "empty-header" - value: "" + value: + - "" append: false removeResponseHeaders: - "some-header5" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.yaml new file mode 100644 index 00000000000..97d0b5457cd --- /dev/null +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.yaml @@ -0,0 +1,27 @@ +name: "http-route" +http: +- name: "first-listener" + address: "0.0.0.0" + port: 10080 + hostnames: + - "*" + path: + mergeSlashes: true + escapedSlashesAction: UnescapeAndRedirect + routes: + - name: "rewrite-route" + pathMatch: + prefix: "/origin/" + hostname: gateway.envoyproxy.io + headerMatches: + - name: ":authority" + exact: gateway.envoyproxy.io + destination: + name: "rewrite-route-dest" + settings: + - endpoints: + - host: "1.2.3.4" + port: 50000 + urlRewrite: + path: + prefixMatchReplace: /rewrite/ diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend-with-filters.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend-with-filters.yaml index f8943d07f01..8745e9893bc 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend-with-filters.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend-with-filters.yaml @@ -19,7 +19,8 @@ http: addRequestHeaders: - append: false name: add-header-3 - value: some-value + value: + - some-value protocol: HTTP weight: 1 hostname: '*' @@ -37,10 +38,12 @@ http: addRequestHeaders: - append: true name: add-header-1 - value: some-value + value: + - some-value - append: true name: add-header-2 - value: some-value + value: + - some-value protocol: HTTP weight: 8 - addressType: IP diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.routes.yaml index f91a70cb2ee..1f2c6be4057 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.routes.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.routes.yaml @@ -9,6 +9,12 @@ prefix: / name: request-header-route requestHeadersToAdd: + - header: + key: some-header-multi-value + value: some-value + - header: + key: some-header-multi-value + value: some-additional-value - header: key: some-header value: some-value diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.clusters.yaml new file mode 100644 index 00000000000..027db39fb29 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.clusters.yaml @@ -0,0 +1,17 @@ +- circuitBreakers: + thresholds: + - maxRetries: 1024 + commonLbConfig: + localityWeightedLbConfig: {} + connectTimeout: 10s + dnsLookupFamily: V4_ONLY + edsClusterConfig: + edsConfig: + ads: {} + resourceApiVersion: V3 + serviceName: rewrite-route-dest + lbPolicy: LEAST_REQUEST + name: rewrite-route-dest + outlierDetection: {} + perConnectionBufferLimitBytes: 32768 + type: EDS diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.endpoints.yaml new file mode 100644 index 00000000000..256dda09089 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.endpoints.yaml @@ -0,0 +1,12 @@ +- clusterName: rewrite-route-dest + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: 1.2.3.4 + portValue: 50000 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + locality: + region: rewrite-route-dest/backend/0 diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.listeners.yaml new file mode 100644 index 00000000000..67922c7444f --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.listeners.yaml @@ -0,0 +1,35 @@ +- address: + socketAddress: + address: 0.0.0.0 + portValue: 10080 + defaultFilterChain: + filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + commonHttpProtocolOptions: + headersWithUnderscoresAction: REJECT_REQUEST + http2ProtocolOptions: + initialConnectionWindowSize: 1048576 + initialStreamWindowSize: 65536 + maxConcurrentStreams: 100 + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + suppressEnvoyHeaders: true + mergeSlashes: true + normalizePath: true + pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT + rds: + configSource: + ads: {} + resourceApiVersion: V3 + routeConfigName: first-listener + serverHeaderTransformation: PASS_THROUGH + statPrefix: http + useRemoteAddress: true + name: first-listener + drainType: MODIFY_ONLY + name: first-listener + perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.routes.yaml new file mode 100644 index 00000000000..84bc70f04bd --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.routes.yaml @@ -0,0 +1,19 @@ +- ignorePortInHostMatching: true + name: first-listener + virtualHosts: + - domains: + - gateway.envoyproxy.io + name: first-listener/gateway_envoyproxy_io + routes: + - match: + headers: + - name: :authority + stringMatch: + exact: gateway.envoyproxy.io + pathSeparatedPrefix: /origin + name: rewrite-route + route: + cluster: rewrite-route-dest + prefixRewrite: /rewrite + upgradeConfigs: + - upgradeType: websocket diff --git a/site/go.mod b/site/go.mod index 29d91dd00e8..c6b0df811f3 100644 --- a/site/go.mod +++ b/site/go.mod @@ -1,6 +1,6 @@ module github.com/google/docsy-example -go 1.22.5 +go 1.22.7 require ( github.com/FortAwesome/Font-Awesome v0.0.0-20240402185447-c0f460dca7f7 // indirect diff --git a/test/e2e/testdata/multi-referencegrants-same-namespace-services.yaml b/test/e2e/testdata/multi-referencegrants-same-namespace-services.yaml new file mode 100644 index 00000000000..948503bea3d --- /dev/null +++ b/test/e2e/testdata/multi-referencegrants-same-namespace-services.yaml @@ -0,0 +1,148 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: multireferencegrants-ns +--- +apiVersion: v1 +kind: Service +metadata: + name: app-backend-v1 + namespace: multireferencegrants-ns +spec: + selector: + app: app-backend-v1 + ports: + - protocol: TCP + port: 8080 + targetPort: 3000 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: app-backend-v1 + namespace: multireferencegrants-ns + labels: + app: app-backend-v1 +spec: + replicas: 1 + selector: + matchLabels: + app: app-backend-v1 + template: + metadata: + labels: + app: app-backend-v1 + spec: + containers: + - name: app-backend-v1 + image: gcr.io/k8s-staging-gateway-api/echo-basic:v20231214-v1.0.0-140-gf544a46e + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SERVICE_NAME + value: app-backend-v1 + resources: + requests: + cpu: 10m +--- +apiVersion: v1 +kind: Service +metadata: + name: app-backend-v2 + namespace: multireferencegrants-ns +spec: + selector: + app: app-backend-v2 + ports: + - protocol: TCP + port: 8080 + targetPort: 3000 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: app-backend-v2 + namespace: multireferencegrants-ns + labels: + app: app-backend-v2 +spec: + replicas: 1 + selector: + matchLabels: + app: app-backend-v2 + template: + metadata: + labels: + app: app-backend-v2 + spec: + containers: + - name: app-backend-v2 + image: gcr.io/k8s-staging-gateway-api/echo-basic:v20231214-v1.0.0-140-gf544a46e + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SERVICE_NAME + value: app-backend-v2 + resources: + requests: + cpu: 10m +--- +apiVersion: v1 +kind: Service +metadata: + name: app-backend-v3 + namespace: multireferencegrants-ns +spec: + selector: + app: app-backend-v3 + ports: + - protocol: TCP + port: 8080 + targetPort: 3000 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: app-backend-v3 + namespace: multireferencegrants-ns + labels: + app: app-backend-v3 +spec: + replicas: 1 + selector: + matchLabels: + app: app-backend-v3 + template: + metadata: + labels: + app: app-backend-v3 + spec: + containers: + - name: app-backend-v3 + image: gcr.io/k8s-staging-gateway-api/echo-basic:v20231214-v1.0.0-140-gf544a46e + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SERVICE_NAME + value: app-backend-v3 + resources: + requests: + cpu: 10m diff --git a/test/e2e/testdata/multi-referencegrants-same-namespace.yaml b/test/e2e/testdata/multi-referencegrants-same-namespace.yaml new file mode 100644 index 00000000000..f9940185e5c --- /dev/null +++ b/test/e2e/testdata/multi-referencegrants-same-namespace.yaml @@ -0,0 +1,92 @@ +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: HTTPRoute +metadata: + name: multi-referencegrant-same-namespace + namespace: gateway-conformance-infra +spec: + hostnames: + - multireferencegrant.local + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: same-namespace + namespace: gateway-conformance-infra + rules: + - backendRefs: + - group: "" + kind: Service + name: app-backend-v3 + namespace: multireferencegrants-ns + port: 8080 + weight: 1 + matches: + - path: + type: PathPrefix + value: /v3/echo + - backendRefs: + - group: "" + kind: Service + name: app-backend-v2 + namespace: multireferencegrants-ns + port: 8080 + weight: 1 + matches: + - path: + type: PathPrefix + value: /v2/echo + - backendRefs: + - group: "" + kind: Service + name: app-backend-v1 + namespace: multireferencegrants-ns + port: 8080 + weight: 1 + matches: + - path: + type: PathPrefix + value: /v1/echo +--- +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: ReferenceGrant +metadata: + name: app-backend-v1-rg + namespace: multireferencegrants-ns +spec: + from: + - group: gateway.networking.k8s.io + kind: HTTPRoute + namespace: gateway-conformance-infra + to: + - group: "" + kind: Service + name: app-backend-v1 +--- +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: ReferenceGrant +metadata: + name: app-backend-v2-rg + namespace: multireferencegrants-ns +spec: + from: + - group: gateway.networking.k8s.io + kind: HTTPRoute + namespace: gateway-conformance-infra + to: + - group: "" + kind: Service + name: app-backend-v2 +--- +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: ReferenceGrant +metadata: + name: app-backend-v3-rg + namespace: multireferencegrants-ns +spec: + from: + - group: gateway.networking.k8s.io + kind: HTTPRoute + namespace: gateway-conformance-infra + to: + - group: "" + kind: Service + name: app-backend-v3 diff --git a/test/e2e/tests/referencegrants.go b/test/e2e/tests/referencegrants.go new file mode 100644 index 00000000000..903e64598bc --- /dev/null +++ b/test/e2e/tests/referencegrants.go @@ -0,0 +1,79 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +//go:build e2e +// +build e2e + +package tests + +import ( + "testing" + + "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/gateway-api/conformance/utils/http" + "sigs.k8s.io/gateway-api/conformance/utils/kubernetes" + "sigs.k8s.io/gateway-api/conformance/utils/suite" +) + +func init() { + ConformanceTests = append(ConformanceTests, MultiReferenceGrantsSameNamespaceTest) +} + +var MultiReferenceGrantsSameNamespaceTest = suite.ConformanceTest{ + ShortName: "MultiReferenceGrantsSameNamespace", + Description: "Test for multiple reference grants in the same namespace", + Manifests: []string{"testdata/multi-referencegrants-same-namespace-services.yaml", "testdata/multi-referencegrants-same-namespace.yaml"}, + Test: func(t *testing.T, suite *suite.ConformanceTestSuite) { + resourceNS := "gateway-conformance-infra" + routeNN := types.NamespacedName{Name: "multi-referencegrant-same-namespace", Namespace: resourceNS} + gwNN := types.NamespacedName{Name: "same-namespace", Namespace: resourceNS} + gwAddr := kubernetes.GatewayAndHTTPRoutesMustBeAccepted(t, suite.Client, suite.TimeoutConfig, suite.ControllerName, kubernetes.NewGatewayRef(gwNN), routeNN) + + targetHost := "multireferencegrant.local" + targetNS := "multireferencegrants-ns" + testcases := []http.ExpectedResponse{ + { + Request: http.Request{ + Host: targetHost, + Path: "/v1/echo", + }, + Response: http.Response{ + StatusCode: 200, + }, + Backend: "app-backend-v1", + Namespace: targetNS, + }, + { + Request: http.Request{ + Host: targetHost, + Path: "/v2/echo", + }, + Response: http.Response{ + StatusCode: 200, + }, + Backend: "app-backend-v2", + Namespace: targetNS, + }, + { + Request: http.Request{ + Host: targetHost, + Path: "/v3/echo", + }, + Response: http.Response{ + StatusCode: 200, + }, + Backend: "app-backend-v3", + Namespace: targetNS, + }, + } + + for i, tc := range testcases { + t.Run(tc.GetTestCaseName(i), func(t *testing.T) { + t.Parallel() + http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr, tc) + }) + } + }, +} diff --git a/tools/src/buf/go.mod b/tools/src/buf/go.mod index d2d02735a03..a97763b29b0 100644 --- a/tools/src/buf/go.mod +++ b/tools/src/buf/go.mod @@ -1,6 +1,6 @@ module local -go 1.22.5 +go 1.22.7 require github.com/bufbuild/buf v1.34.0 diff --git a/tools/src/controller-gen/go.mod b/tools/src/controller-gen/go.mod index 3b5da982d27..e1eab3409bc 100644 --- a/tools/src/controller-gen/go.mod +++ b/tools/src/controller-gen/go.mod @@ -1,6 +1,6 @@ module local -go 1.22.5 +go 1.22.7 require sigs.k8s.io/controller-tools v0.15.0 diff --git a/tools/src/crd-ref-docs/go.mod b/tools/src/crd-ref-docs/go.mod index e6ce178a997..c3f94ef1ede 100644 --- a/tools/src/crd-ref-docs/go.mod +++ b/tools/src/crd-ref-docs/go.mod @@ -1,6 +1,6 @@ module local -go 1.22.5 +go 1.22.7 require github.com/elastic/crd-ref-docs v0.0.13-0.20240413123740-ea9fcaa0230f diff --git a/tools/src/gci/go.mod b/tools/src/gci/go.mod index dfb21a706d3..7d4fd7ca6d3 100644 --- a/tools/src/gci/go.mod +++ b/tools/src/gci/go.mod @@ -1,6 +1,6 @@ module local -go 1.22.5 +go 1.22.7 require github.com/daixiang0/gci v0.13.4 diff --git a/tools/src/golangci-lint/go.mod b/tools/src/golangci-lint/go.mod index 9442b7aa814..4b92c196c43 100644 --- a/tools/src/golangci-lint/go.mod +++ b/tools/src/golangci-lint/go.mod @@ -1,6 +1,6 @@ module local -go 1.22.5 +go 1.22.7 require github.com/golangci/golangci-lint v1.59.1 diff --git a/tools/src/helm-docs/go.mod b/tools/src/helm-docs/go.mod index f90603ca8cb..84484217b90 100644 --- a/tools/src/helm-docs/go.mod +++ b/tools/src/helm-docs/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway/tools/src/helm-docs -go 1.22.5 +go 1.22.7 require github.com/norwoodj/helm-docs v1.14.2 diff --git a/tools/src/jb/go.mod b/tools/src/jb/go.mod index f781b6f98f7..4b500d8ac15 100644 --- a/tools/src/jb/go.mod +++ b/tools/src/jb/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway/tools/src/jb -go 1.22.5 +go 1.22.7 require github.com/jsonnet-bundler/jsonnet-bundler v0.5.1 diff --git a/tools/src/jsonnet/go.mod b/tools/src/jsonnet/go.mod index 2abb020097d..27537f28221 100644 --- a/tools/src/jsonnet/go.mod +++ b/tools/src/jsonnet/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway/tools/src/jsonnet -go 1.22.5 +go 1.22.7 require github.com/google/go-jsonnet v0.20.0 diff --git a/tools/src/kind/go.mod b/tools/src/kind/go.mod index ee24990f491..91c367c5987 100644 --- a/tools/src/kind/go.mod +++ b/tools/src/kind/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway/tools/src/kind -go 1.22.5 +go 1.22.7 require sigs.k8s.io/kind v0.23.0 diff --git a/tools/src/protoc-gen-go-grpc/go.mod b/tools/src/protoc-gen-go-grpc/go.mod index f55603269c3..1e73e1c5269 100644 --- a/tools/src/protoc-gen-go-grpc/go.mod +++ b/tools/src/protoc-gen-go-grpc/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway/tools/src/protoc-gen-go-grpc -go 1.22.5 +go 1.22.7 require google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.3.0 diff --git a/tools/src/protoc-gen-go/go.mod b/tools/src/protoc-gen-go/go.mod index 8f65aeda683..e24ee052913 100644 --- a/tools/src/protoc-gen-go/go.mod +++ b/tools/src/protoc-gen-go/go.mod @@ -1,5 +1,5 @@ module github.com/envoyproxy/gateway/tools/src/protoc-gen-go -go 1.22.5 +go 1.22.7 require google.golang.org/protobuf v1.33.0 diff --git a/tools/src/setup-envtest/go.mod b/tools/src/setup-envtest/go.mod index cef388c9cfd..53668dc72b2 100644 --- a/tools/src/setup-envtest/go.mod +++ b/tools/src/setup-envtest/go.mod @@ -1,6 +1,6 @@ module local -go 1.22.5 +go 1.22.7 require sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20240423173400-ed81fa696dea