Merge branch 'main' into dev-fix-warning-message

Signed-off-by: tmsnan <zhaonan06@corp.netease.com>

OWNERS

@@ -20,5 +20,8 @@ reviewers:
 - chauhanshubham
 - kflynn
 - LanceEa
-- qicz
 - zhaohuabing
+- tmsnan
+- tanujd11
+- cnvergence
+- shawnh2

api/v1alpha1/backendtrafficpolicy_types.go

@@ -48,7 +48,13 @@ type BackendTrafficPolicySpec struct {
 
 	// RateLimit allows the user to limit the number of incoming requests
 	// to a predefined value based on attributes within the traffic flow.
+	// +optional
 	RateLimit *RateLimitFilterSpec `json:"rateLimit,omitempty"`
+
+	// LoadBalancer policy to apply when routing traffic from the gateway to
+	// the backend endpoints
+	// +optional
+	LoadBalancer *LoadBalancer `json:"loadBalancer,omitempty"`
 }
 
 // BackendTrafficPolicyStatus defines the state of BackendTrafficPolicy

api/v1alpha1/envoygateway_helpers.go

@@ -92,13 +92,12 @@ func DefaultEnvoyGatewayLogging() *EnvoyGatewayLogging {
 	}
 }
 
-// GetEnvoyGatewayAdmin returns the EnvoyGatewayAdmin of EnvoyGateway or a default EnvoyGatewayAdmin if unspecified.
+// GetEnvoyGatewayTelemetry returns the EnvoyGatewayTelemetry of EnvoyGateway or a default EnvoyGatewayTelemetry if unspecified.
 func (e *EnvoyGateway) GetEnvoyGatewayTelemetry() *EnvoyGatewayTelemetry {
 	if e.Telemetry != nil {
 		if e.Telemetry.Metrics.Prometheus == nil {
 			e.Telemetry.Metrics.Prometheus = DefaultEnvoyGatewayPrometheus()
 		}
-
 		if e.Telemetry.Metrics == nil {
 			e.Telemetry.Metrics = DefaultEnvoyGatewayMetrics()
 		}
@@ -109,8 +108,8 @@ func (e *EnvoyGateway) GetEnvoyGatewayTelemetry() *EnvoyGatewayTelemetry {
 	return e.Telemetry
 }
 
-// IfDisablePrometheus returns if disable prometheus.
-func (e *EnvoyGateway) IfDisablePrometheus() bool {
+// DisablePrometheus returns if disable prometheus.
+func (e *EnvoyGateway) DisablePrometheus() bool {
 	return e.GetEnvoyGatewayTelemetry().Metrics.Prometheus.Disable
 }
 

api/v1alpha1/envoyproxy_metric_types.go

@@ -60,7 +60,7 @@ type ProxyPrometheusProvider struct {
 }
 
 // Match defines the stats match configuration.
-type Match struct {
+type Match struct { // TODO: zhaohuabing this type should be renamed to StatsMatch
 	// MatcherType defines the stats matcher type
 	//
 	// +kubebuilder:validation:Enum=RegularExpression;Prefix;Suffix
@@ -70,7 +70,7 @@ type Match struct {
 
 type MatcherType string
 
-const (
+const ( // TODO: zhaohuabing the const types should be prefixed with StatsMatch
 	Prefix            MatcherType = "Prefix"
 	RegularExpression MatcherType = "RegularExpression"
 	Suffix            MatcherType = "Suffix"

api/v1alpha1/loadbalancer_types.go

@@ -0,0 +1,55 @@
+// Copyright Envoy Gateway Authors
+// SPDX-License-Identifier: Apache-2.0
+// The full text of the Apache license is available in the LICENSE file at
+// the root of the repo.
+
+package v1alpha1
+
+// LoadBalancer defines the load balancer policy to be applied.
+// +union
+type LoadBalancer struct {
+	// Type decides the type of Load Balancer policy.
+	// Valid RateLimitType values are
+	// "ConsistentHash",
+	// "LeastRequest",
+	// "Random",
+	// "RoundRobin",
+	//
+	// +unionDiscriminator
+	Type LoadBalancerType `json:"type"`
+	// ConsistentHash defines the configuration when the load balancer type is
+	// set to ConsistentHash
+	//
+	// +optional
+	ConsistentHash *ConsistentHash `json:"consistentHash,omitempty"`
+}
+
+// LoadBalancerType specifies the types of LoadBalancer.
+// +kubebuilder:validation:Enum=ConsistentHash;LeastRequest;Random;RoundRobin
+type LoadBalancerType string
+
+const (
+	// ConsistentHashLoadBalancerType load balancer policy.
+	ConsistentHashLoadBalancerType LoadBalancerType = "ConsistentHash"
+	// LeastRequestLoadBalancerType load balancer policy.
+	LeastRequestLoadBalancerType LoadBalancerType = "LeastRequest"
+	// RandomLoadBalancerType load balancer policy.
+	RandomLoadBalancerType LoadBalancerType = "Random"
+	// RoundRobinLoadBalancerType load balancer policy.
+	RoundRobinLoadBalancerType LoadBalancerType = "RoundRobin"
+)
+
+// ConsistentHash defines the configuration related to the consistent hash
+// load balancer policy
+type ConsistentHash struct {
+	Type ConsistentHashType `json:"type"`
+}
+
+// ConsistentHashType defines the type of input to hash on.
+// +kubebuilder:validation:Enum=SourceIP
+type ConsistentHashType string
+
+const (
+	// SourceIPConsistentHashType hashes based on the source IP address.
+	SourceIPConsistentHashType ConsistentHashType = "SourceIP"
+)

api/v1alpha1/ratelimitfilter_types.go

@@ -130,7 +130,7 @@ type SourceMatch struct {
 }
 
 // HeaderMatch defines the match attributes within the HTTP Headers of the request.
-type HeaderMatch struct {
+type HeaderMatch struct { // TODO: zhaohuabing this type could be replaced with a general purpose StringMatch type.
 	// Type specifies how to match against the value of the header.
 	//
 	// +optional

api/v1alpha1/securitypolicy_types.go

@@ -41,8 +41,67 @@ type SecurityPolicySpec struct {
 	// for this Policy to have effect and be applied to the Gateway.
 	// TargetRef
 	TargetRef gwapiv1a2.PolicyTargetReferenceWithSectionName `json:"targetRef"`
+
+	// CORS defines the configuration for Cross-Origin Resource Sharing (CORS).
+	CORS *CORS `json:"cors,omitempty"`
+}
+
+// CORS defines the configuration for Cross-Origin Resource Sharing (CORS).
+type CORS struct {
+	// AllowOrigins defines the origins that are allowed to make requests.
+	// +kubebuilder:validation:MinItems=1
+	AllowOrigins []StringMatch `json:"allowOrigins,omitempty" yaml:"allowOrigins,omitempty"`
+	// AllowMethods defines the methods that are allowed to make requests.
+	// +kubebuilder:validation:MinItems=1
+	AllowMethods []string `json:"allowMethods,omitempty" yaml:"allowMethods,omitempty"`
+	// AllowHeaders defines the headers that are allowed to be sent with requests.
+	AllowHeaders []string `json:"allowHeaders,omitempty" yaml:"allowHeaders,omitempty"`
+	// ExposeHeaders defines the headers that can be exposed in the responses.
+	ExposeHeaders []string `json:"exposeHeaders,omitempty" yaml:"exposeHeaders,omitempty"`
+	// MaxAge defines how long the results of a preflight request can be cached.
+	MaxAge *metav1.Duration `json:"maxAge,omitempty" yaml:"maxAge,omitempty"`
+}
+
+// StringMatch defines how to match any strings.
+// This is a general purpose match condition that can be used by other EG APIs
+// that need to match against a string.
+type StringMatch struct {
+	// Type specifies how to match against a string.
+	//
+	// +optional
+	// +kubebuilder:default=Exact
+	Type *MatchType `json:"type,omitempty"`
+
+	// Value specifies the string value that the match must have.
+	//
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=1024
+	Value string `json:"value"`
 }
 
+// MatchType specifies the semantics of how a string value should be compared.
+// Valid MatchType values are "Exact", "Prefix", "Suffix", "RegularExpression".
+//
+// +kubebuilder:validation:Enum=Exact;Prefix;Suffix;RegularExpression
+type MatchType string
+
+const (
+	// MatchExact :the input string must match exactly the match value.
+	MatchExact MatchType = "Exact"
+
+	// MatchPrefix :the input string must start with the match value.
+	MatchPrefix MatchType = "Prefix"
+
+	// MatchSuffix :the input string must end with the match value.
+	MatchSuffix MatchType = "Suffix"
+
+	// MatchRegularExpression :The input string must match the regular expression
+	// specified in the match value.
+	// The regex string must adhere to the syntax documented in
+	// https://github.com/google/re2/wiki/Syntax.
+	MatchRegularExpression MatchType = "RegularExpression"
+)
+
 // SecurityPolicyStatus defines the state of SecurityPolicy
 type SecurityPolicyStatus struct {
 	// Conditions describe the current conditions of the SecurityPolicy.

api/v1alpha1/shared_types.go

@@ -21,6 +21,10 @@ const (
 	DefaultEnvoyProxyImage = "envoyproxy/envoy-dev:latest"
 	// DefaultRateLimitImage is the default image used by ratelimit.
 	DefaultRateLimitImage = "envoyproxy/ratelimit:master"
+	// HTTPProtocol is the common-used http protocol.
+	HTTPProtocol = "http"
+	// GRPCProtocol is the common-used grpc protocol.
+	GRPCProtocol = "grpc"
 )
 
 // GroupVersionKind unambiguously identifies a Kind.