From e83e076119fd426cb82dac4f52b9b7abc80f2d21 Mon Sep 17 00:00:00 2001 From: Xunzhuo Date: Wed, 25 Oct 2023 14:28:31 +0800 Subject: [PATCH 01/11] helm: update quickstart ref (#2061) Signed-off-by: bitliu --- charts/gateway-helm/templates/NOTES.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gateway-helm/templates/NOTES.txt b/charts/gateway-helm/templates/NOTES.txt index 6a4e80c77301..e002d40d699c 100644 --- a/charts/gateway-helm/templates/NOTES.txt +++ b/charts/gateway-helm/templates/NOTES.txt @@ -15,6 +15,6 @@ To learn more about the release, try: $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} -To have a quickstart of Envoy Gateway, please refer to https://gateway.envoyproxy.io/latest/user/quickstart.html. +To have a quickstart of Envoy Gateway, please refer to https://gateway.envoyproxy.io/latest/user/quickstart. To get more details, please visit https://gateway.envoyproxy.io and https://github.com/envoyproxy/gateway. From 4fa3d77108a33ee779553bf6c692978b6e2b6fe8 Mon Sep 17 00:00:00 2001 From: Huabing Zhao Date: Thu, 26 Oct 2023 07:41:10 +0800 Subject: [PATCH 02/11] feat: add CORS to SecurityPolicy (#2065) * Add CORS to SecurityPolicy Signed-off-by: huabing zhao * follow golang name convention: change Cors to CORS Signed-off-by: huabing zhao * add TODO to refactor string match types Signed-off-by: huabing zhao * fix test Signed-off-by: huabing zhao * fix test Signed-off-by: huabing zhao * address comment Signed-off-by: huabing zhao * address comment Signed-off-by: huabing zhao * fix test Signed-off-by: huabing zhao * set min length for AllowOrigins and AllowMethods Signed-off-by: huabing zhao * fix test Signed-off-by: huabing zhao * fix generate Signed-off-by: huabing zhao --------- Signed-off-by: huabing zhao --- api/v1alpha1/envoyproxy_metric_types.go | 4 +- api/v1alpha1/ratelimitfilter_types.go | 2 +- api/v1alpha1/securitypolicy_types.go | 59 +++ api/v1alpha1/zz_generated.deepcopy.go | 67 ++++ ...ateway.envoyproxy.io_securitypolicies.yaml | 56 +++ internal/gatewayapi/securitypolicy.go | 121 ++++-- .../testdata/securitypolicy-with-cors.in.yaml | 119 ++++++ .../securitypolicy-with-cors.out.yaml | 345 ++++++++++++++++++ internal/gatewayapi/translator.go | 2 +- internal/ir/xds.go | 8 +- internal/ir/zz_generated.deepcopy.go | 54 +-- internal/status/securitypolicy.go | 12 + internal/xds/translator/cors.go | 34 +- internal/xds/translator/httpfilters.go | 4 +- .../translator/testdata/in/xds-ir/cors.yaml | 1 - site/content/en/latest/api/extension_types.md | 45 +++ 16 files changed, 857 insertions(+), 76 deletions(-) create mode 100644 internal/gatewayapi/testdata/securitypolicy-with-cors.in.yaml create mode 100755 internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml diff --git a/api/v1alpha1/envoyproxy_metric_types.go b/api/v1alpha1/envoyproxy_metric_types.go index 170a1686b004..6cf486ac4b60 100644 --- a/api/v1alpha1/envoyproxy_metric_types.go +++ b/api/v1alpha1/envoyproxy_metric_types.go @@ -60,7 +60,7 @@ type ProxyPrometheusProvider struct { } // Match defines the stats match configuration. -type Match struct { +type Match struct { // TODO: zhaohuabing this type should be renamed to StatsMatch // MatcherType defines the stats matcher type // // +kubebuilder:validation:Enum=RegularExpression;Prefix;Suffix @@ -70,7 +70,7 @@ type Match struct { type MatcherType string -const ( +const ( // TODO: zhaohuabing the const types should be prefixed with StatsMatch Prefix MatcherType = "Prefix" RegularExpression MatcherType = "RegularExpression" Suffix MatcherType = "Suffix" diff --git a/api/v1alpha1/ratelimitfilter_types.go b/api/v1alpha1/ratelimitfilter_types.go index 44a24ef935ec..5ee825d3b3c1 100644 --- a/api/v1alpha1/ratelimitfilter_types.go +++ b/api/v1alpha1/ratelimitfilter_types.go @@ -130,7 +130,7 @@ type SourceMatch struct { } // HeaderMatch defines the match attributes within the HTTP Headers of the request. -type HeaderMatch struct { +type HeaderMatch struct { // TODO: zhaohuabing this type could be replaced with a general purpose StringMatch type. // Type specifies how to match against the value of the header. // // +optional diff --git a/api/v1alpha1/securitypolicy_types.go b/api/v1alpha1/securitypolicy_types.go index f53d237323ad..05117a772787 100644 --- a/api/v1alpha1/securitypolicy_types.go +++ b/api/v1alpha1/securitypolicy_types.go @@ -41,8 +41,67 @@ type SecurityPolicySpec struct { // for this Policy to have effect and be applied to the Gateway. // TargetRef TargetRef gwapiv1a2.PolicyTargetReferenceWithSectionName `json:"targetRef"` + + // CORS defines the configuration for Cross-Origin Resource Sharing (CORS). + CORS *CORS `json:"cors,omitempty"` +} + +// CORS defines the configuration for Cross-Origin Resource Sharing (CORS). +type CORS struct { + // AllowOrigins defines the origins that are allowed to make requests. + // +kubebuilder:validation:MinItems=1 + AllowOrigins []StringMatch `json:"allowOrigins,omitempty" yaml:"allowOrigins,omitempty"` + // AllowMethods defines the methods that are allowed to make requests. + // +kubebuilder:validation:MinItems=1 + AllowMethods []string `json:"allowMethods,omitempty" yaml:"allowMethods,omitempty"` + // AllowHeaders defines the headers that are allowed to be sent with requests. + AllowHeaders []string `json:"allowHeaders,omitempty" yaml:"allowHeaders,omitempty"` + // ExposeHeaders defines the headers that can be exposed in the responses. + ExposeHeaders []string `json:"exposeHeaders,omitempty" yaml:"exposeHeaders,omitempty"` + // MaxAge defines how long the results of a preflight request can be cached. + MaxAge *metav1.Duration `json:"maxAge,omitempty" yaml:"maxAge,omitempty"` +} + +// StringMatch defines how to match any strings. +// This is a general purpose match condition that can be used by other EG APIs +// that need to match against a string. +type StringMatch struct { + // Type specifies how to match against a string. + // + // +optional + // +kubebuilder:default=Exact + Type *MatchType `json:"type,omitempty"` + + // Value specifies the string value that the match must have. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1024 + Value string `json:"value"` } +// MatchType specifies the semantics of how a string value should be compared. +// Valid MatchType values are "Exact", "Prefix", "Suffix", "RegularExpression". +// +// +kubebuilder:validation:Enum=Exact;Prefix;Suffix;RegularExpression +type MatchType string + +const ( + // MatchExact :the input string must match exactly the match value. + MatchExact MatchType = "Exact" + + // MatchPrefix :the input string must start with the match value. + MatchPrefix MatchType = "Prefix" + + // MatchSuffix :the input string must end with the match value. + MatchSuffix MatchType = "Suffix" + + // MatchRegularExpression :The input string must match the regular expression + // specified in the match value. + // The regex string must adhere to the syntax documented in + // https://github.com/google/re2/wiki/Syntax. + MatchRegularExpression MatchType = "RegularExpression" +) + // SecurityPolicyStatus defines the state of SecurityPolicy type SecurityPolicyStatus struct { // Conditions describe the current conditions of the SecurityPolicy. diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 78a560cbfcb6..3fb30ec60061 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -199,6 +199,48 @@ func (in *BackendTrafficPolicyStatus) DeepCopy() *BackendTrafficPolicyStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CORS) DeepCopyInto(out *CORS) { + *out = *in + if in.AllowOrigins != nil { + in, out := &in.AllowOrigins, &out.AllowOrigins + *out = make([]StringMatch, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.AllowMethods != nil { + in, out := &in.AllowMethods, &out.AllowMethods + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.AllowHeaders != nil { + in, out := &in.AllowHeaders, &out.AllowHeaders + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.ExposeHeaders != nil { + in, out := &in.ExposeHeaders, &out.ExposeHeaders + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.MaxAge != nil { + in, out := &in.MaxAge, &out.MaxAge + *out = new(v1.Duration) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CORS. +func (in *CORS) DeepCopy() *CORS { + if in == nil { + return nil + } + out := new(CORS) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClaimToHeader) DeepCopyInto(out *ClaimToHeader) { *out = *in @@ -2136,6 +2178,11 @@ func (in *SecurityPolicyList) DeepCopyObject() runtime.Object { func (in *SecurityPolicySpec) DeepCopyInto(out *SecurityPolicySpec) { *out = *in in.TargetRef.DeepCopyInto(&out.TargetRef) + if in.CORS != nil { + in, out := &in.CORS, &out.CORS + *out = new(CORS) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityPolicySpec. @@ -2190,6 +2237,26 @@ func (in *SourceMatch) DeepCopy() *SourceMatch { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StringMatch) DeepCopyInto(out *StringMatch) { + *out = *in + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(MatchType) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StringMatch. +func (in *StringMatch) DeepCopy() *StringMatch { + if in == nil { + return nil + } + out := new(StringMatch) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TCPKeepalive) DeepCopyInto(out *TCPKeepalive) { *out = *in diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml index 5e1418bf4ae0..e3bf0d73926a 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml @@ -42,6 +42,62 @@ spec: spec: description: Spec defines the desired state of SecurityPolicy. properties: + cors: + description: CORS defines the configuration for Cross-Origin Resource + Sharing (CORS). + properties: + allowHeaders: + description: AllowHeaders defines the headers that are allowed + to be sent with requests. + items: + type: string + type: array + allowMethods: + description: AllowMethods defines the methods that are allowed + to make requests. + items: + type: string + minItems: 1 + type: array + allowOrigins: + description: AllowOrigins defines the origins that are allowed + to make requests. + items: + description: StringMatch defines how to match any strings. This + is a general purpose match condition that can be used by other + EG APIs that need to match against a string. + properties: + type: + default: Exact + description: Type specifies how to match against a string. + enum: + - Exact + - Prefix + - Suffix + - RegularExpression + type: string + value: + description: Value specifies the string value that the match + must have. + maxLength: 1024 + minLength: 1 + type: string + required: + - value + type: object + minItems: 1 + type: array + exposeHeaders: + description: ExposeHeaders defines the headers that can be exposed + in the responses. + items: + type: string + type: array + maxAge: + description: MaxAge defines how long the results of a preflight + request can be cached. + type: string + type: object targetRef: description: TargetRef is the name of the Gateway resource this policy is being attached to. This Policy and the TargetRef MUST be in the diff --git a/internal/gatewayapi/securitypolicy.go b/internal/gatewayapi/securitypolicy.go index 24ae703e6b3d..57df03abee41 100644 --- a/internal/gatewayapi/securitypolicy.go +++ b/internal/gatewayapi/securitypolicy.go @@ -8,6 +8,7 @@ package gatewayapi import ( "fmt" "sort" + "strings" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" @@ -15,11 +16,12 @@ import ( gwv1b1 "sigs.k8s.io/gateway-api/apis/v1beta1" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" + "github.com/envoyproxy/gateway/internal/ir" "github.com/envoyproxy/gateway/internal/status" "github.com/envoyproxy/gateway/internal/utils/ptr" ) -func ProcessSecurityPolicies(securityPolicies []*egv1a1.SecurityPolicy, +func (t *Translator) ProcessSecurityPolicies(securityPolicies []*egv1a1.SecurityPolicy, gateways []*GatewayContext, routes []RouteContext, xdsIR XdsIRMap) []*egv1a1.SecurityPolicy { @@ -66,39 +68,29 @@ func ProcessSecurityPolicies(securityPolicies []*egv1a1.SecurityPolicy, continue } - translateSecurityPolicy(policy, xdsIR) + t.translateSecurityPolicyForRoute(policy, route, xdsIR) - // Set Accepted=True - status.SetSecurityPolicyCondition(policy, - gwv1a2.PolicyConditionAccepted, - metav1.ConditionTrue, - gwv1a2.PolicyReasonAccepted, - "SecurityPolicy has been accepted.", - ) + message := "SecurityPolicy has been accepted." + status.SetSecurityPolicyAcceptedIfUnset(&policy.Status, message) } } - // Process the policies targeting Gateways with a section name + // Process the policies targeting Gateways for _, policy := range securityPolicies { if policy.Spec.TargetRef.Kind == KindGateway { policy := policy.DeepCopy() res = append(res, policy) // Negative statuses have already been assigned so its safe to skip - gatewayKey := resolveSecurityPolicyGatewayTargetRef(policy, gatewayMap) - if gatewayKey == nil { + gateway := resolveSecurityPolicyGatewayTargetRef(policy, gatewayMap) + if gateway == nil { continue } - translateSecurityPolicy(policy, xdsIR) + t.translateSecurityPolicyForGateway(policy, gateway, xdsIR) - // Set Accepted=True - status.SetSecurityPolicyCondition(policy, - gwv1a2.PolicyConditionAccepted, - metav1.ConditionTrue, - gwv1a2.PolicyReasonAccepted, - "SecurityPolicy has been accepted.", - ) + message := "SecurityPolicy has been accepted." + status.SetSecurityPolicyAcceptedIfUnset(&policy.Status, message) } } @@ -227,5 +219,92 @@ func resolveSecurityPolicyRouteTargetRef(policy *egv1a1.SecurityPolicy, routes m return route.RouteContext } -func translateSecurityPolicy(policy *egv1a1.SecurityPolicy, xdsIR XdsIRMap) { + +func (t *Translator) translateSecurityPolicyForRoute(policy *egv1a1.SecurityPolicy, route RouteContext, xdsIR XdsIRMap) { + // Build IR + var cors *ir.CORS + if policy.Spec.CORS != nil { + cors = t.buildCORS(policy) + } + + // Apply IR to all relevant routes + prefix := irRoutePrefix(route) + for _, ir := range xdsIR { + for _, http := range ir.HTTP { + for _, r := range http.Routes { + // Apply if there is a match + if strings.HasPrefix(r.Name, prefix) { + r.CORS = cors + } + } + } + + } +} + +func (t *Translator) translateSecurityPolicyForGateway(policy *egv1a1.SecurityPolicy, gateway *GatewayContext, xdsIR XdsIRMap) { + // Build IR + var cors *ir.CORS + if policy.Spec.CORS != nil { + cors = t.buildCORS(policy) + } + + // Apply IR to all the routes within the specific Gateway + // If the feature is already set, then skip it, since it must be have + // set by a policy attaching to the route + irKey := t.getIRKey(gateway.Gateway) + // Should exist since we've validated this + ir := xdsIR[irKey] + + for _, http := range ir.HTTP { + for _, r := range http.Routes { + // Apply if not already set + if r.CORS == nil { + r.CORS = cors + } + } + } + +} + +func (t *Translator) buildCORS(policy *egv1a1.SecurityPolicy) *ir.CORS { + var allowOrigins []*ir.StringMatch + + for _, origin := range policy.Spec.CORS.AllowOrigins { + origin := origin.DeepCopy() + + // matchType default to exact + matchType := egv1a1.MatchExact + if origin.Type != nil { + matchType = *origin.Type + } + + // TODO zhaohuabing: extract a utils function to build StringMatch + switch matchType { + case egv1a1.MatchExact: + allowOrigins = append(allowOrigins, &ir.StringMatch{ + Exact: &origin.Value, + }) + case egv1a1.MatchPrefix: + allowOrigins = append(allowOrigins, &ir.StringMatch{ + Prefix: &origin.Value, + }) + case egv1a1.MatchSuffix: + allowOrigins = append(allowOrigins, &ir.StringMatch{ + Suffix: &origin.Value, + }) + case egv1a1.MatchRegularExpression: + allowOrigins = append(allowOrigins, &ir.StringMatch{ + SafeRegex: &origin.Value, + }) + } + } + + return &ir.CORS{ + AllowOrigins: allowOrigins, + AllowMethods: policy.Spec.CORS.AllowMethods, + AllowHeaders: policy.Spec.CORS.AllowHeaders, + ExposeHeaders: policy.Spec.CORS.ExposeHeaders, + MaxAge: policy.Spec.CORS.MaxAge, + } } diff --git a/internal/gatewayapi/testdata/securitypolicy-with-cors.in.yaml b/internal/gatewayapi/testdata/securitypolicy-with-cors.in.yaml new file mode 100644 index 000000000000..fd6c99debd14 --- /dev/null +++ b/internal/gatewayapi/testdata/securitypolicy-with-cors.in.yaml @@ -0,0 +1,119 @@ +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + namespace: envoy-gateway + name: gateway-1 + spec: + gatewayClassName: envoy-gateway-class + listeners: + - name: http + protocol: HTTP + port: 80 + allowedRoutes: + namespaces: + from: All +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + namespace: envoy-gateway + name: gateway-2 + spec: + gatewayClassName: envoy-gateway-class + listeners: + - name: http + protocol: HTTP + port: 80 + allowedRoutes: + namespaces: + from: All +grpcRoutes: +- apiVersion: gateway.networking.k8s.io/v1alpha2 + kind: GRPCRoute + metadata: + namespace: default + name: grpcroute-1 + spec: + parentRefs: + - namespace: envoy-gateway + name: gateway-1 + sectionName: http + rules: + - backendRefs: + - name: service-1 + port: 8080 +httpRoutes: +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + namespace: default + name: httproute-1 + spec: + hostnames: + - gateway.envoyproxy.io + parentRefs: + - namespace: envoy-gateway + name: gateway-2 + sectionName: http + rules: + - matches: + - path: + value: "/" + backendRefs: + - name: service-1 + port: 8080 +securityPolicies: +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: SecurityPolicy + metadata: + namespace: envoy-gateway + name: policy-for-gateway + spec: + targetRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + cors: + allowOrigins: + - type: RegularExpression + value: "*.example.com" + - type: Exact + value: foo.bar.com + allowMethods: + - GET + - POST + allowHeaders: + - "x-header-1" + - "x-header-2" + exposeHeaders: + - "x-header-3" + - "x-header-4" + maxAge: 1000s +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: SecurityPolicy + metadata: + namespace: default + name: policy-for-route + spec: + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: httproute-1 + namespace: default + cors: + allowOrigins: + - type: Prefix + value: example + - type: Suffix + value: bar.org + allowMethods: + - GET + - POST + allowHeaders: + - "x-header-5" + - "x-header-6" + exposeHeaders: + - "x-header-7" + - "x-header-8" + maxAge: 2000s diff --git a/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml new file mode 100755 index 000000000000..89485439e63c --- /dev/null +++ b/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml @@ -0,0 +1,345 @@ +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + creationTimestamp: null + name: gateway-1 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + infrastructure: {} + listeners: + - allowedRoutes: + namespaces: + from: All + name: http + port: 80 + protocol: HTTP + status: + listeners: + - attachedRoutes: 1 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: http + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + creationTimestamp: null + name: gateway-2 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + infrastructure: {} + listeners: + - allowedRoutes: + namespaces: + from: All + name: http + port: 80 + protocol: HTTP + status: + listeners: + - attachedRoutes: 1 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: http + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute +grpcRoutes: +- apiVersion: gateway.networking.k8s.io/v1alpha2 + kind: GRPCRoute + metadata: + creationTimestamp: null + name: grpcroute-1 + namespace: default + spec: + parentRefs: + - name: gateway-1 + namespace: envoy-gateway + sectionName: http + rules: + - backendRefs: + - name: service-1 + port: 8080 + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Resolved all the Object references for the Route + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-1 + namespace: envoy-gateway + sectionName: http +httpRoutes: +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + creationTimestamp: null + name: httproute-1 + namespace: default + spec: + hostnames: + - gateway.envoyproxy.io + parentRefs: + - name: gateway-2 + namespace: envoy-gateway + sectionName: http + rules: + - backendRefs: + - name: service-1 + port: 8080 + matches: + - path: + value: / + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Resolved all the Object references for the Route + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-2 + namespace: envoy-gateway + sectionName: http +infraIR: + envoy-gateway/gateway-1: + proxy: + listeners: + - address: "" + ports: + - containerPort: 10080 + name: http + protocol: HTTP + servicePort: 80 + metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-1 + gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway + name: envoy-gateway/gateway-1 + envoy-gateway/gateway-2: + proxy: + listeners: + - address: "" + ports: + - containerPort: 10080 + name: http + protocol: HTTP + servicePort: 80 + metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-2 + gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway + name: envoy-gateway/gateway-2 +securityPolicies: +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: SecurityPolicy + metadata: + creationTimestamp: null + name: policy-for-route + namespace: default + spec: + cors: + allowHeaders: + - x-header-5 + - x-header-6 + allowMethods: + - GET + - POST + allowOrigins: + - type: Prefix + value: example + - type: Suffix + value: bar.org + exposeHeaders: + - x-header-7 + - x-header-8 + maxAge: 33m20s + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: httproute-1 + namespace: default + status: + conditions: + - lastTransitionTime: null + message: SecurityPolicy has been accepted. + reason: Accepted + status: "True" + type: Accepted +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: SecurityPolicy + metadata: + creationTimestamp: null + name: policy-for-gateway + namespace: envoy-gateway + spec: + cors: + allowHeaders: + - x-header-1 + - x-header-2 + allowMethods: + - GET + - POST + allowOrigins: + - type: RegularExpression + value: '*.example.com' + - type: Exact + value: foo.bar.com + exposeHeaders: + - x-header-3 + - x-header-4 + maxAge: 16m40s + targetRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + status: + conditions: + - lastTransitionTime: null + message: SecurityPolicy has been accepted. + reason: Accepted + status: "True" + type: Accepted +xdsIR: + envoy-gateway/gateway-1: + accessLog: + text: + - path: /dev/stdout + http: + - address: 0.0.0.0 + hostnames: + - '*' + isHTTP2: true + name: envoy-gateway/gateway-1/http + port: 10080 + routes: + - backendWeights: + invalid: 0 + valid: 0 + cors: + allowHeaders: + - x-header-1 + - x-header-2 + allowMethods: + - GET + - POST + allowOrigins: + - distinct: false + name: "" + safeRegex: '*.example.com' + - distinct: false + exact: foo.bar.com + name: "" + exposeHeaders: + - x-header-3 + - x-header-4 + maxAge: 16m40s + destination: + name: grpcroute/default/grpcroute-1/rule/0 + settings: + - endpoints: + - host: 7.7.7.7 + port: 8080 + weight: 1 + hostname: '*' + name: grpcroute/default/grpcroute-1/rule/0/match/-1/* + envoy-gateway/gateway-2: + accessLog: + text: + - path: /dev/stdout + http: + - address: 0.0.0.0 + hostnames: + - '*' + isHTTP2: false + name: envoy-gateway/gateway-2/http + port: 10080 + routes: + - backendWeights: + invalid: 0 + valid: 0 + cors: + allowHeaders: + - x-header-5 + - x-header-6 + allowMethods: + - GET + - POST + allowOrigins: + - distinct: false + name: "" + prefix: example + - distinct: false + name: "" + suffix: bar.org + exposeHeaders: + - x-header-7 + - x-header-8 + maxAge: 33m20s + destination: + name: httproute/default/httproute-1/rule/0 + settings: + - endpoints: + - host: 7.7.7.7 + port: 8080 + weight: 1 + hostname: gateway.envoyproxy.io + name: httproute/default/httproute-1/rule/0/match/0/gateway_envoyproxy_io + pathMatch: + distinct: false + name: "" + prefix: / diff --git a/internal/gatewayapi/translator.go b/internal/gatewayapi/translator.go index 04c4c1c93ce1..f5d6b54bc223 100644 --- a/internal/gatewayapi/translator.go +++ b/internal/gatewayapi/translator.go @@ -188,7 +188,7 @@ func (t *Translator) Translate(resources *Resources) *TranslateResult { backendTrafficPolicies := t.ProcessBackendTrafficPolicies( resources.BackendTrafficPolicies, gateways, routes, xdsIR) // Process SecurityPolicies - securityPolicies := ProcessSecurityPolicies( + securityPolicies := t.ProcessSecurityPolicies( resources.SecurityPolicies, gateways, routes, xdsIR) // Sort xdsIR based on the Gateway API spec diff --git a/internal/ir/xds.go b/internal/ir/xds.go index c4e6fe32d0b8..e7bf0415621e 100644 --- a/internal/ir/xds.go +++ b/internal/ir/xds.go @@ -279,8 +279,8 @@ type HTTPRoute struct { Timeout *metav1.Duration `json:"timeout,omitempty" yaml:"timeout,omitempty"` // load balancer policy to use when routing to the backend endpoints. LoadBalancer *LoadBalancer `json:"loadBalancer,omitempty" yaml:"loadBalancer,omitempty"` - // Cors policy for the route. - Cors *Cors `json:"cors,omitempty" yaml:"cors,omitempty"` + // CORS policy for the route. + CORS *CORS `json:"cors,omitempty" yaml:"cors,omitempty"` // ExtensionRefs holds unstructured resources that were introduced by an extension and used on the HTTPRoute as extensionRef filters ExtensionRefs []*UnstructuredRef `json:"extensionRefs,omitempty" yaml:"extensionRefs,omitempty"` } @@ -314,10 +314,10 @@ type JwtRequestAuthentication struct { Providers []egv1a1.JwtAuthenticationFilterProvider `json:"providers,omitempty" yaml:"providers,omitempty"` } -// Cors holds the Cross-Origin Resource Sharing (CORS) policy for the route. +// CORS holds the Cross-Origin Resource Sharing (CORS) policy for the route. // // +k8s:deepcopy-gen=true -type Cors struct { +type CORS struct { // AllowOrigins defines the origins that are allowed to make requests. AllowOrigins []*StringMatch `json:"allowOrigins,omitempty" yaml:"allowOrigins,omitempty"` // AllowMethods defines the methods that are allowed to make requests. diff --git a/internal/ir/zz_generated.deepcopy.go b/internal/ir/zz_generated.deepcopy.go index ef56202cafc6..02173a1ae7f6 100644 --- a/internal/ir/zz_generated.deepcopy.go +++ b/internal/ir/zz_generated.deepcopy.go @@ -78,27 +78,7 @@ func (in *AddHeader) DeepCopy() *AddHeader { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConsistentHash) DeepCopyInto(out *ConsistentHash) { - *out = *in - if in.SourceIP != nil { - in, out := &in.SourceIP, &out.SourceIP - *out = new(bool) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsistentHash. -func (in *ConsistentHash) DeepCopy() *ConsistentHash { - if in == nil { - return nil - } - out := new(ConsistentHash) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Cors) DeepCopyInto(out *Cors) { +func (in *CORS) DeepCopyInto(out *CORS) { *out = *in if in.AllowOrigins != nil { in, out := &in.AllowOrigins, &out.AllowOrigins @@ -133,12 +113,32 @@ func (in *Cors) DeepCopyInto(out *Cors) { } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Cors. -func (in *Cors) DeepCopy() *Cors { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CORS. +func (in *CORS) DeepCopy() *CORS { if in == nil { return nil } - out := new(Cors) + out := new(CORS) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsistentHash) DeepCopyInto(out *ConsistentHash) { + *out = *in + if in.SourceIP != nil { + in, out := &in.SourceIP, &out.SourceIP + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsistentHash. +func (in *ConsistentHash) DeepCopy() *ConsistentHash { + if in == nil { + return nil + } + out := new(ConsistentHash) in.DeepCopyInto(out) return out } @@ -456,9 +456,9 @@ func (in *HTTPRoute) DeepCopyInto(out *HTTPRoute) { *out = new(LoadBalancer) (*in).DeepCopyInto(*out) } - if in.Cors != nil { - in, out := &in.Cors, &out.Cors - *out = new(Cors) + if in.CORS != nil { + in, out := &in.CORS, &out.CORS + *out = new(CORS) (*in).DeepCopyInto(*out) } if in.ExtensionRefs != nil { diff --git a/internal/status/securitypolicy.go b/internal/status/securitypolicy.go index ee3cfebe53f6..c538a9723088 100644 --- a/internal/status/securitypolicy.go +++ b/internal/status/securitypolicy.go @@ -18,3 +18,15 @@ func SetSecurityPolicyCondition(c *egv1a1.SecurityPolicy, conditionType gwv1a2.P cond := newCondition(string(conditionType), status, string(reason), message, time.Now(), c.Generation) c.Status.Conditions = MergeConditions(c.Status.Conditions, cond) } + +func SetSecurityPolicyAcceptedIfUnset(s *egv1a1.SecurityPolicyStatus, message string) { + // Return early if Accepted condition is already set + for _, c := range s.Conditions { + if c.Type == string(gwv1a2.PolicyConditionAccepted) { + return + } + } + + cond := newCondition(string(gwv1a2.PolicyConditionAccepted), metav1.ConditionTrue, string(gwv1a2.PolicyReasonAccepted), message, time.Now(), 0) + s.Conditions = MergeConditions(s.Conditions, cond) +} diff --git a/internal/xds/translator/cors.go b/internal/xds/translator/cors.go index 775eeeb9ed5c..b070b7fb54a4 100644 --- a/internal/xds/translator/cors.go +++ b/internal/xds/translator/cors.go @@ -22,9 +22,9 @@ import ( "github.com/envoyproxy/gateway/internal/ir" ) -// patchHCMWithCorsFilter builds and appends the Cors Filter to the HTTP +// patchHCMWithCORSFilter builds and appends the CORS Filter to the HTTP // Connection Manager if applicable. -func patchHCMWithCorsFilter(mgr *hcmv3.HttpConnectionManager, irListener *ir.HTTPListener) error { +func patchHCMWithCORSFilter(mgr *hcmv3.HttpConnectionManager, irListener *ir.HTTPListener) error { if mgr == nil { return errors.New("hcm is nil") } @@ -33,7 +33,7 @@ func patchHCMWithCorsFilter(mgr *hcmv3.HttpConnectionManager, irListener *ir.HTT return errors.New("ir listener is nil") } - if !listenerContainsCors(irListener) { + if !listenerContainsCORS(irListener) { return nil } @@ -44,7 +44,7 @@ func patchHCMWithCorsFilter(mgr *hcmv3.HttpConnectionManager, irListener *ir.HTT } } - corsFilter, err := buildHCMCorsFilter() + corsFilter, err := buildHCMCORSFilter() if err != nil { return err } @@ -55,8 +55,8 @@ func patchHCMWithCorsFilter(mgr *hcmv3.HttpConnectionManager, irListener *ir.HTT return nil } -// buildHCMCorsFilter returns a Cors filter from the provided IR listener. -func buildHCMCorsFilter() (*hcmv3.HttpFilter, error) { +// buildHCMCORSFilter returns a CORS filter from the provided IR listener. +func buildHCMCORSFilter() (*hcmv3.HttpFilter, error) { corsProto := &corsv3.Cors{} corsAny, err := anypb.New(corsProto) @@ -72,15 +72,15 @@ func buildHCMCorsFilter() (*hcmv3.HttpFilter, error) { }, nil } -// listenerContainsCors returns true if the provided listener has Cors +// listenerContainsCORS returns true if the provided listener has CORS // policies attached to its routes. -func listenerContainsCors(irListener *ir.HTTPListener) bool { +func listenerContainsCORS(irListener *ir.HTTPListener) bool { if irListener == nil { return false } for _, route := range irListener.Routes { - if route.Cors != nil { + if route.CORS != nil { return true } } @@ -88,16 +88,16 @@ func listenerContainsCors(irListener *ir.HTTPListener) bool { return false } -// patchRouteWithCorsConfig patches the provided route with the Cors config if +// patchRouteWithCORSConfig patches the provided route with the CORS config if // applicable. -func patchRouteWithCorsConfig(route *routev3.Route, irRoute *ir.HTTPRoute) error { +func patchRouteWithCORSConfig(route *routev3.Route, irRoute *ir.HTTPRoute) error { if route == nil { return errors.New("xds route is nil") } if irRoute == nil { return errors.New("ir route is nil") } - if irRoute.Cors == nil { + if irRoute.CORS == nil { return nil } @@ -119,14 +119,14 @@ func patchRouteWithCorsConfig(route *routev3.Route, irRoute *ir.HTTPRoute) error //nolint:gocritic - for _, origin := range irRoute.Cors.AllowOrigins { + for _, origin := range irRoute.CORS.AllowOrigins { allowOrigins = append(allowOrigins, buildXdsStringMatcher(origin)) } - allowMethods = strings.Join(irRoute.Cors.AllowMethods, ", ") - allowHeaders = strings.Join(irRoute.Cors.AllowHeaders, ", ") - exposeHeaders = strings.Join(irRoute.Cors.ExposeHeaders, ", ") - maxAge = strconv.Itoa(int(irRoute.Cors.MaxAge.Seconds())) + allowMethods = strings.Join(irRoute.CORS.AllowMethods, ", ") + allowHeaders = strings.Join(irRoute.CORS.AllowHeaders, ", ") + exposeHeaders = strings.Join(irRoute.CORS.ExposeHeaders, ", ") + maxAge = strconv.Itoa(int(irRoute.CORS.MaxAge.Seconds())) routeCfgProto := &corsv3.CorsPolicy{ AllowOriginStringMatch: allowOrigins, diff --git a/internal/xds/translator/httpfilters.go b/internal/xds/translator/httpfilters.go index da5c5aca0456..cef974cec335 100644 --- a/internal/xds/translator/httpfilters.go +++ b/internal/xds/translator/httpfilters.go @@ -106,7 +106,7 @@ func (t *Translator) patchHCMWithFilters( } // Add the cors filter, if needed - if err := patchHCMWithCorsFilter(mgr, irListener); err != nil { + if err := patchHCMWithCORSFilter(mgr, irListener); err != nil { return err } @@ -135,7 +135,7 @@ func patchRouteWithFilters( } // Add the cors per route config to the route, if needed. - if err := patchRouteWithCorsConfig(route, irRoute); err != nil { + if err := patchRouteWithCORSConfig(route, irRoute); err != nil { return err } return nil diff --git a/internal/xds/translator/testdata/in/xds-ir/cors.yaml b/internal/xds/translator/testdata/in/xds-ir/cors.yaml index d7dc9f71f7a7..6887b75f9c31 100644 --- a/internal/xds/translator/testdata/in/xds-ir/cors.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/cors.yaml @@ -33,4 +33,3 @@ http: - "x-header-3" - "x-header-4" maxAge: 1000s - allowPrivateNetworkAccess: false diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index 3516609bf33c..ccc579e9da56 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -132,6 +132,24 @@ _Appears in:_ +#### CORS + + + +CORS defines the configuration for Cross-Origin Resource Sharing (CORS). + +_Appears in:_ +- [SecurityPolicySpec](#securitypolicyspec) + +| Field | Description | +| --- | --- | +| `allowOrigins` _[StringMatch](#stringmatch) array_ | AllowOrigins defines the origins that are allowed to make requests. | +| `allowMethods` _string array_ | AllowMethods defines the methods that are allowed to make requests. | +| `allowHeaders` _string array_ | AllowHeaders defines the headers that are allowed to be sent with requests. | +| `exposeHeaders` _string array_ | ExposeHeaders defines the headers that can be exposed in the responses. | +| `maxAge` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#duration-v1-meta)_ | MaxAge defines how long the results of a preflight request can be cached. | + + #### ClaimToHeader @@ -1033,6 +1051,17 @@ _Appears in:_ | `value` _string_ | | +#### MatchType + +_Underlying type:_ `string` + +MatchType specifies the semantics of how a string value should be compared. Valid MatchType values are "Exact", "Prefix", "Suffix", "RegularExpression". + +_Appears in:_ +- [StringMatch](#stringmatch) + + + #### MatcherType _Underlying type:_ `string` @@ -1557,6 +1586,7 @@ _Appears in:_ | Field | Description | | --- | --- | | `targetRef` _[PolicyTargetReferenceWithSectionName](#policytargetreferencewithsectionname)_ | TargetRef is the name of the Gateway resource this policy is being attached to. This Policy and the TargetRef MUST be in the same namespace for this Policy to have effect and be applied to the Gateway. TargetRef | +| `cors` _[CORS](#cors)_ | CORS defines the configuration for Cross-Origin Resource Sharing (CORS). | @@ -1583,6 +1613,21 @@ _Appears in:_ +#### StringMatch + + + +StringMatch defines how to match any strings. This is a general purpose match condition that can be used by other EG APIs that need to match against a string. + +_Appears in:_ +- [CORS](#cors) + +| Field | Description | +| --- | --- | +| `type` _[MatchType](#matchtype)_ | Type specifies how to match against a string. | +| `value` _string_ | Value specifies the string value that the match must have. | + + #### TCPKeepalive From 49e616363d17a24bd75738673e1324f4ee098922 Mon Sep 17 00:00:00 2001 From: Karol Szwaj Date: Thu, 26 Oct 2023 01:41:51 +0200 Subject: [PATCH 03/11] fix: Improve infra port name collisions (#2052) * fix: Improve infra port name collisions Signed-off-by: Karol Szwaj * simplify string generation Signed-off-by: Karol Szwaj * always hash container port name Signed-off-by: Karol Szwaj --------- Signed-off-by: Karol Szwaj --- .../kubernetes/proxy/resource.go | 7 +++--- .../kubernetes/proxy/resource_provider.go | 6 ++--- .../proxy/testdata/deployments/bootstrap.yaml | 4 ++-- .../testdata/deployments/component-level.yaml | 4 ++-- .../proxy/testdata/deployments/custom.yaml | 4 ++-- .../custom_with_initcontainers.yaml | 4 ++-- .../testdata/deployments/default-env.yaml | 4 ++-- .../proxy/testdata/deployments/default.yaml | 4 ++-- .../deployments/enable-prometheus.yaml | 4 ++-- .../testdata/deployments/extension-env.yaml | 4 ++-- .../proxy/testdata/deployments/volumes.yaml | 4 ++-- .../deployments/with-concurrency.yaml | 4 ++-- .../proxy/testdata/services/custom.yaml | 4 ++-- .../proxy/testdata/services/default.yaml | 4 ++-- internal/provider/utils/utils.go | 24 ++++--------------- 15 files changed, 34 insertions(+), 51 deletions(-) diff --git a/internal/infrastructure/kubernetes/proxy/resource.go b/internal/infrastructure/kubernetes/proxy/resource.go index a0e746dc833e..065d0dc28ba0 100644 --- a/internal/infrastructure/kubernetes/proxy/resource.go +++ b/internal/infrastructure/kubernetes/proxy/resource.go @@ -50,9 +50,9 @@ var ( `"private_key":{"filename":"%s"}}}]}`, XdsTLSCertFilename, XdsTLSKeyFilename) ) -// ExpectedResourceHashedName returns expected resource hashed name. +// ExpectedResourceHashedName returns expected resource hashed name including up to the 48 characters of the original name. func ExpectedResourceHashedName(name string) string { - hashedName := providerutils.GetHashedName(name) + hashedName := providerutils.GetHashedName(name, 48) return fmt.Sprintf("%s-%s", config.EnvoyPrefix, hashedName) } @@ -115,7 +115,8 @@ func expectedProxyContainers(infra *ir.ProxyInfra, return nil, fmt.Errorf("invalid protocol %q", p.Protocol) } port := corev1.ContainerPort{ - Name: providerutils.ExpectedContainerPortHashedName(p.Name), + // hashed container port name including up to the 6 characters of the port name and the maximum of 15 characters. + Name: providerutils.GetHashedName(p.Name, 6), ContainerPort: p.ContainerPort, Protocol: protocol, } diff --git a/internal/infrastructure/kubernetes/proxy/resource_provider.go b/internal/infrastructure/kubernetes/proxy/resource_provider.go index 50f5fda1698a..bc446f79f9e4 100644 --- a/internal/infrastructure/kubernetes/proxy/resource_provider.go +++ b/internal/infrastructure/kubernetes/proxy/resource_provider.go @@ -8,7 +8,6 @@ package proxy import ( "fmt" "strconv" - "strings" "golang.org/x/exp/maps" appsv1 "k8s.io/api/apps/v1" @@ -73,10 +72,9 @@ func (r *ResourceRender) Service() (*corev1.Service, error) { if port.Protocol == ir.UDPProtocolType { protocol = corev1.ProtocolUDP } - // Listeners on merged gateways will have a port name {GatewayNamespace}/{GatewayName}/{ListenerName}. - portName := strings.ReplaceAll(port.Name, "/", "-") + p := corev1.ServicePort{ - Name: portName, + Name: ExpectedResourceHashedName(port.Name), Protocol: protocol, Port: port.ServicePort, TargetPort: target, diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml index daf13fca4974..3edbc78328a1 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml @@ -55,10 +55,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyHTTPPort + name: EnvoyH-d76a15e2 protocol: TCP - containerPort: 8443 - name: EnvoyHTTPSPort + name: EnvoyH-6658f727 protocol: TCP resources: requests: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml index 1ab7054d173d..a8532b8dbbbc 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml @@ -56,10 +56,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyHTTPPort + name: EnvoyH-d76a15e2 protocol: TCP - containerPort: 8443 - name: EnvoyHTTPSPort + name: EnvoyH-6658f727 protocol: TCP resources: requests: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml index a612b54d030f..c6958c0a5034 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml @@ -154,10 +154,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyHTTPPort + name: EnvoyH-d76a15e2 protocol: TCP - containerPort: 8443 - name: EnvoyHTTPSPort + name: EnvoyH-6658f727 protocol: TCP resources: limits: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml index 7291442607ac..d9f4466506e0 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml @@ -154,10 +154,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyHTTPPort + name: EnvoyH-d76a15e2 protocol: TCP - containerPort: 8443 - name: EnvoyHTTPSPort + name: EnvoyH-6658f727 protocol: TCP resources: limits: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml index 3bef2f6f0d8e..e9621ada58d3 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml @@ -152,10 +152,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyHTTPPort + name: EnvoyH-d76a15e2 protocol: TCP - containerPort: 8443 - name: EnvoyHTTPSPort + name: EnvoyH-6658f727 protocol: TCP resources: limits: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml index c5c8e04d4a51..14a29c0b4ec8 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml @@ -150,10 +150,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyHTTPPort + name: EnvoyH-d76a15e2 protocol: TCP - containerPort: 8443 - name: EnvoyHTTPSPort + name: EnvoyH-6658f727 protocol: TCP resources: requests: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/enable-prometheus.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/enable-prometheus.yaml index b1cddb055b39..9f296515f07a 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/enable-prometheus.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/enable-prometheus.yaml @@ -176,10 +176,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyHTTPPort + name: EnvoyH-d76a15e2 protocol: TCP - containerPort: 8443 - name: EnvoyHTTPSPort + name: EnvoyH-6658f727 protocol: TCP - containerPort: 19001 name: metrics diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml index b472fcd00aa7..a9d3bd9e5e54 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml @@ -156,10 +156,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyHTTPPort + name: EnvoyH-d76a15e2 protocol: TCP - containerPort: 8443 - name: EnvoyHTTPSPort + name: EnvoyH-6658f727 protocol: TCP resources: limits: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml index cc5d5d26b24a..002247177c5c 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml @@ -156,10 +156,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyHTTPPort + name: EnvoyH-d76a15e2 protocol: TCP - containerPort: 8443 - name: EnvoyHTTPSPort + name: EnvoyH-6658f727 protocol: TCP resources: limits: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml index d644e17ca024..3e7f505702d0 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml @@ -56,10 +56,10 @@ spec: name: envoy ports: - containerPort: 8080 - name: EnvoyHTTPPort + name: EnvoyH-d76a15e2 protocol: TCP - containerPort: 8443 - name: EnvoyHTTPSPort + name: EnvoyH-6658f727 protocol: TCP resources: requests: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/services/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/services/custom.yaml index e898ccb1affa..4139ac4f6b1c 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/services/custom.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/services/custom.yaml @@ -13,11 +13,11 @@ metadata: namespace: envoy-gateway-system spec: ports: - - name: EnvoyHTTPPort + - name: envoy-EnvoyHTTPPort-d76a15e2 port: 0 protocol: TCP targetPort: 8080 - - name: EnvoyHTTPSPort + - name: envoy-EnvoyHTTPSPort-6658f727 port: 0 protocol: TCP targetPort: 8443 diff --git a/internal/infrastructure/kubernetes/proxy/testdata/services/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/services/default.yaml index 8b4bd40b87f4..6efc4ee4aaf1 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/services/default.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/services/default.yaml @@ -12,11 +12,11 @@ metadata: spec: externalTrafficPolicy: Local ports: - - name: EnvoyHTTPPort + - name: envoy-EnvoyHTTPPort-d76a15e2 port: 0 protocol: TCP targetPort: 8080 - - name: EnvoyHTTPSPort + - name: envoy-EnvoyHTTPSPort-6658f727 port: 0 protocol: TCP targetPort: 8443 diff --git a/internal/provider/utils/utils.go b/internal/provider/utils/utils.go index 0417b892cfa6..8da3c0a6c72f 100644 --- a/internal/provider/utils/utils.go +++ b/internal/provider/utils/utils.go @@ -22,15 +22,14 @@ func NamespacedName(obj client.Object) types.NamespacedName { } } -// GetHashedName returns a partially hashed name for the string including up to 48 characters of the original name before the hash. +// GetHashedName returns a partially hashed name for the string including up to the given length of the original name characters before the hash. // Input `nsName` should be formatted as `{Namespace}/{ResourceName}`. -func GetHashedName(nsName string) string { +func GetHashedName(nsName string, length int) string { hashedName := HashString(nsName) // replace `/` with `-` to create a valid K8s resource name resourceName := strings.ReplaceAll(nsName, "/", "-") - - if len(resourceName) > 48 { - return fmt.Sprintf("%s-%s", resourceName[0:48], hashedName[0:8]) + if length > 0 && len(resourceName) > length { + return fmt.Sprintf("%s-%s", resourceName[0:length], hashedName[0:8]) } return fmt.Sprintf("%s-%s", resourceName, hashedName[0:8]) } @@ -40,18 +39,3 @@ func HashString(str string) string { h.Write([]byte(str)) return strings.ToLower(fmt.Sprintf("%x", h.Sum(nil))) } - -// ExpectedContainerPortHashedName returns expected container port name with max length of 15 characters. -// If mergedGateways is enabled or listener port name is larger than 15 characters it will return partially hashed name. -// Listeners on merged gateways have a infraIR port name {GatewayNamespace}/{GatewayName}/{ListenerName}. -func ExpectedContainerPortHashedName(name string) string { - if len(name) > 15 { - hashedName := HashString(name) - // replace `/` with `-` to create a valid K8s resource name - resourceName := strings.ReplaceAll(name, "/", "-") - listenerName := string(resourceName[2]) - - return fmt.Sprintf("%s-%s", listenerName, hashedName[0:14-len(listenerName)]) - } - return name -} From d760d6d10f215976d23ecdc11102ac816ab97f94 Mon Sep 17 00:00:00 2001 From: Arko Dasgupta Date: Wed, 25 Oct 2023 16:49:23 -0700 Subject: [PATCH 04/11] LoadBalancer in BackendTrafficPolicy (#2063) * LoadBalancer in BackendTrafficPolicy Fixes: https://github.com/envoyproxy/gateway/issues/1105 Signed-off-by: Arko Dasgupta * tests Signed-off-by: Arko Dasgupta --------- Signed-off-by: Arko Dasgupta --- api/v1alpha1/backendtrafficpolicy_types.go | 6 + api/v1alpha1/loadbalancer_types.go | 55 ++++ api/v1alpha1/zz_generated.deepcopy.go | 40 +++ ....envoyproxy.io_backendtrafficpolicies.yaml | 30 ++ internal/gatewayapi/backendtrafficpolicy.go | 51 +++- ...endtrafficpolicy-with-loadbalancer.in.yaml | 93 ++++++ ...ndtrafficpolicy-with-loadbalancer.out.yaml | 288 ++++++++++++++++++ site/content/en/latest/api/extension_types.md | 52 ++++ 8 files changed, 612 insertions(+), 3 deletions(-) create mode 100644 api/v1alpha1/loadbalancer_types.go create mode 100644 internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.in.yaml create mode 100755 internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml diff --git a/api/v1alpha1/backendtrafficpolicy_types.go b/api/v1alpha1/backendtrafficpolicy_types.go index e89d062bf56e..f01bb401d028 100644 --- a/api/v1alpha1/backendtrafficpolicy_types.go +++ b/api/v1alpha1/backendtrafficpolicy_types.go @@ -48,7 +48,13 @@ type BackendTrafficPolicySpec struct { // RateLimit allows the user to limit the number of incoming requests // to a predefined value based on attributes within the traffic flow. + // +optional RateLimit *RateLimitFilterSpec `json:"rateLimit,omitempty"` + + // LoadBalancer policy to apply when routing traffic from the gateway to + // the backend endpoints + // +optional + LoadBalancer *LoadBalancer `json:"loadBalancer,omitempty"` } // BackendTrafficPolicyStatus defines the state of BackendTrafficPolicy diff --git a/api/v1alpha1/loadbalancer_types.go b/api/v1alpha1/loadbalancer_types.go new file mode 100644 index 000000000000..d512b6902c78 --- /dev/null +++ b/api/v1alpha1/loadbalancer_types.go @@ -0,0 +1,55 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package v1alpha1 + +// LoadBalancer defines the load balancer policy to be applied. +// +union +type LoadBalancer struct { + // Type decides the type of Load Balancer policy. + // Valid RateLimitType values are + // "ConsistentHash", + // "LeastRequest", + // "Random", + // "RoundRobin", + // + // +unionDiscriminator + Type LoadBalancerType `json:"type"` + // ConsistentHash defines the configuration when the load balancer type is + // set to ConsistentHash + // + // +optional + ConsistentHash *ConsistentHash `json:"consistentHash,omitempty"` +} + +// LoadBalancerType specifies the types of LoadBalancer. +// +kubebuilder:validation:Enum=ConsistentHash;LeastRequest;Random;RoundRobin +type LoadBalancerType string + +const ( + // ConsistentHashLoadBalancerType load balancer policy. + ConsistentHashLoadBalancerType LoadBalancerType = "ConsistentHash" + // LeastRequestLoadBalancerType load balancer policy. + LeastRequestLoadBalancerType LoadBalancerType = "LeastRequest" + // RandomLoadBalancerType load balancer policy. + RandomLoadBalancerType LoadBalancerType = "Random" + // RoundRobinLoadBalancerType load balancer policy. + RoundRobinLoadBalancerType LoadBalancerType = "RoundRobin" +) + +// ConsistentHash defines the configuration related to the consistent hash +// load balancer policy +type ConsistentHash struct { + Type ConsistentHashType `json:"type"` +} + +// ConsistentHashType defines the type of input to hash on. +// +kubebuilder:validation:Enum=SourceIP +type ConsistentHashType string + +const ( + // SourceIPConsistentHashType hashes based on the source IP address. + SourceIPConsistentHashType ConsistentHashType = "SourceIP" +) diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 3fb30ec60061..0854f1f8fe51 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -165,6 +165,11 @@ func (in *BackendTrafficPolicySpec) DeepCopyInto(out *BackendTrafficPolicySpec) *out = new(RateLimitFilterSpec) (*in).DeepCopyInto(*out) } + if in.LoadBalancer != nil { + in, out := &in.LoadBalancer, &out.LoadBalancer + *out = new(LoadBalancer) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendTrafficPolicySpec. @@ -358,6 +363,21 @@ func (in *ClientTrafficPolicyStatus) DeepCopy() *ClientTrafficPolicyStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsistentHash) DeepCopyInto(out *ConsistentHash) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsistentHash. +func (in *ConsistentHash) DeepCopy() *ConsistentHash { + if in == nil { + return nil + } + out := new(ConsistentHash) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CustomTag) DeepCopyInto(out *CustomTag) { *out = *in @@ -1540,6 +1560,26 @@ func (in *LiteralCustomTag) DeepCopy() *LiteralCustomTag { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LoadBalancer) DeepCopyInto(out *LoadBalancer) { + *out = *in + if in.ConsistentHash != nil { + in, out := &in.ConsistentHash, &out.ConsistentHash + *out = new(ConsistentHash) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancer. +func (in *LoadBalancer) DeepCopy() *LoadBalancer { + if in == nil { + return nil + } + out := new(LoadBalancer) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Match) DeepCopyInto(out *Match) { *out = *in diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml index 98fa2a635480..ea1d2d6a420e 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml @@ -44,6 +44,36 @@ spec: spec: description: spec defines the desired state of BackendTrafficPolicy. properties: + loadBalancer: + description: LoadBalancer policy to apply when routing traffic from + the gateway to the backend endpoints + properties: + consistentHash: + description: ConsistentHash defines the configuration when the + load balancer type is set to ConsistentHash + properties: + type: + description: ConsistentHashType defines the type of input + to hash on. + enum: + - SourceIP + type: string + required: + - type + type: object + type: + description: Type decides the type of Load Balancer policy. Valid + RateLimitType values are "ConsistentHash", "LeastRequest", "Random", + "RoundRobin", + enum: + - ConsistentHash + - LeastRequest + - Random + - RoundRobin + type: string + required: + - type + type: object rateLimit: description: RateLimit allows the user to limit the number of incoming requests to a predefined value based on attributes within the traffic diff --git a/internal/gatewayapi/backendtrafficpolicy.go b/internal/gatewayapi/backendtrafficpolicy.go index cca1b80d1b67..496191472279 100644 --- a/internal/gatewayapi/backendtrafficpolicy.go +++ b/internal/gatewayapi/backendtrafficpolicy.go @@ -238,11 +238,18 @@ func resolveBTPolicyRouteTargetRef(policy *egv1a1.BackendTrafficPolicy, routes m } func (t *Translator) translateBackendTrafficPolicyForRoute(policy *egv1a1.BackendTrafficPolicy, route RouteContext, xdsIR XdsIRMap) { + var ( + rl *ir.RateLimit + lb *ir.LoadBalancer + ) + // Build IR - var rl *ir.RateLimit if policy.Spec.RateLimit != nil { rl = t.buildRateLimit(policy) } + if policy.Spec.LoadBalancer != nil { + lb = t.buildLoadBalancer(policy) + } // Apply IR to all relevant routes prefix := irRoutePrefix(route) @@ -252,6 +259,7 @@ func (t *Translator) translateBackendTrafficPolicyForRoute(policy *egv1a1.Backen // Apply if there is a match if strings.HasPrefix(r.Name, prefix) { r.RateLimit = rl + r.LoadBalancer = lb } } } @@ -260,12 +268,18 @@ func (t *Translator) translateBackendTrafficPolicyForRoute(policy *egv1a1.Backen } func (t *Translator) translateBackendTrafficPolicyForGateway(policy *egv1a1.BackendTrafficPolicy, gateway *GatewayContext, xdsIR XdsIRMap) { + var ( + rl *ir.RateLimit + lb *ir.LoadBalancer + ) + // Build IR - var rl *ir.RateLimit if policy.Spec.RateLimit != nil { rl = t.buildRateLimit(policy) } - + if policy.Spec.LoadBalancer != nil { + lb = t.buildLoadBalancer(policy) + } // Apply IR to all the routes within the specific Gateway // If the feature is already set, then skip it, since it must be have // set by a policy attaching to the route @@ -279,6 +293,9 @@ func (t *Translator) translateBackendTrafficPolicyForGateway(policy *egv1a1.Back if r.RateLimit == nil { r.RateLimit = rl } + if r.LoadBalancer == nil { + r.LoadBalancer = lb + } } } @@ -392,3 +409,31 @@ func (t *Translator) buildRateLimit(policy *egv1a1.BackendTrafficPolicy) *ir.Rat return rateLimit } + +func (t *Translator) buildLoadBalancer(policy *egv1a1.BackendTrafficPolicy) *ir.LoadBalancer { + var lb *ir.LoadBalancer + switch policy.Spec.LoadBalancer.Type { + case egv1a1.ConsistentHashLoadBalancerType: + lb = &ir.LoadBalancer{ + ConsistentHash: &ir.ConsistentHash{}, + } + if policy.Spec.LoadBalancer.ConsistentHash != nil && + policy.Spec.LoadBalancer.ConsistentHash.Type == egv1a1.SourceIPConsistentHashType { + lb.ConsistentHash.SourceIP = ptr.To(true) + } + case egv1a1.LeastRequestLoadBalancerType: + lb = &ir.LoadBalancer{ + LeastRequest: &ir.LeastRequest{}, + } + case egv1a1.RandomLoadBalancerType: + lb = &ir.LoadBalancer{ + Random: &ir.Random{}, + } + case egv1a1.RoundRobinLoadBalancerType: + lb = &ir.LoadBalancer{ + RoundRobin: &ir.RoundRobin{}, + } + } + + return lb +} diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.in.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.in.yaml new file mode 100644 index 000000000000..00f3895d30a9 --- /dev/null +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.in.yaml @@ -0,0 +1,93 @@ +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + namespace: envoy-gateway + name: gateway-1 + spec: + gatewayClassName: envoy-gateway-class + listeners: + - name: http + protocol: HTTP + port: 80 + allowedRoutes: + namespaces: + from: All +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + namespace: envoy-gateway + name: gateway-2 + spec: + gatewayClassName: envoy-gateway-class + listeners: + - name: http + protocol: HTTP + port: 80 + allowedRoutes: + namespaces: + from: All +grpcRoutes: +- apiVersion: gateway.networking.k8s.io/v1alpha2 + kind: GRPCRoute + metadata: + namespace: default + name: grpcroute-1 + spec: + parentRefs: + - namespace: envoy-gateway + name: gateway-1 + sectionName: http + rules: + - backendRefs: + - name: service-1 + port: 8080 +httpRoutes: +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + namespace: default + name: httproute-1 + spec: + hostnames: + - gateway.envoyproxy.io + parentRefs: + - namespace: envoy-gateway + name: gateway-2 + sectionName: http + rules: + - matches: + - path: + value: "/" + backendRefs: + - name: service-1 + port: 8080 +backendTrafficPolicies: +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: BackendTrafficPolicy + metadata: + namespace: envoy-gateway + name: policy-for-gateway + spec: + targetRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + loadBalancer: + type: Random +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: BackendTrafficPolicy + metadata: + namespace: default + name: policy-for-route + spec: + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: httproute-1 + namespace: default + loadBalancer: + type: ConsistentHash + consistentHash: + type: SourceIP diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml new file mode 100755 index 000000000000..b2572c9d2ff6 --- /dev/null +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml @@ -0,0 +1,288 @@ +backendTrafficPolicies: +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: BackendTrafficPolicy + metadata: + creationTimestamp: null + name: policy-for-route + namespace: default + spec: + loadBalancer: + consistentHash: + type: SourceIP + type: ConsistentHash + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: httproute-1 + namespace: default + status: + conditions: + - lastTransitionTime: null + message: BackendTrafficPolicy has been accepted. + reason: Accepted + status: "True" + type: Accepted +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: BackendTrafficPolicy + metadata: + creationTimestamp: null + name: policy-for-gateway + namespace: envoy-gateway + spec: + loadBalancer: + type: Random + targetRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + status: + conditions: + - lastTransitionTime: null + message: BackendTrafficPolicy has been accepted. + reason: Accepted + status: "True" + type: Accepted +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + creationTimestamp: null + name: gateway-1 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + infrastructure: {} + listeners: + - allowedRoutes: + namespaces: + from: All + name: http + port: 80 + protocol: HTTP + status: + listeners: + - attachedRoutes: 1 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: http + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + creationTimestamp: null + name: gateway-2 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + infrastructure: {} + listeners: + - allowedRoutes: + namespaces: + from: All + name: http + port: 80 + protocol: HTTP + status: + listeners: + - attachedRoutes: 1 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: http + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute +grpcRoutes: +- apiVersion: gateway.networking.k8s.io/v1alpha2 + kind: GRPCRoute + metadata: + creationTimestamp: null + name: grpcroute-1 + namespace: default + spec: + parentRefs: + - name: gateway-1 + namespace: envoy-gateway + sectionName: http + rules: + - backendRefs: + - name: service-1 + port: 8080 + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Resolved all the Object references for the Route + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-1 + namespace: envoy-gateway + sectionName: http +httpRoutes: +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + creationTimestamp: null + name: httproute-1 + namespace: default + spec: + hostnames: + - gateway.envoyproxy.io + parentRefs: + - name: gateway-2 + namespace: envoy-gateway + sectionName: http + rules: + - backendRefs: + - name: service-1 + port: 8080 + matches: + - path: + value: / + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Resolved all the Object references for the Route + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-2 + namespace: envoy-gateway + sectionName: http +infraIR: + envoy-gateway/gateway-1: + proxy: + listeners: + - address: "" + ports: + - containerPort: 10080 + name: http + protocol: HTTP + servicePort: 80 + metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-1 + gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway + name: envoy-gateway/gateway-1 + envoy-gateway/gateway-2: + proxy: + listeners: + - address: "" + ports: + - containerPort: 10080 + name: http + protocol: HTTP + servicePort: 80 + metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-2 + gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway + name: envoy-gateway/gateway-2 +xdsIR: + envoy-gateway/gateway-1: + accessLog: + text: + - path: /dev/stdout + http: + - address: 0.0.0.0 + hostnames: + - '*' + isHTTP2: true + name: envoy-gateway/gateway-1/http + port: 10080 + routes: + - backendWeights: + invalid: 0 + valid: 0 + destination: + name: grpcroute/default/grpcroute-1/rule/0 + settings: + - endpoints: + - host: 7.7.7.7 + port: 8080 + weight: 1 + hostname: '*' + loadBalancer: + random: {} + name: grpcroute/default/grpcroute-1/rule/0/match/-1/* + envoy-gateway/gateway-2: + accessLog: + text: + - path: /dev/stdout + http: + - address: 0.0.0.0 + hostnames: + - '*' + isHTTP2: false + name: envoy-gateway/gateway-2/http + port: 10080 + routes: + - backendWeights: + invalid: 0 + valid: 0 + destination: + name: httproute/default/httproute-1/rule/0 + settings: + - endpoints: + - host: 7.7.7.7 + port: 8080 + weight: 1 + hostname: gateway.envoyproxy.io + loadBalancer: + consistentHash: + sourceIP: true + name: httproute/default/httproute-1/rule/0/match/0/gateway_envoyproxy_io + pathMatch: + distinct: false + name: "" + prefix: / diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index ccc579e9da56..5e680fc52baf 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -117,6 +117,7 @@ _Appears in:_ | --- | --- | | `targetRef` _[PolicyTargetReferenceWithSectionName](#policytargetreferencewithsectionname)_ | targetRef is the name of the resource this policy is being attached to. This Policy and the TargetRef MUST be in the same namespace for this Policy to have effect and be applied to the Gateway. | | `rateLimit` _[RateLimitFilterSpec](#ratelimitfilterspec)_ | RateLimit allows the user to limit the number of incoming requests to a predefined value based on attributes within the traffic flow. | +| `loadBalancer` _[LoadBalancer](#loadbalancer)_ | LoadBalancer policy to apply when routing traffic from the gateway to the backend endpoints | @@ -215,6 +216,31 @@ _Appears in:_ +#### ConsistentHash + + + +ConsistentHash defines the configuration related to the consistent hash load balancer policy + +_Appears in:_ +- [LoadBalancer](#loadbalancer) + +| Field | Description | +| --- | --- | +| `type` _[ConsistentHashType](#consistenthashtype)_ | | + + +#### ConsistentHashType + +_Underlying type:_ `string` + +ConsistentHashType defines the type of input to hash on. + +_Appears in:_ +- [ConsistentHash](#consistenthash) + + + #### CustomTag @@ -1024,6 +1050,32 @@ _Appears in:_ | `value` _string_ | Value defines the hard-coded value to add to each span. | +#### LoadBalancer + + + +LoadBalancer defines the load balancer policy to be applied. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) + +| Field | Description | +| --- | --- | +| `type` _[LoadBalancerType](#loadbalancertype)_ | Type decides the type of Load Balancer policy. Valid RateLimitType values are "ConsistentHash", "LeastRequest", "Random", "RoundRobin", | +| `consistentHash` _[ConsistentHash](#consistenthash)_ | ConsistentHash defines the configuration when the load balancer type is set to ConsistentHash | + + +#### LoadBalancerType + +_Underlying type:_ `string` + +LoadBalancerType specifies the types of LoadBalancer. + +_Appears in:_ +- [LoadBalancer](#loadbalancer) + + + #### LogLevel _Underlying type:_ `string` From edcb25b140113ec254baf85830119f009c0e62e3 Mon Sep 17 00:00:00 2001 From: zirain Date: Wed, 25 Oct 2023 21:32:02 -0500 Subject: [PATCH 05/11] init CEL validation (#2059) * validation: init CEL validation Signed-off-by: zirain * simplify Signed-off-by: zirain * lint Signed-off-by: zirain * remove XValidation Signed-off-by: zirain * reuse kube-test Signed-off-by: zirain * revert nits Signed-off-by: zirain * rename to celvalidation Signed-off-by: zirain * make kube-test be part of go.test.coverage Signed-off-by: zirain * revert changes Signed-off-by: zirain --------- Signed-off-by: zirain --- .../validation/envoyproxy_validate.go | 2 +- test/cel-validation/envoyproxy_test.go | 89 +++++++++++++++++++ test/cel-validation/main_test.go | 66 ++++++++++++++ tools/make/golang.mk | 2 +- tools/make/kube.mk | 1 + 5 files changed, 158 insertions(+), 2 deletions(-) create mode 100644 test/cel-validation/envoyproxy_test.go create mode 100644 test/cel-validation/main_test.go diff --git a/api/v1alpha1/validation/envoyproxy_validate.go b/api/v1alpha1/validation/envoyproxy_validate.go index b8f05b12fb89..6ebf9703036f 100644 --- a/api/v1alpha1/validation/envoyproxy_validate.go +++ b/api/v1alpha1/validation/envoyproxy_validate.go @@ -24,7 +24,7 @@ import ( _ "github.com/envoyproxy/gateway/internal/xds/extensions" // register the generated types to support protojson unmarshalling ) -// Validate validates the provided EnvoyProxy. +// ValidateEnvoyProxy validates the provided EnvoyProxy. func ValidateEnvoyProxy(proxy *egv1a1.EnvoyProxy) error { var errs []error if proxy == nil { diff --git a/test/cel-validation/envoyproxy_test.go b/test/cel-validation/envoyproxy_test.go new file mode 100644 index 000000000000..919a1ec92411 --- /dev/null +++ b/test/cel-validation/envoyproxy_test.go @@ -0,0 +1,89 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +//go:build validation +// +build validation + +package cel_validation + +import ( + "context" + "fmt" + "strings" + "testing" + "time" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" +) + +func TestEnvoyProxyProvider(t *testing.T) { + ctx := context.Background() + baseEnvoyProxy := egv1a1.EnvoyProxy{ + ObjectMeta: metav1.ObjectMeta{ + Name: "proxy", + Namespace: metav1.NamespaceDefault, + }, + Spec: egv1a1.EnvoyProxySpec{}, + } + + cases := []struct { + desc string + mutate func(envoy *egv1a1.EnvoyProxy) + mutateStatus func(envoy *egv1a1.EnvoyProxy) + wantErrors []string + }{ + { + desc: "nil provider", + mutate: func(envoy *egv1a1.EnvoyProxy) { + + }, + wantErrors: []string{}, + }, + { + desc: "unsupported provider", + mutate: func(envoy *egv1a1.EnvoyProxy) { + envoy.Spec = egv1a1.EnvoyProxySpec{ + Provider: &egv1a1.EnvoyProxyProvider{ + Type: "foo", + }, + } + }, + wantErrors: []string{"Unsupported value: \"foo\": supported values: \"Kubernetes\""}, + }, + } + + for _, tc := range cases { + t.Run(tc.desc, func(t *testing.T) { + proxy := baseEnvoyProxy.DeepCopy() + proxy.Name = fmt.Sprintf("proxy-%v", time.Now().UnixNano()) + + if tc.mutate != nil { + tc.mutate(proxy) + } + err := c.Create(ctx, proxy) + + if tc.mutateStatus != nil { + tc.mutateStatus(proxy) + err = c.Status().Update(ctx, proxy) + } + + if (len(tc.wantErrors) != 0) != (err != nil) { + t.Fatalf("Unexpected response while creating EnvoyProxy; got err=\n%v\n;want error=%v", err, tc.wantErrors != nil) + } + + var missingErrorStrings []string + for _, wantError := range tc.wantErrors { + if !strings.Contains(strings.ToLower(err.Error()), strings.ToLower(wantError)) { + missingErrorStrings = append(missingErrorStrings, wantError) + } + } + if len(missingErrorStrings) != 0 { + t.Errorf("Unexpected response while creating EnvoyProxy; got err=\n%v\n;missing strings within error=%q", err, missingErrorStrings) + } + }) + } +} diff --git a/test/cel-validation/main_test.go b/test/cel-validation/main_test.go new file mode 100644 index 000000000000..649153884395 --- /dev/null +++ b/test/cel-validation/main_test.go @@ -0,0 +1,66 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +//go:build celvalidation +// +build celvalidation + +package celvalidation + +import ( + "context" + "fmt" + "os" + "path/filepath" + "testing" + + "k8s.io/client-go/rest" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/envtest" + "sigs.k8s.io/controller-runtime/pkg/log" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" +) + +var c client.Client + +func TestMain(m *testing.M) { + // Setup the test environment. + testEnv, restCfg, err := startEnv() + if err != nil { + panic(fmt.Sprintf("Failed to start testenv: %v", err)) + } + + _, cancel := context.WithCancel(ctrl.SetupSignalHandler()) + defer func() { + cancel() + if err := testEnv.Stop(); err != nil { + panic(fmt.Sprintf("Failed to stop testenv: %v", err)) + } + }() + + c, err = client.New(restCfg, client.Options{}) + if err != nil { + panic(fmt.Sprintf("Error initializing client: %v", err)) + } + _ = egv1a1.AddToScheme(c.Scheme()) + + os.Exit(m.Run()) +} + +func startEnv() (*envtest.Environment, *rest.Config, error) { + log.SetLogger(zap.New(zap.WriteTo(os.Stderr), zap.UseDevMode(true))) + egAPIs := filepath.Join("..", "..", "charts", "gateway-helm", "crds", "generated") + + env := &envtest.Environment{ + CRDDirectoryPaths: []string{egAPIs}, + } + cfg, err := env.Start() + if err != nil { + return env, nil, err + } + return env, cfg, nil +} diff --git a/tools/make/golang.mk b/tools/make/golang.mk index 4cf7d4e3bbb0..b0142e7e1807 100644 --- a/tools/make/golang.mk +++ b/tools/make/golang.mk @@ -52,7 +52,7 @@ go.testdata.complete: ## Override test ouputdata go test -timeout 30s github.com/envoyproxy/gateway/internal/gatewayapi --override-testdata=true .PHONY: go.test.coverage -go.test.coverage: $(tools/setup-envtest) ## Run go unit and integration tests in GitHub Actions +go.test.coverage: kube-test $(tools/setup-envtest) ## Run go unit and integration tests in GitHub Actions @$(LOG_TARGET) KUBEBUILDER_ASSETS="$(shell $(tools/setup-envtest) use $(ENVTEST_K8S_VERSION) -p path)" go test ./... --tags=integration -race -coverprofile=coverage.xml -covermode=atomic diff --git a/tools/make/kube.mk b/tools/make/kube.mk index 0489b60bc538..a12aa1032702 100644 --- a/tools/make/kube.mk +++ b/tools/make/kube.mk @@ -49,6 +49,7 @@ kube-generate: $(tools/controller-gen) ## Generate code containing DeepCopy, Dee kube-test: manifests generate $(tools/setup-envtest) ## Run Kubernetes provider tests. @$(LOG_TARGET) KUBEBUILDER_ASSETS="$(shell $(tools/setup-envtest) use $(ENVTEST_K8S_VERSION) -p path)" go test --tags=integration ./... -coverprofile cover.out + KUBEBUILDER_ASSETS="$(shell $(tools/setup-envtest) use $(ENVTEST_K8S_VERSION) -p path)" go test --tags=celvalidation ./... -coverprofile cover.out ##@ Kubernetes Deployment From fdcd9e49833df66e3c5ee09031146f05640040d6 Mon Sep 17 00:00:00 2001 From: Arko Dasgupta Date: Wed, 25 Oct 2023 19:43:29 -0700 Subject: [PATCH 06/11] Bump to Gateway API v1.0.0-rc2 (#2075) * Bump to Gateway API v0.0.0-rc2 Release notes in https://github.com/kubernetes-sigs/gateway-api/releases/tag/v1.0.0-rc2 Signed-off-by: Arko Dasgupta * add chart Signed-off-by: Arko Dasgupta * skip tests Signed-off-by: Arko Dasgupta * typo Signed-off-by: Arko Dasgupta --------- Signed-off-by: Arko Dasgupta --- charts/gateway-helm/crds/gatewayapi-crds.yaml | 28 +++++++++---------- go.mod | 2 +- go.sum | 4 +-- .../translate/out/default-resources.all.yaml | 1 - .../out/echo-gateway-api.cluster.yaml | 1 - .../translate/out/echo-gateway-api.route.json | 3 +- .../translate/out/invalid-envoyproxy.all.yaml | 1 - .../out/rejected-http-route.route.yaml | 1 - .../translate/out/valid-envoyproxy.all.yaml | 1 - ...ndtrafficpolicy-status-conditions.out.yaml | 2 -- ...ndtrafficpolicy-with-loadbalancer.out.yaml | 2 -- ...ckendtrafficpolicy-with-ratelimit.out.yaml | 2 -- ...nttrafficpolicy-status-conditions.out.yaml | 2 -- ...clienttrafficpolicy-tcp-keepalive.out.yaml | 1 - .../testdata/disable-accesslog.out.yaml | 1 - .../envoypatchpolicy-cross-ns-target.out.yaml | 1 - ...oypatchpolicy-invalid-target-kind.out.yaml | 1 - .../testdata/envoypatchpolicy-valid.out.yaml | 1 - ...oxy-accesslog-file-json-no-format.out.yaml | 1 - .../envoyproxy-accesslog-file-json.out.yaml | 1 - ...voyproxy-accesslog-with-bad-sinks.out.yaml | 1 - .../testdata/envoyproxy-accesslog.out.yaml | 1 - .../testdata/envoyproxy-valid.out.yaml | 1 - ...th-extension-filter-invalid-group.out.yaml | 1 - ...ith-non-matching-extension-filter.out.yaml | 1 - ...with-unsupported-extension-filter.out.yaml | 1 - ...route-with-valid-extension-filter.out.yaml | 1 - ...-namespace-with-allowed-httproute.out.yaml | 1 - ...mespace-with-disallowed-httproute.out.yaml | 1 - ...way-with-addresses-with-ipaddress.out.yaml | 1 - ...valid-allowed-namespaces-selector.out.yaml | 1 - ...with-invalid-allowed-routes-group.out.yaml | 1 - ...allowed-routes-kind-and-supported.out.yaml | 1 - ...-with-invalid-allowed-routes-kind.out.yaml | 1 - ...th-invalid-allowed-tls-route-kind.out.yaml | 1 - ...nvalid-multiple-tls-configuration.out.yaml | 1 - ...id-tls-configuration-invalid-mode.out.yaml | 1 - ...configuration-no-certificate-refs.out.yaml | 1 - ...ion-no-valid-certificate-for-fqdn.out.yaml | 1 - ...nfiguration-secret-does-not-exist.out.yaml | 1 - ...uration-secret-in-other-namespace.out.yaml | 1 - ...configuration-secret-is-not-valid.out.yaml | 1 - ...ssing-allowed-namespaces-selector.out.yaml | 1 - ...h-listener-with-tcp-with-hostname.out.yaml | 1 - ...route-with-mismatch-port-protocol.out.yaml | 1 - ...h-tcproute-with-multiple-backends.out.yaml | 1 - ...with-tcproute-with-multiple-rules.out.yaml | 1 - ...her-namespace-allowed-by-refgrant.out.yaml | 1 - ...ith-tls-terminate-and-passthrough.out.yaml | 1 - ...h-listener-with-udp-with-hostname.out.yaml | 1 - ...route-with-mismatch-port-protocol.out.yaml | 1 - ...h-udproute-with-multiple-backends.out.yaml | 1 - ...with-udproute-with-multiple-rules.out.yaml | 1 - ...-listener-with-unmatched-tcproute.out.yaml | 1 - ...-listener-with-unmatched-udproute.out.yaml | 1 - ...istener-with-unsupported-protocol.out.yaml | 1 - ...ith-same-algorithm-different-fqdn.out.yaml | 1 - ...-valid-multiple-tls-configuration.out.yaml | 1 - ...ener-with-valid-tls-configuration.out.yaml | 1 - ...with-preexisting-status-condition.out.yaml | 1 - ...-listener-with-multiple-tcproutes.out.yaml | 1 - ...-listener-with-multiple-udproutes.out.yaml | 1 - ...teway-with-stale-status-condition.out.yaml | 1 - ...listeners-on-same-tcp-or-tls-port.out.yaml | 1 - ...th-two-listeners-on-same-udp-port.out.yaml | 1 - ...d-tlsroute-same-hostname-and-port.out.yaml | 1 - ...isteners-with-multiple-httproutes.out.yaml | 1 - ...eners-with-same-port-and-hostname.out.yaml | 1 - ...me-port-and-incompatible-protocol.out.yaml | 1 - ...-with-same-port-http-tcp-protocol.out.yaml | 1 - ...-with-same-port-http-udp-protocol.out.yaml | 1 - ...s-with-tcproutes-with-sectionname.out.yaml | 1 - ...ith-tcproutes-without-sectionname.out.yaml | 1 - ...s-with-udproutes-with-sectionname.out.yaml | 1 - ...ith-udproutes-without-sectionname.out.yaml | 1 - .../grpcroute-with-header-match.out.yaml | 1 - ...ute-with-method-and-service-match.out.yaml | 1 - .../grpcroute-with-method-match.out.yaml | 1 - ...oute-with-request-header-modifier.out.yaml | 1 - .../grpcroute-with-service-match.out.yaml | 1 - ...grpcroute-with-valid-authenfilter.out.yaml | 1 - ...croute-with-valid-ratelimitfilter.out.yaml | 1 - ...way-with-more-different-listeners.out.yaml | 1 - ...ng-to-gateway-with-more-listeners.out.yaml | 1 - ...wo-listeners-with-different-ports.out.yaml | 1 - ...ing-to-gateway-with-two-listeners.out.yaml | 1 - .../httproute-attaching-to-gateway.out.yaml | 1 - ...taching-to-listener-matching-port.out.yaml | 1 - ...ner-on-gateway-with-two-listeners.out.yaml | 1 - ...ner-with-serviceimport-backendref.out.yaml | 1 - .../httproute-attaching-to-listener.out.yaml | 1 - ...httproute-backend-request-timeout.out.yaml | 1 - ...ing-to-listener-non-matching-port.out.yaml | 1 - .../httproute-request-timeout.out.yaml | 1 - ...-multiple-backends-and-no-weights.out.yaml | 1 - ...ith-multiple-backends-and-weights.out.yaml | 1 - ...her-namespace-allowed-by-refgrant.out.yaml | 1 - ...her-namespace-allowed-by-refgrant.out.yaml | 1 - ...ith-distinct-sourcecidr-ratelimit.out.yaml | 1 - .../httproute-with-empty-matches.out.yaml | 1 - ...er-duplicate-add-multiple-filters.out.yaml | 1 - ...with-header-filter-duplicate-adds.out.yaml | 1 - ...duplicate-remove-multiple-filters.out.yaml | 1 - ...h-header-filter-duplicate-removes.out.yaml | 1 - ...header-filter-empty-header-values.out.yaml | 1 - ...-with-header-filter-empty-headers.out.yaml | 1 - ...ith-header-filter-invalid-headers.out.yaml | 1 - ...ute-with-header-filter-no-headers.out.yaml | 1 - ...th-header-filter-no-valid-headers.out.yaml | 1 - ...tproute-with-header-filter-remove.out.yaml | 1 - ...with-invalid-backend-ref-bad-port.out.yaml | 1 - ...invalid-backend-ref-invalid-group.out.yaml | 1 - ...-invalid-backend-ref-invalid-kind.out.yaml | 1 - ...-with-invalid-backend-ref-no-port.out.yaml | 1 - ...lid-backend-ref-no-service.import.out.yaml | 1 - ...th-invalid-backend-ref-no-service.out.yaml | 1 - ...lid-backendref-in-other-namespace.out.yaml | 1 - ...oute-with-invalid-ratelimitfilter.out.yaml | 1 - ...ute-with-mirror-filter-duplicates.out.yaml | 1 - ...route-with-mirror-filter-multiple.out.yaml | 1 - ...ith-mirror-filter-service-no-port.out.yaml | 1 - ...h-mirror-filter-service-not-found.out.yaml | 1 - .../httproute-with-mirror-filter.out.yaml | 1 - ...ith-non-existent-authenfilter-ref.out.yaml | 1 - ...ith-non-matching-authenfilter-ref.out.yaml | 1 - ...to-gateway-with-wildcard-hostname.out.yaml | 1 - ...ct-filter-full-path-replace-https.out.yaml | 1 - ...ute-with-redirect-filter-hostname.out.yaml | 1 - ...direct-filter-invalid-filter-type.out.yaml | 1 - ...th-redirect-filter-invalid-scheme.out.yaml | 1 - ...th-redirect-filter-invalid-status.out.yaml | 1 - ...ter-prefix-replace-with-port-http.out.yaml | 1 - ...-with-response-header-filter-adds.out.yaml | 1 - ...er-duplicate-add-multiple-filters.out.yaml | 1 - ...onse-header-filter-duplicate-adds.out.yaml | 1 - ...duplicate-remove-multiple-filters.out.yaml | 1 - ...e-header-filter-duplicate-removes.out.yaml | 1 - ...header-filter-empty-header-values.out.yaml | 1 - ...ponse-header-filter-empty-headers.out.yaml | 1 - ...nse-header-filter-invalid-headers.out.yaml | 1 - ...response-header-filter-no-headers.out.yaml | 1 - ...se-header-filter-no-valid-headers.out.yaml | 1 - ...ith-response-header-filter-remove.out.yaml | 1 - ...single-rule-with-exact-path-match.out.yaml | 1 - ...ingle-rule-with-http-method-match.out.yaml | 1 - ...h-single-rule-with-multiple-rules.out.yaml | 1 - ...h-prefix-and-exact-header-matches.out.yaml | 1 - ...e-invalid-backend-refs-no-service.out.yaml | 1 - ...tproute-with-sourcecidr-ratelimit.out.yaml | 1 - ...to-gateway-with-wildcard-hostname.out.yaml | 1 - ...to-gateway-with-wildcard-hostname.out.yaml | 1 - ...ite-filter-full-path-replace-http.out.yaml | 1 - ...te-filter-hostname-prefix-replace.out.yaml | 1 - ...e-with-urlrewrite-filter-hostname.out.yaml | 1 - ...ewrite-filter-invalid-filter-type.out.yaml | 1 - ...rlrewrite-filter-invalid-hostname.out.yaml | 1 - ...e-filter-invalid-multiple-filters.out.yaml | 1 - ...lrewrite-filter-invalid-path-type.out.yaml | 1 - ...th-urlrewrite-filter-invalid-path.out.yaml | 1 - ...th-urlrewrite-filter-missing-path.out.yaml | 1 - ...ewrite-filter-prefix-replace-http.out.yaml | 1 - ...httproute-with-valid-authenfilter.out.yaml | 1 - ...th-valid-multi-match-authenfilter.out.yaml | 1 - ...id-multi-match-multi-authenfilter.out.yaml | 1 - ...proute-with-valid-ratelimitfilter.out.yaml | 1 - ...ng-to-gateway-with-unset-hostname.out.yaml | 1 - .../httproutes-with-multiple-matches.out.yaml | 1 - .../merge-invalid-multiple-gateways.out.yaml | 2 -- ...multiple-gateways-multiple-routes.out.yaml | 2 -- .../merge-valid-multiple-gateways.out.yaml | 2 -- .../securitypolicy-status-conditions.out.yaml | 2 -- .../securitypolicy-with-cors.out.yaml | 2 -- ...teway-with-listener-tls-terminate.out.yaml | 1 - .../tlsroute-attaching-to-gateway.out.yaml | 1 - .../testdata/tlsroute-multiple.out.yaml | 1 - ...attaching-to-gateway-with-no-mode.out.yaml | 1 - ...her-namespace-allowed-by-refgrant.out.yaml | 1 - .../tlsroute-with-empty-hostname.out.yaml | 1 - ...oute-with-empty-listener-hostname.out.yaml | 1 - ...er-both-passthrough-and-cert-data.out.yaml | 1 - test/conformance/conformance_test.go | 2 ++ .../experimental_conformance_test.go | 2 ++ 182 files changed, 22 insertions(+), 204 deletions(-) diff --git a/charts/gateway-helm/crds/gatewayapi-crds.yaml b/charts/gateway-helm/crds/gatewayapi-crds.yaml index a9b5b4c77ac0..fa7d880dad84 100644 --- a/charts/gateway-helm/crds/gatewayapi-crds.yaml +++ b/charts/gateway-helm/crds/gatewayapi-crds.yaml @@ -24,7 +24,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466 - gateway.networking.k8s.io/bundle-version: v1.0.0-rc1 + gateway.networking.k8s.io/bundle-version: v1.0.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null labels: @@ -199,12 +199,12 @@ spec: - hostname type: object x-kubernetes-validations: - - message: must not contain both CertRefs and WellKnownCACerts - rule: (has(self.caCertRefs) && size(self.caCertRefs) > 0 && has(self.wellKnownCACerts) - && self.wellKnownCACerts != "") - - message: must specify either CertRefs or WellKnownCACerts - rule: '!(has(self.caCertRefs) && size(self.caCertRefs) > 0 || has(self.wellKnownCACerts) + - message: must not contain both CACertRefs and WellKnownCACerts + rule: '!(has(self.caCertRefs) && size(self.caCertRefs) > 0 && has(self.wellKnownCACerts) && self.wellKnownCACerts != "")' + - message: must specify either CACertRefs or WellKnownCACerts + rule: (has(self.caCertRefs) && size(self.caCertRefs) > 0 || has(self.wellKnownCACerts) + && self.wellKnownCACerts != "") required: - targetRef - tls @@ -509,7 +509,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466 - gateway.networking.k8s.io/bundle-version: v1.0.0-rc1 + gateway.networking.k8s.io/bundle-version: v1.0.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: gatewayclasses.gateway.networking.k8s.io @@ -1009,7 +1009,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466 - gateway.networking.k8s.io/bundle-version: v1.0.0-rc1 + gateway.networking.k8s.io/bundle-version: v1.0.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: gateways.gateway.networking.k8s.io @@ -2817,7 +2817,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466 - gateway.networking.k8s.io/bundle-version: v1.0.0-rc1 + gateway.networking.k8s.io/bundle-version: v1.0.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: grpcroutes.gateway.networking.k8s.io @@ -4547,7 +4547,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466 - gateway.networking.k8s.io/bundle-version: v1.0.0-rc1 + gateway.networking.k8s.io/bundle-version: v1.0.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: httproutes.gateway.networking.k8s.io @@ -9509,7 +9509,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466 - gateway.networking.k8s.io/bundle-version: v1.0.0-rc1 + gateway.networking.k8s.io/bundle-version: v1.0.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: referencegrants.gateway.networking.k8s.io @@ -9798,7 +9798,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466 - gateway.networking.k8s.io/bundle-version: v1.0.0-rc1 + gateway.networking.k8s.io/bundle-version: v1.0.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: tcproutes.gateway.networking.k8s.io @@ -10439,7 +10439,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466 - gateway.networking.k8s.io/bundle-version: v1.0.0-rc1 + gateway.networking.k8s.io/bundle-version: v1.0.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: tlsroutes.gateway.networking.k8s.io @@ -11129,7 +11129,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466 - gateway.networking.k8s.io/bundle-version: v1.0.0-rc1 + gateway.networking.k8s.io/bundle-version: v1.0.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: udproutes.gateway.networking.k8s.io diff --git a/go.mod b/go.mod index 168664d61cad..f75200ffe349 100644 --- a/go.mod +++ b/go.mod @@ -37,7 +37,7 @@ require ( k8s.io/kubectl v0.28.3 k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 sigs.k8s.io/controller-runtime v0.16.3 - sigs.k8s.io/gateway-api v1.0.0-rc1 + sigs.k8s.io/gateway-api v1.0.0-rc2 sigs.k8s.io/yaml v1.3.0 ) diff --git a/go.sum b/go.sum index 33cd1b9f6535..601027d0fe04 100644 --- a/go.sum +++ b/go.sum @@ -737,8 +737,8 @@ sigs.k8s.io/controller-runtime v0.6.1/go.mod h1:XRYBPdbf5XJu9kpS84VJiZ7h/u1hF3gE sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigwG62c4= sigs.k8s.io/controller-runtime v0.16.3/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0= sigs.k8s.io/controller-tools v0.3.0/go.mod h1:enhtKGfxZD1GFEoMgP8Fdbu+uKQ/cq1/WGJhdVChfvI= -sigs.k8s.io/gateway-api v1.0.0-rc1 h1:v7N9fWTcQxox5aP2IrViDw6imeUHMAt2WFjI4BYo0sw= -sigs.k8s.io/gateway-api v1.0.0-rc1/go.mod h1:+QpYENjk9s31/abu2Pv5BpK2v88UQDK2aeQCwCvy6ck= +sigs.k8s.io/gateway-api v1.0.0-rc2 h1:+7rq7j5fehUkMkgnJyL90mtXrVnz8aj5SXsRqIEW3Mk= +sigs.k8s.io/gateway-api v1.0.0-rc2/go.mod h1:+QpYENjk9s31/abu2Pv5BpK2v88UQDK2aeQCwCvy6ck= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/kind v0.8.1/go.mod h1:oNKTxUVPYkV9lWzY6CVMNluVq8cBsyq+UgPJdvA3uu4= diff --git a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml index 5a5a7e8f2f3d..bfc39f0543db 100644 --- a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml @@ -152,7 +152,6 @@ gateways: namespace: default spec: gatewayClassName: eg - infrastructure: {} listeners: - name: tcp port: 1234 diff --git a/internal/cmd/egctl/testdata/translate/out/echo-gateway-api.cluster.yaml b/internal/cmd/egctl/testdata/translate/out/echo-gateway-api.cluster.yaml index 38df47de2bb9..c61a2fdf774a 100644 --- a/internal/cmd/egctl/testdata/translate/out/echo-gateway-api.cluster.yaml +++ b/internal/cmd/egctl/testdata/translate/out/echo-gateway-api.cluster.yaml @@ -19,7 +19,6 @@ gateways: namespace: envoy-gateway-system spec: gatewayClassName: eg - infrastructure: {} listeners: - name: http port: 80 diff --git a/internal/cmd/egctl/testdata/translate/out/echo-gateway-api.route.json b/internal/cmd/egctl/testdata/translate/out/echo-gateway-api.route.json index e68ceb2be3d7..41dfd6683e7f 100644 --- a/internal/cmd/egctl/testdata/translate/out/echo-gateway-api.route.json +++ b/internal/cmd/egctl/testdata/translate/out/echo-gateway-api.route.json @@ -35,8 +35,7 @@ "port": 80, "protocol": "HTTP" } - ], - "infrastructure": {} + ] }, "status": { "listeners": [ diff --git a/internal/cmd/egctl/testdata/translate/out/invalid-envoyproxy.all.yaml b/internal/cmd/egctl/testdata/translate/out/invalid-envoyproxy.all.yaml index cbb15ee7d7f8..c7ad9cde1334 100644 --- a/internal/cmd/egctl/testdata/translate/out/invalid-envoyproxy.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/invalid-envoyproxy.all.yaml @@ -45,7 +45,6 @@ gateways: namespace: default spec: gatewayClassName: eg - infrastructure: {} listeners: - name: tcp port: 1234 diff --git a/internal/cmd/egctl/testdata/translate/out/rejected-http-route.route.yaml b/internal/cmd/egctl/testdata/translate/out/rejected-http-route.route.yaml index c648c138552d..1cf2dc126c20 100644 --- a/internal/cmd/egctl/testdata/translate/out/rejected-http-route.route.yaml +++ b/internal/cmd/egctl/testdata/translate/out/rejected-http-route.route.yaml @@ -19,7 +19,6 @@ gateways: namespace: envoy-gateway-system spec: gatewayClassName: eg - infrastructure: {} listeners: - name: tls port: 8443 diff --git a/internal/cmd/egctl/testdata/translate/out/valid-envoyproxy.all.yaml b/internal/cmd/egctl/testdata/translate/out/valid-envoyproxy.all.yaml index 240c41716eed..ef42d68c93e8 100644 --- a/internal/cmd/egctl/testdata/translate/out/valid-envoyproxy.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/valid-envoyproxy.all.yaml @@ -38,7 +38,6 @@ gateways: namespace: default spec: gatewayClassName: eg - infrastructure: {} listeners: - name: tcp port: 1234 diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-status-conditions.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-status-conditions.out.yaml index b2d814f29da9..d8fe370ea6af 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-status-conditions.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-status-conditions.out.yaml @@ -105,7 +105,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: @@ -146,7 +145,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml index b2572c9d2ff6..a8c1817427c8 100755 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml @@ -52,7 +52,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: @@ -93,7 +92,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml index 08b19666e18b..1903b43a593f 100755 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml @@ -70,7 +70,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: @@ -111,7 +110,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-status-conditions.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-status-conditions.out.yaml index 35f7854be4a4..413b622c7435 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-status-conditions.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-status-conditions.out.yaml @@ -133,7 +133,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: @@ -174,7 +173,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-tcp-keepalive.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-tcp-keepalive.out.yaml index 4992c59db305..df173dba7d59 100755 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-tcp-keepalive.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-tcp-keepalive.out.yaml @@ -58,7 +58,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/disable-accesslog.out.yaml b/internal/gatewayapi/testdata/disable-accesslog.out.yaml index e6b4703f44e0..39e8d26d5711 100644 --- a/internal/gatewayapi/testdata/disable-accesslog.out.yaml +++ b/internal/gatewayapi/testdata/disable-accesslog.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-cross-ns-target.out.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-cross-ns-target.out.yaml index 40698426f23a..f7293e04c96f 100755 --- a/internal/gatewayapi/testdata/envoypatchpolicy-cross-ns-target.out.yaml +++ b/internal/gatewayapi/testdata/envoypatchpolicy-cross-ns-target.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind.out.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind.out.yaml index 6c03d80394d8..b5d451c716be 100755 --- a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind.out.yaml +++ b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-valid.out.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-valid.out.yaml index 287c1fbc8774..5c75624e1367 100644 --- a/internal/gatewayapi/testdata/envoypatchpolicy-valid.out.yaml +++ b/internal/gatewayapi/testdata/envoypatchpolicy-valid.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.out.yaml index 657b1451b21b..d7032df5b1a1 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.out.yaml index a750c7779965..4e3a60ba8f3d 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.out.yaml index 72cd526e481c..b4611b897da2 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog.out.yaml index 9c8a1ceb90ca..01428c425e24 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/envoyproxy-valid.out.yaml b/internal/gatewayapi/testdata/envoyproxy-valid.out.yaml index ea18760f8c58..9157ee690626 100644 --- a/internal/gatewayapi/testdata/envoyproxy-valid.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-valid.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/extensions/httproute-with-extension-filter-invalid-group.out.yaml b/internal/gatewayapi/testdata/extensions/httproute-with-extension-filter-invalid-group.out.yaml index 3fe257c755da..2828bf081661 100644 --- a/internal/gatewayapi/testdata/extensions/httproute-with-extension-filter-invalid-group.out.yaml +++ b/internal/gatewayapi/testdata/extensions/httproute-with-extension-filter-invalid-group.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/extensions/httproute-with-non-matching-extension-filter.out.yaml b/internal/gatewayapi/testdata/extensions/httproute-with-non-matching-extension-filter.out.yaml index 2da4c8304a6d..d9271e30fc90 100644 --- a/internal/gatewayapi/testdata/extensions/httproute-with-non-matching-extension-filter.out.yaml +++ b/internal/gatewayapi/testdata/extensions/httproute-with-non-matching-extension-filter.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/extensions/httproute-with-unsupported-extension-filter.out.yaml b/internal/gatewayapi/testdata/extensions/httproute-with-unsupported-extension-filter.out.yaml index cef3b8f54cde..5f8e8829df68 100644 --- a/internal/gatewayapi/testdata/extensions/httproute-with-unsupported-extension-filter.out.yaml +++ b/internal/gatewayapi/testdata/extensions/httproute-with-unsupported-extension-filter.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/extensions/httproute-with-valid-extension-filter.out.yaml b/internal/gatewayapi/testdata/extensions/httproute-with-valid-extension-filter.out.yaml index 2740a77d6e14..d01e792dd710 100644 --- a/internal/gatewayapi/testdata/extensions/httproute-with-valid-extension-filter.out.yaml +++ b/internal/gatewayapi/testdata/extensions/httproute-with-valid-extension-filter.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml index 46b95ef1dc50..25c3cce6796d 100644 --- a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml +++ b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-disallowed-httproute.out.yaml b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-disallowed-httproute.out.yaml index 020b58c9394c..0c17d8dd89f8 100644 --- a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-disallowed-httproute.out.yaml +++ b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-disallowed-httproute.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-addresses-with-ipaddress.out.yaml b/internal/gatewayapi/testdata/gateway-with-addresses-with-ipaddress.out.yaml index a9fbc94d078c..160fdae760ea 100644 --- a/internal/gatewayapi/testdata/gateway-with-addresses-with-ipaddress.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-addresses-with-ipaddress.out.yaml @@ -14,7 +14,6 @@ gateways: - type: Hostname value: foo.bar gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - name: tcp port: 80 diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-namespaces-selector.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-namespaces-selector.out.yaml index 50dad411b1d8..d360fbafe44f 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-namespaces-selector.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-namespaces-selector.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-group.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-group.out.yaml index 6abba3b9e6af..1bd59a4c7c28 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-group.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-group.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: kinds: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-kind-and-supported.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-kind-and-supported.out.yaml index 96d38561b392..03568e1828b3 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-kind-and-supported.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-kind-and-supported.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: kinds: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-kind.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-kind.out.yaml index 6caec557c576..0854ce26a7d3 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-kind.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-kind.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: kinds: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-tls-route-kind.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-tls-route-kind.out.yaml index 15bb8bee7f74..d6a010af299c 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-tls-route-kind.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-tls-route-kind.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: kinds: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-multiple-tls-configuration.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-multiple-tls-configuration.out.yaml index 820dd86f1548..7217e4191af3 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-multiple-tls-configuration.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-multiple-tls-configuration.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-invalid-mode.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-invalid-mode.out.yaml index dc82ae4e6ed6..7db3c46cef12 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-invalid-mode.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-invalid-mode.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-no-certificate-refs.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-no-certificate-refs.out.yaml index 3e30315251d3..654ea7d841e3 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-no-certificate-refs.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-no-certificate-refs.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-no-valid-certificate-for-fqdn.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-no-valid-certificate-for-fqdn.out.yaml index 2e23126a0da5..deb3363ef432 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-no-valid-certificate-for-fqdn.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-no-valid-certificate-for-fqdn.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-does-not-exist.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-does-not-exist.out.yaml index a845904bf7af..b7e09ffc5e6c 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-does-not-exist.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-does-not-exist.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-in-other-namespace.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-in-other-namespace.out.yaml index c04fdf566cb7..ac0bea42b996 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-in-other-namespace.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-in-other-namespace.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-is-not-valid.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-is-not-valid.out.yaml index 1d2f8c04b9ae..3e8ca57f3350 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-is-not-valid.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-is-not-valid.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-missing-allowed-namespaces-selector.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-missing-allowed-namespaces-selector.out.yaml index 413b2d186a45..9e7040d42cf1 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-missing-allowed-namespaces-selector.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-missing-allowed-namespaces-selector.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tcp-with-hostname.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tcp-with-hostname.out.yaml index 3328108c61fb..d6d72c554526 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tcp-with-hostname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tcp-with-hostname.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-mismatch-port-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-mismatch-port-protocol.out.yaml index 809227c0e68f..76f634d295aa 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-mismatch-port-protocol.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-mismatch-port-protocol.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-backends.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-backends.out.yaml index fcc6e1bff420..5ca44bf64d02 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-backends.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-backends.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-rules.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-rules.out.yaml index b8f8202376b2..b24190c9e08e 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-rules.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-rules.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml index e8be45361a1e..851bdc815384 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml index 6d06c36b0598..125a1519bac4 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-udp-with-hostname.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-udp-with-hostname.out.yaml index 454b380a7642..cdec1d564903 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-udp-with-hostname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-udp-with-hostname.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-mismatch-port-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-mismatch-port-protocol.out.yaml index 372440a3edb6..518de1b91fa0 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-mismatch-port-protocol.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-mismatch-port-protocol.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-backends.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-backends.out.yaml index 44f06ff7f7ce..f52d4f1a720a 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-backends.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-backends.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-rules.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-rules.out.yaml index 05b4baa86793..c024a1cfa91e 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-rules.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-rules.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-tcproute.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-tcproute.out.yaml index abd3001c234a..16f687f3ce2a 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-tcproute.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-tcproute.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-udproute.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-udproute.out.yaml index 36e6e97bb62c..f5d768207dc7 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-udproute.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-udproute.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-unsupported-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-unsupported-protocol.out.yaml index 9bfeba5b6718..7e24746ae1d3 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-unsupported-protocol.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-unsupported-protocol.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml index d287787995c7..806ed34a6b65 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml index d0ca9520da6b..07a1de64cb48 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml index ecd508afdad4..337937ea2908 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-preexisting-status-condition.out.yaml b/internal/gatewayapi/testdata/gateway-with-preexisting-status-condition.out.yaml index 306cf9ad7e2f..7f3e382bf42e 100644 --- a/internal/gatewayapi/testdata/gateway-with-preexisting-status-condition.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-preexisting-status-condition.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: default spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-tcproutes.out.yaml b/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-tcproutes.out.yaml index 8cc2b4e5693d..a88038eae962 100644 --- a/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-tcproutes.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-tcproutes.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-udproutes.out.yaml b/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-udproutes.out.yaml index 93d06eb40ac6..754dae0c4dca 100644 --- a/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-udproutes.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-udproutes.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml b/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml index 8f39c0e8cdb1..cc331a9ec1de 100644 --- a/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: default spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-tcp-or-tls-port.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-tcp-or-tls-port.out.yaml index e17e582fb099..9f6f8957295c 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-tcp-or-tls-port.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-tcp-or-tls-port.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-udp-port.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-udp-port.out.yaml index 7b45e9376f88..4b312da21d86 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-udp-port.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-udp-port.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-http-and-tlsroute-same-hostname-and-port.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-http-and-tlsroute-same-hostname-and-port.out.yaml index c035a81d0ccf..dda0a7c4e74c 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-http-and-tlsroute-same-hostname-and-port.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-http-and-tlsroute-same-hostname-and-port.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-multiple-httproutes.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-multiple-httproutes.out.yaml index 2300fb9a87b7..d7f5bbc33e2d 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-multiple-httproutes.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-multiple-httproutes.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-and-hostname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-and-hostname.out.yaml index fcc190ce29f4..c7db7a21465c 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-and-hostname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-and-hostname.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-and-incompatible-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-and-incompatible-protocol.out.yaml index 301e903cd038..7ec1823a77e6 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-and-incompatible-protocol.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-and-incompatible-protocol.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-tcp-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-tcp-protocol.out.yaml index e23ea10a721a..da39c8b00efc 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-tcp-protocol.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-tcp-protocol.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-udp-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-udp-protocol.out.yaml index 8b51c3207f01..d59e161199d5 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-udp-protocol.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-udp-protocol.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-with-sectionname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-with-sectionname.out.yaml index 06209327595f..49acc6c84522 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-with-sectionname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-with-sectionname.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-without-sectionname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-without-sectionname.out.yaml index 695d0baabafd..759e45901db5 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-without-sectionname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-without-sectionname.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-with-sectionname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-with-sectionname.out.yaml index 43289b482c37..a5a304ba208f 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-with-sectionname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-with-sectionname.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-without-sectionname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-without-sectionname.out.yaml index 50c800f29b77..692388c6498c 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-without-sectionname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-without-sectionname.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/grpcroute-with-header-match.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-header-match.out.yaml index 60848b1ba37f..59d139d01c15 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-header-match.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-header-match.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/grpcroute-with-method-and-service-match.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-method-and-service-match.out.yaml index fea459928165..ee66e91bc17a 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-method-and-service-match.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-method-and-service-match.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/grpcroute-with-method-match.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-method-match.out.yaml index 0b0f620ed9a5..b7fc079c14f7 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-method-match.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-method-match.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml index 5276b87e9748..1891581612ee 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/grpcroute-with-service-match.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-service-match.out.yaml index b596ec87f4fa..4406f205c538 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-service-match.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-service-match.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/grpcroute-with-valid-authenfilter.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-valid-authenfilter.out.yaml index 6ab20d3b8334..b36321651d88 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-valid-authenfilter.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-valid-authenfilter.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/grpcroute-with-valid-ratelimitfilter.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-valid-ratelimitfilter.out.yaml index 089abc5f5118..704f48edb107 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-valid-ratelimitfilter.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-valid-ratelimitfilter.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-different-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-different-listeners.out.yaml index 9fea76f8b9db..d30026097abb 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-different-listeners.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-different-listeners.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-listeners.out.yaml index 5f0440b0509b..de694b38c8c7 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-listeners.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-listeners.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml index efea583f79f7..737d43da6689 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml index 7254ead6df3a..e88edaa93ac3 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml index f4a338833f15..ae14d6cbe635 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-matching-port.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-matching-port.out.yaml index 962c6b444edb..a8d9a02048b4 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-matching-port.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-matching-port.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml index 02af912183a2..dddac198b29a 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref.out.yaml index 6be302ae3be6..f5334296b701 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml index 8b231b5d8c54..aae08dee8708 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-backend-request-timeout.out.yaml b/internal/gatewayapi/testdata/httproute-backend-request-timeout.out.yaml index e3a8c390ed9a..d910e6e5442d 100755 --- a/internal/gatewayapi/testdata/httproute-backend-request-timeout.out.yaml +++ b/internal/gatewayapi/testdata/httproute-backend-request-timeout.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-not-attaching-to-listener-non-matching-port.out.yaml b/internal/gatewayapi/testdata/httproute-not-attaching-to-listener-non-matching-port.out.yaml index 0942b6d5c55c..4cd3e58a7741 100644 --- a/internal/gatewayapi/testdata/httproute-not-attaching-to-listener-non-matching-port.out.yaml +++ b/internal/gatewayapi/testdata/httproute-not-attaching-to-listener-non-matching-port.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-request-timeout.out.yaml b/internal/gatewayapi/testdata/httproute-request-timeout.out.yaml index f8e11085e179..8e55e85f2bed 100644 --- a/internal/gatewayapi/testdata/httproute-request-timeout.out.yaml +++ b/internal/gatewayapi/testdata/httproute-request-timeout.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml index 8b3d562fb2c4..d7fc6c8c81c8 100644 --- a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml +++ b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml index 4b3386d96217..06e52bfe474d 100644 --- a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml +++ b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml index 625f31d66b8c..c9c5a58e59d1 100644 --- a/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-backendref-serviceimport-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/httproute-with-backendref-serviceimport-in-other-namespace-allowed-by-refgrant.out.yaml index 6c945d476c30..20ed4f04dbbb 100644 --- a/internal/gatewayapi/testdata/httproute-with-backendref-serviceimport-in-other-namespace-allowed-by-refgrant.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-backendref-serviceimport-in-other-namespace-allowed-by-refgrant.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-distinct-sourcecidr-ratelimit.out.yaml b/internal/gatewayapi/testdata/httproute-with-distinct-sourcecidr-ratelimit.out.yaml index a24337c43448..556411900c9a 100644 --- a/internal/gatewayapi/testdata/httproute-with-distinct-sourcecidr-ratelimit.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-distinct-sourcecidr-ratelimit.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-empty-matches.out.yaml b/internal/gatewayapi/testdata/httproute-with-empty-matches.out.yaml index 647a2dcfce6d..14f190acbc5a 100644 --- a/internal/gatewayapi/testdata/httproute-with-empty-matches.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-empty-matches.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml index c1ef644142a3..b186106f0cef 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml index 32f5edb81ea5..55a7d36259cb 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml index f139d38aeb4c..7f12824c553d 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml index 77961efa6027..a466c593e7a9 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml index dfeb4ae43a62..2e4b11c24cb4 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-headers.out.yaml index 4c8847939ae4..9d79d3a34752 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-headers.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-invalid-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-invalid-headers.out.yaml index fd7284767708..14cb1d167ef5 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-invalid-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-invalid-headers.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml index 1f45ffb56d19..d2d65c9dd620 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-no-valid-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-no-valid-headers.out.yaml index d9486910bdd7..b32d9c0a1223 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-no-valid-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-no-valid-headers.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml index 5fa483737162..2ae92bdd5042 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-bad-port.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-bad-port.out.yaml index 84f0bd4795c8..e75b60882e60 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-bad-port.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-bad-port.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-group.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-group.out.yaml index c2ff9d80d923..50079248c8a4 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-group.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-group.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-kind.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-kind.out.yaml index 45778ad58dce..6781dcc65b7f 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-kind.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-kind.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-port.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-port.out.yaml index 9d22f8bdd54f..020a7bf3f968 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-port.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-port.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.import.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.import.out.yaml index 88225cc401b2..669c5afcdab4 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.import.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.import.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.out.yaml index 1df5cf57893c..9e4963f11276 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backendref-in-other-namespace.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backendref-in-other-namespace.out.yaml index f215dd372954..9543bab4beb3 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backendref-in-other-namespace.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backendref-in-other-namespace.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-ratelimitfilter.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-ratelimitfilter.out.yaml index 91d56a2d6848..4328150736a5 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-ratelimitfilter.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-ratelimitfilter.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-duplicates.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-duplicates.out.yaml index b5438807e703..afa9f1c45245 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-duplicates.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-duplicates.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml index 2a10c73d2927..d5aa80f0bd19 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-no-port.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-no-port.out.yaml index 9355ecbd66c2..85b30ec48e60 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-no-port.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-no-port.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-not-found.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-not-found.out.yaml index d30cec69111e..2858e31d5aa2 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-not-found.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-not-found.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter.out.yaml index f226a8241eb3..6d64d583a12b 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-non-existent-authenfilter-ref.out.yaml b/internal/gatewayapi/testdata/httproute-with-non-existent-authenfilter-ref.out.yaml index bcaa367f29b7..919f22bf257a 100644 --- a/internal/gatewayapi/testdata/httproute-with-non-existent-authenfilter-ref.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-non-existent-authenfilter-ref.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-non-matching-authenfilter-ref.out.yaml b/internal/gatewayapi/testdata/httproute-with-non-matching-authenfilter-ref.out.yaml index 60b40b58422c..b61269b4370a 100644 --- a/internal/gatewayapi/testdata/httproute-with-non-matching-authenfilter-ref.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-non-matching-authenfilter-ref.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-non-matching-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-non-matching-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml index 6d5a7ea8e283..14f9cf7dacc6 100644 --- a/internal/gatewayapi/testdata/httproute-with-non-matching-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-non-matching-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml index 794fa4179e76..3b0c94febaad 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml index b1fd7b9e7e34..effccbc5fa30 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-filter-type.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-filter-type.out.yaml index e2e09970442d..b551b071c987 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-filter-type.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-filter-type.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-scheme.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-scheme.out.yaml index 73b8cb1ee717..ce331c461d99 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-scheme.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-scheme.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-status.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-status.out.yaml index 08c4901391d6..08792fc26766 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-status.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-status.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-prefix-replace-with-port-http.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-prefix-replace-with-port-http.out.yaml index b9d67b1f9638..e87602dc49ce 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-prefix-replace-with-port-http.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-prefix-replace-with-port-http.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml index 460a090bad7c..d376bb2bd31b 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml index 94ee5ccd4fec..082da467faa0 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml index a918aa754f07..7387da265c82 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-remove-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-remove-multiple-filters.out.yaml index 2da623c330b1..5050624b40e6 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-remove-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-remove-multiple-filters.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-removes.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-removes.out.yaml index d176af428e29..a6d34ce09448 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-removes.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-removes.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml index 3a2f62992b2a..dce73fb7d960 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-headers.out.yaml index 0d4fd6a69aa3..1635b1117577 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-headers.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-invalid-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-invalid-headers.out.yaml index a838b5eda561..77ff80ec20d2 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-invalid-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-invalid-headers.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-headers.out.yaml index e67daf81dc10..80d939f8009a 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-headers.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-valid-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-valid-headers.out.yaml index 46d342b520e8..e18af4f074e3 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-valid-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-valid-headers.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-remove.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-remove.out.yaml index ac5255a93cb4..e1d73c904222 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-remove.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-remove.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml index b6b8e5b79d1f..3de870613b98 100644 --- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-http-method-match.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-http-method-match.out.yaml index dc6b524a0cda..fdb845ae1d0e 100644 --- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-http-method-match.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-http-method-match.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-multiple-rules.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-multiple-rules.out.yaml index 01057b6b90de..33d4418d46ae 100644 --- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-multiple-rules.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-multiple-rules.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml index ca2e9ac16e07..4bb51c36abff 100644 --- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-some-invalid-backend-refs-no-service.out.yaml b/internal/gatewayapi/testdata/httproute-with-some-invalid-backend-refs-no-service.out.yaml index 0e8849a70ba2..cd095768ea33 100644 --- a/internal/gatewayapi/testdata/httproute-with-some-invalid-backend-refs-no-service.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-some-invalid-backend-refs-no-service.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-sourcecidr-ratelimit.out.yaml b/internal/gatewayapi/testdata/httproute-with-sourcecidr-ratelimit.out.yaml index 931581c525cf..3f80798c10a7 100644 --- a/internal/gatewayapi/testdata/httproute-with-sourcecidr-ratelimit.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-sourcecidr-ratelimit.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml index 8526127403a5..8654dbf94b42 100644 --- a/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml index 556e13be93bc..f89e37188817 100644 --- a/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-full-path-replace-http.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-full-path-replace-http.out.yaml index a2eda476beb0..a216ec0d08e3 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-full-path-replace-http.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-full-path-replace-http.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname-prefix-replace.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname-prefix-replace.out.yaml index 46ea24994490..1758895c365f 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname-prefix-replace.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname-prefix-replace.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname.out.yaml index 2f5af2b92b09..c89bf6ad9e64 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-filter-type.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-filter-type.out.yaml index 0b5e57539b7f..8b3354f1a3bd 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-filter-type.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-filter-type.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-hostname.out.yaml index 34e78146414c..4368e3326aa9 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-hostname.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-multiple-filters.out.yaml index fea06ada60e6..4860707ed5ac 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-multiple-filters.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path-type.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path-type.out.yaml index 2f37b63f2368..3ac9cd2e136c 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path-type.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path-type.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path.out.yaml index b59fd6d73227..69dfe2109174 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-missing-path.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-missing-path.out.yaml index 9f485f391d2e..df69cdec6440 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-missing-path.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-missing-path.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-prefix-replace-http.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-prefix-replace-http.out.yaml index 43b5e67e5df2..a77717cbd761 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-prefix-replace-http.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-prefix-replace-http.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-valid-authenfilter.out.yaml b/internal/gatewayapi/testdata/httproute-with-valid-authenfilter.out.yaml index a19010ed3f3b..ef2b7de94f89 100644 --- a/internal/gatewayapi/testdata/httproute-with-valid-authenfilter.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-valid-authenfilter.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-valid-multi-match-authenfilter.out.yaml b/internal/gatewayapi/testdata/httproute-with-valid-multi-match-authenfilter.out.yaml index 58923d12e884..e88afb724882 100644 --- a/internal/gatewayapi/testdata/httproute-with-valid-multi-match-authenfilter.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-valid-multi-match-authenfilter.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-valid-multi-match-multi-authenfilter.out.yaml b/internal/gatewayapi/testdata/httproute-with-valid-multi-match-multi-authenfilter.out.yaml index a0d9935435c2..9cc518431ef6 100644 --- a/internal/gatewayapi/testdata/httproute-with-valid-multi-match-multi-authenfilter.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-valid-multi-match-multi-authenfilter.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-valid-ratelimitfilter.out.yaml b/internal/gatewayapi/testdata/httproute-with-valid-ratelimitfilter.out.yaml index cab1542d000c..b278efea1782 100644 --- a/internal/gatewayapi/testdata/httproute-with-valid-ratelimitfilter.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-valid-ratelimitfilter.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproute-with-wildcard-hostname-attaching-to-gateway-with-unset-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-wildcard-hostname-attaching-to-gateway-with-unset-hostname.out.yaml index 210720c614b2..6f9a6e0f8932 100644 --- a/internal/gatewayapi/testdata/httproute-with-wildcard-hostname-attaching-to-gateway-with-unset-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-wildcard-hostname-attaching-to-gateway-with-unset-hostname.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/httproutes-with-multiple-matches.out.yaml b/internal/gatewayapi/testdata/httproutes-with-multiple-matches.out.yaml index f31c3dc21758..83b255739cfb 100644 --- a/internal/gatewayapi/testdata/httproutes-with-multiple-matches.out.yaml +++ b/internal/gatewayapi/testdata/httproutes-with-multiple-matches.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.out.yaml b/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.out.yaml index fa4b57bcb56f..46f9e3d125bb 100755 --- a/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.out.yaml +++ b/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - name: http port: 80 @@ -45,7 +44,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - name: http port: 80 diff --git a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.out.yaml b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.out.yaml index 720f7ec14a15..1f91380625f8 100755 --- a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.out.yaml +++ b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: @@ -49,7 +48,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - name: http-2 port: 8888 diff --git a/internal/gatewayapi/testdata/merge-valid-multiple-gateways.out.yaml b/internal/gatewayapi/testdata/merge-valid-multiple-gateways.out.yaml index 76639b23b930..8a1c69768446 100755 --- a/internal/gatewayapi/testdata/merge-valid-multiple-gateways.out.yaml +++ b/internal/gatewayapi/testdata/merge-valid-multiple-gateways.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: @@ -48,7 +47,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/securitypolicy-status-conditions.out.yaml b/internal/gatewayapi/testdata/securitypolicy-status-conditions.out.yaml index d4c17232a746..4a2610a0084b 100755 --- a/internal/gatewayapi/testdata/securitypolicy-status-conditions.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-status-conditions.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: @@ -48,7 +47,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml index 89485439e63c..0a2b0cbb239c 100755 --- a/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: @@ -48,7 +47,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml b/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml index 902ab4632a88..20df52b004f1 100644 --- a/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml +++ b/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/tlsroute-attaching-to-gateway.out.yaml b/internal/gatewayapi/testdata/tlsroute-attaching-to-gateway.out.yaml index 87bb5ae9b851..8e45df442d5a 100644 --- a/internal/gatewayapi/testdata/tlsroute-attaching-to-gateway.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-attaching-to-gateway.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/tlsroute-multiple.out.yaml b/internal/gatewayapi/testdata/tlsroute-multiple.out.yaml index 9a181fd3136f..77b25d4495f6 100644 --- a/internal/gatewayapi/testdata/tlsroute-multiple.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-multiple.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/tlsroute-not-attaching-to-gateway-with-no-mode.out.yaml b/internal/gatewayapi/testdata/tlsroute-not-attaching-to-gateway-with-no-mode.out.yaml index c489c472f945..2fac08a9c5ed 100644 --- a/internal/gatewayapi/testdata/tlsroute-not-attaching-to-gateway-with-no-mode.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-not-attaching-to-gateway-with-no-mode.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/tlsroute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/tlsroute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml index 9db730684d2f..4264efe0bef1 100644 --- a/internal/gatewayapi/testdata/tlsroute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/tlsroute-with-empty-hostname.out.yaml b/internal/gatewayapi/testdata/tlsroute-with-empty-hostname.out.yaml index 01155ee73922..cb9f727850e1 100644 --- a/internal/gatewayapi/testdata/tlsroute-with-empty-hostname.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-with-empty-hostname.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/tlsroute-with-empty-listener-hostname.out.yaml b/internal/gatewayapi/testdata/tlsroute-with-empty-listener-hostname.out.yaml index cdea4a34046d..414c6b8e574e 100644 --- a/internal/gatewayapi/testdata/tlsroute-with-empty-listener-hostname.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-with-empty-listener-hostname.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/internal/gatewayapi/testdata/tlsroute-with-listener-both-passthrough-and-cert-data.out.yaml b/internal/gatewayapi/testdata/tlsroute-with-listener-both-passthrough-and-cert-data.out.yaml index b8606275d5e3..0e48f934a107 100644 --- a/internal/gatewayapi/testdata/tlsroute-with-listener-both-passthrough-and-cert-data.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-with-listener-both-passthrough-and-cert-data.out.yaml @@ -7,7 +7,6 @@ gateways: namespace: envoy-gateway spec: gatewayClassName: envoy-gateway-class - infrastructure: {} listeners: - allowedRoutes: namespaces: diff --git a/test/conformance/conformance_test.go b/test/conformance/conformance_test.go index 6bfa06fe39b2..ad81e21cd265 100644 --- a/test/conformance/conformance_test.go +++ b/test/conformance/conformance_test.go @@ -51,6 +51,8 @@ func TestGatewayAPIConformance(t *testing.T) { tests.GatewaySecretInvalidReferenceGrant.ShortName, tests.HTTPRouteRewritePath.ShortName, tests.GatewayStaticAddresses.ShortName, + tests.GatewayWithAttachedRoutes.ShortName, + tests.HTTPRouteBackendProtocolH2C.ShortName, }, ExemptFeatures: suite.MeshCoreFeatures, }) diff --git a/test/conformance/experimental_conformance_test.go b/test/conformance/experimental_conformance_test.go index 9276d290ebee..5415f150ca7a 100644 --- a/test/conformance/experimental_conformance_test.go +++ b/test/conformance/experimental_conformance_test.go @@ -99,6 +99,8 @@ func experimentalConformance(t *testing.T) { tests.GatewaySecretInvalidReferenceGrant.ShortName, tests.HTTPRouteRewritePath.ShortName, tests.GatewayStaticAddresses.ShortName, + tests.GatewayWithAttachedRoutes.ShortName, + tests.HTTPRouteBackendProtocolH2C.ShortName, }, SupportedFeatures: sets.Set[suite.SupportedFeature]{}.Insert(suite.HTTPRouteExtendedFeatures.UnsortedList()...), }, From 608ddd38dede76e81be34791b945ba6cca7bd2fe Mon Sep 17 00:00:00 2001 From: Arko Dasgupta Date: Wed, 25 Oct 2023 20:20:02 -0700 Subject: [PATCH 07/11] more tests in experimental conformance profile report (#2056) Signed-off-by: Arko Dasgupta --- test/conformance/experimental_conformance_test.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/conformance/experimental_conformance_test.go b/test/conformance/experimental_conformance_test.go index 5415f150ca7a..2abc238823d9 100644 --- a/test/conformance/experimental_conformance_test.go +++ b/test/conformance/experimental_conformance_test.go @@ -95,6 +95,7 @@ func experimentalConformance(t *testing.T) { GatewayClassName: *flags.GatewayClassName, Debug: *flags.ShowDebug, CleanupBaseResources: *flags.CleanupBaseResources, + SupportedFeatures: suite.AllFeatures, SkipTests: []string{ tests.GatewaySecretInvalidReferenceGrant.ShortName, tests.HTTPRouteRewritePath.ShortName, @@ -102,7 +103,7 @@ func experimentalConformance(t *testing.T) { tests.GatewayWithAttachedRoutes.ShortName, tests.HTTPRouteBackendProtocolH2C.ShortName, }, - SupportedFeatures: sets.Set[suite.SupportedFeature]{}.Insert(suite.HTTPRouteExtendedFeatures.UnsortedList()...), + ExemptFeatures: suite.MeshCoreFeatures, }, Implementation: *implementation, ConformanceProfiles: conformanceProfiles, From a6e62d5987995f35d1d1d304f50f64f22727a455 Mon Sep 17 00:00:00 2001 From: zirain Date: Wed, 25 Oct 2023 23:57:15 -0500 Subject: [PATCH 08/11] chore: correct comment and rename function (#2074) correct comment and rename function Signed-off-by: zirain --- api/v1alpha1/envoygateway_helpers.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/api/v1alpha1/envoygateway_helpers.go b/api/v1alpha1/envoygateway_helpers.go index e9e369f4e74f..e0352ba69691 100644 --- a/api/v1alpha1/envoygateway_helpers.go +++ b/api/v1alpha1/envoygateway_helpers.go @@ -92,7 +92,7 @@ func DefaultEnvoyGatewayLogging() *EnvoyGatewayLogging { } } -// GetEnvoyGatewayAdmin returns the EnvoyGatewayAdmin of EnvoyGateway or a default EnvoyGatewayAdmin if unspecified. +// GetEnvoyGatewayTelemetry returns the EnvoyGatewayTelemetry of EnvoyGateway or a default EnvoyGatewayTelemetry if unspecified. func (e *EnvoyGateway) GetEnvoyGatewayTelemetry() *EnvoyGatewayTelemetry { if e.Telemetry != nil { if e.Telemetry.Metrics.Prometheus == nil { @@ -109,8 +109,8 @@ func (e *EnvoyGateway) GetEnvoyGatewayTelemetry() *EnvoyGatewayTelemetry { return e.Telemetry } -// IfDisablePrometheus returns if disable prometheus. -func (e *EnvoyGateway) IfDisablePrometheus() bool { +// DisablePrometheus returns if disable prometheus. +func (e *EnvoyGateway) DisablePrometheus() bool { return e.GetEnvoyGatewayTelemetry().Metrics.Prometheus.Disable } From bec3f2963bc06f80ab4ffea7342147d7585ecf08 Mon Sep 17 00:00:00 2001 From: Xunzhuo Date: Thu, 26 Oct 2023 12:58:04 +0800 Subject: [PATCH 09/11] team: add new reviewers of eg (#2064) * team: add new reviewers of eg Signed-off-by: bitliu * update Signed-off-by: bitliu --------- Signed-off-by: bitliu --- OWNERS | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/OWNERS b/OWNERS index c079d03b8824..2895f975ebf3 100644 --- a/OWNERS +++ b/OWNERS @@ -20,5 +20,8 @@ reviewers: - chauhanshubham - kflynn - LanceEa -- qicz - zhaohuabing +- tmsnan +- tanujd11 +- cnvergence +- shawnh2 From 70a31b203886bd5edf05fc6fbd57167aea0a481d Mon Sep 17 00:00:00 2001 From: Arko Dasgupta Date: Wed, 25 Oct 2023 22:45:13 -0700 Subject: [PATCH 10/11] Enable GatewaySecretInvalidReferenceGrant test (#2078) Relates to https://github.com/kubernetes-sigs/gateway-api/pull/2494 Fixes https://github.com/envoyproxy/gateway/issues/2002 Signed-off-by: Arko Dasgupta Signed-off-by: zirain Co-authored-by: zirain --- test/conformance/conformance_test.go | 1 - test/conformance/experimental_conformance_test.go | 1 - 2 files changed, 2 deletions(-) diff --git a/test/conformance/conformance_test.go b/test/conformance/conformance_test.go index ad81e21cd265..eeb8898ffc7b 100644 --- a/test/conformance/conformance_test.go +++ b/test/conformance/conformance_test.go @@ -48,7 +48,6 @@ func TestGatewayAPIConformance(t *testing.T) { CleanupBaseResources: *flags.CleanupBaseResources, SupportedFeatures: suite.AllFeatures, SkipTests: []string{ - tests.GatewaySecretInvalidReferenceGrant.ShortName, tests.HTTPRouteRewritePath.ShortName, tests.GatewayStaticAddresses.ShortName, tests.GatewayWithAttachedRoutes.ShortName, diff --git a/test/conformance/experimental_conformance_test.go b/test/conformance/experimental_conformance_test.go index 2abc238823d9..fd4a5620973e 100644 --- a/test/conformance/experimental_conformance_test.go +++ b/test/conformance/experimental_conformance_test.go @@ -97,7 +97,6 @@ func experimentalConformance(t *testing.T) { CleanupBaseResources: *flags.CleanupBaseResources, SupportedFeatures: suite.AllFeatures, SkipTests: []string{ - tests.GatewaySecretInvalidReferenceGrant.ShortName, tests.HTTPRouteRewritePath.ShortName, tests.GatewayStaticAddresses.ShortName, tests.GatewayWithAttachedRoutes.ShortName, From 6b8794e2e82cdc40fedc955c45a204bc05e7f2fe Mon Sep 17 00:00:00 2001 From: Xunzhuo Date: Thu, 26 Oct 2023 14:08:47 +0800 Subject: [PATCH 11/11] feat: add control plane metrics library (#1982) * feat: add control plane metrics library Signed-off-by: bitliu * update Signed-off-by: bitliu * update Signed-off-by: bitliu * rebase Signed-off-by: bitliu * update Signed-off-by: bitliu --------- Signed-off-by: bitliu --- api/v1alpha1/envoygateway_helpers.go | 1 - api/v1alpha1/shared_types.go | 4 + .../validation/envoygateway_validate_test.go | 229 ++++++++++++++++++ .../validation/envoyproxy_validate_test.go | 175 ------------- go.mod | 14 +- go.sum | 26 ++ internal/admin/server.go | 8 +- internal/cmd/server.go | 6 + internal/metrics/metadata.go | 102 ++++++++ internal/metrics/options.go | 31 +++ internal/metrics/otel_label.go | 48 ++++ internal/metrics/otel_metric_counter.go | 48 ++++ internal/metrics/otel_metric_gauge.go | 57 +++++ internal/metrics/otel_metric_histogram.go | 41 ++++ internal/metrics/otel_metric_sink.go | 100 ++++++++ internal/metrics/register.go | 207 ++++++++++++++++ internal/metrics/sample_counter_test.go | 23 ++ internal/metrics/sample_gauge_test.go | 27 +++ internal/metrics/sample_histogram_test.go | 23 ++ internal/metrics/units.go | 18 ++ site/content/en/latest/design/eg-metrics.md | 2 +- 21 files changed, 1008 insertions(+), 182 deletions(-) create mode 100644 internal/metrics/metadata.go create mode 100644 internal/metrics/options.go create mode 100644 internal/metrics/otel_label.go create mode 100644 internal/metrics/otel_metric_counter.go create mode 100644 internal/metrics/otel_metric_gauge.go create mode 100644 internal/metrics/otel_metric_histogram.go create mode 100644 internal/metrics/otel_metric_sink.go create mode 100644 internal/metrics/register.go create mode 100644 internal/metrics/sample_counter_test.go create mode 100644 internal/metrics/sample_gauge_test.go create mode 100644 internal/metrics/sample_histogram_test.go create mode 100644 internal/metrics/units.go diff --git a/api/v1alpha1/envoygateway_helpers.go b/api/v1alpha1/envoygateway_helpers.go index e0352ba69691..ef9ab69706b5 100644 --- a/api/v1alpha1/envoygateway_helpers.go +++ b/api/v1alpha1/envoygateway_helpers.go @@ -98,7 +98,6 @@ func (e *EnvoyGateway) GetEnvoyGatewayTelemetry() *EnvoyGatewayTelemetry { if e.Telemetry.Metrics.Prometheus == nil { e.Telemetry.Metrics.Prometheus = DefaultEnvoyGatewayPrometheus() } - if e.Telemetry.Metrics == nil { e.Telemetry.Metrics = DefaultEnvoyGatewayMetrics() } diff --git a/api/v1alpha1/shared_types.go b/api/v1alpha1/shared_types.go index 588eefebb47e..bbda8a16ec32 100644 --- a/api/v1alpha1/shared_types.go +++ b/api/v1alpha1/shared_types.go @@ -21,6 +21,10 @@ const ( DefaultEnvoyProxyImage = "envoyproxy/envoy-dev:latest" // DefaultRateLimitImage is the default image used by ratelimit. DefaultRateLimitImage = "envoyproxy/ratelimit:master" + // HTTPProtocol is the common-used http protocol. + HTTPProtocol = "http" + // GRPCProtocol is the common-used grpc protocol. + GRPCProtocol = "grpc" ) // GroupVersionKind unambiguously identifies a Kind. diff --git a/api/v1alpha1/validation/envoygateway_validate_test.go b/api/v1alpha1/validation/envoygateway_validate_test.go index 06a3043be129..1728cb8a058e 100644 --- a/api/v1alpha1/validation/envoygateway_validate_test.go +++ b/api/v1alpha1/validation/envoygateway_validate_test.go @@ -8,7 +8,9 @@ package validation import ( "testing" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "sigs.k8s.io/gateway-api/apis/v1" "github.com/envoyproxy/gateway/api/v1alpha1" @@ -469,3 +471,230 @@ func TestValidateEnvoyGateway(t *testing.T) { }) } } + +func TestEnvoyGateway(t *testing.T) { + envoyGateway := v1alpha1.DefaultEnvoyGateway() + assert.True(t, envoyGateway.Provider != nil) + assert.True(t, envoyGateway.Gateway != nil) + assert.True(t, envoyGateway.Logging != nil) + envoyGateway.SetEnvoyGatewayDefaults() + assert.Equal(t, envoyGateway.Logging, v1alpha1.DefaultEnvoyGatewayLogging()) + + logging := v1alpha1.DefaultEnvoyGatewayLogging() + assert.True(t, logging != nil) + assert.True(t, logging.Level[v1alpha1.LogComponentGatewayDefault] == v1alpha1.LogLevelInfo) + + gatewayLogging := &v1alpha1.EnvoyGatewayLogging{ + Level: logging.Level, + } + gatewayLogging.SetEnvoyGatewayLoggingDefaults() + assert.True(t, gatewayLogging != nil) + assert.True(t, gatewayLogging.Level[v1alpha1.LogComponentGatewayDefault] == v1alpha1.LogLevelInfo) +} + +func TestDefaultEnvoyGatewayLoggingLevel(t *testing.T) { + type args struct { + component string + level v1alpha1.LogLevel + } + tests := []struct { + name string + args args + want v1alpha1.LogLevel + }{ + { + name: "test default info level for empty level", + args: args{component: "", level: ""}, + want: v1alpha1.LogLevelInfo, + }, + { + name: "test default info level for empty level", + args: args{component: string(v1alpha1.LogComponentGatewayDefault), level: ""}, + want: v1alpha1.LogLevelInfo, + }, + { + name: "test default info level for info level", + args: args{component: string(v1alpha1.LogComponentGatewayDefault), level: v1alpha1.LogLevelInfo}, + want: v1alpha1.LogLevelInfo, + }, + { + name: "test default error level for error level", + args: args{component: string(v1alpha1.LogComponentGatewayDefault), level: v1alpha1.LogLevelError}, + want: v1alpha1.LogLevelError, + }, + { + name: "test gateway-api error level for error level", + args: args{component: string(v1alpha1.LogComponentGatewayAPIRunner), level: v1alpha1.LogLevelError}, + want: v1alpha1.LogLevelError, + }, + { + name: "test gateway-api info level for info level", + args: args{component: string(v1alpha1.LogComponentGatewayAPIRunner), level: v1alpha1.LogLevelInfo}, + want: v1alpha1.LogLevelInfo, + }, + { + name: "test default gateway-api warn level for info level", + args: args{component: string(v1alpha1.LogComponentGatewayAPIRunner), level: ""}, + want: v1alpha1.LogLevelInfo, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + logging := &v1alpha1.EnvoyGatewayLogging{} + if got := logging.DefaultEnvoyGatewayLoggingLevel(tt.args.level); got != tt.want { + t.Errorf("defaultLevel() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestEnvoyGatewayProvider(t *testing.T) { + envoyGateway := &v1alpha1.EnvoyGateway{ + TypeMeta: metav1.TypeMeta{}, + EnvoyGatewaySpec: v1alpha1.EnvoyGatewaySpec{Provider: v1alpha1.DefaultEnvoyGatewayProvider()}, + } + assert.True(t, envoyGateway.Provider != nil) + + envoyGatewayProvider := envoyGateway.GetEnvoyGatewayProvider() + assert.True(t, envoyGatewayProvider.Kubernetes == nil) + assert.Equal(t, envoyGateway.Provider, envoyGatewayProvider) + + envoyGatewayProvider.Kubernetes = v1alpha1.DefaultEnvoyGatewayKubeProvider() + assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment, v1alpha1.DefaultKubernetesDeployment(v1alpha1.DefaultRateLimitImage)) + + envoyGatewayProvider.Kubernetes = &v1alpha1.EnvoyGatewayKubernetesProvider{} + assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment == nil) + + envoyGatewayProvider.Kubernetes = &v1alpha1.EnvoyGatewayKubernetesProvider{ + RateLimitDeployment: &v1alpha1.KubernetesDeploymentSpec{ + Replicas: nil, + Pod: nil, + Container: nil, + }} + assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Replicas == nil) + assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Pod == nil) + assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container == nil) + envoyGatewayKubeProvider := envoyGatewayProvider.GetEnvoyGatewayKubeProvider() + + envoyGatewayProvider.Kubernetes = &v1alpha1.EnvoyGatewayKubernetesProvider{ + RateLimitDeployment: &v1alpha1.KubernetesDeploymentSpec{ + Replicas: nil, + Pod: nil, + Container: &v1alpha1.KubernetesContainerSpec{ + Resources: nil, + SecurityContext: nil, + Image: nil, + }, + }} + assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container.Resources == nil) + envoyGatewayProvider.GetEnvoyGatewayKubeProvider() + + assert.True(t, envoyGatewayProvider.Kubernetes != nil) + assert.Equal(t, envoyGatewayProvider.Kubernetes, envoyGatewayKubeProvider) + + assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment != nil) + assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment, v1alpha1.DefaultKubernetesDeployment(v1alpha1.DefaultRateLimitImage)) + assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Replicas != nil) + assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Replicas, v1alpha1.DefaultKubernetesDeploymentReplicas()) + assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Pod != nil) + assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Pod, v1alpha1.DefaultKubernetesPod()) + assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container != nil) + assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container, v1alpha1.DefaultKubernetesContainer(v1alpha1.DefaultRateLimitImage)) + assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container.Resources != nil) + assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container.Resources, v1alpha1.DefaultResourceRequirements()) + assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container.Image != nil) + assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container.Image, v1alpha1.DefaultKubernetesContainerImage(v1alpha1.DefaultRateLimitImage)) +} + +func TestEnvoyGatewayAdmin(t *testing.T) { + // default envoygateway config admin should not be nil + eg := v1alpha1.DefaultEnvoyGateway() + assert.True(t, eg.Admin != nil) + + // get default admin config from envoygateway + // values should be set in default + egAdmin := eg.GetEnvoyGatewayAdmin() + assert.True(t, egAdmin != nil) + assert.True(t, egAdmin.Address.Port == v1alpha1.GatewayAdminPort) + assert.True(t, egAdmin.Address.Host == v1alpha1.GatewayAdminHost) + assert.True(t, egAdmin.EnableDumpConfig == false) + assert.True(t, egAdmin.EnablePprof == false) + + // override the admin config + // values should be updated + eg.Admin = &v1alpha1.EnvoyGatewayAdmin{ + Address: &v1alpha1.EnvoyGatewayAdminAddress{ + Host: "0.0.0.0", + Port: 19010, + }, + EnableDumpConfig: true, + EnablePprof: true, + } + + assert.True(t, eg.GetEnvoyGatewayAdmin().Address.Port == 19010) + assert.True(t, eg.GetEnvoyGatewayAdmin().Address.Host == "0.0.0.0") + assert.True(t, eg.GetEnvoyGatewayAdmin().EnableDumpConfig == true) + assert.True(t, eg.GetEnvoyGatewayAdmin().EnablePprof == true) + + // set eg defaults when admin is nil + // the admin should not be nil + eg.Admin = nil + eg.SetEnvoyGatewayDefaults() + assert.True(t, eg.Admin != nil) + assert.True(t, eg.Admin.Address.Port == v1alpha1.GatewayAdminPort) + assert.True(t, eg.Admin.Address.Host == v1alpha1.GatewayAdminHost) + assert.True(t, eg.Admin.EnableDumpConfig == false) + assert.True(t, eg.Admin.EnablePprof == false) +} + +func TestEnvoyGatewayTelemetry(t *testing.T) { + // default envoygateway config telemetry should not be nil + eg := v1alpha1.DefaultEnvoyGateway() + assert.True(t, eg.Telemetry != nil) + + // get default telemetry config from envoygateway + // values should be set in default + egTelemetry := eg.GetEnvoyGatewayTelemetry() + assert.True(t, egTelemetry != nil) + assert.True(t, egTelemetry.Metrics != nil) + assert.True(t, egTelemetry.Metrics.Prometheus.Disable == false) + assert.True(t, egTelemetry.Metrics.Sinks == nil) + + // override the telemetry config + // values should be updated + eg.Telemetry.Metrics = &v1alpha1.EnvoyGatewayMetrics{ + Prometheus: &v1alpha1.EnvoyGatewayPrometheusProvider{ + Disable: true, + }, + Sinks: []v1alpha1.EnvoyGatewayMetricSink{ + { + Type: v1alpha1.MetricSinkTypeOpenTelemetry, + OpenTelemetry: &v1alpha1.EnvoyGatewayOpenTelemetrySink{ + Host: "otel-collector.monitoring.svc.cluster.local", + Protocol: "grpc", + Port: 4317, + }, + }, { + Type: v1alpha1.MetricSinkTypeOpenTelemetry, + OpenTelemetry: &v1alpha1.EnvoyGatewayOpenTelemetrySink{ + Host: "otel-collector.monitoring.svc.cluster.local", + Protocol: "http", + Port: 4318, + }, + }, + }, + } + + assert.True(t, eg.GetEnvoyGatewayTelemetry().Metrics.Prometheus.Disable == true) + assert.True(t, len(eg.GetEnvoyGatewayTelemetry().Metrics.Sinks) == 2) + assert.True(t, eg.GetEnvoyGatewayTelemetry().Metrics.Sinks[0].Type == v1alpha1.MetricSinkTypeOpenTelemetry) + + // set eg defaults when telemetry is nil + // the telemetry should not be nil + eg.Telemetry = nil + eg.SetEnvoyGatewayDefaults() + assert.True(t, eg.Telemetry != nil) + assert.True(t, eg.Telemetry.Metrics != nil) + assert.True(t, eg.Telemetry.Metrics.Prometheus.Disable == false) + assert.True(t, eg.Telemetry.Metrics.Sinks == nil) +} diff --git a/api/v1alpha1/validation/envoyproxy_validate_test.go b/api/v1alpha1/validation/envoyproxy_validate_test.go index 0f60a6fa593b..0bfc5558e1b0 100644 --- a/api/v1alpha1/validation/envoyproxy_validate_test.go +++ b/api/v1alpha1/validation/envoyproxy_validate_test.go @@ -464,140 +464,6 @@ func TestValidateEnvoyProxy(t *testing.T) { } } -func TestEnvoyGateway(t *testing.T) { - envoyGateway := egv1a1.DefaultEnvoyGateway() - assert.True(t, envoyGateway.Provider != nil) - assert.True(t, envoyGateway.Gateway != nil) - assert.True(t, envoyGateway.Logging != nil) - envoyGateway.SetEnvoyGatewayDefaults() - assert.Equal(t, envoyGateway.Logging, egv1a1.DefaultEnvoyGatewayLogging()) - - logging := egv1a1.DefaultEnvoyGatewayLogging() - assert.True(t, logging != nil) - assert.True(t, logging.Level[egv1a1.LogComponentGatewayDefault] == egv1a1.LogLevelInfo) - - gatewayLogging := &egv1a1.EnvoyGatewayLogging{ - Level: logging.Level, - } - gatewayLogging.SetEnvoyGatewayLoggingDefaults() - assert.True(t, gatewayLogging != nil) - assert.True(t, gatewayLogging.Level[egv1a1.LogComponentGatewayDefault] == egv1a1.LogLevelInfo) -} - -func TestDefaultEnvoyGatewayLoggingLevel(t *testing.T) { - type args struct { - component string - level egv1a1.LogLevel - } - tests := []struct { - name string - args args - want egv1a1.LogLevel - }{ - { - name: "test default info level for empty level", - args: args{component: "", level: ""}, - want: egv1a1.LogLevelInfo, - }, - { - name: "test default info level for empty level", - args: args{component: string(egv1a1.LogComponentGatewayDefault), level: ""}, - want: egv1a1.LogLevelInfo, - }, - { - name: "test default info level for info level", - args: args{component: string(egv1a1.LogComponentGatewayDefault), level: egv1a1.LogLevelInfo}, - want: egv1a1.LogLevelInfo, - }, - { - name: "test default error level for error level", - args: args{component: string(egv1a1.LogComponentGatewayDefault), level: egv1a1.LogLevelError}, - want: egv1a1.LogLevelError, - }, - { - name: "test gateway-api error level for error level", - args: args{component: string(egv1a1.LogComponentGatewayAPIRunner), level: egv1a1.LogLevelError}, - want: egv1a1.LogLevelError, - }, - { - name: "test gateway-api info level for info level", - args: args{component: string(egv1a1.LogComponentGatewayAPIRunner), level: egv1a1.LogLevelInfo}, - want: egv1a1.LogLevelInfo, - }, - { - name: "test default gateway-api warn level for info level", - args: args{component: string(egv1a1.LogComponentGatewayAPIRunner), level: ""}, - want: egv1a1.LogLevelInfo, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - logging := &egv1a1.EnvoyGatewayLogging{} - if got := logging.DefaultEnvoyGatewayLoggingLevel(tt.args.level); got != tt.want { - t.Errorf("defaultLevel() = %v, want %v", got, tt.want) - } - }) - } -} - -func TestEnvoyGatewayProvider(t *testing.T) { - envoyGateway := &egv1a1.EnvoyGateway{ - TypeMeta: metav1.TypeMeta{}, - EnvoyGatewaySpec: egv1a1.EnvoyGatewaySpec{Provider: egv1a1.DefaultEnvoyGatewayProvider()}, - } - assert.True(t, envoyGateway.Provider != nil) - - envoyGatewayProvider := envoyGateway.GetEnvoyGatewayProvider() - assert.True(t, envoyGatewayProvider.Kubernetes == nil) - assert.Equal(t, envoyGateway.Provider, envoyGatewayProvider) - - envoyGatewayProvider.Kubernetes = egv1a1.DefaultEnvoyGatewayKubeProvider() - assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment, egv1a1.DefaultKubernetesDeployment(egv1a1.DefaultRateLimitImage)) - - envoyGatewayProvider.Kubernetes = &egv1a1.EnvoyGatewayKubernetesProvider{} - assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment == nil) - - envoyGatewayProvider.Kubernetes = &egv1a1.EnvoyGatewayKubernetesProvider{ - RateLimitDeployment: &egv1a1.KubernetesDeploymentSpec{ - Replicas: nil, - Pod: nil, - Container: nil, - }} - assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Replicas == nil) - assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Pod == nil) - assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container == nil) - envoyGatewayKubeProvider := envoyGatewayProvider.GetEnvoyGatewayKubeProvider() - - envoyGatewayProvider.Kubernetes = &egv1a1.EnvoyGatewayKubernetesProvider{ - RateLimitDeployment: &egv1a1.KubernetesDeploymentSpec{ - Replicas: nil, - Pod: nil, - Container: &egv1a1.KubernetesContainerSpec{ - Resources: nil, - SecurityContext: nil, - Image: nil, - }, - }} - assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container.Resources == nil) - envoyGatewayProvider.GetEnvoyGatewayKubeProvider() - - assert.True(t, envoyGatewayProvider.Kubernetes != nil) - assert.Equal(t, envoyGatewayProvider.Kubernetes, envoyGatewayKubeProvider) - - assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment != nil) - assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment, egv1a1.DefaultKubernetesDeployment(egv1a1.DefaultRateLimitImage)) - assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Replicas != nil) - assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Replicas, egv1a1.DefaultKubernetesDeploymentReplicas()) - assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Pod != nil) - assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Pod, egv1a1.DefaultKubernetesPod()) - assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container != nil) - assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container, egv1a1.DefaultKubernetesContainer(egv1a1.DefaultRateLimitImage)) - assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container.Resources != nil) - assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container.Resources, egv1a1.DefaultResourceRequirements()) - assert.True(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container.Image != nil) - assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container.Image, egv1a1.DefaultKubernetesContainerImage(egv1a1.DefaultRateLimitImage)) -} - func TestEnvoyProxyProvider(t *testing.T) { envoyProxy := &egv1a1.EnvoyProxy{ Spec: egv1a1.EnvoyProxySpec{ @@ -634,47 +500,6 @@ func TestEnvoyProxyProvider(t *testing.T) { assert.True(t, reflect.DeepEqual(envoyProxyProvider.Kubernetes.EnvoyService.Type, egv1a1.GetKubernetesServiceType(egv1a1.ServiceTypeLoadBalancer))) } -func TestEnvoyGatewayAdmin(t *testing.T) { - // default envoygateway config admin should not be nil - eg := egv1a1.DefaultEnvoyGateway() - assert.True(t, eg.Admin != nil) - - // get default admin config from envoygateway - // values should be set in default - egAdmin := eg.GetEnvoyGatewayAdmin() - assert.True(t, egAdmin != nil) - assert.True(t, egAdmin.Address.Port == egv1a1.GatewayAdminPort) - assert.True(t, egAdmin.Address.Host == egv1a1.GatewayAdminHost) - assert.True(t, egAdmin.EnableDumpConfig == false) - assert.True(t, egAdmin.EnablePprof == false) - - // override the admin config - // values should be updated - eg.Admin = &egv1a1.EnvoyGatewayAdmin{ - Address: &egv1a1.EnvoyGatewayAdminAddress{ - Host: "0.0.0.0", - Port: 19010, - }, - EnableDumpConfig: true, - EnablePprof: true, - } - - assert.True(t, eg.GetEnvoyGatewayAdmin().Address.Port == 19010) - assert.True(t, eg.GetEnvoyGatewayAdmin().Address.Host == "0.0.0.0") - assert.True(t, eg.GetEnvoyGatewayAdmin().EnableDumpConfig == true) - assert.True(t, eg.GetEnvoyGatewayAdmin().EnablePprof == true) - - // set eg defaults when admin is nil - // the admin should not be nil - eg.Admin = nil - eg.SetEnvoyGatewayDefaults() - assert.True(t, eg.Admin != nil) - assert.True(t, eg.Admin.Address.Port == egv1a1.GatewayAdminPort) - assert.True(t, eg.Admin.Address.Host == egv1a1.GatewayAdminHost) - assert.True(t, eg.Admin.EnableDumpConfig == false) - assert.True(t, eg.Admin.EnablePprof == false) -} - func TestGetEnvoyProxyDefaultComponentLevel(t *testing.T) { cases := []struct { logging egv1a1.ProxyLogging diff --git a/go.mod b/go.mod index f75200ffe349..061b2188694c 100644 --- a/go.mod +++ b/go.mod @@ -23,6 +23,12 @@ require ( github.com/telepresenceio/watchable v0.0.0-20220726211108-9bb86f92afa7 github.com/tetratelabs/multierror v1.1.1 github.com/tsaarni/certyaml v0.9.2 + go.opentelemetry.io/otel v1.19.0 + go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.42.0 + go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.42.0 + go.opentelemetry.io/otel/exporters/prometheus v0.42.0 + go.opentelemetry.io/otel/metric v1.19.0 + go.opentelemetry.io/otel/sdk/metric v1.19.0 go.opentelemetry.io/proto/otlp v1.0.0 go.uber.org/zap v1.26.0 golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e @@ -42,7 +48,13 @@ require ( ) require ( + github.com/cenkalti/backoff/v4 v4.2.1 // indirect + github.com/go-logr/stdr v1.2.2 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlpmetric v0.42.0 // indirect + go.opentelemetry.io/otel/sdk v1.19.0 // indirect + go.opentelemetry.io/otel/trace v1.19.0 // indirect golang.org/x/sync v0.3.0 // indirect ) @@ -88,7 +100,7 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/prometheus/client_golang v1.17.0 // indirect + github.com/prometheus/client_golang v1.17.0 github.com/prometheus/client_model v0.5.0 // indirect github.com/prometheus/procfs v0.11.1 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect diff --git a/go.sum b/go.sum index 601027d0fe04..9c0770ae2630 100644 --- a/go.sum +++ b/go.sum @@ -37,6 +37,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= +github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= +github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g= github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= @@ -125,8 +127,11 @@ github.com/go-logfmt/logfmt v0.6.0 h1:wGYYu3uicYdqXVgoYbvnkrPVXkuLM1p1ifugDMEdRi github.com/go-logfmt/logfmt v0.6.0/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v0.1.0/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk= github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo= github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA= @@ -188,6 +193,7 @@ github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXP github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= @@ -253,6 +259,8 @@ github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= @@ -466,6 +474,24 @@ go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qL go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= go.mongodb.org/mongo-driver v1.1.2/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= +go.opentelemetry.io/otel v1.19.0 h1:MuS/TNf4/j4IXsZuJegVzI1cwut7Qc00344rgH7p8bs= +go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric v0.42.0 h1:ZtfnDL+tUrs1F0Pzfwbg2d59Gru9NCH3bgSHBM6LDwU= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric v0.42.0/go.mod h1:hG4Fj/y8TR/tlEDREo8tWstl9fO9gcFkn4xrx0Io8xU= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.42.0 h1:NmnYCiR0qNufkldjVvyQfZTHSdzeHoZ41zggMsdMcLM= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.42.0/go.mod h1:UVAO61+umUsHLtYb8KXXRoHtxUkdOPkYidzW3gipRLQ= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.42.0 h1:wNMDy/LVGLj2h3p6zg4d0gypKfWKSWI14E1C4smOgl8= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.42.0/go.mod h1:YfbDdXAAkemWJK3H/DshvlrxqFB2rtW4rY6ky/3x/H0= +go.opentelemetry.io/otel/exporters/prometheus v0.42.0 h1:jwV9iQdvp38fxXi8ZC+lNpxjK16MRcZlpDYvbuO1FiA= +go.opentelemetry.io/otel/exporters/prometheus v0.42.0/go.mod h1:f3bYiqNqhoPxkvI2LrXqQVC546K7BuRDL/kKuxkujhA= +go.opentelemetry.io/otel/metric v1.19.0 h1:aTzpGtV0ar9wlV4Sna9sdJyII5jTVJEvKETPiOKwvpE= +go.opentelemetry.io/otel/metric v1.19.0/go.mod h1:L5rUsV9kM1IxCj1MmSdS+JQAcVm319EUrDVLrt7jqt8= +go.opentelemetry.io/otel/sdk v1.19.0 h1:6USY6zH+L8uMH8L3t1enZPR3WFEmSTADlqldyHtJi3o= +go.opentelemetry.io/otel/sdk v1.19.0/go.mod h1:NedEbbS4w3C6zElbLdPJKOpJQOrGUJ+GfzpjUvI0v1A= +go.opentelemetry.io/otel/sdk/metric v1.19.0 h1:EJoTO5qysMsYCa+w4UghwFV/ptQgqSL/8Ni+hx+8i1k= +go.opentelemetry.io/otel/sdk/metric v1.19.0/go.mod h1:XjG0jQyFJrv2PbMvwND7LwCEhsJzCzV5210euduKcKY= +go.opentelemetry.io/otel/trace v1.19.0 h1:DFVQmlVbfVeOuBRrwdtaehRrWiL1JoVs9CPIQ1Dzxpg= +go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo= go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= diff --git a/internal/admin/server.go b/internal/admin/server.go index be25bec5be3e..9c035b43816f 100644 --- a/internal/admin/server.go +++ b/internal/admin/server.go @@ -18,7 +18,7 @@ import ( ) var ( - debugLogger = logging.DefaultLogger(v1alpha1.LogLevelInfo).WithName("admin") + adminLogger = logging.DefaultLogger(v1alpha1.LogLevelInfo).WithName("admin") ) func Init(cfg *config.Server) error { @@ -36,7 +36,7 @@ func start(cfg *config.Server) error { address := cfg.EnvoyGateway.GetEnvoyGatewayAdminAddress() enablePprof := cfg.EnvoyGateway.GetEnvoyGatewayAdmin().EnablePprof - debugLogger.Info("starting admin server", "address", address, "enablePprof", enablePprof) + adminLogger.Info("starting admin server", "address", address, "enablePprof", enablePprof) if enablePprof { // Serve pprof endpoints to aid in live debugging. @@ -47,7 +47,7 @@ func start(cfg *config.Server) error { handlers.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline) } - debugServer := &http.Server{ + adminServer := &http.Server{ Handler: handlers, Addr: address, ReadTimeout: 5 * time.Second, @@ -58,7 +58,7 @@ func start(cfg *config.Server) error { // Listen And Serve Admin Server. go func() { - if err := debugServer.ListenAndServe(); err != nil { + if err := adminServer.ListenAndServe(); err != nil { cfg.Logger.Error(err, "start admin server failed") } }() diff --git a/internal/cmd/server.go b/internal/cmd/server.go index 017ca9a6c423..6dc25a19946a 100644 --- a/internal/cmd/server.go +++ b/internal/cmd/server.go @@ -17,6 +17,7 @@ import ( infrarunner "github.com/envoyproxy/gateway/internal/infrastructure/runner" "github.com/envoyproxy/gateway/internal/logging" "github.com/envoyproxy/gateway/internal/message" + "github.com/envoyproxy/gateway/internal/metrics" providerrunner "github.com/envoyproxy/gateway/internal/provider/runner" xdsserverrunner "github.com/envoyproxy/gateway/internal/xds/server/runner" xdstranslatorrunner "github.com/envoyproxy/gateway/internal/xds/translator/runner" @@ -54,6 +55,11 @@ func server() error { if err := admin.Init(cfg); err != nil { return err } + // Init eg metrics servers. + if err := metrics.Init(cfg); err != nil { + return err + } + // init eg runners. if err := setupRunners(cfg); err != nil { return err diff --git a/internal/metrics/metadata.go b/internal/metrics/metadata.go new file mode 100644 index 000000000000..f2ab84984070 --- /dev/null +++ b/internal/metrics/metadata.go @@ -0,0 +1,102 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package metrics + +import ( + "errors" + "sync" + + "go.opentelemetry.io/otel" + api "go.opentelemetry.io/otel/metric" + "go.opentelemetry.io/otel/sdk/metric" + + "github.com/envoyproxy/gateway/api/v1alpha1" + log "github.com/envoyproxy/gateway/internal/logging" +) + +var ( + meter = func() api.Meter { + return otel.GetMeterProvider().Meter("envoy-gateway") + } + + metricsLogger = log.DefaultLogger(v1alpha1.LogLevelInfo).WithName("metrics") +) + +func init() { + otel.SetLogger(metricsLogger.Logger) +} + +// MetricType is the type of a metric. +type MetricType string + +// Metric type supports: +// * Counter: A Counter is a simple metric that only goes up (increments). +// +// * Gauge: A Gauge is a metric that represent +// a single numerical value that can arbitrarily go up and down. +// +// * Histogram: A Histogram samples observations and counts them in configurable buckets. +// It also provides a sum of all observed values. +// It's used to visualize the statistical distribution of these observations. + +const ( + CounterType MetricType = "Counter" + GaugeType MetricType = "Gauge" + HistogramType MetricType = "Histogram" +) + +// Metadata records a metric's metadata. +type Metadata struct { + Name string + Type MetricType + Description string + Bounds []float64 +} + +// metrics stores stores metrics +type store struct { + started bool + mu sync.Mutex + stores map[string]Metadata +} + +// stores is a global that stores all registered metrics +var stores = store{ + stores: map[string]Metadata{}, +} + +// register records a newly defined metric. Only valid before an exporter is set. +func (d *store) register(store Metadata) { + d.mu.Lock() + defer d.mu.Unlock() + if d.started { + metricsLogger.Error(errors.New("cannot initialize metric after metric has started"), "metric", store.Name) + } + d.stores[store.Name] = store +} + +// preAddOptions runs pre-run steps before adding to meter provider. +func (d *store) preAddOptions() []metric.Option { + d.mu.Lock() + defer d.mu.Unlock() + d.started = true + opts := []metric.Option{} + for name, store := range d.stores { + if store.Bounds == nil { + continue + } + // for each histogram metric (i.e. those with bounds), set up a view explicitly defining those buckets. + v := metric.WithView(metric.NewView( + metric.Instrument{Name: name}, + metric.Stream{ + Aggregation: metric.AggregationExplicitBucketHistogram{ + Boundaries: store.Bounds, + }}, + )) + opts = append(opts, v) + } + return opts +} diff --git a/internal/metrics/options.go b/internal/metrics/options.go new file mode 100644 index 000000000000..f274582f459f --- /dev/null +++ b/internal/metrics/options.go @@ -0,0 +1,31 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package metrics + +// Options encode changes to the options passed to a Metric at creation time. +type MetricOption func(*MetricOptions) + +type MetricOptions struct { + Unit Unit + Name string + Description string +} + +// WithUnit provides configuration options for a new Metric, providing unit of measure +// information for a new Metric. +func WithUnit(unit Unit) MetricOption { + return func(opts *MetricOptions) { + opts.Unit = unit + } +} + +func metricOptions(name, description string, opts ...MetricOption) MetricOptions { + o := MetricOptions{Unit: None, Name: name, Description: description} + for _, opt := range opts { + opt(&o) + } + return o +} diff --git a/internal/metrics/otel_label.go b/internal/metrics/otel_label.go new file mode 100644 index 000000000000..45d04ff4bb05 --- /dev/null +++ b/internal/metrics/otel_label.go @@ -0,0 +1,48 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package metrics + +import "go.opentelemetry.io/otel/attribute" + +// A Label provides a named dimension for a Metric. +type Label struct { + key attribute.Key +} + +// NewLabel will attempt to create a new Label. +func NewLabel(key string) Label { + return Label{attribute.Key(key)} +} + +// Value creates a new LabelValue for the Label. +func (l Label) Value(value string) LabelValue { + return LabelValue{l.key.String(value)} +} + +// A LabelValue represents a Label with a specific value. It is used to record +// values for a Metric. +type LabelValue struct { + keyValue attribute.KeyValue +} + +func (l LabelValue) Key() Label { + return Label{l.keyValue.Key} +} + +func (l LabelValue) Value() string { + return l.keyValue.Value.AsString() +} + +func mergeLabelValues(attrs []attribute.KeyValue, labelValues []LabelValue) ([]attribute.KeyValue, attribute.Set) { + mergedAttrs := make([]attribute.KeyValue, 0, len(attrs)+len(labelValues)) + mergedAttrs = append(mergedAttrs, attrs...) + for _, v := range labelValues { + kv := v + mergedAttrs = append(mergedAttrs, kv.keyValue) + } + + return mergedAttrs, attribute.NewSet(mergedAttrs...) +} diff --git a/internal/metrics/otel_metric_counter.go b/internal/metrics/otel_metric_counter.go new file mode 100644 index 000000000000..93dcaa136503 --- /dev/null +++ b/internal/metrics/otel_metric_counter.go @@ -0,0 +1,48 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package metrics + +import ( + "context" + + "go.opentelemetry.io/otel/attribute" + api "go.opentelemetry.io/otel/metric" +) + +type Counter struct { + name string + attrs []attribute.KeyValue + c api.Float64Counter + preRecordOptions []api.AddOption +} + +func (f *Counter) Add(value float64) { + if f.preRecordOptions != nil { + f.c.Add(context.Background(), value, f.preRecordOptions...) + } else { + f.c.Add(context.Background(), value) + } +} + +func (f *Counter) Increment() { + f.Add(1) +} + +func (f *Counter) Decrement() { + f.Add(-1) +} + +func (f *Counter) With(labelValues ...LabelValue) *Counter { + attrs, set := mergeLabelValues(f.attrs, labelValues) + m := &Counter{ + c: f.c, + preRecordOptions: []api.AddOption{api.WithAttributeSet(set)}, + name: f.name, + attrs: attrs, + } + + return m +} diff --git a/internal/metrics/otel_metric_gauge.go b/internal/metrics/otel_metric_gauge.go new file mode 100644 index 000000000000..49e02395b67c --- /dev/null +++ b/internal/metrics/otel_metric_gauge.go @@ -0,0 +1,57 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package metrics + +import ( + "sync" + + "go.opentelemetry.io/otel/attribute" + api "go.opentelemetry.io/otel/metric" +) + +type Gauge struct { + name string + attrs []attribute.KeyValue + + g api.Float64ObservableGauge + mutex *sync.RWMutex + stores map[attribute.Set]*GaugeValues + current *GaugeValues +} + +type GaugeValues struct { + val float64 + opt []api.ObserveOption +} + +func (f *Gauge) Record(value float64) { + f.mutex.Lock() + if f.current == nil { + f.current = &GaugeValues{} + f.stores[attribute.NewSet()] = f.current + } + f.current.val = value + f.mutex.Unlock() +} + +func (f *Gauge) With(labelValues ...LabelValue) *Gauge { + attrs, set := mergeLabelValues(f.attrs, labelValues) + m := &Gauge{ + g: f.g, + mutex: f.mutex, + stores: f.stores, + name: f.name, + attrs: attrs, + } + if _, f := m.stores[set]; !f { + m.stores[set] = &GaugeValues{ + opt: []api.ObserveOption{api.WithAttributeSet(set)}, + } + } + m.current = m.stores[set] + + return m +} diff --git a/internal/metrics/otel_metric_histogram.go b/internal/metrics/otel_metric_histogram.go new file mode 100644 index 000000000000..b1837b7a8d2e --- /dev/null +++ b/internal/metrics/otel_metric_histogram.go @@ -0,0 +1,41 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package metrics + +import ( + "context" + + "go.opentelemetry.io/otel/attribute" + api "go.opentelemetry.io/otel/metric" +) + +type Histogram struct { + name string + attrs []attribute.KeyValue + + d api.Float64Histogram + preRecordOptions []api.RecordOption +} + +func (f *Histogram) Record(value float64) { + if f.preRecordOptions != nil { + f.d.Record(context.Background(), value, f.preRecordOptions...) + } else { + f.d.Record(context.Background(), value) + } +} + +func (f *Histogram) With(labelValues ...LabelValue) *Histogram { + attrs, set := mergeLabelValues(f.attrs, labelValues) + m := &Histogram{ + name: f.name, + attrs: attrs, + d: f.d, + preRecordOptions: []api.RecordOption{api.WithAttributeSet(set)}, + } + + return m +} diff --git a/internal/metrics/otel_metric_sink.go b/internal/metrics/otel_metric_sink.go new file mode 100644 index 000000000000..442f0c0d3c09 --- /dev/null +++ b/internal/metrics/otel_metric_sink.go @@ -0,0 +1,100 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package metrics + +import ( + "context" + "sync" + + "go.opentelemetry.io/otel/attribute" + api "go.opentelemetry.io/otel/metric" +) + +// NewCounter creates a new Counter Metric (the values will be cumulative). +// That means that data collected by the new Metric will be summed before export. +func NewCounter(name, description string, opts ...MetricOption) *Counter { + stores.register(Metadata{ + Name: name, + Type: CounterType, + Description: description, + }) + o := metricOptions(name, description, opts...) + + return newCounter(o) +} + +// NewGauge creates a new Gauge Metric. That means that data collected by the new +// Metric will export only the last recorded value. +func NewGauge(name, description string, opts ...MetricOption) *Gauge { + stores.register(Metadata{ + Name: name, + Type: GaugeType, + Description: description, + }) + o := metricOptions(name, description, opts...) + + return newGauge(o) +} + +// NewHistogram creates a new Metric with an aggregation type of Histogram. +// This means that the data collected by the Metric will be collected and exported as a histogram, with the specified bounds. +func NewHistogram(name, description string, bounds []float64, opts ...MetricOption) *Histogram { + stores.register(Metadata{ + Name: name, + Type: HistogramType, + Description: description, + Bounds: bounds, + }) + o := metricOptions(name, description, opts...) + + return newHistogram(o) +} + +func newCounter(o MetricOptions) *Counter { + c, err := meter().Float64Counter(o.Name, + api.WithDescription(o.Description), + api.WithUnit(string(o.Unit))) + if err != nil { + metricsLogger.Error(err, "failed to create otel Counter") + } + m := &Counter{c: c, name: o.Name} + + return m +} + +func newGauge(o MetricOptions) *Gauge { + r := &Gauge{mutex: &sync.RWMutex{}, name: o.Name} + r.stores = map[attribute.Set]*GaugeValues{} + g, err := meter().Float64ObservableGauge(o.Name, + api.WithFloat64Callback(func(ctx context.Context, observer api.Float64Observer) error { + r.mutex.Lock() + defer r.mutex.Unlock() + for _, gv := range r.stores { + observer.Observe(gv.val, gv.opt...) + } + return nil + }), + api.WithDescription(o.Description), + api.WithUnit(string(o.Unit))) + if err != nil { + metricsLogger.Error(err, "failed to create otel Gauge") + } + r.g = g + + return r +} + +func newHistogram(o MetricOptions) *Histogram { + d, err := meter().Float64Histogram(o.Name, + api.WithDescription(o.Description), + api.WithUnit(string(o.Unit))) + if err != nil { + metricsLogger.Error(err, "failed to create otel Histogram") + } + m := &Histogram{d: d, name: o.Name} + + return m +} diff --git a/internal/metrics/register.go b/internal/metrics/register.go new file mode 100644 index 000000000000..9c8abdf479d7 --- /dev/null +++ b/internal/metrics/register.go @@ -0,0 +1,207 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package metrics + +import ( + "context" + "fmt" + "net" + "net/http" + "time" + + "go.opentelemetry.io/otel" + "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc" + "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp" + otelprom "go.opentelemetry.io/otel/exporters/prometheus" + "go.opentelemetry.io/otel/sdk/metric" + metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics" + + "github.com/prometheus/client_golang/prometheus" + "github.com/prometheus/client_golang/prometheus/promhttp" + + "github.com/envoyproxy/gateway/api/v1alpha1" + "github.com/envoyproxy/gateway/internal/envoygateway/config" +) + +const ( + defaultEndpoint = "/metrics" +) + +// Init initializes and registers the global metrics server. +func Init(cfg *config.Server) error { + options := newOptions(cfg) + handler, err := registerForHandler(options) + if err != nil { + return err + } + + if !options.pullOptions.disable { + return start(options.address, handler) + } + + return nil +} + +func start(address string, handler http.Handler) error { + handlers := http.NewServeMux() + + metricsLogger.Info("starting metrics server", "address", address) + if handler != nil { + handlers.Handle(defaultEndpoint, handler) + } + + metricsServer := &http.Server{ + Handler: handlers, + Addr: address, + ReadTimeout: 5 * time.Second, + ReadHeaderTimeout: 5 * time.Second, + WriteTimeout: 10 * time.Second, + IdleTimeout: 15 * time.Second, + } + + // Listen And Serve Metrics Server. + go func() { + if err := metricsServer.ListenAndServe(); err != nil { + metricsLogger.Error(err, "start metrics server failed") + } + }() + + return nil +} + +func newOptions(svr *config.Server) registerOptions { + newOpts := registerOptions{} + newOpts.address = net.JoinHostPort(v1alpha1.GatewayMetricsHost, fmt.Sprint(v1alpha1.GatewayMetricsPort)) + + if svr.EnvoyGateway.DisablePrometheus() { + newOpts.pullOptions.disable = true + } else { + newOpts.pullOptions.disable = false + newOpts.pullOptions.registry = metricsserver.Registry + newOpts.pullOptions.gatherer = metricsserver.Registry + } + + for _, config := range svr.EnvoyGateway.GetEnvoyGatewayTelemetry().Metrics.Sinks { + newOpts.pushOptions.sinks = append(newOpts.pushOptions.sinks, metricsSink{ + host: config.OpenTelemetry.Host, + port: config.OpenTelemetry.Port, + protocol: config.OpenTelemetry.Protocol, + }) + } + + return newOpts +} + +// registerForHandler sets the global metrics registry to the provided Prometheus registerer. +// if enables prometheus, it will return a prom http handler. +func registerForHandler(opts registerOptions) (http.Handler, error) { + otelOpts := []metric.Option{} + + if err := registerOTELPromExporter(&otelOpts, opts); err != nil { + return nil, err + } + if err := registerOTELHTTPexporter(&otelOpts, opts); err != nil { + return nil, err + } + if err := registerOTELgRPCexporter(&otelOpts, opts); err != nil { + return nil, err + } + otelOpts = append(otelOpts, stores.preAddOptions()...) + + mp := metric.NewMeterProvider(otelOpts...) + otel.SetMeterProvider(mp) + + if !opts.pullOptions.disable { + return promhttp.HandlerFor(opts.pullOptions.gatherer, promhttp.HandlerOpts{}), nil + } + return nil, nil +} + +// registerOTELPromExporter registers OTEL prometheus exporter (PULL mode). +func registerOTELPromExporter(otelOpts *[]metric.Option, opts registerOptions) error { + if !opts.pullOptions.disable { + promOpts := []otelprom.Option{ + otelprom.WithoutScopeInfo(), + otelprom.WithoutTargetInfo(), + otelprom.WithoutUnits(), + otelprom.WithRegisterer(opts.pullOptions.registry), + otelprom.WithoutCounterSuffixes(), + } + promreader, err := otelprom.New(promOpts...) + if err != nil { + return err + } + + *otelOpts = append(*otelOpts, metric.WithReader(promreader)) + metricsLogger.Info("initialized metrics pull endpoint", "address", opts.address, "endpoint", defaultEndpoint) + } + + return nil +} + +// registerOTELHTTPexporter registers OTEL HTTP metrics exporter (PUSH mode). +func registerOTELHTTPexporter(otelOpts *[]metric.Option, opts registerOptions) error { + for _, sink := range opts.pushOptions.sinks { + if sink.protocol == v1alpha1.HTTPProtocol { + address := net.JoinHostPort(sink.host, fmt.Sprint(sink.port)) + httpexporter, err := otlpmetrichttp.New( + context.Background(), + otlpmetrichttp.WithEndpoint(address), + otlpmetrichttp.WithInsecure(), + ) + if err != nil { + return err + } + + otelreader := metric.NewPeriodicReader(httpexporter) + *otelOpts = append(*otelOpts, metric.WithReader(otelreader)) + metricsLogger.Info("initialized otel http metrics push endpoint", "address", address) + } + } + + return nil +} + +// registerOTELgRPCexporter registers OTEL gRPC metrics exporter (PUSH mode). +func registerOTELgRPCexporter(otelOpts *[]metric.Option, opts registerOptions) error { + for _, sink := range opts.pushOptions.sinks { + if sink.protocol == v1alpha1.GRPCProtocol { + address := net.JoinHostPort(sink.host, fmt.Sprint(sink.port)) + httpexporter, err := otlpmetricgrpc.New( + context.Background(), + otlpmetricgrpc.WithEndpoint(address), + otlpmetricgrpc.WithInsecure(), + ) + if err != nil { + return err + } + + otelreader := metric.NewPeriodicReader(httpexporter) + *otelOpts = append(*otelOpts, metric.WithReader(otelreader)) + metricsLogger.Info("initialized otel grpc metrics push endpoint", "address", address) + } + } + + return nil +} + +type registerOptions struct { + address string + pullOptions struct { + registry prometheus.Registerer + gatherer prometheus.Gatherer + disable bool + } + pushOptions struct { + sinks []metricsSink + } +} + +type metricsSink struct { + protocol string + host string + port int32 +} diff --git a/internal/metrics/sample_counter_test.go b/internal/metrics/sample_counter_test.go new file mode 100644 index 000000000000..ffd3a18aac38 --- /dev/null +++ b/internal/metrics/sample_counter_test.go @@ -0,0 +1,23 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package metrics_test + +import "github.com/envoyproxy/gateway/internal/metrics" + +var ( + irUpdates = metrics.NewCounter( + "ir_updates_total", + "Number of IR updates, by ir type", + ) +) + +func NewCounter() { + // increment on every xds ir update + irUpdates.With(irType.Value("xds")).Increment() + + // xds ir updates double + irUpdates.With(irType.Value("xds")).Add(2) +} diff --git a/internal/metrics/sample_gauge_test.go b/internal/metrics/sample_gauge_test.go new file mode 100644 index 000000000000..6b287ed9ca1a --- /dev/null +++ b/internal/metrics/sample_gauge_test.go @@ -0,0 +1,27 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package metrics_test + +import "github.com/envoyproxy/gateway/internal/metrics" + +var ( + irType = metrics.NewLabel("ir-type") + currentIRsNum = metrics.NewGauge( + "current_irs_queue_num", + "current number of ir in queue, by ir type", + ) +) + +func NewGauge() { + // only the last recorded value (2) will be exported for this gauge + currentIRsNum.With(irType.Value("xds")).Record(1) + currentIRsNum.With(irType.Value("xds")).Record(3) + currentIRsNum.With(irType.Value("xds")).Record(2) + + currentIRsNum.With(irType.Value("infra")).Record(1) + currentIRsNum.With(irType.Value("infra")).Record(3) + currentIRsNum.With(irType.Value("infra")).Record(2) +} diff --git a/internal/metrics/sample_histogram_test.go b/internal/metrics/sample_histogram_test.go new file mode 100644 index 000000000000..b34658fcbe54 --- /dev/null +++ b/internal/metrics/sample_histogram_test.go @@ -0,0 +1,23 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package metrics_test + +import "github.com/envoyproxy/gateway/internal/metrics" + +var ( + method = metrics.NewLabel("method") + + sentBytes = metrics.NewHistogram( + "sent_bytes_total", + "Histogram of sent bytes by method", + []float64{10, 50, 100, 1000, 10000}, + metrics.WithUnit(metrics.Bytes), + ) +) + +func NewHistogram() { + sentBytes.With(method.Value("/request/path/1")).Record(458) +} diff --git a/internal/metrics/units.go b/internal/metrics/units.go new file mode 100644 index 000000000000..1c7b5ff13c20 --- /dev/null +++ b/internal/metrics/units.go @@ -0,0 +1,18 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package metrics + +// Unit encodes the standard name for describing the quantity +// measured by a Metric (if applicable). +type Unit string + +// Predefined units for use with the metrics package. +const ( + None Unit = "1" + Bytes Unit = "By" + Seconds Unit = "s" + Milliseconds Unit = "ms" +) diff --git a/site/content/en/latest/design/eg-metrics.md b/site/content/en/latest/design/eg-metrics.md index f43af77be12b..60b938408525 100644 --- a/site/content/en/latest/design/eg-metrics.md +++ b/site/content/en/latest/design/eg-metrics.md @@ -6,7 +6,7 @@ title: "Control Plane Observability: Metrics" This document aims to cover all aspects of envoy gateway control plane metrics observability. {{% alert title="Note" color="secondary" %}} -**Data plane** observability (while important) is outside of scope for this document. For dataplane observability, refer to [here](./metrics). +**Data plane** observability (while important) is outside of scope for this document. For dataplane observability, refer to [here](../metrics). {{% /alert %}} ## Current State