envoyproxy · daum3ns · Oct 21, 2025 · Oct 21, 2025 · Oct 21, 2025 · Oct 21, 2025
@@ -226,7 +226,7 @@ func translate(w io.Writer, inFile, inType string, outTypes []string, output, re
 
 	if inType == gatewayAPIType {
 		// Unmarshal input
-		resources, err := resource.LoadResourcesFromYAMLBytes(inBytes, addMissingResources)
+		resources, err := resource.LoadResourcesFromYAMLBytes(inBytes, addMissingResources, nil)
 		if err != nil {
 			return fmt.Errorf("unable to unmarshal input: %w", err)
 		}

@@ -50,7 +50,7 @@ func runValidate(w io.Writer, inFile string) error {
 	noErr := true
 	_ = resource.IterYAMLBytes(inBytes, func(yamlByte []byte) error {
 		// Passing each resource as YAML string and get all their errors from local validator.
-		_, err = resource.LoadResourcesFromYAMLBytes(yamlByte, false)
+		_, err = resource.LoadResourcesFromYAMLBytes(yamlByte, false, nil)
 		if err != nil {
 			noErr = false
 			yamlRows := bytes.Split(yamlByte, []byte("\n"))

@@ -366,6 +366,88 @@ func TestDecode(t *testing.T) {
 			},
 			expect: true,
 		},
+		{
+			in: inPath + "standalone-extension-server.yaml",
+			out: &egv1a1.EnvoyGateway{
+				TypeMeta: metav1.TypeMeta{
+					Kind:       egv1a1.KindEnvoyGateway,
+					APIVersion: egv1a1.GroupVersion.String(),
+				},
+				EnvoyGatewaySpec: egv1a1.EnvoyGatewaySpec{
+					Gateway: egv1a1.DefaultGateway(),
+					Provider: &egv1a1.EnvoyGatewayProvider{
+						Type: egv1a1.ProviderTypeCustom,
+						Custom: &egv1a1.EnvoyGatewayCustomProvider{
+							Resource: egv1a1.EnvoyGatewayResourceProvider{
+								Type: egv1a1.ResourceProviderTypeFile,
+								File: &egv1a1.EnvoyGatewayFileResourceProvider{
+									Paths: []string{
+										"/tmp/envoy-gateway-test",
+									},
+								},
+							},
+							Infrastructure: &egv1a1.EnvoyGatewayInfrastructureProvider{
+								Type: egv1a1.InfrastructureProviderTypeHost,
+								Host: &egv1a1.EnvoyGatewayHostInfrastructureProvider{},
+							},
+						},
+					},
+					Logging: egv1a1.DefaultEnvoyGatewayLogging(),
+					ExtensionManager: &egv1a1.ExtensionManager{
+						Resources: []egv1a1.GroupVersionKind{
+							{
+								Group:   "gateway.example.io",
+								Version: "v1alpha1",
+								Kind:    "CustomRouteFilterResource",
+							},
+						},
+						BackendResources: []egv1a1.GroupVersionKind{
+							{
+								Group:   "storage.example.io",
+								Version: "v1",
+								Kind:    "S3Bucket",
+							},
+						},
+						PolicyResources: []egv1a1.GroupVersionKind{
+							{
+								Group:   "gateway.example.io",
+								Version: "v1alpha1",
+								Kind:    "ExampleExtPolicy",
+							},
+						},
+						Hooks: &egv1a1.ExtensionHooks{
+							XDSTranslator: &egv1a1.XDSTranslatorHooks{
+								Post: []egv1a1.XDSTranslatorHook{
+									egv1a1.XDSHTTPListener,
+									egv1a1.XDSRoute,
+									egv1a1.XDSVirtualHost,
+									egv1a1.XDSCluster,
+									egv1a1.XDSTranslation,
+								},
+							},
+						},
+						Service: &egv1a1.ExtensionService{
+							BackendEndpoint: egv1a1.BackendEndpoint{
+								FQDN: &egv1a1.FQDNEndpoint{
+									Hostname: "127.0.0.1",
+									Port:     5005,
+								},
+							},
+						},
+					},
+					ExtensionAPIs: &egv1a1.ExtensionAPISettings{
+						EnableBackend:          true,
+						EnableEnvoyPatchPolicy: false,
+					},
+					RuntimeFlags: &egv1a1.RuntimeFlags{
+						Enabled: []egv1a1.RuntimeFlag{
+							"XDSNameSchemeV2",
+						},
+					},
+				},
+			},
+			expect: true,
+		},
 	}
 
 	for _, tc := range testCases {

@@ -9,10 +9,12 @@ import (
 	"context"
 	_ "embed"
 	"os"
+	"sync/atomic"
 	"testing"
 
 	"github.com/stretchr/testify/require"
 
+	egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
 	"github.com/envoyproxy/gateway/internal/envoygateway/config"
 )
 
@@ -21,6 +23,10 @@ var (
 	defaultConfig string
 	//go:embed testdata/enable-redis.yaml
 	redisConfig string
+	//go:embed testdata/standalone.yaml
+	standaloneConfig string
+	//go:embed testdata/standalone-enable-extension-server.yaml
+	standaloneConfigWithExtensionServer string
 )
 
 func TestConfigLoader(t *testing.T) {
@@ -35,7 +41,7 @@ func TestConfigLoader(t *testing.T) {
 	s, err := config.New(os.Stdout, os.Stderr)
 	require.NoError(t, err)
 
-	ctx, cancel := context.WithCancel(context.TODO())
+	ctx, cancel := context.WithCancel(context.Background())
 	defer func() {
 		cancel()
 	}()
@@ -57,3 +63,56 @@ func TestConfigLoader(t *testing.T) {
 
 	<-ctx.Done()
 }
+
+func TestConfigLoaderStandaloneExtensionServerAndCustomResource(t *testing.T) {
+	tmpDir, err := os.MkdirTemp("", "envoy-gateway-configloader-test")
+	require.NoError(t, err)
+	defer func(path string) {
+		_ = os.RemoveAll(path)
+	}(tmpDir)
+
+	cfgPath := tmpDir + "/config.yaml"
+	require.NoError(t, os.WriteFile(cfgPath, []byte(standaloneConfig), 0o600))
+	s, err := config.New(os.Stdout, os.Stderr)
+	require.NoError(t, err)
+
+	ctx, cancel := context.WithCancel(context.Background())
+	defer func() {
+		cancel()
+	}()
+
+	type testResult struct {
+		changed int32
+		extMgr  *egv1a1.ExtensionManager
+	}
+	resultChannel := make(chan testResult, 1)
+
+	var changed int32
+	loader := New(cfgPath, s, func(_ context.Context, cfg *config.Server) error {
+		c := atomic.AddInt32(&changed, 1)
+		t.Logf("config changed %d times", c)
+		if c > 1 {
+			resultChannel <- testResult{changed: c, extMgr: cfg.EnvoyGateway.ExtensionManager}
+			cancel()
+		}
+		return nil
+	})
+
+	require.NoError(t, loader.Start(ctx, os.Stdout))
+	require.NotNil(t, loader.cfg.EnvoyGateway)
+	require.Nil(t, loader.cfg.EnvoyGateway.ExtensionManager)
+
+	go func() {
+		_ = os.WriteFile(cfgPath, []byte(standaloneConfigWithExtensionServer), 0o600)
+	}()
+
+	<-ctx.Done()
+	res := <-resultChannel // wait until second reload
+	require.Equal(t, int32(2), res.changed)
+	require.NotNil(t, res.extMgr)
+	require.NotNil(t, res.extMgr.PolicyResources)
+	require.Len(t, res.extMgr.PolicyResources, 1)
+	require.Equal(t, "gateway.example.io", res.extMgr.PolicyResources[0].Group)
+	require.Equal(t, "v1alpha1", res.extMgr.PolicyResources[0].Version)
+	require.Equal(t, "ExampleExtPolicy", res.extMgr.PolicyResources[0].Kind)
+}
@@ -0,0 +1,39 @@
+apiVersion: gateway.envoyproxy.io/v1alpha1
+kind: EnvoyGateway
+gateway:
+  controllerName: gateway.envoyproxy.io/gatewayclass-controller
+logging:
+  level:
+    default: info
+provider:
+  type: Custom
+  custom:
+    resource:
+      type: File
+      file:
+        paths: ["/tmp/envoy-gateway-test"]
+    infrastructure:
+      type: Host
+      host: {}
+extensionApis:
+  enableBackend: true
+extensionManager:
+  policyResources:
+    - group: gateway.example.io
+      version: v1alpha1
+      kind: ExampleExtPolicy
+  hooks:
+    xdsTranslator:
+      post:
+        - HTTPListener
+        - Route
+        - VirtualHost
+        - Cluster
+        - Translation
+  service:
+    fqdn:
+      hostname: 127.0.0.1
+      port: 5005
+runtimeFlags:
+  enabled:
+    - XDSNameSchemeV2
@@ -0,0 +1,22 @@
+apiVersion: gateway.envoyproxy.io/v1alpha1
+kind: EnvoyGateway
+gateway:
+  controllerName: gateway.envoyproxy.io/gatewayclass-controller
+logging:
+  level:
+    default: info
+provider:
+  type: Custom
+  custom:
+    resource:
+      type: File
+      file:
+        paths: ["/tmp/envoy-gateway-test"]
+    infrastructure:
+      type: Host
+      host: {}
+extensionApis:
+  enableBackend: true
+runtimeFlags:
+  enabled:
+    - XDSNameSchemeV2
@@ -0,0 +1,47 @@
+apiVersion: gateway.envoyproxy.io/v1alpha1
+kind: EnvoyGateway
+gateway:
+  controllerName: gateway.envoyproxy.io/gatewayclass-controller
+logging:
+  level:
+    default: info
+provider:
+  type: Custom
+  custom:
+    resource:
+      type: File
+      file:
+        paths: ["/tmp/envoy-gateway-test"]
+    infrastructure:
+      type: Host
+      host: {}
+extensionApis:
+  enableBackend: true
+extensionManager:
+  resources:
+    - group: gateway.example.io
+      version: v1alpha1
+      kind: CustomRouteFilterResource
+  backendResources:
+    - group: storage.example.io
+      version: v1
+      kind: S3Bucket
+  policyResources:
+    - group: gateway.example.io
+      version: v1alpha1
+      kind: ExampleExtPolicy
+  hooks:
+    xdsTranslator:
+      post:
+        - HTTPListener
+        - Route
+        - VirtualHost
+        - Cluster
+        - Translation
+  service:
+    fqdn:
+      hostname: 127.0.0.1
+      port: 5005
+runtimeFlags:
+  enabled:
+    - XDSNameSchemeV2
@@ -36,8 +36,8 @@ const dummyClusterIP = "1.2.3.4"
 
 // LoadResourcesFromYAMLBytes will load Resources from given Kubernetes YAML string.
 // TODO: This function should be able to process arbitrary number of resources, tracked by https://github.com/envoyproxy/gateway/issues/3207.
-func LoadResourcesFromYAMLBytes(yamlBytes []byte, addMissingResources bool) (*Resources, error) {
-	r, err := loadKubernetesYAMLToResources(yamlBytes, addMissingResources)
+func LoadResourcesFromYAMLBytes(yamlBytes []byte, addMissingResources bool, envoyGateway *egv1a1.EnvoyGateway) (*Resources, error) {
+	r, err := loadKubernetesYAMLToResources(yamlBytes, addMissingResources, envoyGateway)
 	if err != nil {
 		return nil, err
 	}
@@ -53,7 +53,7 @@ func LoadResourcesFromYAMLBytes(yamlBytes []byte, addMissingResources bool) (*Re
 }
 
 // loadKubernetesYAMLToResources converts a Kubernetes YAML string into GatewayAPI Resources.
-func loadKubernetesYAMLToResources(input []byte, addMissingResources bool) (*Resources, error) {
+func loadKubernetesYAMLToResources(input []byte, addMissingResources bool, envoyGateway *egv1a1.EnvoyGateway) (*Resources, error) {
 	resources := NewResources()
 	var useDefaultNamespace bool
 	providedNamespaceMap := sets.New[string]()
@@ -62,6 +62,30 @@ func loadKubernetesYAMLToResources(input []byte, addMissingResources bool) (*Res
 	defaulter := GetGatewaySchemaDefaulter()
 	validator := GetDefaultValidator()
 
+	// Build a map of extension-managed resources (by Group/Version/Kind)
+	type extCategory int
+	const (
+		extNone extCategory = iota
+		extFilter
+		extPolicy
+		extBackend
+	)
+	extGVKMap := map[string]extCategory{}
+	if envoyGateway != nil && envoyGateway.ExtensionManager != nil {
+		for _, gvk := range envoyGateway.ExtensionManager.Resources {
+			key := fmt.Sprintf("%s/%s/%s", gvk.Group, gvk.Version, gvk.Kind)
+			extGVKMap[key] = extFilter
+		}
+		for _, gvk := range envoyGateway.ExtensionManager.PolicyResources {
+			key := fmt.Sprintf("%s/%s/%s", gvk.Group, gvk.Version, gvk.Kind)
+			extGVKMap[key] = extPolicy
+		}
+		for _, gvk := range envoyGateway.ExtensionManager.BackendResources {
+			key := fmt.Sprintf("%s/%s/%s", gvk.Group, gvk.Version, gvk.Kind)
+			extGVKMap[key] = extBackend
+		}
+	}
+
 	if err := IterYAMLBytes(input, func(yamlByte []byte) error {
 		var obj map[string]interface{}
 		err := yaml.Unmarshal(yamlByte, &obj)
@@ -117,6 +141,21 @@ func loadKubernetesYAMLToResources(input []byte, addMissingResources bool) (*Res
 		data := kobjVal.FieldByName("Data")
 		stringData := kobjVal.FieldByName("StringData")
 
+		// Check if this resource is managed by the ExtensionManager and if so, classify it
+		if len(extGVKMap) > 0 {
+			key := fmt.Sprintf("%s/%s/%s", gvk.Group, gvk.Version, gvk.Kind)
+			if category, ok := extGVKMap[key]; ok {
+				un.SetNamespace(namespace)
+				switch category {
+				case extFilter, extBackend:
+					resources.ExtensionRefFilters = append(resources.ExtensionRefFilters, *un)
+				case extPolicy:
+					resources.ExtensionServerPolicies = append(resources.ExtensionServerPolicies, *un)
+				}
+				return nil
+			}
+		}
+
 		switch gvk.Kind {
 		case KindEnvoyProxy:
 			typedSpec := spec.Interface()

@@ -60,7 +60,7 @@ func TestLoadAllSupportedResourcesFromYAMLBytes(t *testing.T) {
 			t.Parallel() // this's used for race detection
 			data, err := os.ReadFile(inFile)
 			require.NoError(t, err)
-			got, err := LoadResourcesFromYAMLBytes(data, true)
+			got, err := LoadResourcesFromYAMLBytes(data, true, nil)
 			require.NoError(t, err)
 
 			outputFile := strings.Replace(inFile, ".in.yaml", ".out.yaml", 1)