From 850084329422292b55cf5b61e2dcecb5211f99f1 Mon Sep 17 00:00:00 2001 From: ADITYATIWARI342005 <142050150+ADITYATIWARI342005@users.noreply.github.com> Date: Mon, 3 Nov 2025 13:29:28 +0530 Subject: [PATCH 01/16] ci: replace yamllint with go-prettier for YAML formatting Signed-off-by: ADITYATIWARI342005 <142050150+ADITYATIWARI342005@users.noreply.github.com> --- .github/workflows/yaml-format.yml | 28 ++++++++ site/content/en/contributions/CONTRIBUTING.md | 2 + tools/go.mod | 1 + tools/linter/yamllint/.yamllint | 66 ------------------- tools/make/lint.mk | 18 +++-- tools/make/tools.mk | 1 - tools/src/yamllint/requirements.txt | 1 - 7 files changed, 42 insertions(+), 75 deletions(-) create mode 100644 .github/workflows/yaml-format.yml delete mode 100644 tools/linter/yamllint/.yamllint delete mode 100644 tools/src/yamllint/requirements.txt diff --git a/.github/workflows/yaml-format.yml b/.github/workflows/yaml-format.yml new file mode 100644 index 00000000000..0643a35bfc2 --- /dev/null +++ b/.github/workflows/yaml-format.yml @@ -0,0 +1,28 @@ +name: YAML Formatting + +on: + pull_request: + push: + branches: [ main ] + +jobs: + format-yaml: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version-file: tools/go.mod + + - name: Run YAML formatter + run: | + make format-yaml + + - name: Check for unformatted changes + run: | + git diff --exit-code || (echo "Error: YAML files need formatting. Run 'make format-yaml'" && exit 1) + + diff --git a/site/content/en/contributions/CONTRIBUTING.md b/site/content/en/contributions/CONTRIBUTING.md index bdb9df9f3c9..9ae725a9e42 100644 --- a/site/content/en/contributions/CONTRIBUTING.md +++ b/site/content/en/contributions/CONTRIBUTING.md @@ -45,6 +45,8 @@ to the following guidelines for all code, APIs, and documentation: * Submit your PR. * Tests will automatically run for you. * We will **not** merge any PR that is not passing tests. +* Before submitting, ensure YAML is formatted: + * Run `make format-yaml` to auto-format all tracked YAML files using go-prettier. * PRs are expected to have 100% test coverage for added code. This can be verified with a coverage build. If your PR cannot have 100% coverage for some reason please clearly explain why, when you open it. diff --git a/tools/go.mod b/tools/go.mod index f4f20d80620..47c8c66b6f0 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -9,6 +9,7 @@ tool ( github.com/google/go-jsonnet/cmd/jsonnet github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb github.com/norwoodj/helm-docs/cmd/helm-docs + github.com/wasilibs/go-prettier/cmd/go-prettier golang.org/x/perf/cmd/benchstat google.golang.org/grpc/cmd/protoc-gen-go-grpc google.golang.org/protobuf/cmd/protoc-gen-go diff --git a/tools/linter/yamllint/.yamllint b/tools/linter/yamllint/.yamllint deleted file mode 100644 index ae2e0b76bd2..00000000000 --- a/tools/linter/yamllint/.yamllint +++ /dev/null @@ -1,66 +0,0 @@ ---- - -ignore: | - # This directory fails checks since many files - # are templated. Instead, we run the linter - # after running `make generate-manifests` which creates - # the Install YAML in bin/ - charts/gateway-helm/ - charts/gateway-addons-helm/ - charts/gateway-crds-helm/ - bin/install.yaml - test/helm/gateway-helm/ - test/helm/gateway-addons-helm/ - test/helm/gateway-crds-helm/ - examples/extension-server/charts/extension-server - site/node_modules/ - .vscode/ - -rules: - braces: - min-spaces-inside: 0 - max-spaces-inside: 0 - min-spaces-inside-empty: -1 - max-spaces-inside-empty: -1 - brackets: - min-spaces-inside: 0 - max-spaces-inside: 1 - min-spaces-inside-empty: -1 - max-spaces-inside-empty: -1 - colons: - max-spaces-before: 0 - max-spaces-after: 1 - commas: - max-spaces-before: 1 - min-spaces-after: 1 - max-spaces-after: 1 - comments: - level: error - require-starting-space: true - min-spaces-from-content: 2 - comments-indentation: - level: warning - document-end: disable - document-start: disable - empty-lines: - max: 2 - max-start: 0 - max-end: 1 - empty-values: - forbid-in-block-mappings: false - forbid-in-flow-mappings: true - hyphens: - max-spaces-after: 1 - indentation: - spaces: 2 - indent-sequences: consistent # be consistent: don't mix indentation styles in one file. - check-multi-line-strings: false - key-duplicates: enable - key-ordering: disable - new-line-at-end-of-file: enable - new-lines: - type: unix - trailing-spaces: enable - truthy: - check-keys: false # GitHub Actions uses "on:" as a key - level: warning diff --git a/tools/make/lint.mk b/tools/make/lint.mk index 43db54cc136..8cc1df62334 100644 --- a/tools/make/lint.mk +++ b/tools/make/lint.mk @@ -8,7 +8,16 @@ GITHUB_ACTION ?= LINT_BUILD_TAGS ?= e2e,celvalidation,conformance,experimental,benchmark,resilience,integration .PHONY: lint -lint: ## Run all linter of code sources, including golint, yamllint, whitenoise lint and codespell. +lint: ## Run all linter of code sources, including golint, whitenoise lint and codespell. + +# Format YAML files with go-prettier for consistent style. +.PHONY: format-yaml +format-yaml: ## Format YAML files with go-prettier + @$(LOG_TARGET) + @files="$$(git ls-files :*.yml :*.yaml)"; \ + if [ -n "$$files" ]; then \ + $(GO_TOOL) go-prettier -w $$files; \ + fi # lint-deps is run separately in CI to separate the tooling install logs from the actual output logs generated # by the lint tooling. @@ -22,12 +31,7 @@ lint.golint: @$(LOG_TARGET) $(GO_TOOL) golangci-lint run $(GOLANGCI_LINT_FLAGS) --build-tags=$(LINT_BUILD_TAGS) --config=tools/linter/golangci-lint/.golangci.yml -.PHONY: lint.yamllint -lint: lint.yamllint -lint-deps: $(tools/yamllint) -lint.yamllint: $(tools/yamllint) - @$(LOG_TARGET) - $(tools/yamllint) --config-file=tools/linter/yamllint/.yamllint $$(git ls-files :*.yml :*.yaml | xargs -L1 dirname | sort -u) + CODESPELL_FLAGS ?= $(if $(GITHUB_ACTION),--disable-colors) .PHONY: lint.codespell diff --git a/tools/make/tools.mk b/tools/make/tools.mk index e1bb44c0212..3f225b55ee9 100644 --- a/tools/make/tools.mk +++ b/tools/make/tools.mk @@ -14,7 +14,6 @@ $(tools.bindir)/%: $(tools.srcdir)/%.sh # ========================= # tools/codespell = $(tools.bindir)/codespell -tools/yamllint = $(tools.bindir)/yamllint tools/sphinx-build = $(tools.bindir)/sphinx-build tools/release-notes-docs = $(tools.bindir)/release-notes-docs $(tools.bindir)/%.d/venv: $(tools.srcdir)/%/requirements.txt diff --git a/tools/src/yamllint/requirements.txt b/tools/src/yamllint/requirements.txt deleted file mode 100644 index 99c78bd3112..00000000000 --- a/tools/src/yamllint/requirements.txt +++ /dev/null @@ -1 +0,0 @@ -yamllint==1.37.1 From 48dc7cec645afe4baf750113086271c1c3069b0a Mon Sep 17 00:00:00 2001 From: ADITYATIWARI342005 <142050150+ADITYATIWARI342005@users.noreply.github.com> Date: Mon, 3 Nov 2025 16:19:20 +0530 Subject: [PATCH 02/16] update the tools entry to the correct v3 path and binary name, adjust the make target to call prettier instead of go-prettier Signed-off-by: ADITYATIWARI342005 <142050150+ADITYATIWARI342005@users.noreply.github.com> --- tools/go.mod | 2 +- tools/make/lint.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index 47c8c66b6f0..e598c9bf773 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -9,7 +9,7 @@ tool ( github.com/google/go-jsonnet/cmd/jsonnet github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb github.com/norwoodj/helm-docs/cmd/helm-docs - github.com/wasilibs/go-prettier/cmd/go-prettier + github.com/wasilibs/go-prettier/v3/cmd/prettier golang.org/x/perf/cmd/benchstat google.golang.org/grpc/cmd/protoc-gen-go-grpc google.golang.org/protobuf/cmd/protoc-gen-go diff --git a/tools/make/lint.mk b/tools/make/lint.mk index 8cc1df62334..b1509f7ff5e 100644 --- a/tools/make/lint.mk +++ b/tools/make/lint.mk @@ -16,7 +16,7 @@ format-yaml: ## Format YAML files with go-prettier @$(LOG_TARGET) @files="$$(git ls-files :*.yml :*.yaml)"; \ if [ -n "$$files" ]; then \ - $(GO_TOOL) go-prettier -w $$files; \ + $(GO_TOOL) prettier -w $$files; \ fi # lint-deps is run separately in CI to separate the tooling install logs from the actual output logs generated From 5c9048779021e2e0a9b432c73b74e6247bb70ce4 Mon Sep 17 00:00:00 2001 From: ADITYATIWARI342005 <142050150+ADITYATIWARI342005@users.noreply.github.com> Date: Mon, 3 Nov 2025 16:38:25 +0530 Subject: [PATCH 03/16] Add a .prettierignore mirroring the old yamllint ignore paths, add a check-format-yaml target that runs prettier in check mode on tracked YAML files, and update the CI workflow to use the check target Signed-off-by: ADITYATIWARI342005 <142050150+ADITYATIWARI342005@users.noreply.github.com> --- .github/workflows/yaml-format.yml | 8 ++------ .prettierignore | 20 ++++++++++++++++++++ tools/make/lint.mk | 8 ++++++++ 3 files changed, 30 insertions(+), 6 deletions(-) create mode 100644 .prettierignore diff --git a/.github/workflows/yaml-format.yml b/.github/workflows/yaml-format.yml index 0643a35bfc2..90ecdc584d2 100644 --- a/.github/workflows/yaml-format.yml +++ b/.github/workflows/yaml-format.yml @@ -17,12 +17,8 @@ jobs: with: go-version-file: tools/go.mod - - name: Run YAML formatter + - name: Check YAML formatting (no changes) run: | - make format-yaml - - - name: Check for unformatted changes - run: | - git diff --exit-code || (echo "Error: YAML files need formatting. Run 'make format-yaml'" && exit 1) + make check-format-yaml diff --git a/.prettierignore b/.prettierignore new file mode 100644 index 00000000000..3d6e4925ad5 --- /dev/null +++ b/.prettierignore @@ -0,0 +1,20 @@ +# Ignore templated/generated or external directories for YAML formatting +charts/gateway-helm/ +charts/gateway-addons-helm/ +charts/gateway-crds-helm/ + +# Generated install bundle +bin/install.yaml + +# Helm test charts +test/helm/gateway-helm/ +test/helm/gateway-addons-helm/ +test/helm/gateway-crds-helm/ + +# Example chart +examples/extension-server/charts/extension-server + +# Third-party / editor dirs +site/node_modules/ +.vscode/ + diff --git a/tools/make/lint.mk b/tools/make/lint.mk index b1509f7ff5e..05d9377d8dc 100644 --- a/tools/make/lint.mk +++ b/tools/make/lint.mk @@ -19,6 +19,14 @@ format-yaml: ## Format YAML files with go-prettier $(GO_TOOL) prettier -w $$files; \ fi +.PHONY: check-format-yaml +check-format-yaml: ## Check YAML formatting with go-prettier (no changes) + @$(LOG_TARGET) + @files="$$(git ls-files :*.yml :*.yaml)"; \ + if [ -n "$$files" ]; then \ + $(GO_TOOL) prettier --check $$files; \ + fi + # lint-deps is run separately in CI to separate the tooling install logs from the actual output logs generated # by the lint tooling. .PHONY: lint-deps From 8f5ab5a8b4fd4c93c7cbea73082ab04b3eb22eda Mon Sep 17 00:00:00 2001 From: ADITYATIWARI342005 <142050150+ADITYATIWARI342005@users.noreply.github.com> Date: Mon, 3 Nov 2025 16:55:18 +0530 Subject: [PATCH 04/16] update the Makefile to call the installed prettier binary directly (instead of ), and modify the GitHub Actions workflow to install prettier with go install and ensure the Go bin path is added Signed-off-by: ADITYATIWARI342005 <142050150+ADITYATIWARI342005@users.noreply.github.com> --- .github/workflows/yaml-format.yml | 5 +++++ tools/make/lint.mk | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/yaml-format.yml b/.github/workflows/yaml-format.yml index 90ecdc584d2..6bb176a5303 100644 --- a/.github/workflows/yaml-format.yml +++ b/.github/workflows/yaml-format.yml @@ -17,6 +17,11 @@ jobs: with: go-version-file: tools/go.mod + - name: Install go-prettier (prettier binary) + run: | + go install github.com/wasilibs/go-prettier/v3/cmd/prettier@v3.6.3 + echo "$HOME/go/bin" >> $GITHUB_PATH + - name: Check YAML formatting (no changes) run: | make check-format-yaml diff --git a/tools/make/lint.mk b/tools/make/lint.mk index 05d9377d8dc..513de3a868a 100644 --- a/tools/make/lint.mk +++ b/tools/make/lint.mk @@ -16,7 +16,7 @@ format-yaml: ## Format YAML files with go-prettier @$(LOG_TARGET) @files="$$(git ls-files :*.yml :*.yaml)"; \ if [ -n "$$files" ]; then \ - $(GO_TOOL) prettier -w $$files; \ + prettier -w $$files; \ fi .PHONY: check-format-yaml @@ -24,7 +24,7 @@ check-format-yaml: ## Check YAML formatting with go-prettier (no changes) @$(LOG_TARGET) @files="$$(git ls-files :*.yml :*.yaml)"; \ if [ -n "$$files" ]; then \ - $(GO_TOOL) prettier --check $$files; \ + prettier --check $$files; \ fi # lint-deps is run separately in CI to separate the tooling install logs from the actual output logs generated From eaf42a6d5e22d54b619c89d0c24a552679a90f5e Mon Sep 17 00:00:00 2001 From: ADITYA TIWARI <142050150+ADITYATIWARI342005@users.noreply.github.com> Date: Mon, 3 Nov 2025 17:58:31 +0530 Subject: [PATCH 05/16] Update go-prettier installation to use latest version Signed-off-by: ADITYA TIWARI <142050150+ADITYATIWARI342005@users.noreply.github.com> --- .github/workflows/yaml-format.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/yaml-format.yml b/.github/workflows/yaml-format.yml index 6bb176a5303..85b0b2d1547 100644 --- a/.github/workflows/yaml-format.yml +++ b/.github/workflows/yaml-format.yml @@ -19,7 +19,7 @@ jobs: - name: Install go-prettier (prettier binary) run: | - go install github.com/wasilibs/go-prettier/v3/cmd/prettier@v3.6.3 + go install github.com/wasilibs/go-prettier/v3/cmd/prettier@latest echo "$HOME/go/bin" >> $GITHUB_PATH - name: Check YAML formatting (no changes) From 89d34f95bc93274efa87c89032c1ece97203f98d Mon Sep 17 00:00:00 2001 From: ADITYA TIWARI <142050150+ADITYATIWARI342005@users.noreply.github.com> Date: Mon, 3 Nov 2025 21:27:06 +0530 Subject: [PATCH 06/16] Ignore test and workflow files in Prettier Signed-off-by: ADITYA TIWARI <142050150+ADITYATIWARI342005@users.noreply.github.com> --- .prettierignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.prettierignore b/.prettierignore index 3d6e4925ad5..7c67ca19b4b 100644 --- a/.prettierignore +++ b/.prettierignore @@ -18,3 +18,6 @@ examples/extension-server/charts/extension-server site/node_modules/ .vscode/ +# test files and workflow files +**/testdata/** +.github/workflows/* From 8b9b1adb0ba7de7046d9d8d49e9a8714e26a1fbf Mon Sep 17 00:00:00 2001 From: ADITYA TIWARI <142050150+ADITYATIWARI342005@users.noreply.github.com> Date: Mon, 3 Nov 2025 17:27:10 +0000 Subject: [PATCH 07/16] Format YAML files with go-prettier; robust .prettierignore for CI Signed-off-by: ADITYA TIWARI <142050150+ADITYATIWARI342005@users.noreply.github.com> --- .prettierignore | 7 +++ examples/admin-console-config.yaml | 34 +++++----- examples/kubernetes/jwt/grpc-jwt.yaml | 22 +++---- examples/kubernetes/jwt/jwt.yaml | 56 ++++++++--------- .../kubernetes/metric/stats-compression.yaml | 2 +- examples/standalone/quickstart.yaml | 2 +- .../manifests/httproute.yaml | 1 + release-notes/current.yaml | 2 +- release-notes/v0.1.0.yaml | 6 +- release-notes/v0.2.0-rc1.yaml | 62 +++++++++---------- release-notes/v0.6.0.yaml | 1 - release-notes/v1.0.0-rc.1.yaml | 6 -- release-notes/v1.0.0.yaml | 6 -- release-notes/v1.1.0-rc.1.yaml | 10 --- release-notes/v1.1.0.yaml | 10 --- release-notes/v1.1.1.yaml | 6 -- release-notes/v1.1.2.yaml | 1 - release-notes/v1.1.3.yaml | 1 - release-notes/v1.1.4.yaml | 1 - release-notes/v1.2.5.yaml | 1 - site/docker-compose.yaml | 1 - test/config/helm/xds-name-scheme-v2.yaml | 2 +- tools/github-actions/setup-deps/action.yaml | 2 +- 23 files changed, 103 insertions(+), 139 deletions(-) diff --git a/.prettierignore b/.prettierignore index 7c67ca19b4b..9c922b00617 100644 --- a/.prettierignore +++ b/.prettierignore @@ -21,3 +21,10 @@ site/node_modules/ # test files and workflow files **/testdata/** .github/workflows/* + +# prevent format failures +**/examples/** +**/.examples/** +**/test/** +**/.test/** +tools/linter/golangci-lint/.golangci.yml diff --git a/examples/admin-console-config.yaml b/examples/admin-console-config.yaml index 7fda3fc39b4..1ed6518fc0b 100644 --- a/examples/admin-console-config.yaml +++ b/examples/admin-console-config.yaml @@ -16,8 +16,8 @@ spec: watch: type: Namespaces namespaces: - - default - - app-namespace + - default + - app-namespace # Admin server configuration admin: @@ -54,11 +54,11 @@ spec: prometheus: disable: false sinks: - - type: OpenTelemetry - openTelemetry: - host: otel-collector.monitoring.svc.cluster.local - port: 4317 - protocol: grpc + - type: OpenTelemetry + openTelemetry: + host: otel-collector.monitoring.svc.cluster.local + port: 4317 + protocol: grpc --- # Example: Production configuration with console disabled @@ -77,8 +77,8 @@ spec: watch: type: Namespaces namespaces: - - production - - staging + - production + - staging # Production admin configuration - more restrictive admin: @@ -117,9 +117,9 @@ spec: watch: type: Namespaces namespaces: - - default - - development - - testing + - default + - development + - testing # Development admin configuration - all features enabled admin: @@ -148,8 +148,8 @@ spec: prometheus: disable: false sinks: - - type: OpenTelemetry - openTelemetry: - host: jaeger-collector.observability.svc.cluster.local - port: 4317 - protocol: grpc + - type: OpenTelemetry + openTelemetry: + host: jaeger-collector.observability.svc.cluster.local + port: 4317 + protocol: grpc diff --git a/examples/kubernetes/jwt/grpc-jwt.yaml b/examples/kubernetes/jwt/grpc-jwt.yaml index c841ddb7225..8c4aebd3bc5 100644 --- a/examples/kubernetes/jwt/grpc-jwt.yaml +++ b/examples/kubernetes/jwt/grpc-jwt.yaml @@ -9,9 +9,9 @@ spec: name: yages jwt: providers: - - name: example - remoteJWKS: - uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json + - name: example + remoteJWKS: + uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json --- apiVersion: gateway.networking.k8s.io/v1 kind: GRPCRoute @@ -21,13 +21,13 @@ metadata: example: grpc-routing spec: parentRefs: - - name: example-gateway + - name: example-gateway hostnames: - - "grpc-example.com" + - "grpc-example.com" rules: - - backendRefs: - - group: "" - kind: Service - name: yages - port: 9000 - weight: 1 + - backendRefs: + - group: "" + kind: Service + name: yages + port: 9000 + weight: 1 diff --git a/examples/kubernetes/jwt/jwt.yaml b/examples/kubernetes/jwt/jwt.yaml index a5ba7f4c100..591d0311e50 100644 --- a/examples/kubernetes/jwt/jwt.yaml +++ b/examples/kubernetes/jwt/jwt.yaml @@ -9,10 +9,10 @@ spec: name: foo jwt: providers: - - name: example - remoteJWKS: - uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json - cacheDuration: 60s + - name: example + remoteJWKS: + uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json + cacheDuration: 60s --- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute @@ -20,20 +20,20 @@ metadata: name: foo spec: parentRefs: - - name: eg + - name: eg hostnames: - - "www.example.com" + - "www.example.com" rules: - - backendRefs: - - group: "" - kind: Service - name: backend - port: 3000 - weight: 1 - matches: - - path: - type: PathPrefix - value: /foo + - backendRefs: + - group: "" + kind: Service + name: backend + port: 3000 + weight: 1 + matches: + - path: + type: PathPrefix + value: /foo --- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute @@ -41,17 +41,17 @@ metadata: name: bar spec: parentRefs: - - name: eg + - name: eg hostnames: - - "www.example.com" + - "www.example.com" rules: - - backendRefs: - - group: "" - kind: Service - name: backend - port: 3000 - weight: 1 - matches: - - path: - type: PathPrefix - value: /bar + - backendRefs: + - group: "" + kind: Service + name: backend + port: 3000 + weight: 1 + matches: + - path: + type: PathPrefix + value: /bar diff --git a/examples/kubernetes/metric/stats-compression.yaml b/examples/kubernetes/metric/stats-compression.yaml index e3a183665c3..4c650656090 100644 --- a/examples/kubernetes/metric/stats-compression.yaml +++ b/examples/kubernetes/metric/stats-compression.yaml @@ -20,4 +20,4 @@ spec: metrics: prometheus: compression: - type: Gzip ## Supported types are Gzip, Brotli, and Zstd + type: Gzip ## Supported types are Gzip, Brotli, and Zstd diff --git a/examples/standalone/quickstart.yaml b/examples/standalone/quickstart.yaml index 4ccf2ce8efd..e7a5cda07e5 100644 --- a/examples/standalone/quickstart.yaml +++ b/examples/standalone/quickstart.yaml @@ -42,5 +42,5 @@ metadata: spec: endpoints: - ip: - address: 0.0.0.0 # this address is for demo purpose only, do not use it in production! + address: 0.0.0.0 # this address is for demo purpose only, do not use it in production! port: 3000 diff --git a/examples/static-file-server/manifests/httproute.yaml b/examples/static-file-server/manifests/httproute.yaml index beaefdbb423..adb7fcabd03 100644 --- a/examples/static-file-server/manifests/httproute.yaml +++ b/examples/static-file-server/manifests/httproute.yaml @@ -20,3 +20,4 @@ spec: type: PathPrefix value: /wasm --- + diff --git a/release-notes/current.yaml b/release-notes/current.yaml index 19e589cdf75..3dcc6c6cb9e 100644 --- a/release-notes/current.yaml +++ b/release-notes/current.yaml @@ -10,7 +10,7 @@ security updates: | new features: | bug fixes: | - - Fixed Listener port limit typo 65353 -> 65535. + - Fixed Listener port limit typo 65353 -> 65535. # Enhancements that improve performance. performance improvements: | diff --git a/release-notes/v0.1.0.yaml b/release-notes/v0.1.0.yaml index ad3bd2df198..3421d3e683e 100644 --- a/release-notes/v0.1.0.yaml +++ b/release-notes/v0.1.0.yaml @@ -1,6 +1,6 @@ date: May 16, 2022 changes: -- area: documentation - change: | - The initial open source release describing project goals and high-level design. + - area: documentation + change: | + The initial open source release describing project goals and high-level design. diff --git a/release-notes/v0.2.0-rc1.yaml b/release-notes/v0.2.0-rc1.yaml index e1b199f735e..4a12b1c55fd 100644 --- a/release-notes/v0.2.0-rc1.yaml +++ b/release-notes/v0.2.0-rc1.yaml @@ -1,34 +1,34 @@ date: August 31, 2022 changes: -- area: documentation - change: | - Added a quickstart guide for users to run and use Envoy Gateway. -- area: api - change: | - Added the EnvoyGateway API type for configuring Envoy Gateway. - Added the EnvoyProxy API type for configuring managed Envoys. -- area: CI - change: | - Added tooling to build, run, etc. Envoy Gateway. -- area: providers - change: | - Added the Kubernetes provider. -- area: xds - change: | - Added xDS server to configure managed Envoys. -- area: ir - change: | - Added xds and infra IRs to decouple user-facing APIs from Envoy Gateway. - Added IR validation. -- area: translator - change: | - Added the gatewayapi translator to translate Gateway API and associated resources to the IR and manage - Gateway API status. -- area: message service - change: | - Added infra and xds IR watchable map messages for inter-component communication. - Added a Runner to each component to support pub/sub between components. -- area: infra manager - change: | - Added Kubernetes Infra Manager to manage Envoy infrastructure running in a Kubernetes cluster. + - area: documentation + change: | + Added a quickstart guide for users to run and use Envoy Gateway. + - area: api + change: | + Added the EnvoyGateway API type for configuring Envoy Gateway. + Added the EnvoyProxy API type for configuring managed Envoys. + - area: CI + change: | + Added tooling to build, run, etc. Envoy Gateway. + - area: providers + change: | + Added the Kubernetes provider. + - area: xds + change: | + Added xDS server to configure managed Envoys. + - area: ir + change: | + Added xds and infra IRs to decouple user-facing APIs from Envoy Gateway. + Added IR validation. + - area: translator + change: | + Added the gatewayapi translator to translate Gateway API and associated resources to the IR and manage + Gateway API status. + - area: message service + change: | + Added infra and xds IR watchable map messages for inter-component communication. + Added a Runner to each component to support pub/sub between components. + - area: infra manager + change: | + Added Kubernetes Infra Manager to manage Envoy infrastructure running in a Kubernetes cluster. diff --git a/release-notes/v0.6.0.yaml b/release-notes/v0.6.0.yaml index d370027a0a5..5ede6652012 100644 --- a/release-notes/v0.6.0.yaml +++ b/release-notes/v0.6.0.yaml @@ -12,7 +12,6 @@ changes: Updated EnvoyProxy image to be a distroless variant. Removed resources around kube-rbac-proxy - - area: api change: | Upgraded to Gateway API v1.0.0 diff --git a/release-notes/v1.0.0-rc.1.yaml b/release-notes/v1.0.0-rc.1.yaml index f91e7856d92..db871e4406c 100644 --- a/release-notes/v1.0.0-rc.1.yaml +++ b/release-notes/v1.0.0-rc.1.yaml @@ -19,7 +19,6 @@ changes: Updated crd-ref-docs to 0.0.10 Updated Envoy proxy image to envoy:distroless-dev in main - - area: installation change: | Added Support for Pulling envoyGateway image from a private registry @@ -84,7 +83,6 @@ changes: change: | Replaced backend image from gcr.io/k8s-staging-ingressconformance/echoserver to gcr.io/k8s-staging-gateway-api/echo-basic - - area: testing change: | Added e2e test for header case-preserving @@ -94,7 +92,6 @@ changes: Added e2e test for OIDC Added e2e test for BackendTrafficPolicy Retry - - area: translator change: | Fixed Prefix match to prevent mismatching routes with the same prefix @@ -124,7 +121,6 @@ changes: Added Support for implementing gateway.spec.infrastructure Added Validation for CA Cert in ClientTrafficPolicy - - area: providers change: | Added Support for multiple GatewayClass per controller @@ -133,7 +129,6 @@ changes: Fixed Finalizer logic when deleting Gatewayclasses Fixed MergeGateways panics when restarting control plane - - area: xds change: | Added Support for EDS cache @@ -143,7 +138,6 @@ changes: Fixed Requests not matching defined routes trigger per-route filters Bumped go-control-plane to v0.12.0 - - area: cli change: | Added Support for egctl x status diff --git a/release-notes/v1.0.0.yaml b/release-notes/v1.0.0.yaml index cb0ed75a834..50973f3fcae 100644 --- a/release-notes/v1.0.0.yaml +++ b/release-notes/v1.0.0.yaml @@ -28,7 +28,6 @@ changes: Updated crd-ref-docs to 0.0.10 Updated Envoy proxy image to envoy:distroless-dev in main - - area: installation change: | Added Support for Pulling envoyGateway image from a private registry @@ -97,7 +96,6 @@ changes: change: | Replaced backend image from gcr.io/k8s-staging-ingressconformance/echoserver to gcr.io/k8s-staging-gateway-api/echo-basic - - area: testing change: | Added e2e test for Header Case-Preserving @@ -112,7 +110,6 @@ changes: Added e2e test for Weighted backend Added validation for LoadBalancerIP to prevent trailing period - - area: translator change: | Fixed Prefix match to prevent mismatching routes with the same prefix @@ -152,7 +149,6 @@ changes: Added Support for Upstream TLS to multiple Backends Added Validation for CA Cert in ClientTrafficPolicy - - area: providers change: | Added Support for multiple GatewayClass per controller @@ -161,7 +157,6 @@ changes: Fixed Finalizer logic when deleting Gatewayclasses Fixed MergeGateways panics when restarting control plane - - area: xds change: | Added Support for EDS cache @@ -171,7 +166,6 @@ changes: Fixed Requests not matching defined routes trigger per-route filters Bumped go-control-plane to v0.12.0 - - area: cli change: | Added Support for egctl x status diff --git a/release-notes/v1.1.0-rc.1.yaml b/release-notes/v1.1.0-rc.1.yaml index f7ed991997b..54e227eb729 100644 --- a/release-notes/v1.1.0-rc.1.yaml +++ b/release-notes/v1.1.0-rc.1.yaml @@ -55,7 +55,6 @@ changes: Use helm-docs to generate chart docs Support Not-Implemented-Hide marker in API docs - - area: installation change: | Added new gateway-addons-helm chart for Observability @@ -68,7 +67,6 @@ changes: Updated Envoy Gateway ImagePullPolicy to IfNotPresent released charts Remove envoy-gateway-metrics-service and merge its contents into envoy-gateway service - - area: api change: | Added Support for Gateway-API v1.1.0 @@ -127,12 +125,10 @@ changes: Added Support for External Processing extension in EnvoyExtensionPolicy CRD Removed Status Print Column from xPolicy CRDs - breaking-change: | Gateway-API BackendTLSPolicy v1alpha3 is incompatible with previous versions of the CRD xPolicy targetRefs can no longer specify a namespace, since Gateway-API v1.1.0 uses LocalPolicyTargetReferenceWithSectionName in Policy resources - deprecation: | xPolicy targetRef is deprecated, use targetRefs instead SecurityPolicy ExtAuth BackendRef is deprecated, use BackendRefs instead @@ -141,12 +137,10 @@ changes: Proxy Tracing Provider Host and Port are deprecated, use backendRefs instead Envoy Gateway Extension Server Host and Port are deprecated, use BackendEndpoint instead - - area: conformance change: | Added Supported Features to Gateway Class - - area: testing change: | Added performance benchmarking test @@ -178,7 +172,6 @@ changes: Added OSV Scanner for Golang Vulnerabilities and Licenses Added Trivy scanner for Docker images - - area: translator change: | Added Support for BackendRef HTTP Filters @@ -224,16 +217,13 @@ changes: change: | Bumped K8s Client to v0.30.0 - - area: xds change: | Bumped go-control-plane to v0.12.1 - - area: cli change: | Added Support for Install and Uninstall Commands to egctl Added Support for xRoute and xPolicy in egctl x status Added Golang version to Envoy Gateway version command Fixed egctl x status gatewayclass example message - diff --git a/release-notes/v1.1.0.yaml b/release-notes/v1.1.0.yaml index bad41982112..f6bc4af47f7 100644 --- a/release-notes/v1.1.0.yaml +++ b/release-notes/v1.1.0.yaml @@ -63,7 +63,6 @@ changes: Use helm-docs to generate chart docs Support Not-Implemented-Hide marker in API docs - - area: installation change: | Added startupProbe to all provisioned containers to reduce risk of restart @@ -77,7 +76,6 @@ changes: Updated Envoy Gateway ImagePullPolicy to IfNotPresent released charts Remove envoy-gateway-metrics-service and merge its contents into envoy-gateway service - - area: api change: | Added Support for Gateway-API v1.1.0 @@ -136,13 +134,11 @@ changes: Added Support for External Processing extension in EnvoyExtensionPolicy CRD Removed Status Print Column from xPolicy CRDs - breaking-change: | SecurityPolicy translation failures will now cause routes referenced by the policy to return an immediate 500 response Gateway-API BackendTLSPolicy v1alpha3 is incompatible with previous versions of the CRD xPolicy targetRefs can no longer specify a namespace, since Gateway-API v1.1.0 uses LocalPolicyTargetReferenceWithSectionName in Policy resources - deprecation: | xPolicy targetRef is deprecated, use targetRefs instead SecurityPolicy ExtAuth BackendRef is deprecated, use BackendRefs instead @@ -151,12 +147,10 @@ changes: Proxy Tracing Provider Host and Port are deprecated, use backendRefs instead Envoy Gateway Extension Server Host and Port are deprecated, use BackendEndpoint instead - - area: conformance change: | Added Supported Features to Gateway Class - - area: testing change: | Added e2e test for Client MTLS @@ -190,7 +184,6 @@ changes: Added OSV Scanner for Golang Vulnerabilities and Licenses Added Trivy scanner for Docker images - - area: translator change: | Added Support for BackendRef HTTP Filters @@ -236,12 +229,10 @@ changes: change: | Bumped K8s Client to v0.30.0 - - area: xds change: | Bumped go-control-plane to v0.12.1 - - area: cli change: | Added egctl x collect command @@ -249,4 +240,3 @@ changes: Added Support for xRoute and xPolicy in egctl x status Added Golang version to Envoy Gateway version command Fixed egctl x status gatewayclass example message - diff --git a/release-notes/v1.1.1.yaml b/release-notes/v1.1.1.yaml index ac5f40ea678..492b880cf00 100644 --- a/release-notes/v1.1.1.yaml +++ b/release-notes/v1.1.1.yaml @@ -5,17 +5,14 @@ changes: change: | Bumped Golang version to 1.22.7 - - area: conformance change: | Enabled GatewayHTTPListenerIsolation test - - area: testing change: | Fix download URL of envoy proxy WASM examples used in tests - - area: translator change: | Fixed url rewrite to remove trailing slash @@ -27,16 +24,13 @@ changes: Fixed support for empty SlowStart configuration when using LeastRequest loadbalancing Fixed update of status for Backends - - area: infra-manager change: | Pin ratelimit version to 26f28d78 Reduce readinessProbe failureThreshold and periodSeconds of proxy Expose ratelimit statsd - - area: providers change: | Fixed error returned when referenced Configmap or Secret is not found Use component name in Envoy Gateway logs - diff --git a/release-notes/v1.1.2.yaml b/release-notes/v1.1.2.yaml index a257ea677f6..19751bb6c88 100644 --- a/release-notes/v1.1.2.yaml +++ b/release-notes/v1.1.2.yaml @@ -5,7 +5,6 @@ changes: change: | Fixed handling of sectionName in BackendTLSPolicy for Backend resource - - area: infra-manager change: | Pin Envoy Proxy version to v1.32.2 diff --git a/release-notes/v1.1.3.yaml b/release-notes/v1.1.3.yaml index 7e2f9070888..d19c8ca38d4 100644 --- a/release-notes/v1.1.3.yaml +++ b/release-notes/v1.1.3.yaml @@ -25,4 +25,3 @@ performance improvements: | Other changes: | Bumped Envoy proxy to 1.31.3 Bumped github.com/docker/docker to 27.3.1+incompatible - diff --git a/release-notes/v1.1.4.yaml b/release-notes/v1.1.4.yaml index 09b06e829e2..606a1f83792 100644 --- a/release-notes/v1.1.4.yaml +++ b/release-notes/v1.1.4.yaml @@ -13,4 +13,3 @@ bug fixes: | Other changes: | Bumped Rate Limit to 49af5cca Bumped golang.org/x/crypto to 0.31.0 - diff --git a/release-notes/v1.2.5.yaml b/release-notes/v1.2.5.yaml index 9e5cabbc041..04b101d7f82 100644 --- a/release-notes/v1.2.5.yaml +++ b/release-notes/v1.2.5.yaml @@ -1,6 +1,5 @@ date: January 14, 2025 - bug fixes: | Fixed a nil pointer error that occurred when a SecurityPolicy referred to a UDS backend. Fixed an issue where the Gateway API translator did not use the TLS configuration from the BackendTLSPolicy when connecting to the OIDC provider’s well-known endpoint. diff --git a/site/docker-compose.yaml b/site/docker-compose.yaml index e8f211a610e..0352b20df90 100644 --- a/site/docker-compose.yaml +++ b/site/docker-compose.yaml @@ -1,7 +1,6 @@ version: "3.3" services: - site: image: docsy/docsy-example build: diff --git a/test/config/helm/xds-name-scheme-v2.yaml b/test/config/helm/xds-name-scheme-v2.yaml index 290d342c3e9..dee8dada244 100644 --- a/test/config/helm/xds-name-scheme-v2.yaml +++ b/test/config/helm/xds-name-scheme-v2.yaml @@ -2,4 +2,4 @@ config: envoyGateway: runtimeFlags: enabled: - - XDSNameSchemeV2 + - XDSNameSchemeV2 diff --git a/tools/github-actions/setup-deps/action.yaml b/tools/github-actions/setup-deps/action.yaml index 2202ac9ac7c..79ddda2697f 100644 --- a/tools/github-actions/setup-deps/action.yaml +++ b/tools/github-actions/setup-deps/action.yaml @@ -6,7 +6,7 @@ runs: steps: - shell: bash run: sudo apt-get install libbtrfs-dev -y - - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v5.0.1 + - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v5.0.1 with: go-version-file: go.mod cache: true From 376742c4e4866a4d529d37c9331f6fb432eb345c Mon Sep 17 00:00:00 2001 From: ADITYA TIWARI <142050150+ADITYATIWARI342005@users.noreply.github.com> Date: Mon, 3 Nov 2025 17:58:47 +0000 Subject: [PATCH 08/16] format release-notes/current.yaml Signed-off-by: ADITYA TIWARI <142050150+ADITYATIWARI342005@users.noreply.github.com> --- release-notes/current.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/release-notes/current.yaml b/release-notes/current.yaml index 59cf04af497..4fe8d1a8c84 100644 --- a/release-notes/current.yaml +++ b/release-notes/current.yaml @@ -10,8 +10,8 @@ security updates: | new features: | bug fixes: | - - Fixed Listener port limit typo 65353 -> 65535. - - Fixed issue where reloading invalid envoy gateway configuration. + - Fixed Listener port limit typo 65353 -> 65535. + - Fixed issue where reloading invalid envoy gateway configuration. # Enhancements that improve performance. performance improvements: | From 5ec53adb8ad9fb484fbde56288c2f4f9d0207346 Mon Sep 17 00:00:00 2001 From: ADITYATIWARI342005 <142050150+ADITYATIWARI342005@users.noreply.github.com> Date: Tue, 4 Nov 2025 13:34:17 +0530 Subject: [PATCH 09/16] fix: delete the not required workflow and update the workflow to install the correct go-prettier binary using a valid tag by switching to @latest, ensuring the formatter is available during CI Signed-off-by: ADITYATIWARI342005 <142050150+ADITYATIWARI342005@users.noreply.github.com> --- .github/workflows/yaml-format.yml | 29 ----------------------------- tools/make/lint.mk | 3 +++ 2 files changed, 3 insertions(+), 29 deletions(-) delete mode 100644 .github/workflows/yaml-format.yml diff --git a/.github/workflows/yaml-format.yml b/.github/workflows/yaml-format.yml deleted file mode 100644 index 85b0b2d1547..00000000000 --- a/.github/workflows/yaml-format.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: YAML Formatting - -on: - pull_request: - push: - branches: [ main ] - -jobs: - format-yaml: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup Go - uses: actions/setup-go@v5 - with: - go-version-file: tools/go.mod - - - name: Install go-prettier (prettier binary) - run: | - go install github.com/wasilibs/go-prettier/v3/cmd/prettier@latest - echo "$HOME/go/bin" >> $GITHUB_PATH - - - name: Check YAML formatting (no changes) - run: | - make check-format-yaml - - diff --git a/tools/make/lint.mk b/tools/make/lint.mk index 513de3a868a..2be32ca8319 100644 --- a/tools/make/lint.mk +++ b/tools/make/lint.mk @@ -27,6 +27,9 @@ check-format-yaml: ## Check YAML formatting with go-prettier (no changes) prettier --check $$files; \ fi +# Run YAML format check as part of gen-check to integrate with existing CI +gen-check: check-format-yaml + # lint-deps is run separately in CI to separate the tooling install logs from the actual output logs generated # by the lint tooling. .PHONY: lint-deps From 82ab02e62c11ed09ff5e2211763539ebee27c7c7 Mon Sep 17 00:00:00 2001 From: ADITYA TIWARI <142050150+ADITYATIWARI342005@users.noreply.github.com> Date: Tue, 4 Nov 2025 09:16:08 +0000 Subject: [PATCH 10/16] fix/ add installation of the prettier binary and PATH export into the existing composite action Signed-off-by: ADITYA TIWARI <142050150+ADITYATIWARI342005@users.noreply.github.com> --- tools/github-actions/setup-deps/action.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/github-actions/setup-deps/action.yaml b/tools/github-actions/setup-deps/action.yaml index 79ddda2697f..12ca25790ad 100644 --- a/tools/github-actions/setup-deps/action.yaml +++ b/tools/github-actions/setup-deps/action.yaml @@ -10,3 +10,7 @@ runs: with: go-version-file: go.mod cache: true + - shell: bash + run: | + go install github.com/wasilibs/go-prettier/v3/cmd/prettier@latest + echo "$(go env GOPATH)/bin" >> $GITHUB_PATH From 4ad9271a2a753e6e37d09abd888768bef01f49a5 Mon Sep 17 00:00:00 2001 From: ADITYA TIWARI <142050150+ADITYATIWARI342005@users.noreply.github.com> Date: Tue, 4 Nov 2025 09:27:26 +0000 Subject: [PATCH 11/16] style: format release-notes/current.yaml via prettier for CI Signed-off-by: ADITYA TIWARI <142050150+ADITYATIWARI342005@users.noreply.github.com> --- release-notes/current.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/release-notes/current.yaml b/release-notes/current.yaml index 32c964f90bc..a43ccbfad06 100644 --- a/release-notes/current.yaml +++ b/release-notes/current.yaml @@ -8,13 +8,13 @@ security updates: | # New features or capabilities added in this release. new features: | - Added support for both Global and Local rate limiting in BackendTrafficPolicy simultaneously. - Added support for applying SecurityPolicy Authorization to TCPRoute (client IP / allow-deny list for TCP traffic). + Added support for both Global and Local rate limiting in BackendTrafficPolicy simultaneously. + Added support for applying SecurityPolicy Authorization to TCPRoute (client IP / allow-deny list for TCP traffic). bug fixes: | - - Fixed Listener port limit typo 65353 -> 65535. - - Fixed issue where reloading invalid envoy gateway configuration. - - Fixed missing JWT provider configuration when JWT authentication is configured on multiple HTTP listeners sharing the same port. + - Fixed Listener port limit typo 65353 -> 65535. + - Fixed issue where reloading invalid envoy gateway configuration. + - Fixed missing JWT provider configuration when JWT authentication is configured on multiple HTTP listeners sharing the same port. # Enhancements that improve performance. performance improvements: | From fabcd14f4ac19e62c0d84774b1ebacdec3cdef3a Mon Sep 17 00:00:00 2001 From: ADITYA TIWARI <142050150+ADITYATIWARI342005@users.noreply.github.com> Date: Tue, 4 Nov 2025 09:56:15 +0000 Subject: [PATCH 12/16] fix/add release notes to .prettierignore Signed-off-by: ADITYA TIWARI <142050150+ADITYATIWARI342005@users.noreply.github.com> --- .prettierignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.prettierignore b/.prettierignore index 9c922b00617..82c50a4a780 100644 --- a/.prettierignore +++ b/.prettierignore @@ -28,3 +28,6 @@ site/node_modules/ **/test/** **/.test/** tools/linter/golangci-lint/.golangci.yml + +# exclude release-notes +release-notes/* From ebe1130f4ba8efd6b04c3dbf6c1f7c1579956e68 Mon Sep 17 00:00:00 2001 From: ADITYA TIWARI <142050150+ADITYATIWARI342005@users.noreply.github.com> Date: Thu, 6 Nov 2025 12:05:32 +0530 Subject: [PATCH 13/16] Add GitHub Actions directory to Prettier ignore Signed-off-by: ADITYA TIWARI <142050150+ADITYATIWARI342005@users.noreply.github.com> --- .prettierignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.prettierignore b/.prettierignore index 82c50a4a780..e0ab643796b 100644 --- a/.prettierignore +++ b/.prettierignore @@ -27,7 +27,7 @@ site/node_modules/ **/.examples/** **/test/** **/.test/** -tools/linter/golangci-lint/.golangci.yml +tools/github_actions # exclude release-notes release-notes/* From 93b79553d81a597e02fe9192b55c0c82757af404 Mon Sep 17 00:00:00 2001 From: ADITYATIWARI342005 <142050150+ADITYATIWARI342005@users.noreply.github.com> Date: Fri, 7 Nov 2025 02:01:36 +0530 Subject: [PATCH 14/16] fix: update .prettierignore to include the required directories Signed-off-by: ADITYATIWARI342005 <142050150+ADITYATIWARI342005@users.noreply.github.com> --- .prettierignore | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/.prettierignore b/.prettierignore index e0ab643796b..4b7f4ed6649 100644 --- a/.prettierignore +++ b/.prettierignore @@ -18,16 +18,14 @@ examples/extension-server/charts/extension-server site/node_modules/ .vscode/ -# test files and workflow files +# exclude release-notes +release-notes/* + +# testdata directories **/testdata/** -.github/workflows/* -# prevent format failures -**/examples/** -**/.examples/** -**/test/** -**/.test/** -tools/github_actions +# GitHub workflows +.github/workflows/* -# exclude release-notes -release-notes/* +# tools/github-actions +tools/github-actions/** From 42257c770922aa80cf9ea386a9037c8f80e58b8f Mon Sep 17 00:00:00 2001 From: ADITYA TIWARI <142050150+ADITYATIWARI342005@users.noreply.github.com> Date: Fri, 7 Nov 2025 03:39:58 +0000 Subject: [PATCH 15/16] revert: restore release-notes/ files to main for .prettierignore compliance Signed-off-by: ADITYA TIWARI <142050150+ADITYATIWARI342005@users.noreply.github.com> --- release-notes/current.yaml | 7 +--- release-notes/v0.1.0.yaml | 6 ++-- release-notes/v0.2.0-rc1.yaml | 62 +++++++++++++++++----------------- release-notes/v0.6.0.yaml | 1 + release-notes/v1.0.0-rc.1.yaml | 6 ++++ release-notes/v1.0.0.yaml | 6 ++++ release-notes/v1.1.0-rc.1.yaml | 10 ++++++ release-notes/v1.1.0.yaml | 10 ++++++ release-notes/v1.1.1.yaml | 6 ++++ release-notes/v1.1.2.yaml | 1 + release-notes/v1.1.3.yaml | 1 + release-notes/v1.1.4.yaml | 1 + release-notes/v1.2.5.yaml | 1 + 13 files changed, 78 insertions(+), 40 deletions(-) diff --git a/release-notes/current.yaml b/release-notes/current.yaml index a43ccbfad06..19e589cdf75 100644 --- a/release-notes/current.yaml +++ b/release-notes/current.yaml @@ -8,14 +8,9 @@ security updates: | # New features or capabilities added in this release. new features: | - Added support for both Global and Local rate limiting in BackendTrafficPolicy simultaneously. - Added support for applying SecurityPolicy Authorization to TCPRoute (client IP / allow-deny list for TCP traffic). bug fixes: | - - Fixed Listener port limit typo 65353 -> 65535. - - Fixed issue where reloading invalid envoy gateway configuration. - - Fixed missing JWT provider configuration when JWT authentication is configured on multiple HTTP listeners sharing the same port. - + - Fixed Listener port limit typo 65353 -> 65535. # Enhancements that improve performance. performance improvements: | diff --git a/release-notes/v0.1.0.yaml b/release-notes/v0.1.0.yaml index 3421d3e683e..ad3bd2df198 100644 --- a/release-notes/v0.1.0.yaml +++ b/release-notes/v0.1.0.yaml @@ -1,6 +1,6 @@ date: May 16, 2022 changes: - - area: documentation - change: | - The initial open source release describing project goals and high-level design. +- area: documentation + change: | + The initial open source release describing project goals and high-level design. diff --git a/release-notes/v0.2.0-rc1.yaml b/release-notes/v0.2.0-rc1.yaml index 4a12b1c55fd..e1b199f735e 100644 --- a/release-notes/v0.2.0-rc1.yaml +++ b/release-notes/v0.2.0-rc1.yaml @@ -1,34 +1,34 @@ date: August 31, 2022 changes: - - area: documentation - change: | - Added a quickstart guide for users to run and use Envoy Gateway. - - area: api - change: | - Added the EnvoyGateway API type for configuring Envoy Gateway. - Added the EnvoyProxy API type for configuring managed Envoys. - - area: CI - change: | - Added tooling to build, run, etc. Envoy Gateway. - - area: providers - change: | - Added the Kubernetes provider. - - area: xds - change: | - Added xDS server to configure managed Envoys. - - area: ir - change: | - Added xds and infra IRs to decouple user-facing APIs from Envoy Gateway. - Added IR validation. - - area: translator - change: | - Added the gatewayapi translator to translate Gateway API and associated resources to the IR and manage - Gateway API status. - - area: message service - change: | - Added infra and xds IR watchable map messages for inter-component communication. - Added a Runner to each component to support pub/sub between components. - - area: infra manager - change: | - Added Kubernetes Infra Manager to manage Envoy infrastructure running in a Kubernetes cluster. +- area: documentation + change: | + Added a quickstart guide for users to run and use Envoy Gateway. +- area: api + change: | + Added the EnvoyGateway API type for configuring Envoy Gateway. + Added the EnvoyProxy API type for configuring managed Envoys. +- area: CI + change: | + Added tooling to build, run, etc. Envoy Gateway. +- area: providers + change: | + Added the Kubernetes provider. +- area: xds + change: | + Added xDS server to configure managed Envoys. +- area: ir + change: | + Added xds and infra IRs to decouple user-facing APIs from Envoy Gateway. + Added IR validation. +- area: translator + change: | + Added the gatewayapi translator to translate Gateway API and associated resources to the IR and manage + Gateway API status. +- area: message service + change: | + Added infra and xds IR watchable map messages for inter-component communication. + Added a Runner to each component to support pub/sub between components. +- area: infra manager + change: | + Added Kubernetes Infra Manager to manage Envoy infrastructure running in a Kubernetes cluster. diff --git a/release-notes/v0.6.0.yaml b/release-notes/v0.6.0.yaml index 5ede6652012..d370027a0a5 100644 --- a/release-notes/v0.6.0.yaml +++ b/release-notes/v0.6.0.yaml @@ -12,6 +12,7 @@ changes: Updated EnvoyProxy image to be a distroless variant. Removed resources around kube-rbac-proxy + - area: api change: | Upgraded to Gateway API v1.0.0 diff --git a/release-notes/v1.0.0-rc.1.yaml b/release-notes/v1.0.0-rc.1.yaml index db871e4406c..f91e7856d92 100644 --- a/release-notes/v1.0.0-rc.1.yaml +++ b/release-notes/v1.0.0-rc.1.yaml @@ -19,6 +19,7 @@ changes: Updated crd-ref-docs to 0.0.10 Updated Envoy proxy image to envoy:distroless-dev in main + - area: installation change: | Added Support for Pulling envoyGateway image from a private registry @@ -83,6 +84,7 @@ changes: change: | Replaced backend image from gcr.io/k8s-staging-ingressconformance/echoserver to gcr.io/k8s-staging-gateway-api/echo-basic + - area: testing change: | Added e2e test for header case-preserving @@ -92,6 +94,7 @@ changes: Added e2e test for OIDC Added e2e test for BackendTrafficPolicy Retry + - area: translator change: | Fixed Prefix match to prevent mismatching routes with the same prefix @@ -121,6 +124,7 @@ changes: Added Support for implementing gateway.spec.infrastructure Added Validation for CA Cert in ClientTrafficPolicy + - area: providers change: | Added Support for multiple GatewayClass per controller @@ -129,6 +133,7 @@ changes: Fixed Finalizer logic when deleting Gatewayclasses Fixed MergeGateways panics when restarting control plane + - area: xds change: | Added Support for EDS cache @@ -138,6 +143,7 @@ changes: Fixed Requests not matching defined routes trigger per-route filters Bumped go-control-plane to v0.12.0 + - area: cli change: | Added Support for egctl x status diff --git a/release-notes/v1.0.0.yaml b/release-notes/v1.0.0.yaml index 50973f3fcae..cb0ed75a834 100644 --- a/release-notes/v1.0.0.yaml +++ b/release-notes/v1.0.0.yaml @@ -28,6 +28,7 @@ changes: Updated crd-ref-docs to 0.0.10 Updated Envoy proxy image to envoy:distroless-dev in main + - area: installation change: | Added Support for Pulling envoyGateway image from a private registry @@ -96,6 +97,7 @@ changes: change: | Replaced backend image from gcr.io/k8s-staging-ingressconformance/echoserver to gcr.io/k8s-staging-gateway-api/echo-basic + - area: testing change: | Added e2e test for Header Case-Preserving @@ -110,6 +112,7 @@ changes: Added e2e test for Weighted backend Added validation for LoadBalancerIP to prevent trailing period + - area: translator change: | Fixed Prefix match to prevent mismatching routes with the same prefix @@ -149,6 +152,7 @@ changes: Added Support for Upstream TLS to multiple Backends Added Validation for CA Cert in ClientTrafficPolicy + - area: providers change: | Added Support for multiple GatewayClass per controller @@ -157,6 +161,7 @@ changes: Fixed Finalizer logic when deleting Gatewayclasses Fixed MergeGateways panics when restarting control plane + - area: xds change: | Added Support for EDS cache @@ -166,6 +171,7 @@ changes: Fixed Requests not matching defined routes trigger per-route filters Bumped go-control-plane to v0.12.0 + - area: cli change: | Added Support for egctl x status diff --git a/release-notes/v1.1.0-rc.1.yaml b/release-notes/v1.1.0-rc.1.yaml index 54e227eb729..f7ed991997b 100644 --- a/release-notes/v1.1.0-rc.1.yaml +++ b/release-notes/v1.1.0-rc.1.yaml @@ -55,6 +55,7 @@ changes: Use helm-docs to generate chart docs Support Not-Implemented-Hide marker in API docs + - area: installation change: | Added new gateway-addons-helm chart for Observability @@ -67,6 +68,7 @@ changes: Updated Envoy Gateway ImagePullPolicy to IfNotPresent released charts Remove envoy-gateway-metrics-service and merge its contents into envoy-gateway service + - area: api change: | Added Support for Gateway-API v1.1.0 @@ -125,10 +127,12 @@ changes: Added Support for External Processing extension in EnvoyExtensionPolicy CRD Removed Status Print Column from xPolicy CRDs + breaking-change: | Gateway-API BackendTLSPolicy v1alpha3 is incompatible with previous versions of the CRD xPolicy targetRefs can no longer specify a namespace, since Gateway-API v1.1.0 uses LocalPolicyTargetReferenceWithSectionName in Policy resources + deprecation: | xPolicy targetRef is deprecated, use targetRefs instead SecurityPolicy ExtAuth BackendRef is deprecated, use BackendRefs instead @@ -137,10 +141,12 @@ changes: Proxy Tracing Provider Host and Port are deprecated, use backendRefs instead Envoy Gateway Extension Server Host and Port are deprecated, use BackendEndpoint instead + - area: conformance change: | Added Supported Features to Gateway Class + - area: testing change: | Added performance benchmarking test @@ -172,6 +178,7 @@ changes: Added OSV Scanner for Golang Vulnerabilities and Licenses Added Trivy scanner for Docker images + - area: translator change: | Added Support for BackendRef HTTP Filters @@ -217,13 +224,16 @@ changes: change: | Bumped K8s Client to v0.30.0 + - area: xds change: | Bumped go-control-plane to v0.12.1 + - area: cli change: | Added Support for Install and Uninstall Commands to egctl Added Support for xRoute and xPolicy in egctl x status Added Golang version to Envoy Gateway version command Fixed egctl x status gatewayclass example message + diff --git a/release-notes/v1.1.0.yaml b/release-notes/v1.1.0.yaml index f6bc4af47f7..bad41982112 100644 --- a/release-notes/v1.1.0.yaml +++ b/release-notes/v1.1.0.yaml @@ -63,6 +63,7 @@ changes: Use helm-docs to generate chart docs Support Not-Implemented-Hide marker in API docs + - area: installation change: | Added startupProbe to all provisioned containers to reduce risk of restart @@ -76,6 +77,7 @@ changes: Updated Envoy Gateway ImagePullPolicy to IfNotPresent released charts Remove envoy-gateway-metrics-service and merge its contents into envoy-gateway service + - area: api change: | Added Support for Gateway-API v1.1.0 @@ -134,11 +136,13 @@ changes: Added Support for External Processing extension in EnvoyExtensionPolicy CRD Removed Status Print Column from xPolicy CRDs + breaking-change: | SecurityPolicy translation failures will now cause routes referenced by the policy to return an immediate 500 response Gateway-API BackendTLSPolicy v1alpha3 is incompatible with previous versions of the CRD xPolicy targetRefs can no longer specify a namespace, since Gateway-API v1.1.0 uses LocalPolicyTargetReferenceWithSectionName in Policy resources + deprecation: | xPolicy targetRef is deprecated, use targetRefs instead SecurityPolicy ExtAuth BackendRef is deprecated, use BackendRefs instead @@ -147,10 +151,12 @@ changes: Proxy Tracing Provider Host and Port are deprecated, use backendRefs instead Envoy Gateway Extension Server Host and Port are deprecated, use BackendEndpoint instead + - area: conformance change: | Added Supported Features to Gateway Class + - area: testing change: | Added e2e test for Client MTLS @@ -184,6 +190,7 @@ changes: Added OSV Scanner for Golang Vulnerabilities and Licenses Added Trivy scanner for Docker images + - area: translator change: | Added Support for BackendRef HTTP Filters @@ -229,10 +236,12 @@ changes: change: | Bumped K8s Client to v0.30.0 + - area: xds change: | Bumped go-control-plane to v0.12.1 + - area: cli change: | Added egctl x collect command @@ -240,3 +249,4 @@ changes: Added Support for xRoute and xPolicy in egctl x status Added Golang version to Envoy Gateway version command Fixed egctl x status gatewayclass example message + diff --git a/release-notes/v1.1.1.yaml b/release-notes/v1.1.1.yaml index 492b880cf00..ac5f40ea678 100644 --- a/release-notes/v1.1.1.yaml +++ b/release-notes/v1.1.1.yaml @@ -5,14 +5,17 @@ changes: change: | Bumped Golang version to 1.22.7 + - area: conformance change: | Enabled GatewayHTTPListenerIsolation test + - area: testing change: | Fix download URL of envoy proxy WASM examples used in tests + - area: translator change: | Fixed url rewrite to remove trailing slash @@ -24,13 +27,16 @@ changes: Fixed support for empty SlowStart configuration when using LeastRequest loadbalancing Fixed update of status for Backends + - area: infra-manager change: | Pin ratelimit version to 26f28d78 Reduce readinessProbe failureThreshold and periodSeconds of proxy Expose ratelimit statsd + - area: providers change: | Fixed error returned when referenced Configmap or Secret is not found Use component name in Envoy Gateway logs + diff --git a/release-notes/v1.1.2.yaml b/release-notes/v1.1.2.yaml index 19751bb6c88..a257ea677f6 100644 --- a/release-notes/v1.1.2.yaml +++ b/release-notes/v1.1.2.yaml @@ -5,6 +5,7 @@ changes: change: | Fixed handling of sectionName in BackendTLSPolicy for Backend resource + - area: infra-manager change: | Pin Envoy Proxy version to v1.32.2 diff --git a/release-notes/v1.1.3.yaml b/release-notes/v1.1.3.yaml index d19c8ca38d4..7e2f9070888 100644 --- a/release-notes/v1.1.3.yaml +++ b/release-notes/v1.1.3.yaml @@ -25,3 +25,4 @@ performance improvements: | Other changes: | Bumped Envoy proxy to 1.31.3 Bumped github.com/docker/docker to 27.3.1+incompatible + diff --git a/release-notes/v1.1.4.yaml b/release-notes/v1.1.4.yaml index 606a1f83792..09b06e829e2 100644 --- a/release-notes/v1.1.4.yaml +++ b/release-notes/v1.1.4.yaml @@ -13,3 +13,4 @@ bug fixes: | Other changes: | Bumped Rate Limit to 49af5cca Bumped golang.org/x/crypto to 0.31.0 + diff --git a/release-notes/v1.2.5.yaml b/release-notes/v1.2.5.yaml index 04b101d7f82..9e5cabbc041 100644 --- a/release-notes/v1.2.5.yaml +++ b/release-notes/v1.2.5.yaml @@ -1,5 +1,6 @@ date: January 14, 2025 + bug fixes: | Fixed a nil pointer error that occurred when a SecurityPolicy referred to a UDS backend. Fixed an issue where the Gateway API translator did not use the TLS configuration from the BackendTLSPolicy when connecting to the OIDC provider’s well-known endpoint. From 9ac60e75cf3127106e4ea7587b8107e5a3a091d2 Mon Sep 17 00:00:00 2001 From: ADITYA TIWARI <142050150+ADITYATIWARI342005@users.noreply.github.com> Date: Fri, 7 Nov 2025 04:49:46 +0000 Subject: [PATCH 16/16] fix: restore yaml files that were formatted Signed-off-by: ADITYA TIWARI <142050150+ADITYATIWARI342005@users.noreply.github.com> --- .github/workflows/codeql.yml | 6 +- .github/workflows/license-scan.yml | 2 +- .github/workflows/osv-scanner.yml | 4 +- .github/workflows/scorecard.yml | 2 +- ....envoyproxy.io_backendtrafficpolicies.yaml | 4 +- .../gateway.envoyproxy.io_envoyproxies.yaml | 24 -- ....envoyproxy.io_backendtrafficpolicies.yaml | 4 +- .../gateway.envoyproxy.io_envoyproxies.yaml | 24 -- examples/admin-console-config.yaml | 34 +-- examples/kubernetes/jwt/grpc-jwt.yaml | 22 +- examples/kubernetes/jwt/jwt.yaml | 56 ++-- .../kubernetes/metric/stats-compression.yaml | 2 +- examples/standalone/quickstart.yaml | 2 +- .../manifests/httproute.yaml | 1 - ...ficpolicy-with-ratelimit-both-type.in.yaml | 62 ----- ...icpolicy-with-ratelimit-both-type.out.yaml | 246 ------------------ ...ackendtrafficpolicy-with-ratelimit.in.yaml | 6 - ...ckendtrafficpolicy-with-ratelimit.out.yaml | 16 +- .../clienttrafficpolicy-http2.in.yaml | 1 - .../clienttrafficpolicy-http2.out.yaml | 4 +- .../testdata/custom-filter-order.in.yaml | 2 +- .../testdata/custom-filter-order.out.yaml | 4 +- ...-gateway-accesslog-with-bad-sinks.out.yaml | 5 + .../in/xds-ir/custom-filter-order.yaml | 2 +- .../xds-ir/jwt-from-multiple-listeners.yaml | 121 --------- .../in/xds-ir/ratelimit-both-type.yaml | 68 ----- .../xds-ir/custom-filter-order.listeners.yaml | 6 +- .../jwt-from-multiple-listeners.clusters.yaml | 105 -------- ...jwt-from-multiple-listeners.endpoints.yaml | 40 --- ...jwt-from-multiple-listeners.listeners.yaml | 116 --------- .../jwt-from-multiple-listeners.routes.yaml | 63 ----- .../local-ratelimit-distinct.routes.yaml | 86 +++--- .../out/xds-ir/local-ratelimit.routes.yaml | 110 ++++---- .../xds-ir/ratelimit-both-type.clusters.yaml | 104 -------- .../xds-ir/ratelimit-both-type.endpoints.yaml | 24 -- .../xds-ir/ratelimit-both-type.listeners.yaml | 51 ---- .../xds-ir/ratelimit-both-type.routes.yaml | 76 ------ .../xds-ir/ratelimit-both-type.secrets.yaml | 6 - site/docker-compose.yaml | 1 + test/config/helm/xds-name-scheme-v2.yaml | 2 +- .../tcproute-authorization-client-ip.yaml | 100 ------- test/helm/gateway-crds-helm/all.out.yaml | 28 +- .../envoy-gateway-crds.out.yaml | 28 +- tools/github-actions/setup-deps/action.yaml | 6 +- 44 files changed, 189 insertions(+), 1487 deletions(-) delete mode 100644 internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-both-type.in.yaml delete mode 100644 internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-both-type.out.yaml delete mode 100644 internal/xds/translator/testdata/in/xds-ir/jwt-from-multiple-listeners.yaml delete mode 100644 internal/xds/translator/testdata/in/xds-ir/ratelimit-both-type.yaml delete mode 100644 internal/xds/translator/testdata/out/xds-ir/jwt-from-multiple-listeners.clusters.yaml delete mode 100644 internal/xds/translator/testdata/out/xds-ir/jwt-from-multiple-listeners.endpoints.yaml delete mode 100644 internal/xds/translator/testdata/out/xds-ir/jwt-from-multiple-listeners.listeners.yaml delete mode 100644 internal/xds/translator/testdata/out/xds-ir/jwt-from-multiple-listeners.routes.yaml delete mode 100644 internal/xds/translator/testdata/out/xds-ir/ratelimit-both-type.clusters.yaml delete mode 100644 internal/xds/translator/testdata/out/xds-ir/ratelimit-both-type.endpoints.yaml delete mode 100644 internal/xds/translator/testdata/out/xds-ir/ratelimit-both-type.listeners.yaml delete mode 100644 internal/xds/translator/testdata/out/xds-ir/ratelimit-both-type.routes.yaml delete mode 100644 internal/xds/translator/testdata/out/xds-ir/ratelimit-both-type.secrets.yaml delete mode 100644 test/e2e/testdata/tcproute-authorization-client-ip.yaml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 6edca5c9ddc..f1b71766bae 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -36,14 +36,14 @@ jobs: - uses: ./tools/github-actions/setup-deps - name: Initialize CodeQL - uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v3.29.5 + uses: github/codeql-action/init@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v3.29.5 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@0499de31b99561a6d14a36a5f662c2a54f91beee # v3.29.5 + uses: github/codeql-action/autobuild@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v3.29.5 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v3.29.5 + uses: github/codeql-action/analyze@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v3.29.5 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/license-scan.yml b/.github/workflows/license-scan.yml index b43ac588e4b..d0bf9498245 100644 --- a/.github/workflows/license-scan.yml +++ b/.github/workflows/license-scan.yml @@ -18,7 +18,7 @@ jobs: - name: Checkout code uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Run scanner - uses: google/osv-scanner-action/osv-scanner-action@9bb69575e74019c2ad085a1860787043adf47ccb # v2.2.4 + uses: google/osv-scanner-action/osv-scanner-action@e92b5d07338d4f0ba0981dffed17c48976ca4730 # v2.2.3 with: scan-args: |- # See allowed licenses at https://github.com/cncf/foundation/blob/main/policies-guidance/allowed-third-party-license-policy.md#approved-licenses-for-allowlist --licenses=Apache-2.0,0BSD,BSD-2-Clause,BSD-2-Clause-FreeBSD,BSD-3-Clause,MIT,MIT-0,ISC,OpenSSL,OpenSSL-standalone,PSF-2.0,Python-2.0,Python-2.0.1,PostgreSQL,SSLeay-standalone,UPL-1.0,X11,Zlib diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml index db05aef0166..0c28e150935 100644 --- a/.github/workflows/osv-scanner.yml +++ b/.github/workflows/osv-scanner.yml @@ -19,7 +19,7 @@ permissions: jobs: scan-scheduled: if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }} - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@9bb69575e74019c2ad085a1860787043adf47ccb" # v2.2.4 + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@e92b5d07338d4f0ba0981dffed17c48976ca4730" # v2.2.3 with: scan-args: |- --recursive @@ -32,7 +32,7 @@ jobs: scan-pr: if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }} - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@9bb69575e74019c2ad085a1860787043adf47ccb" # v2.2.4 + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@e92b5d07338d4f0ba0981dffed17c48976ca4730" # v2.2.3 with: scan-args: |- --recursive diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index edf878bcbd4..bc87e003b80 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -40,6 +40,6 @@ jobs: retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v3.29.5 + uses: github/codeql-action/upload-sarif@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v3.29.5 with: sarif_file: results.sarif diff --git a/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml b/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml index be726b94603..180277e12ac 100644 --- a/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml +++ b/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml @@ -1544,12 +1544,12 @@ spec: description: |- Type decides the scope for the RateLimits. Valid RateLimitType values are "Global" or "Local". - - Deprecated: Use Global and/or Local fields directly instead. Both can be specified simultaneously for combined rate limiting. enum: - Global - Local type: string + required: + - type type: object requestBuffer: description: |- diff --git a/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_envoyproxies.yaml b/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_envoyproxies.yaml index c75d4d6f62a..40a504d7e16 100644 --- a/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_envoyproxies.yaml +++ b/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_envoyproxies.yaml @@ -292,8 +292,6 @@ spec: - envoy.filters.http.ext_authz - - envoy.filters.http.api_key_auth - - envoy.filters.http.basic_auth - envoy.filters.http.oauth2 @@ -302,8 +300,6 @@ spec: - envoy.filters.http.stateful_session - - envoy.filters.http.buffer - - envoy.filters.http.lua - envoy.filters.http.ext_proc @@ -316,16 +312,8 @@ spec: - envoy.filters.http.ratelimit - - envoy.filters.http.grpc_web - - - envoy.filters.http.grpc_stats - - envoy.filters.http.custom_response - - envoy.filters.http.credential_injector - - - envoy.filters.http.compressor - - envoy.filters.http.router Note: "envoy.filters.http.router" cannot be reordered, it's always the last filter in the chain. @@ -347,17 +335,13 @@ spec: - envoy.filters.http.oauth2 - envoy.filters.http.jwt_authn - envoy.filters.http.stateful_session - - envoy.filters.http.buffer - envoy.filters.http.lua - envoy.filters.http.ext_proc - envoy.filters.http.wasm - envoy.filters.http.rbac - envoy.filters.http.local_ratelimit - envoy.filters.http.ratelimit - - envoy.filters.http.grpc_web - - envoy.filters.http.grpc_stats - envoy.filters.http.custom_response - - envoy.filters.http.credential_injector - envoy.filters.http.compressor type: string before: @@ -374,17 +358,13 @@ spec: - envoy.filters.http.oauth2 - envoy.filters.http.jwt_authn - envoy.filters.http.stateful_session - - envoy.filters.http.buffer - envoy.filters.http.lua - envoy.filters.http.ext_proc - envoy.filters.http.wasm - envoy.filters.http.rbac - envoy.filters.http.local_ratelimit - envoy.filters.http.ratelimit - - envoy.filters.http.grpc_web - - envoy.filters.http.grpc_stats - envoy.filters.http.custom_response - - envoy.filters.http.credential_injector - envoy.filters.http.compressor type: string name: @@ -399,17 +379,13 @@ spec: - envoy.filters.http.oauth2 - envoy.filters.http.jwt_authn - envoy.filters.http.stateful_session - - envoy.filters.http.buffer - envoy.filters.http.lua - envoy.filters.http.ext_proc - envoy.filters.http.wasm - envoy.filters.http.rbac - envoy.filters.http.local_ratelimit - envoy.filters.http.ratelimit - - envoy.filters.http.grpc_web - - envoy.filters.http.grpc_stats - envoy.filters.http.custom_response - - envoy.filters.http.credential_injector - envoy.filters.http.compressor type: string required: diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml index f0fa3b569ce..42308f8f34d 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml @@ -1543,12 +1543,12 @@ spec: description: |- Type decides the scope for the RateLimits. Valid RateLimitType values are "Global" or "Local". - - Deprecated: Use Global and/or Local fields directly instead. Both can be specified simultaneously for combined rate limiting. enum: - Global - Local type: string + required: + - type type: object requestBuffer: description: |- diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml index 2d329615a20..02f18ac84bc 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml @@ -291,8 +291,6 @@ spec: - envoy.filters.http.ext_authz - - envoy.filters.http.api_key_auth - - envoy.filters.http.basic_auth - envoy.filters.http.oauth2 @@ -301,8 +299,6 @@ spec: - envoy.filters.http.stateful_session - - envoy.filters.http.buffer - - envoy.filters.http.lua - envoy.filters.http.ext_proc @@ -315,16 +311,8 @@ spec: - envoy.filters.http.ratelimit - - envoy.filters.http.grpc_web - - - envoy.filters.http.grpc_stats - - envoy.filters.http.custom_response - - envoy.filters.http.credential_injector - - - envoy.filters.http.compressor - - envoy.filters.http.router Note: "envoy.filters.http.router" cannot be reordered, it's always the last filter in the chain. @@ -346,17 +334,13 @@ spec: - envoy.filters.http.oauth2 - envoy.filters.http.jwt_authn - envoy.filters.http.stateful_session - - envoy.filters.http.buffer - envoy.filters.http.lua - envoy.filters.http.ext_proc - envoy.filters.http.wasm - envoy.filters.http.rbac - envoy.filters.http.local_ratelimit - envoy.filters.http.ratelimit - - envoy.filters.http.grpc_web - - envoy.filters.http.grpc_stats - envoy.filters.http.custom_response - - envoy.filters.http.credential_injector - envoy.filters.http.compressor type: string before: @@ -373,17 +357,13 @@ spec: - envoy.filters.http.oauth2 - envoy.filters.http.jwt_authn - envoy.filters.http.stateful_session - - envoy.filters.http.buffer - envoy.filters.http.lua - envoy.filters.http.ext_proc - envoy.filters.http.wasm - envoy.filters.http.rbac - envoy.filters.http.local_ratelimit - envoy.filters.http.ratelimit - - envoy.filters.http.grpc_web - - envoy.filters.http.grpc_stats - envoy.filters.http.custom_response - - envoy.filters.http.credential_injector - envoy.filters.http.compressor type: string name: @@ -398,17 +378,13 @@ spec: - envoy.filters.http.oauth2 - envoy.filters.http.jwt_authn - envoy.filters.http.stateful_session - - envoy.filters.http.buffer - envoy.filters.http.lua - envoy.filters.http.ext_proc - envoy.filters.http.wasm - envoy.filters.http.rbac - envoy.filters.http.local_ratelimit - envoy.filters.http.ratelimit - - envoy.filters.http.grpc_web - - envoy.filters.http.grpc_stats - envoy.filters.http.custom_response - - envoy.filters.http.credential_injector - envoy.filters.http.compressor type: string required: diff --git a/examples/admin-console-config.yaml b/examples/admin-console-config.yaml index 1ed6518fc0b..7fda3fc39b4 100644 --- a/examples/admin-console-config.yaml +++ b/examples/admin-console-config.yaml @@ -16,8 +16,8 @@ spec: watch: type: Namespaces namespaces: - - default - - app-namespace + - default + - app-namespace # Admin server configuration admin: @@ -54,11 +54,11 @@ spec: prometheus: disable: false sinks: - - type: OpenTelemetry - openTelemetry: - host: otel-collector.monitoring.svc.cluster.local - port: 4317 - protocol: grpc + - type: OpenTelemetry + openTelemetry: + host: otel-collector.monitoring.svc.cluster.local + port: 4317 + protocol: grpc --- # Example: Production configuration with console disabled @@ -77,8 +77,8 @@ spec: watch: type: Namespaces namespaces: - - production - - staging + - production + - staging # Production admin configuration - more restrictive admin: @@ -117,9 +117,9 @@ spec: watch: type: Namespaces namespaces: - - default - - development - - testing + - default + - development + - testing # Development admin configuration - all features enabled admin: @@ -148,8 +148,8 @@ spec: prometheus: disable: false sinks: - - type: OpenTelemetry - openTelemetry: - host: jaeger-collector.observability.svc.cluster.local - port: 4317 - protocol: grpc + - type: OpenTelemetry + openTelemetry: + host: jaeger-collector.observability.svc.cluster.local + port: 4317 + protocol: grpc diff --git a/examples/kubernetes/jwt/grpc-jwt.yaml b/examples/kubernetes/jwt/grpc-jwt.yaml index 8c4aebd3bc5..c841ddb7225 100644 --- a/examples/kubernetes/jwt/grpc-jwt.yaml +++ b/examples/kubernetes/jwt/grpc-jwt.yaml @@ -9,9 +9,9 @@ spec: name: yages jwt: providers: - - name: example - remoteJWKS: - uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json + - name: example + remoteJWKS: + uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json --- apiVersion: gateway.networking.k8s.io/v1 kind: GRPCRoute @@ -21,13 +21,13 @@ metadata: example: grpc-routing spec: parentRefs: - - name: example-gateway + - name: example-gateway hostnames: - - "grpc-example.com" + - "grpc-example.com" rules: - - backendRefs: - - group: "" - kind: Service - name: yages - port: 9000 - weight: 1 + - backendRefs: + - group: "" + kind: Service + name: yages + port: 9000 + weight: 1 diff --git a/examples/kubernetes/jwt/jwt.yaml b/examples/kubernetes/jwt/jwt.yaml index 591d0311e50..a5ba7f4c100 100644 --- a/examples/kubernetes/jwt/jwt.yaml +++ b/examples/kubernetes/jwt/jwt.yaml @@ -9,10 +9,10 @@ spec: name: foo jwt: providers: - - name: example - remoteJWKS: - uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json - cacheDuration: 60s + - name: example + remoteJWKS: + uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json + cacheDuration: 60s --- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute @@ -20,20 +20,20 @@ metadata: name: foo spec: parentRefs: - - name: eg + - name: eg hostnames: - - "www.example.com" + - "www.example.com" rules: - - backendRefs: - - group: "" - kind: Service - name: backend - port: 3000 - weight: 1 - matches: - - path: - type: PathPrefix - value: /foo + - backendRefs: + - group: "" + kind: Service + name: backend + port: 3000 + weight: 1 + matches: + - path: + type: PathPrefix + value: /foo --- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute @@ -41,17 +41,17 @@ metadata: name: bar spec: parentRefs: - - name: eg + - name: eg hostnames: - - "www.example.com" + - "www.example.com" rules: - - backendRefs: - - group: "" - kind: Service - name: backend - port: 3000 - weight: 1 - matches: - - path: - type: PathPrefix - value: /bar + - backendRefs: + - group: "" + kind: Service + name: backend + port: 3000 + weight: 1 + matches: + - path: + type: PathPrefix + value: /bar diff --git a/examples/kubernetes/metric/stats-compression.yaml b/examples/kubernetes/metric/stats-compression.yaml index 4c650656090..e3a183665c3 100644 --- a/examples/kubernetes/metric/stats-compression.yaml +++ b/examples/kubernetes/metric/stats-compression.yaml @@ -20,4 +20,4 @@ spec: metrics: prometheus: compression: - type: Gzip ## Supported types are Gzip, Brotli, and Zstd + type: Gzip ## Supported types are Gzip, Brotli, and Zstd diff --git a/examples/standalone/quickstart.yaml b/examples/standalone/quickstart.yaml index e7a5cda07e5..4ccf2ce8efd 100644 --- a/examples/standalone/quickstart.yaml +++ b/examples/standalone/quickstart.yaml @@ -42,5 +42,5 @@ metadata: spec: endpoints: - ip: - address: 0.0.0.0 # this address is for demo purpose only, do not use it in production! + address: 0.0.0.0 # this address is for demo purpose only, do not use it in production! port: 3000 diff --git a/examples/static-file-server/manifests/httproute.yaml b/examples/static-file-server/manifests/httproute.yaml index adb7fcabd03..beaefdbb423 100644 --- a/examples/static-file-server/manifests/httproute.yaml +++ b/examples/static-file-server/manifests/httproute.yaml @@ -20,4 +20,3 @@ spec: type: PathPrefix value: /wasm --- - diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-both-type.in.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-both-type.in.yaml deleted file mode 100644 index b7f7255b875..00000000000 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-both-type.in.yaml +++ /dev/null @@ -1,62 +0,0 @@ -gateways: -- apiVersion: gateway.networking.k8s.io/v1 - kind: Gateway - metadata: - namespace: envoy-gateway - name: gateway-1 - spec: - gatewayClassName: envoy-gateway-class - listeners: - - name: http - protocol: HTTP - port: 80 - allowedRoutes: - namespaces: - from: All -grpcRoutes: -- apiVersion: gateway.networking.k8s.io/v1alpha2 - kind: GRPCRoute - metadata: - namespace: default - name: grpcroute-1 - spec: - parentRefs: - - namespace: envoy-gateway - name: gateway-1 - sectionName: http - rules: - - backendRefs: - - name: service-1 - port: 8080 -backendTrafficPolicies: -- apiVersion: gateway.envoyproxy.io/v1alpha1 - kind: BackendTrafficPolicy - metadata: - namespace: default - name: policy-for-grcp-route - spec: - targetRef: - group: gateway.networking.k8s.io - kind: GRPCRoute - name: grpcroute-1 - rateLimit: - global: - rules: - - clientSelectors: - - sourceCIDR: - type: "Distinct" - value: 192.168.0.0/16 - limit: - requests: 20 - unit: Hour - local: - rules: - - clientSelectors: - - headers: - - name: x-user-id - value: one - - name: x-org-id - value: foo - limit: - requests: 10 - unit: Hour diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-both-type.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-both-type.out.yaml deleted file mode 100644 index 27d7f6f7cd9..00000000000 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-both-type.out.yaml +++ /dev/null @@ -1,246 +0,0 @@ -backendTrafficPolicies: -- apiVersion: gateway.envoyproxy.io/v1alpha1 - kind: BackendTrafficPolicy - metadata: - name: policy-for-grcp-route - namespace: default - spec: - rateLimit: - global: - rules: - - clientSelectors: - - sourceCIDR: - type: Distinct - value: 192.168.0.0/16 - limit: - requests: 20 - unit: Hour - local: - rules: - - clientSelectors: - - headers: - - name: x-user-id - value: one - - name: x-org-id - value: foo - limit: - requests: 10 - unit: Hour - targetRef: - group: gateway.networking.k8s.io - kind: GRPCRoute - name: grpcroute-1 - status: - ancestors: - - ancestorRef: - group: gateway.networking.k8s.io - kind: Gateway - name: gateway-1 - namespace: envoy-gateway - sectionName: http - conditions: - - lastTransitionTime: null - message: Policy has been accepted. - reason: Accepted - status: "True" - type: Accepted - controllerName: gateway.envoyproxy.io/gatewayclass-controller -gateways: -- apiVersion: gateway.networking.k8s.io/v1 - kind: Gateway - metadata: - name: gateway-1 - namespace: envoy-gateway - spec: - gatewayClassName: envoy-gateway-class - listeners: - - allowedRoutes: - namespaces: - from: All - name: http - port: 80 - protocol: HTTP - status: - listeners: - - attachedRoutes: 1 - conditions: - - lastTransitionTime: null - message: Sending translated listener configuration to the data plane - reason: Programmed - status: "True" - type: Programmed - - lastTransitionTime: null - message: Listener has been successfully translated - reason: Accepted - status: "True" - type: Accepted - - lastTransitionTime: null - message: Listener references have been resolved - reason: ResolvedRefs - status: "True" - type: ResolvedRefs - name: http - supportedKinds: - - group: gateway.networking.k8s.io - kind: HTTPRoute - - group: gateway.networking.k8s.io - kind: GRPCRoute -grpcRoutes: -- apiVersion: gateway.networking.k8s.io/v1alpha2 - kind: GRPCRoute - metadata: - name: grpcroute-1 - namespace: default - spec: - parentRefs: - - name: gateway-1 - namespace: envoy-gateway - sectionName: http - rules: - - backendRefs: - - name: service-1 - port: 8080 - status: - parents: - - conditions: - - lastTransitionTime: null - message: Route is accepted - reason: Accepted - status: "True" - type: Accepted - - lastTransitionTime: null - message: Resolved all the Object references for the Route - reason: ResolvedRefs - status: "True" - type: ResolvedRefs - controllerName: gateway.envoyproxy.io/gatewayclass-controller - parentRef: - name: gateway-1 - namespace: envoy-gateway - sectionName: http -infraIR: - envoy-gateway/gateway-1: - proxy: - listeners: - - address: null - name: envoy-gateway/gateway-1/http - ports: - - containerPort: 10080 - name: http-80 - protocol: HTTP - servicePort: 80 - metadata: - labels: - gateway.envoyproxy.io/owning-gateway-name: gateway-1 - gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway - ownerReference: - kind: GatewayClass - name: envoy-gateway-class - name: envoy-gateway/gateway-1 - namespace: envoy-gateway-system -xdsIR: - envoy-gateway/gateway-1: - accessLog: - json: - - path: /dev/stdout - globalResources: - envoyClientCertificate: - certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= - name: envoy-gateway-system/envoy - privateKey: '[redacted]' - proxyServiceCluster: - metadata: - name: envoy-envoy-gateway-gateway-1-196ae069 - namespace: envoy-gateway-system - sectionName: "8080" - name: envoy-gateway/gateway-1 - settings: - - addressType: IP - endpoints: - - host: 7.6.5.4 - port: 8080 - zone: zone1 - metadata: - name: envoy-envoy-gateway-gateway-1-196ae069 - namespace: envoy-gateway-system - sectionName: "8080" - name: envoy-gateway/gateway-1 - protocol: TCP - http: - - address: 0.0.0.0 - externalPort: 80 - hostnames: - - '*' - isHTTP2: true - metadata: - kind: Gateway - name: gateway-1 - namespace: envoy-gateway - sectionName: http - name: envoy-gateway/gateway-1/http - path: - escapedSlashesAction: UnescapeAndRedirect - mergeSlashes: true - port: 10080 - routes: - - destination: - metadata: - kind: GRPCRoute - name: grpcroute-1 - namespace: default - name: grpcroute/default/grpcroute-1/rule/0 - settings: - - addressType: IP - endpoints: - - host: 7.7.7.7 - port: 8080 - metadata: - name: service-1 - namespace: default - sectionName: "8080" - name: grpcroute/default/grpcroute-1/rule/0/backend/0 - protocol: GRPC - weight: 1 - hostname: '*' - isHTTP2: true - metadata: - kind: GRPCRoute - name: grpcroute-1 - namespace: default - name: grpcroute/default/grpcroute-1/rule/0/match/-1/* - traffic: - rateLimit: - global: - rules: - - cidrMatch: - cidr: 192.168.0.0/16 - distinct: true - ip: 192.168.0.0 - isIPv6: false - maskLen: 16 - headerMatches: [] - limit: - requests: 20 - unit: Hour - name: default/policy-for-grcp-route/rule/0 - local: - default: - requests: 4294967295 - unit: Second - rules: - - headerMatches: - - distinct: false - exact: one - name: x-user-id - - distinct: false - exact: foo - name: x-org-id - limit: - requests: 10 - unit: Hour - name: default/policy-for-grcp-route/rule/0 - readyListener: - address: 0.0.0.0 - ipFamily: IPv4 - path: /ready - port: 19003 diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.in.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.in.yaml index ca70dbd1179..74cae0fc653 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.in.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.in.yaml @@ -114,9 +114,6 @@ backendTrafficPolicies: - name: x-org-id value: admin invert: true - path: - type: PathPrefix - value: "/user" limit: requests: 10 unit: Hour @@ -138,9 +135,6 @@ backendTrafficPolicies: - sourceCIDR: type: "Distinct" value: 192.168.0.0/16 - path: - type: PathPrefix - value: "/" limit: requests: 20 unit: Hour diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml index b261a0dfd95..ca29c7923e2 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml @@ -9,10 +9,7 @@ backendTrafficPolicies: global: rules: - clientSelectors: - - path: - type: PathPrefix - value: / - sourceCIDR: + - sourceCIDR: type: Distinct value: 192.168.0.0/16 cost: @@ -104,9 +101,6 @@ backendTrafficPolicies: - invert: true name: x-org-id value: admin - path: - type: PathPrefix - value: /user limit: requests: 10 unit: Hour @@ -496,10 +490,6 @@ xdsIR: requests: 10 unit: Hour name: envoy-gateway/policy-for-gateway/rule/0 - pathMatch: - distinct: false - name: "" - safeRegex: ^/user(/.*|\?.*|#.*|;.*|$) readyListener: address: 0.0.0.0 ipFamily: IPv4 @@ -593,10 +583,6 @@ xdsIR: requests: 20 unit: Hour name: default/policy-for-route/rule/0 - pathMatch: - distinct: false - name: "" - prefix: / requestCost: number: 1 responseCost: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-http2.in.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-http2.in.yaml index bbb3eb9e5a7..fd435bbb51e 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-http2.in.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-http2.in.yaml @@ -9,7 +9,6 @@ clientTrafficPolicies: initialStreamWindowSize: 64Ki initialConnectionWindowSize: 32Mi maxConcurrentStreams: 200 - onInvalidMessage: TerminateConnection targetRef: group: gateway.networking.k8s.io kind: Gateway diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-http2.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-http2.out.yaml index c89f9102c0c..8ee7f581708 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-http2.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-http2.out.yaml @@ -9,7 +9,6 @@ clientTrafficPolicies: initialConnectionWindowSize: 32Mi initialStreamWindowSize: 64Ki maxConcurrentStreams: 200 - onInvalidMessage: TerminateConnection targetRef: group: gateway.networking.k8s.io kind: Gateway @@ -192,7 +191,6 @@ xdsIR: initialConnectionWindowSize: 65536 initialStreamWindowSize: 33554432 maxConcurrentStreams: 200 - resetStreamOnError: false isHTTP2: false metadata: kind: Gateway @@ -208,6 +206,8 @@ xdsIR: externalPort: 8080 hostnames: - www.example.com + http2: + maxConcurrentStreams: 200 isHTTP2: false metadata: kind: Gateway diff --git a/internal/gatewayapi/testdata/custom-filter-order.in.yaml b/internal/gatewayapi/testdata/custom-filter-order.in.yaml index 11243797c3b..59c44d469a3 100644 --- a/internal/gatewayapi/testdata/custom-filter-order.in.yaml +++ b/internal/gatewayapi/testdata/custom-filter-order.in.yaml @@ -17,7 +17,7 @@ envoyProxyForGatewayClass: - name: envoy.filters.http.wasm before: envoy.filters.http.jwt_authn - name: envoy.filters.http.cors - after: envoy.filters.http.basic_auth + after: envoy.filters.http.basic_authn gateways: - apiVersion: gateway.networking.k8s.io/v1 kind: Gateway diff --git a/internal/gatewayapi/testdata/custom-filter-order.out.yaml b/internal/gatewayapi/testdata/custom-filter-order.out.yaml index 7c3df25abbe..f05f383f70e 100644 --- a/internal/gatewayapi/testdata/custom-filter-order.out.yaml +++ b/internal/gatewayapi/testdata/custom-filter-order.out.yaml @@ -135,7 +135,7 @@ infraIR: filterOrder: - before: envoy.filters.http.jwt_authn name: envoy.filters.http.wasm - - after: envoy.filters.http.basic_auth + - after: envoy.filters.http.basic_authn name: envoy.filters.http.cors logging: {} status: {} @@ -221,7 +221,7 @@ xdsIR: filterOrder: - before: envoy.filters.http.jwt_authn name: envoy.filters.http.wasm - - after: envoy.filters.http.basic_auth + - after: envoy.filters.http.basic_authn name: envoy.filters.http.cors globalResources: envoyClientCertificate: diff --git a/internal/gatewayapi/testdata/envoyproxy-gateway-accesslog-with-bad-sinks.out.yaml b/internal/gatewayapi/testdata/envoyproxy-gateway-accesslog-with-bad-sinks.out.yaml index 5da07c49ab5..a6bb55e49a8 100644 --- a/internal/gatewayapi/testdata/envoyproxy-gateway-accesslog-with-bad-sinks.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-gateway-accesslog-with-bad-sinks.out.yaml @@ -27,5 +27,10 @@ gateways: reason: InvalidParameters status: "False" type: Accepted + listeners: + - attachedRoutes: 0 + conditions: null + name: http + supportedKinds: null infraIR: {} xdsIR: {} diff --git a/internal/xds/translator/testdata/in/xds-ir/custom-filter-order.yaml b/internal/xds/translator/testdata/in/xds-ir/custom-filter-order.yaml index 053feeaf301..7f224f4f1b9 100644 --- a/internal/xds/translator/testdata/in/xds-ir/custom-filter-order.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/custom-filter-order.yaml @@ -1,7 +1,7 @@ filterOrder: - before: envoy.filters.http.jwt_authn name: envoy.filters.http.wasm -- after: envoy.filters.http.basic_auth +- after: envoy.filters.http.basic_authn name: envoy.filters.http.cors http: - address: 0.0.0.0 diff --git a/internal/xds/translator/testdata/in/xds-ir/jwt-from-multiple-listeners.yaml b/internal/xds/translator/testdata/in/xds-ir/jwt-from-multiple-listeners.yaml deleted file mode 100644 index 2edc562af00..00000000000 --- a/internal/xds/translator/testdata/in/xds-ir/jwt-from-multiple-listeners.yaml +++ /dev/null @@ -1,121 +0,0 @@ -# This file tests JWT configuration from multiple HTTP listeners sharing the same port won't overlap. -http: - - address: 0.0.0.0 - externalPort: 80 - hostnames: - - domain1.example.com - isHTTP2: false - metadata: - kind: Gateway - name: external-gateway - namespace: envoy-gateway-system - sectionName: domain1-example-com-http - name: envoy-gateway-system/external-gateway/domain1-example-com-http - path: - escapedSlashesAction: UnescapeAndRedirect - mergeSlashes: true - port: 10080 - routes: - - destination: - metadata: - kind: HTTPRoute - name: domain1 - namespace: ns1 - name: httproute/ns1/domain1/rule/0 - settings: - - addressType: IP - endpoints: - - host: 7.7.7.7 - port: 80 - metadata: - kind: Service - name: app1 - namespace: ns1 - sectionName: "80" - name: httproute/ns1/domain1/rule/0/backend/0 - protocol: HTTP - weight: 1 - hostname: domain1.example.com - isHTTP2: false - metadata: - kind: HTTPRoute - name: domain1 - namespace: ns1 - name: httproute/ns1/domain1/rule/0/match/0/domain1_example_com - pathMatch: - distinct: false - name: "" - prefix: / - security: - jwt: - allowMissing: true - providers: - - extractFrom: - cookies: - - AccessTokenDomain1 - issuer: https://accounts.google.com - name: jwt1 - remoteJWKS: - uri: https://www.googleapis.com/oauth2/v3/certs - - address: 0.0.0.0 - externalPort: 80 - hostnames: - - domain2.example.com - isHTTP2: false - metadata: - kind: Gateway - name: external-gateway - namespace: envoy-gateway-system - sectionName: domain2-example-com-http - name: envoy-gateway-system/external-gateway/domain2-example-com-http - path: - escapedSlashesAction: UnescapeAndRedirect - mergeSlashes: true - port: 10080 - routes: - - destination: - metadata: - kind: HTTPRoute - name: domain2 - namespace: ns2 - name: httproute/ns2/domain2/rule/0 - settings: - - addressType: IP - endpoints: - - host: 9.9.9.9 - port: 80 - metadata: - kind: Service - name: app2 - namespace: ns2 - sectionName: "80" - name: httproute/ns2/domain2/rule/0/backend/0 - protocol: HTTP - weight: 1 - hostname: domain2.example.com - isHTTP2: false - metadata: - kind: HTTPRoute - name: domain2 - namespace: ns2 - name: httproute/ns2/domain2/rule/0/match/0/domain2_example_com - pathMatch: - distinct: false - name: "" - prefix: / - security: - jwt: - allowMissing: true - providers: - - extractFrom: - cookies: - - AccessTokenDomain2 - issuer: https://accounts.google.com - name: jwt2 - remoteJWKS: - uri: https://www.googleapis.com/oauth2/v3/certs -readyListener: - address: 0.0.0.0 - ipFamily: IPv4 - path: /ready - port: 19003 diff --git a/internal/xds/translator/testdata/in/xds-ir/ratelimit-both-type.yaml b/internal/xds/translator/testdata/in/xds-ir/ratelimit-both-type.yaml deleted file mode 100644 index 47c75eaaeaf..00000000000 --- a/internal/xds/translator/testdata/in/xds-ir/ratelimit-both-type.yaml +++ /dev/null @@ -1,68 +0,0 @@ -globalResources: - envoyClientCertificate: - name: envoy-gateway-system/envoy - privateKey: [107, 101, 121, 45, 100, 97, 116, 97] - certificate: [99, 101, 114, 116, 45, 100, 97, 116, 97] -http: -- name: "first-listener" - address: "::" - port: 10080 - hostnames: - - "*" - path: - mergeSlashes: true - escapedSlashesAction: UnescapeAndRedirect - routes: - - name: "first-route" - hostname: "*" - traffic: - rateLimit: - global: - rules: - - headerMatches: - - name: "x-user-id" - exact: "one" - limit: - requests: 5 - unit: second - pathMatch: - exact: "foo/bar" - destination: - name: "first-route-dest" - settings: - - endpoints: - - host: "1.2.3.4" - port: 50000 - name: "first-route-dest/backend/0" - - name: "second-route" - hostname: "*" - traffic: - rateLimit: - global: - rules: - - headerMatches: - - name: "x-user-id" - distinct: true - limit: - requests: 5 - unit: second - local: - default: - requests: 10 - unit: Minute - rules: - - headerMatches: - - name: x-user-id - exact: one - limit: - requests: 10 - unit: Hour - pathMatch: - exact: "example" - destination: - name: "second-route-dest" - settings: - - endpoints: - - host: "1.2.3.4" - port: 50000 - name: "second-route-dest/backend/0" diff --git a/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.listeners.yaml index 9d4df0182e1..14804eca768 100644 --- a/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.listeners.yaml @@ -14,15 +14,15 @@ initialStreamWindowSize: 65536 maxConcurrentStreams: 100 httpFilters: + - name: envoy.filters.http.cors + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.cors.v3.Cors - disabled: true name: envoy.filters.http.basic_auth/securitypolicy/envoy-gateway/policy-for-gateway typedConfig: '@type': type.googleapis.com/envoy.extensions.filters.http.basic_auth.v3.BasicAuth users: inlineBytes: dXNlcjE6e1NIQX10RVNzQm1FL3lOWTNsYjZhMEw2dlZRRVpOcXc9CnVzZXIyOntTSEF9RUo5TFBGRFhzTjl5blNtYnh2anA3NUJtbHg4PQo= - - name: envoy.filters.http.cors - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.cors.v3.Cors - disabled: true name: envoy.filters.http.wasm/envoyextensionpolicy/envoy-gateway/policy-for-gateway/0 typedConfig: diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-from-multiple-listeners.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-from-multiple-listeners.clusters.yaml deleted file mode 100644 index 578e27762db..00000000000 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-from-multiple-listeners.clusters.yaml +++ /dev/null @@ -1,105 +0,0 @@ -- circuitBreakers: - thresholds: - - maxRetries: 1024 - commonLbConfig: {} - connectTimeout: 10s - dnsLookupFamily: V4_PREFERRED - edsClusterConfig: - edsConfig: - ads: {} - resourceApiVersion: V3 - serviceName: httproute/ns1/domain1/rule/0 - ignoreHealthOnHostRemoval: true - lbPolicy: LEAST_REQUEST - loadBalancingPolicy: - policies: - - typedExtensionConfig: - name: envoy.load_balancing_policies.least_request - typedConfig: - '@type': type.googleapis.com/envoy.extensions.load_balancing_policies.least_request.v3.LeastRequest - localityLbConfig: - localityWeightedLbConfig: {} - metadata: - filterMetadata: - envoy-gateway: - resources: - - kind: HTTPRoute - name: domain1 - namespace: ns1 - name: httproute/ns1/domain1/rule/0 - perConnectionBufferLimitBytes: 32768 - type: EDS -- circuitBreakers: - thresholds: - - maxRetries: 1024 - commonLbConfig: {} - connectTimeout: 10s - dnsLookupFamily: V4_PREFERRED - dnsRefreshRate: 30s - ignoreHealthOnHostRemoval: true - lbPolicy: LEAST_REQUEST - loadAssignment: - clusterName: www_googleapis_com_443 - endpoints: - - lbEndpoints: - - endpoint: - address: - socketAddress: - address: www.googleapis.com - portValue: 443 - loadBalancingWeight: 1 - loadBalancingWeight: 1 - locality: - region: www_googleapis_com_443/backend/-1 - loadBalancingPolicy: - policies: - - typedExtensionConfig: - name: envoy.load_balancing_policies.least_request - typedConfig: - '@type': type.googleapis.com/envoy.extensions.load_balancing_policies.least_request.v3.LeastRequest - localityLbConfig: - localityWeightedLbConfig: {} - name: www_googleapis_com_443 - perConnectionBufferLimitBytes: 32768 - respectDnsTtl: true - transportSocket: - name: envoy.transport_sockets.tls - typedConfig: - '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext - commonTlsContext: - validationContext: - trustedCa: - filename: /etc/ssl/certs/ca-certificates.crt - sni: www.googleapis.com - type: STRICT_DNS -- circuitBreakers: - thresholds: - - maxRetries: 1024 - commonLbConfig: {} - connectTimeout: 10s - dnsLookupFamily: V4_PREFERRED - edsClusterConfig: - edsConfig: - ads: {} - resourceApiVersion: V3 - serviceName: httproute/ns2/domain2/rule/0 - ignoreHealthOnHostRemoval: true - lbPolicy: LEAST_REQUEST - loadBalancingPolicy: - policies: - - typedExtensionConfig: - name: envoy.load_balancing_policies.least_request - typedConfig: - '@type': type.googleapis.com/envoy.extensions.load_balancing_policies.least_request.v3.LeastRequest - localityLbConfig: - localityWeightedLbConfig: {} - metadata: - filterMetadata: - envoy-gateway: - resources: - - kind: HTTPRoute - name: domain2 - namespace: ns2 - name: httproute/ns2/domain2/rule/0 - perConnectionBufferLimitBytes: 32768 - type: EDS diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-from-multiple-listeners.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-from-multiple-listeners.endpoints.yaml deleted file mode 100644 index e3eba986364..00000000000 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-from-multiple-listeners.endpoints.yaml +++ /dev/null @@ -1,40 +0,0 @@ -- clusterName: httproute/ns1/domain1/rule/0 - endpoints: - - lbEndpoints: - - endpoint: - address: - socketAddress: - address: 7.7.7.7 - portValue: 80 - loadBalancingWeight: 1 - loadBalancingWeight: 1 - locality: - region: httproute/ns1/domain1/rule/0/backend/0 - metadata: - filterMetadata: - envoy-gateway: - resources: - - kind: Service - name: app1 - namespace: ns1 - sectionName: "80" -- clusterName: httproute/ns2/domain2/rule/0 - endpoints: - - lbEndpoints: - - endpoint: - address: - socketAddress: - address: 9.9.9.9 - portValue: 80 - loadBalancingWeight: 1 - loadBalancingWeight: 1 - locality: - region: httproute/ns2/domain2/rule/0/backend/0 - metadata: - filterMetadata: - envoy-gateway: - resources: - - kind: Service - name: app2 - namespace: ns2 - sectionName: "80" diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-from-multiple-listeners.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-from-multiple-listeners.listeners.yaml deleted file mode 100644 index 7cf5e6201d5..00000000000 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-from-multiple-listeners.listeners.yaml +++ /dev/null @@ -1,116 +0,0 @@ -- address: - socketAddress: - address: 0.0.0.0 - portValue: 19003 - bypassOverloadManager: true - filterChains: - - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.health_check - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck - headers: - - name: :path - stringMatch: - exact: /ready - passThroughMode: false - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - suppressEnvoyHeaders: true - routeConfig: - name: ready_route - virtualHosts: - - domains: - - '*' - name: ready_route - routes: - - directResponse: - status: 500 - match: - prefix: / - statPrefix: eg-ready-http - name: envoy-gateway-proxy-ready-0.0.0.0-19003 -- address: - socketAddress: - address: 0.0.0.0 - portValue: 10080 - defaultFilterChain: - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - commonHttpProtocolOptions: - headersWithUnderscoresAction: REJECT_REQUEST - http2ProtocolOptions: - initialConnectionWindowSize: 1048576 - initialStreamWindowSize: 65536 - maxConcurrentStreams: 100 - httpFilters: - - name: envoy.filters.http.jwt_authn - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication - providers: - httproute/ns1/domain1/rule/0/match/0/domain1_example_com/jwt1: - forward: true - fromCookies: - - AccessTokenDomain1 - issuer: https://accounts.google.com - normalizePayloadInMetadata: - spaceDelimitedClaims: - - scope - payloadInMetadata: jwt1 - remoteJwks: - asyncFetch: {} - httpUri: - cluster: www_googleapis_com_443 - timeout: 10s - uri: https://www.googleapis.com/oauth2/v3/certs - httproute/ns2/domain2/rule/0/match/0/domain2_example_com/jwt2: - forward: true - fromCookies: - - AccessTokenDomain2 - issuer: https://accounts.google.com - normalizePayloadInMetadata: - spaceDelimitedClaims: - - scope - payloadInMetadata: jwt2 - remoteJwks: - asyncFetch: {} - httpUri: - cluster: www_googleapis_com_443 - timeout: 10s - uri: https://www.googleapis.com/oauth2/v3/certs - requirementMap: - httproute/ns1/domain1/rule/0/match/0/domain1_example_com: - requiresAny: - requirements: - - providerName: httproute/ns1/domain1/rule/0/match/0/domain1_example_com/jwt1 - - allowMissing: {} - httproute/ns2/domain2/rule/0/match/0/domain2_example_com: - requiresAny: - requirements: - - providerName: httproute/ns2/domain2/rule/0/match/0/domain2_example_com/jwt2 - - allowMissing: {} - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - suppressEnvoyHeaders: true - mergeSlashes: true - normalizePath: true - pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT - rds: - configSource: - ads: {} - resourceApiVersion: V3 - routeConfigName: envoy-gateway-system/external-gateway/domain1-example-com-http - serverHeaderTransformation: PASS_THROUGH - statPrefix: http-10080 - useRemoteAddress: true - name: envoy-gateway-system/external-gateway/domain1-example-com-http - maxConnectionsToAcceptPerSocketEvent: 1 - name: envoy-gateway-system/external-gateway/domain1-example-com-http - perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-from-multiple-listeners.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-from-multiple-listeners.routes.yaml deleted file mode 100644 index e13818e7078..00000000000 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-from-multiple-listeners.routes.yaml +++ /dev/null @@ -1,63 +0,0 @@ -- ignorePortInHostMatching: true - name: envoy-gateway-system/external-gateway/domain1-example-com-http - virtualHosts: - - domains: - - domain1.example.com - metadata: - filterMetadata: - envoy-gateway: - resources: - - kind: Gateway - name: external-gateway - namespace: envoy-gateway-system - sectionName: domain1-example-com-http - name: envoy-gateway-system/external-gateway/domain1-example-com-http/domain1_example_com - routes: - - match: - prefix: / - metadata: - filterMetadata: - envoy-gateway: - resources: - - kind: HTTPRoute - name: domain1 - namespace: ns1 - name: httproute/ns1/domain1/rule/0/match/0/domain1_example_com - route: - cluster: httproute/ns1/domain1/rule/0 - upgradeConfigs: - - upgradeType: websocket - typedPerFilterConfig: - envoy.filters.http.jwt_authn: - '@type': type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.PerRouteConfig - requirementName: httproute/ns1/domain1/rule/0/match/0/domain1_example_com - - domains: - - domain2.example.com - metadata: - filterMetadata: - envoy-gateway: - resources: - - kind: Gateway - name: external-gateway - namespace: envoy-gateway-system - sectionName: domain2-example-com-http - name: envoy-gateway-system/external-gateway/domain2-example-com-http/domain2_example_com - routes: - - match: - prefix: / - metadata: - filterMetadata: - envoy-gateway: - resources: - - kind: HTTPRoute - name: domain2 - namespace: ns2 - name: httproute/ns2/domain2/rule/0/match/0/domain2_example_com - route: - cluster: httproute/ns2/domain2/rule/0 - upgradeConfigs: - - upgradeType: websocket - typedPerFilterConfig: - envoy.filters.http.jwt_authn: - '@type': type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.PerRouteConfig - requirementName: httproute/ns2/domain2/rule/0/match/0/domain2_example_com diff --git a/internal/xds/translator/testdata/out/xds-ir/local-ratelimit-distinct.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/local-ratelimit-distinct.routes.yaml index cd84f782560..65cce8400e9 100644 --- a/internal/xds/translator/testdata/out/xds-ir/local-ratelimit-distinct.routes.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/local-ratelimit-distinct.routes.yaml @@ -10,6 +10,11 @@ name: first-route-ratelimit-distinct-ip route: cluster: first-route-dest + rateLimits: + - actions: + - requestHeaders: + descriptorKey: rule-0-match-0 + headerName: x-user-id upgradeConfigs: - upgradeType: websocket typedPerFilterConfig: @@ -30,11 +35,6 @@ filterEnforced: defaultValue: numerator: 100 - rateLimits: - - actions: - - requestHeaders: - descriptorKey: rule-0-match-0 - headerName: x-user-id statPrefix: http_local_rate_limiter tokenBucket: fillInterval: 60s @@ -45,6 +45,44 @@ name: second-route-ratelimit-multiple-rules route: cluster: second-route-dest + rateLimits: + - actions: + - headerValueMatch: + descriptorKey: rule-0-match-0 + descriptorValue: rule-0-match-0 + expectMatch: true + headers: + - name: x-user-id + stringMatch: + exact: one + - headerValueMatch: + descriptorKey: rule-0-match-1 + descriptorValue: rule-0-match-1 + expectMatch: true + headers: + - name: x-org-id + stringMatch: + exact: foo + - actions: + - headerValueMatch: + descriptorKey: rule-1-match-0 + descriptorValue: rule-1-match-0 + expectMatch: true + headers: + - name: x-user-id + stringMatch: + exact: two + - headerValueMatch: + descriptorKey: rule-1-match-1 + descriptorValue: rule-1-match-1 + expectMatch: true + headers: + - name: x-org-id + stringMatch: + exact: bar + - maskedRemoteAddress: + v4PrefixMaskLen: 16 + - remoteAddress: {} upgradeConfigs: - upgradeType: websocket typedPerFilterConfig: @@ -80,44 +118,6 @@ filterEnforced: defaultValue: numerator: 100 - rateLimits: - - actions: - - headerValueMatch: - descriptorKey: rule-0-match-0 - descriptorValue: rule-0-match-0 - expectMatch: true - headers: - - name: x-user-id - stringMatch: - exact: one - - headerValueMatch: - descriptorKey: rule-0-match-1 - descriptorValue: rule-0-match-1 - expectMatch: true - headers: - - name: x-org-id - stringMatch: - exact: foo - - actions: - - headerValueMatch: - descriptorKey: rule-1-match-0 - descriptorValue: rule-1-match-0 - expectMatch: true - headers: - - name: x-user-id - stringMatch: - exact: two - - headerValueMatch: - descriptorKey: rule-1-match-1 - descriptorValue: rule-1-match-1 - expectMatch: true - headers: - - name: x-org-id - stringMatch: - exact: bar - - maskedRemoteAddress: - v4PrefixMaskLen: 16 - - remoteAddress: {} statPrefix: http_local_rate_limiter tokenBucket: fillInterval: 60s diff --git a/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.routes.yaml index c898c4e4d30..7fd4979238f 100644 --- a/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.routes.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.routes.yaml @@ -10,6 +10,24 @@ name: first-route-ratelimit-single-rule route: cluster: first-route-dest + rateLimits: + - actions: + - headerValueMatch: + descriptorKey: rule-0-match-0 + descriptorValue: rule-0-match-0 + expectMatch: true + headers: + - name: x-user-id + stringMatch: + exact: one + - headerValueMatch: + descriptorKey: rule-0-match-1 + descriptorValue: rule-0-match-1 + expectMatch: true + headers: + - name: x-org-id + stringMatch: + exact: foo upgradeConfigs: - upgradeType: websocket typedPerFilterConfig: @@ -33,24 +51,6 @@ filterEnforced: defaultValue: numerator: 100 - rateLimits: - - actions: - - headerValueMatch: - descriptorKey: rule-0-match-0 - descriptorValue: rule-0-match-0 - expectMatch: true - headers: - - name: x-user-id - stringMatch: - exact: one - - headerValueMatch: - descriptorKey: rule-0-match-1 - descriptorValue: rule-0-match-1 - expectMatch: true - headers: - - name: x-org-id - stringMatch: - exact: foo statPrefix: http_local_rate_limiter tokenBucket: fillInterval: 60s @@ -61,6 +61,43 @@ name: second-route-ratelimit-multiple-rules route: cluster: second-route-dest + rateLimits: + - actions: + - headerValueMatch: + descriptorKey: rule-0-match-0 + descriptorValue: rule-0-match-0 + expectMatch: true + headers: + - name: x-user-id + stringMatch: + exact: one + - headerValueMatch: + descriptorKey: rule-0-match-1 + descriptorValue: rule-0-match-1 + expectMatch: true + headers: + - name: x-org-id + stringMatch: + exact: foo + - actions: + - headerValueMatch: + descriptorKey: rule-1-match-0 + descriptorValue: rule-1-match-0 + expectMatch: true + headers: + - name: x-user-id + stringMatch: + exact: two + - headerValueMatch: + descriptorKey: rule-1-match-1 + descriptorValue: rule-1-match-1 + expectMatch: true + headers: + - name: x-org-id + stringMatch: + exact: bar + - maskedRemoteAddress: + v4PrefixMaskLen: 16 upgradeConfigs: - upgradeType: websocket typedPerFilterConfig: @@ -95,43 +132,6 @@ filterEnforced: defaultValue: numerator: 100 - rateLimits: - - actions: - - headerValueMatch: - descriptorKey: rule-0-match-0 - descriptorValue: rule-0-match-0 - expectMatch: true - headers: - - name: x-user-id - stringMatch: - exact: one - - headerValueMatch: - descriptorKey: rule-0-match-1 - descriptorValue: rule-0-match-1 - expectMatch: true - headers: - - name: x-org-id - stringMatch: - exact: foo - - actions: - - headerValueMatch: - descriptorKey: rule-1-match-0 - descriptorValue: rule-1-match-0 - expectMatch: true - headers: - - name: x-user-id - stringMatch: - exact: two - - headerValueMatch: - descriptorKey: rule-1-match-1 - descriptorValue: rule-1-match-1 - expectMatch: true - headers: - - name: x-org-id - stringMatch: - exact: bar - - maskedRemoteAddress: - v4PrefixMaskLen: 16 statPrefix: http_local_rate_limiter tokenBucket: fillInterval: 60s diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-both-type.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-both-type.clusters.yaml deleted file mode 100644 index 39e632c5b75..00000000000 --- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-both-type.clusters.yaml +++ /dev/null @@ -1,104 +0,0 @@ -- circuitBreakers: - thresholds: - - maxRetries: 1024 - commonLbConfig: {} - connectTimeout: 10s - dnsLookupFamily: V4_PREFERRED - edsClusterConfig: - edsConfig: - ads: {} - resourceApiVersion: V3 - serviceName: first-route-dest - ignoreHealthOnHostRemoval: true - lbPolicy: LEAST_REQUEST - loadBalancingPolicy: - policies: - - typedExtensionConfig: - name: envoy.load_balancing_policies.least_request - typedConfig: - '@type': type.googleapis.com/envoy.extensions.load_balancing_policies.least_request.v3.LeastRequest - localityLbConfig: - localityWeightedLbConfig: {} - name: first-route-dest - perConnectionBufferLimitBytes: 32768 - type: EDS -- circuitBreakers: - thresholds: - - maxRetries: 1024 - commonLbConfig: {} - connectTimeout: 10s - dnsLookupFamily: V4_PREFERRED - edsClusterConfig: - edsConfig: - ads: {} - resourceApiVersion: V3 - serviceName: second-route-dest - ignoreHealthOnHostRemoval: true - lbPolicy: LEAST_REQUEST - loadBalancingPolicy: - policies: - - typedExtensionConfig: - name: envoy.load_balancing_policies.least_request - typedConfig: - '@type': type.googleapis.com/envoy.extensions.load_balancing_policies.least_request.v3.LeastRequest - localityLbConfig: - localityWeightedLbConfig: {} - name: second-route-dest - perConnectionBufferLimitBytes: 32768 - type: EDS -- circuitBreakers: - thresholds: - - maxRetries: 1024 - commonLbConfig: {} - connectTimeout: 10s - dnsLookupFamily: V4_PREFERRED - dnsRefreshRate: 30s - ignoreHealthOnHostRemoval: true - lbPolicy: LEAST_REQUEST - loadAssignment: - clusterName: ratelimit_cluster - endpoints: - - lbEndpoints: - - endpoint: - address: - socketAddress: - address: envoy-ratelimit.envoy-gateway-system.svc.cluster.local - portValue: 8081 - loadBalancingWeight: 1 - loadBalancingWeight: 1 - locality: - region: ratelimit_cluster/backend/-1 - loadBalancingPolicy: - policies: - - typedExtensionConfig: - name: envoy.load_balancing_policies.least_request - typedConfig: - '@type': type.googleapis.com/envoy.extensions.load_balancing_policies.least_request.v3.LeastRequest - localityLbConfig: - localityWeightedLbConfig: {} - name: ratelimit_cluster - perConnectionBufferLimitBytes: 32768 - respectDnsTtl: true - transportSocket: - name: envoy.transport_sockets.tls - typedConfig: - '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext - commonTlsContext: - tlsCertificateSdsSecretConfigs: - - name: envoy-gateway-system/envoy - sdsConfig: - ads: {} - resourceApiVersion: V3 - tlsParams: - tlsMaximumProtocolVersion: TLSv1_3 - validationContext: - trustedCa: - filename: /certs/ca.crt - type: STRICT_DNS - typedExtensionProtocolOptions: - envoy.extensions.upstreams.http.v3.HttpProtocolOptions: - '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions - explicitHttpConfig: - http2ProtocolOptions: - initialConnectionWindowSize: 1048576 - initialStreamWindowSize: 65536 diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-both-type.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-both-type.endpoints.yaml deleted file mode 100644 index de95bf555b9..00000000000 --- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-both-type.endpoints.yaml +++ /dev/null @@ -1,24 +0,0 @@ -- clusterName: first-route-dest - endpoints: - - lbEndpoints: - - endpoint: - address: - socketAddress: - address: 1.2.3.4 - portValue: 50000 - loadBalancingWeight: 1 - loadBalancingWeight: 1 - locality: - region: first-route-dest/backend/0 -- clusterName: second-route-dest - endpoints: - - lbEndpoints: - - endpoint: - address: - socketAddress: - address: 1.2.3.4 - portValue: 50000 - loadBalancingWeight: 1 - loadBalancingWeight: 1 - locality: - region: second-route-dest/backend/0 diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-both-type.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-both-type.listeners.yaml deleted file mode 100644 index 862ea444b99..00000000000 --- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-both-type.listeners.yaml +++ /dev/null @@ -1,51 +0,0 @@ -- address: - socketAddress: - address: '::' - portValue: 10080 - defaultFilterChain: - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - commonHttpProtocolOptions: - headersWithUnderscoresAction: REJECT_REQUEST - http2ProtocolOptions: - initialConnectionWindowSize: 1048576 - initialStreamWindowSize: 65536 - maxConcurrentStreams: 100 - httpFilters: - - name: envoy.filters.http.local_ratelimit - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit - maxDynamicDescriptors: 10000 - statPrefix: http_local_rate_limiter - - name: envoy.filters.http.ratelimit - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit - disableXEnvoyRatelimitedHeader: true - domain: first-listener - enableXRatelimitHeaders: DRAFT_VERSION_03 - rateLimitService: - grpcService: - envoyGrpc: - clusterName: ratelimit_cluster - transportApiVersion: V3 - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - suppressEnvoyHeaders: true - mergeSlashes: true - normalizePath: true - pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT - rds: - configSource: - ads: {} - resourceApiVersion: V3 - routeConfigName: first-listener - serverHeaderTransformation: PASS_THROUGH - statPrefix: http-10080 - useRemoteAddress: true - name: first-listener - maxConnectionsToAcceptPerSocketEvent: 1 - name: first-listener - perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-both-type.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-both-type.routes.yaml deleted file mode 100644 index 45ad315c483..00000000000 --- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-both-type.routes.yaml +++ /dev/null @@ -1,76 +0,0 @@ -- ignorePortInHostMatching: true - name: first-listener - virtualHosts: - - domains: - - '*' - name: first-listener/* - routes: - - match: - path: foo/bar - name: first-route - route: - cluster: first-route-dest - rateLimits: - - actions: - - genericKey: - descriptorKey: first-route - descriptorValue: first-route - - headerValueMatch: - descriptorKey: rule-0-match-0 - descriptorValue: rule-0-match-0 - expectMatch: true - headers: - - name: x-user-id - stringMatch: - exact: one - upgradeConfigs: - - upgradeType: websocket - - match: - path: example - name: second-route - route: - cluster: second-route-dest - rateLimits: - - actions: - - genericKey: - descriptorKey: second-route - descriptorValue: second-route - - requestHeaders: - descriptorKey: rule-0-match-0 - headerName: x-user-id - upgradeConfigs: - - upgradeType: websocket - typedPerFilterConfig: - envoy.filters.http.local_ratelimit: - '@type': type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit - alwaysConsumeDefaultTokenBucket: false - descriptors: - - entries: - - key: rule-0-match-0 - value: rule-0-match-0 - tokenBucket: - fillInterval: 3600s - maxTokens: 10 - tokensPerFill: 10 - enableXRatelimitHeaders: DRAFT_VERSION_03 - filterEnabled: - defaultValue: - numerator: 100 - filterEnforced: - defaultValue: - numerator: 100 - rateLimits: - - actions: - - headerValueMatch: - descriptorKey: rule-0-match-0 - descriptorValue: rule-0-match-0 - expectMatch: true - headers: - - name: x-user-id - stringMatch: - exact: one - statPrefix: http_local_rate_limiter - tokenBucket: - fillInterval: 60s - maxTokens: 10 - tokensPerFill: 10 diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-both-type.secrets.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-both-type.secrets.yaml deleted file mode 100644 index fb089151187..00000000000 --- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-both-type.secrets.yaml +++ /dev/null @@ -1,6 +0,0 @@ -- name: envoy-gateway-system/envoy - tlsCertificate: - certificateChain: - inlineBytes: Y2VydC1kYXRh - privateKey: - inlineBytes: a2V5LWRhdGE= diff --git a/site/docker-compose.yaml b/site/docker-compose.yaml index 0352b20df90..e8f211a610e 100644 --- a/site/docker-compose.yaml +++ b/site/docker-compose.yaml @@ -1,6 +1,7 @@ version: "3.3" services: + site: image: docsy/docsy-example build: diff --git a/test/config/helm/xds-name-scheme-v2.yaml b/test/config/helm/xds-name-scheme-v2.yaml index dee8dada244..290d342c3e9 100644 --- a/test/config/helm/xds-name-scheme-v2.yaml +++ b/test/config/helm/xds-name-scheme-v2.yaml @@ -2,4 +2,4 @@ config: envoyGateway: runtimeFlags: enabled: - - XDSNameSchemeV2 + - XDSNameSchemeV2 diff --git a/test/e2e/testdata/tcproute-authorization-client-ip.yaml b/test/e2e/testdata/tcproute-authorization-client-ip.yaml deleted file mode 100644 index 34f6f419418..00000000000 --- a/test/e2e/testdata/tcproute-authorization-client-ip.yaml +++ /dev/null @@ -1,100 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: Gateway -metadata: - name: tcp-authorization-backend - namespace: gateway-conformance-infra -spec: - gatewayClassName: "{GATEWAY_CLASS_NAME}" - listeners: - - name: ip - protocol: TCP - port: 8080 - allowedRoutes: - kinds: - - kind: TCPRoute - - name: fqdn - protocol: TCP - port: 8090 - allowedRoutes: - kinds: - - kind: TCPRoute ---- -apiVersion: gateway.networking.k8s.io/v1alpha2 -kind: TCPRoute -metadata: - name: tcp-backend-authorization-ip - namespace: gateway-conformance-infra -spec: - parentRefs: - - name: tcp-authorization-backend - sectionName: ip - rules: - - backendRefs: - - group: gateway.envoyproxy.io - kind: Backend - name: backend-ip - port: 8080 ---- -apiVersion: gateway.networking.k8s.io/v1alpha2 -kind: TCPRoute -metadata: - name: tcp-backend-authorization-fqdn - namespace: gateway-conformance-infra -spec: - parentRefs: - - name: tcp-authorization-backend - sectionName: fqdn - rules: - - backendRefs: - - group: gateway.envoyproxy.io - kind: Backend - name: backend-fqdn - port: 8080 ---- -apiVersion: gateway.envoyproxy.io/v1alpha1 -kind: Backend -metadata: - name: backend-fqdn - namespace: gateway-conformance-infra -spec: - endpoints: - - fqdn: - hostname: infra-backend-v1.gateway-conformance-infra.svc.cluster.local - port: 8080 ---- -apiVersion: gateway.envoyproxy.io/v1alpha1 -kind: SecurityPolicy -metadata: - name: tcp-backend-authorization-ip-security-policy - namespace: gateway-conformance-infra -spec: - targetRefs: - - group: gateway.networking.k8s.io - kind: TCPRoute - name: tcp-backend-authorization-ip - authorization: - defaultAction: Deny - rules: - - action: Allow - principal: - clientCIDRs: - - 192.168.254.0/24 ---- -apiVersion: gateway.envoyproxy.io/v1alpha1 -kind: SecurityPolicy -metadata: - name: tcp-backend-authorization-fqdn-security-policy - namespace: gateway-conformance-infra -spec: - targetRefs: - - group: gateway.networking.k8s.io - kind: TCPRoute - name: tcp-backend-authorization-fqdn - authorization: - defaultAction: Deny - rules: - - action: Allow - principal: - clientCIDRs: - - 0.0.0.0/0 - - ::/0 diff --git a/test/helm/gateway-crds-helm/all.out.yaml b/test/helm/gateway-crds-helm/all.out.yaml index c5e4dfd337c..6602b87b5f4 100644 --- a/test/helm/gateway-crds-helm/all.out.yaml +++ b/test/helm/gateway-crds-helm/all.out.yaml @@ -22677,12 +22677,12 @@ spec: description: |- Type decides the scope for the RateLimits. Valid RateLimitType values are "Global" or "Local". - - Deprecated: Use Global and/or Local fields directly instead. Both can be specified simultaneously for combined rate limiting. enum: - Global - Local type: string + required: + - type type: object requestBuffer: description: |- @@ -28542,8 +28542,6 @@ spec: - envoy.filters.http.ext_authz - - envoy.filters.http.api_key_auth - - envoy.filters.http.basic_auth - envoy.filters.http.oauth2 @@ -28552,8 +28550,6 @@ spec: - envoy.filters.http.stateful_session - - envoy.filters.http.buffer - - envoy.filters.http.lua - envoy.filters.http.ext_proc @@ -28566,16 +28562,8 @@ spec: - envoy.filters.http.ratelimit - - envoy.filters.http.grpc_web - - - envoy.filters.http.grpc_stats - - envoy.filters.http.custom_response - - envoy.filters.http.credential_injector - - - envoy.filters.http.compressor - - envoy.filters.http.router Note: "envoy.filters.http.router" cannot be reordered, it's always the last filter in the chain. @@ -28597,17 +28585,13 @@ spec: - envoy.filters.http.oauth2 - envoy.filters.http.jwt_authn - envoy.filters.http.stateful_session - - envoy.filters.http.buffer - envoy.filters.http.lua - envoy.filters.http.ext_proc - envoy.filters.http.wasm - envoy.filters.http.rbac - envoy.filters.http.local_ratelimit - envoy.filters.http.ratelimit - - envoy.filters.http.grpc_web - - envoy.filters.http.grpc_stats - envoy.filters.http.custom_response - - envoy.filters.http.credential_injector - envoy.filters.http.compressor type: string before: @@ -28624,17 +28608,13 @@ spec: - envoy.filters.http.oauth2 - envoy.filters.http.jwt_authn - envoy.filters.http.stateful_session - - envoy.filters.http.buffer - envoy.filters.http.lua - envoy.filters.http.ext_proc - envoy.filters.http.wasm - envoy.filters.http.rbac - envoy.filters.http.local_ratelimit - envoy.filters.http.ratelimit - - envoy.filters.http.grpc_web - - envoy.filters.http.grpc_stats - envoy.filters.http.custom_response - - envoy.filters.http.credential_injector - envoy.filters.http.compressor type: string name: @@ -28649,17 +28629,13 @@ spec: - envoy.filters.http.oauth2 - envoy.filters.http.jwt_authn - envoy.filters.http.stateful_session - - envoy.filters.http.buffer - envoy.filters.http.lua - envoy.filters.http.ext_proc - envoy.filters.http.wasm - envoy.filters.http.rbac - envoy.filters.http.local_ratelimit - envoy.filters.http.ratelimit - - envoy.filters.http.grpc_web - - envoy.filters.http.grpc_stats - envoy.filters.http.custom_response - - envoy.filters.http.credential_injector - envoy.filters.http.compressor type: string required: diff --git a/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml b/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml index a05ba9f7f81..377be517e3c 100644 --- a/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml +++ b/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml @@ -2021,12 +2021,12 @@ spec: description: |- Type decides the scope for the RateLimits. Valid RateLimitType values are "Global" or "Local". - - Deprecated: Use Global and/or Local fields directly instead. Both can be specified simultaneously for combined rate limiting. enum: - Global - Local type: string + required: + - type type: object requestBuffer: description: |- @@ -7886,8 +7886,6 @@ spec: - envoy.filters.http.ext_authz - - envoy.filters.http.api_key_auth - - envoy.filters.http.basic_auth - envoy.filters.http.oauth2 @@ -7896,8 +7894,6 @@ spec: - envoy.filters.http.stateful_session - - envoy.filters.http.buffer - - envoy.filters.http.lua - envoy.filters.http.ext_proc @@ -7910,16 +7906,8 @@ spec: - envoy.filters.http.ratelimit - - envoy.filters.http.grpc_web - - - envoy.filters.http.grpc_stats - - envoy.filters.http.custom_response - - envoy.filters.http.credential_injector - - - envoy.filters.http.compressor - - envoy.filters.http.router Note: "envoy.filters.http.router" cannot be reordered, it's always the last filter in the chain. @@ -7941,17 +7929,13 @@ spec: - envoy.filters.http.oauth2 - envoy.filters.http.jwt_authn - envoy.filters.http.stateful_session - - envoy.filters.http.buffer - envoy.filters.http.lua - envoy.filters.http.ext_proc - envoy.filters.http.wasm - envoy.filters.http.rbac - envoy.filters.http.local_ratelimit - envoy.filters.http.ratelimit - - envoy.filters.http.grpc_web - - envoy.filters.http.grpc_stats - envoy.filters.http.custom_response - - envoy.filters.http.credential_injector - envoy.filters.http.compressor type: string before: @@ -7968,17 +7952,13 @@ spec: - envoy.filters.http.oauth2 - envoy.filters.http.jwt_authn - envoy.filters.http.stateful_session - - envoy.filters.http.buffer - envoy.filters.http.lua - envoy.filters.http.ext_proc - envoy.filters.http.wasm - envoy.filters.http.rbac - envoy.filters.http.local_ratelimit - envoy.filters.http.ratelimit - - envoy.filters.http.grpc_web - - envoy.filters.http.grpc_stats - envoy.filters.http.custom_response - - envoy.filters.http.credential_injector - envoy.filters.http.compressor type: string name: @@ -7993,17 +7973,13 @@ spec: - envoy.filters.http.oauth2 - envoy.filters.http.jwt_authn - envoy.filters.http.stateful_session - - envoy.filters.http.buffer - envoy.filters.http.lua - envoy.filters.http.ext_proc - envoy.filters.http.wasm - envoy.filters.http.rbac - envoy.filters.http.local_ratelimit - envoy.filters.http.ratelimit - - envoy.filters.http.grpc_web - - envoy.filters.http.grpc_stats - envoy.filters.http.custom_response - - envoy.filters.http.credential_injector - envoy.filters.http.compressor type: string required: diff --git a/tools/github-actions/setup-deps/action.yaml b/tools/github-actions/setup-deps/action.yaml index 12ca25790ad..2202ac9ac7c 100644 --- a/tools/github-actions/setup-deps/action.yaml +++ b/tools/github-actions/setup-deps/action.yaml @@ -6,11 +6,7 @@ runs: steps: - shell: bash run: sudo apt-get install libbtrfs-dev -y - - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v5.0.1 + - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v5.0.1 with: go-version-file: go.mod cache: true - - shell: bash - run: | - go install github.com/wasilibs/go-prettier/v3/cmd/prettier@latest - echo "$(go env GOPATH)/bin" >> $GITHUB_PATH