feat: support attaching policy to section name level#1
Closed
kkk777-7 wants to merge 239 commits intosupport-ir-metadata-xroutefrom
Closed
feat: support attaching policy to section name level#1kkk777-7 wants to merge 239 commits intosupport-ir-metadata-xroutefrom
kkk777-7 wants to merge 239 commits intosupport-ir-metadata-xroutefrom
Conversation
kkk777-7
force-pushed
the
feat-section-for-btp
branch
from
63a7932 to
59a4758
Compare
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
kkk777-7
force-pushed
the
support-ir-metadata-xroute
branch
from
2eeaae9 to
fde62d2
Compare
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
kkk777-7
force-pushed
the
feat-section-for-btp
branch
from
543779a to
c83d688
Compare
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
kkk777-7
force-pushed
the
feat-section-for-btp
branch
from
c83d688 to
baf5287
Compare
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
zirain
force-pushed
the
support-ir-metadata-xroute
branch
from
fde62d2 to
4d34038
Compare
kkk777-7
force-pushed
the
support-ir-metadata-xroute
branch
from
4d34038 to
e455218
Compare
zirain
force-pushed
the
support-ir-metadata-xroute
branch
from
e455218 to
4543c37
Compare
Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com>
* improve targetRef selection for targetSelectors * only select refs in the same namespace as the policy Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix lint Signed-off-by: Arko Dasgupta <arko@tetrate.io> --------- Signed-off-by: Arko Dasgupta <arko@tetrate.io>
…DC authn (envoyproxy#6916) * bugfix: handle millisecond-level retry durations in OIDC and JWT authn callouts Signed-off-by: Teju Nareddy <tejunareddy@gmail.com>
* docs: Gateway API Metadata Signed-off-by: Guy Daich <guy.daich@sap.com> * use table Signed-off-by: Guy Daich <guy.daich@sap.com> * fix lint Signed-off-by: Guy Daich <guy.daich@sap.com> * add to v1.5 Signed-off-by: Guy Daich <guy.daich@sap.com> --------- Signed-off-by: Guy Daich <guy.daich@sap.com>
…oxy#6906) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.5.0 to 5.5.1. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@fdcc847...5a10915) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: 5.5.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com>
Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com>
* feat: add late response headers to api and ir types Signed-off-by: Skip Baney <twelvelabs@gmail.com>
* fix: rm incorrectly set exclusiveMaximum field in CRD * Also fix maximum value to 599 which includes 599 as a valid num Fixes: envoyproxy#6925 Signed-off-by: Arko Dasgupta <arko@tetrate.io>
* by default it should be unset which implies `Lax` Relates to envoyproxy#6347 Signed-off-by: Arko Dasgupta <arko@tetrate.io>
* Optimize pod cache Signed-off-by: jukie <10012479+Jukie@users.noreply.github.com> * release note Signed-off-by: jukie <10012479+Jukie@users.noreply.github.com> * Remove retry Signed-off-by: jukie <10012479+Jukie@users.noreply.github.com> * cleanup Signed-off-by: jukie <10012479+Jukie@users.noreply.github.com> --------- Signed-off-by: jukie <10012479+Jukie@users.noreply.github.com> Signed-off-by: Isaac <10012479+jukie@users.noreply.github.com> Co-authored-by: zirain <zirain2009@gmail.com>
…#6945) Signed-off-by: Suresh Krishnan V <sureshkrishnanv@outlook.com>
* remove enum validation on ALPNProtocol Signed-off-by: zirain <zirain2009@gmail.com> * fix gen Signed-off-by: zirain <zirain2009@gmail.com> * fix Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Co-authored-by: Rudrakh Panigrahi <rudrakh97@gmail.com>
* reduce deep copy in gateway-api layer * also fixed the DeepCopy implementation for ControllerResources which was performing a Shallow Copy resulting it lack of isolation b/w provider and gateway-api layer Relates to envoyproxy#6919 Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix lint Signed-off-by: Arko Dasgupta <arko@tetrate.io> --------- Signed-off-by: Arko Dasgupta <arko@tetrate.io>
…y#6949) Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com>
Signed-off-by: y-rabie <youssef.rabie@procore.com>
…erge (envoyproxy#6951) * fix: merge compression annotation Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> * test: add more compression merge test cases Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> --------- Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com>
* clarify that you need to generate after modifying helm charts Signed-off-by: Saska Karsi <user@example.com> * rm accidental unrelated formatting Signed-off-by: Saska Karsi <user@example.com> --------- Signed-off-by: Saska Karsi <user@example.com> Co-authored-by: Saska Karsi <user@example.com>
fix: set ipfamily in udpistener (envoyproxy#7312) Signed-off-by: cong <q1875486458@gmail.com>
* add logging for 500 direct response Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
…envoyproxy#7301) fix: empty openid config from well-known endpoint Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
* enable supported conformance test Signed-off-by: zirain <zirain2009@gmail.com> * enable BackendTLSPolicyInvalidKind Signed-off-by: zirain <zirain2009@gmail.com> * fix lint Signed-off-by: zirain <zirain2009@gmail.com> * enable BackendTLSPolicyInvalidCACertificateRef Signed-off-by: zirain <zirain2009@gmail.com> * enable BackendTLSPolicySANValidation Signed-off-by: zirain <zirain2009@gmail.com> * BackendTLSPolicy Signed-off-by: zirain <zirain2009@gmail.com> * fix gen Signed-off-by: zirain <zirain2009@gmail.com> * BackendTLSPolicyObservedGenerationBump Signed-off-by: zirain <zirain2009@gmail.com> * nit Signed-off-by: zirain <zirain2009@gmail.com> * update Signed-off-by: zirain <zirain2009@gmail.com> * update Signed-off-by: zirain <zirain2009@gmail.com> * fix gen Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>
This adds configuration fields to EnvoyGatewayHostInfrastructureProvider to allow users to specify custom paths for configuration, data, state, and runtime directories, following XDG Base Directory Specification conventions while maintaining backward compatibility.
The implementation introduces four configurable directory paths:
- configHome: certificates and configuration files (default: ~/.config/envoy-gateway)
- dataHome: Envoy binaries, sharable across configs (default: ~/.local/share/envoy-gateway)
- stateHome: logs and persistent state (default: ~/.local/state/envoy-gateway)
- runtimeDir: ephemeral runtime files (default: /tmp/envoy-gateway-${UID})
Certificates are stored under configHome to ensure isolation between different configurations when running multiple EnvoyGateway instances in parallel, preventing certificate conflicts.
These paths are propagated to func-e which creates subdirectories as needed:
- dataHome/envoy-versions/ for Envoy binaries
- stateHome/envoy-runs/{runID}/ for per-run logs
- runtimeDir/{runID}/ for per-run runtime files
The changes include path resolution helpers, updated runners to use configurable paths, comprehensive test coverage, and updated documentation.
Signed-off-by: Adrian Cole <adrian@tetrate.io>
* API for per bacend client cert Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> provider Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> Gateway API translator Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * add e2e test Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * add release note Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix gen check Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * minor change Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * embed BackendTLSConfig as inline field Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * embed BackendTLSConfig as inline field Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix lint Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
* fix nit and enable WASM test Signed-off-by: zirain <zirain2009@gmail.com> * enable ZoneAwareRouting Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com>
adding the prerequisites Signed-off-by: EkLine <ekline-ai@ekline.io>
* docs: add rc.0 marker tagging step to release process Signed-off-by: Shahar Harari <shahar.harari@sap.com>
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
* preconnect policy Signed-off-by: jukie <10012479+jukie@users.noreply.github.com> * adjust fields Signed-off-by: jukie <10012479+jukie@users.noreply.github.com> * lint Signed-off-by: jukie <10012479+jukie@users.noreply.github.com> * descriptions, naming, and perEndpointPercent min vs max Signed-off-by: jukie <10012479+jukie@users.noreply.github.com> * test case and description tweak Signed-off-by: jukie <10012479+jukie@users.noreply.github.com> --------- Signed-off-by: jukie <10012479+jukie@users.noreply.github.com> Signed-off-by: Isaac <10012479+jukie@users.noreply.github.com>
…envoyproxy#7338) Bumps the actions group with 3 updates in the / directory: [actions/upload-artifact](https://github.com/actions/upload-artifact), [actions/download-artifact](https://github.com/actions/download-artifact) and [github/codeql-action](https://github.com/github/codeql-action). Updates `actions/upload-artifact` from 4.6.2 to 5.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@ea165f8...330a01c) Updates `actions/download-artifact` from 5.0.0 to 6.0.0 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@634f93c...018cc2c) Updates `github/codeql-action` from 4.30.9 to 4.31.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@16140ae...4e94bd1) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/download-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: github/codeql-action dependency-version: 4.31.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…envoyproxy#7339) Bumps the gomod group with 2 updates in the / directory: [github.com/klauspost/compress](https://github.com/klauspost/compress) and [github.com/replicatedhq/troubleshoot](https://github.com/replicatedhq/troubleshoot). Bumps the gomod group with 1 update in the /examples/preserve-case-backend directory: [github.com/valyala/fasthttp](https://github.com/valyala/fasthttp). Updates `github.com/klauspost/compress` from 1.18.0 to 1.18.1 - [Release notes](https://github.com/klauspost/compress/releases) - [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml) - [Commits](klauspost/compress@v1.18.0...v1.18.1) Updates `github.com/replicatedhq/troubleshoot` from 0.123.10 to 0.123.12 - [Release notes](https://github.com/replicatedhq/troubleshoot/releases) - [Commits](https://github.com/replicatedhq/troubleshoot/commits) Updates `github.com/valyala/fasthttp` from 1.67.0 to 1.68.0 - [Release notes](https://github.com/valyala/fasthttp/releases) - [Commits](valyala/fasthttp@v1.67.0...v1.68.0) --- updated-dependencies: - dependency-name: github.com/klauspost/compress dependency-version: 1.18.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/replicatedhq/troubleshoot dependency-version: 0.123.12 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/valyala/fasthttp dependency-version: 1.68.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
fix 500 response err log Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
Signed-off-by: Shahar Harari <shahar.harari@sap.com>
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>
…y#7300) * enable BackendTLSPolicyConflictResolution conformance test Signed-off-by: zirain <zirain2009@gmail.com> * more test Signed-off-by: zirain <zirain2009@gmail.com> * more test Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Co-authored-by: Isaac <10012479+jukie@users.noreply.github.com>
Signed-off-by: Shahar Harari <shahar.harari@sap.com>
…yproxy#7351) * fix: use consistent cert dir between certgen and standalone run Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>
…yproxy#7350) Signed-off-by: Lin Moskovitch <lin.moskovitch@sap.com>
* docs for per backend client cert Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>
Signed-off-by: Isaac <10012479+jukie@users.noreply.github.com> Co-authored-by: Shivam Mittal <shivammittal42006@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #
Release Notes: Yes/No