[release/v1.0] cherry pick from main to release/v1.0 #2911
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: bitliu <bitliu@tencent.com>
…#2785) fix: complete missing release notes and re organize it Signed-off-by: bitliu <bitliu@tencent.com>
* chore: add testdata to passive health checks Signed-off-by: yeedove <yeedove@gmail.com> * fix test Signed-off-by: yeedove <yeedove@gmail.com> --------- Signed-off-by: yeedove <yeedove@gmail.com>
Signed-off-by: bitliu <bitliu@tencent.com>
* Delete unused status keys in gatewayapi-runner Signed-off-by: Yuneui Jeong <uniglot@proton.me> * Delete unused status keys in xds-translator runner Signed-off-by: Yuneui Jeong <uniglot@proton.me> * Add tests and fix code to pass all tests Signed-off-by: Yuneui Jeong <uniglot@proton.me> * Cover more Signed-off-by: Yuneui <uniglot@proton.me> * Change struct's name and other minor fixes Signed-off-by: Yuneui Jeong <uniglot@proton.me> --------- Signed-off-by: Yuneui Jeong <uniglot@proton.me> Signed-off-by: Yuneui <uniglot@proton.me>
Signed-off-by: Arko Dasgupta <arko@tetrate.io>
* Add support for using the system truststore with upstream TLS. Signed-off-by: Lior Okman <lior.okman@sap.com> * Make the linter happy Signed-off-by: Lior Okman <lior.okman@sap.com> --------- Signed-off-by: Lior Okman <lior.okman@sap.com>
* docs: refactor user guides Signed-off-by: bitliu <bitliu@tencent.com> * fix: relative paths Signed-off-by: bitliu <bitliu@tencent.com> --------- Signed-off-by: bitliu <bitliu@tencent.com>
* fix: gen-check error Signed-off-by: bitliu <bitliu@tencent.com> * run lint for docs Signed-off-by: bitliu <bitliu@tencent.com> --------- Signed-off-by: bitliu <bitliu@tencent.com>
* refactor:set[T] instead of map[T]bool Signed-off-by: Dennis Zhou <idennis.zhou@gmail.com> * fix lint Signed-off-by: Dennis Zhou <idennis.zhou@gmail.com> --------- Signed-off-by: Dennis Zhou <idennis.zhou@gmail.com> Co-authored-by: Xunzhuo <bitliu@tencent.com>
…urces to IR (envoyproxy#2799) * Added an option to translate to IR representation. Signed-off-by: Lior Okman <lior.okman@sap.com> * Added a unit test, and made sure that existing services have an IP address. Signed-off-by: Lior Okman <lior.okman@sap.com> * Add omitempty where needed. Signed-off-by: Lior Okman <lior.okman@sap.com> * Make gen-check happy Signed-off-by: Lior Okman <lior.okman@sap.com> * Added some documentation. Signed-off-by: Lior Okman <lior.okman@sap.com> --------- Signed-off-by: Lior Okman <lior.okman@sap.com>
* docs: basic auth example use https Signed-off-by: phantooom <xiaorui.zou@gmail.com> * docs: refactor user guides (envoyproxy#2797) * docs: refactor user guides Signed-off-by: bitliu <bitliu@tencent.com> * fix: relative paths Signed-off-by: bitliu <bitliu@tencent.com> --------- Signed-off-by: bitliu <bitliu@tencent.com> Signed-off-by: phantooom <xiaorui.zou@gmail.com> * Fix gen check (envoyproxy#2814) * fix: gen-check error Signed-off-by: bitliu <bitliu@tencent.com> * run lint for docs Signed-off-by: bitliu <bitliu@tencent.com> --------- Signed-off-by: bitliu <bitliu@tencent.com> Signed-off-by: phantooom <xiaorui.zou@gmail.com> * refactor: set instead of map for mergeGateways (envoyproxy#2803) * refactor:set[T] instead of map[T]bool Signed-off-by: Dennis Zhou <idennis.zhou@gmail.com> * fix lint Signed-off-by: Dennis Zhou <idennis.zhou@gmail.com> --------- Signed-off-by: Dennis Zhou <idennis.zhou@gmail.com> Co-authored-by: Xunzhuo <bitliu@tencent.com> Signed-off-by: phantooom <xiaorui.zou@gmail.com> * Update site/content/en/latest/user/security/basic-auth.md Co-authored-by: Huabing Zhao <zhaohuabing@gmail.com> Signed-off-by: zou rui <xiaorui.zou@gmail.com> --------- Signed-off-by: phantooom <xiaorui.zou@gmail.com> Signed-off-by: bitliu <bitliu@tencent.com> Signed-off-by: Dennis Zhou <idennis.zhou@gmail.com> Signed-off-by: zou rui <xiaorui.zou@gmail.com> Co-authored-by: Xunzhuo <bitliu@tencent.com> Co-authored-by: Dennis Zhou <idennis.zhou@gmail.com> Co-authored-by: Huabing Zhao <zhaohuabing@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>
) * add referenced BackendRefs for ExtAuth to Resource Tree Signed-off-by: huabing zhao <zhaohuabing@gmail.com> * clean up the controller code Signed-off-by: huabing zhao <zhaohuabing@gmail.com> * minor changes Signed-off-by: huabing zhao <zhaohuabing@gmail.com> * return errors Signed-off-by: huabing zhao <zhaohuabing@gmail.com> * fix validate error Signed-off-by: huabing zhao <zhaohuabing@gmail.com> * fix gen Signed-off-by: huabing zhao <zhaohuabing@gmail.com> * Support BackendTLSPolicy for the Ext HTTP/GRPC auth service Signed-off-by: huabing zhao <zhaohuabing@gmail.com> * fix lint Signed-off-by: huabing zhao <zhaohuabing@gmail.com> * fix gen Signed-off-by: huabing zhao <zhaohuabing@gmail.com> * check cross-ns reference grant Signed-off-by: huabing zhao <zhaohuabing@gmail.com> * fix test Signed-off-by: huabing zhao <zhaohuabing@gmail.com> * fix test Signed-off-by: huabing zhao <zhaohuabing@gmail.com> --------- Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
* fix bootstrap merge Signed-off-by: zirain <zirain2009@gmail.com> * refactor validateBootstrap Signed-off-by: zirain <zirain2009@gmail.com> * lint Signed-off-by: zirain <zirain2009@gmail.com> * update test Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com>
* stop populating ReasonTargetNotFound for all the policies Signed-off-by: shawnh2 <shawnhxh@outlook.com> * add test to ensure the status is expected Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix gen-check and lint Signed-off-by: shawnh2 <shawnhxh@outlook.com> --------- Signed-off-by: shawnh2 <shawnhxh@outlook.com>
* docs: update EnvoyProxy logs Signed-off-by: zirain <zirain2009@gmail.com> * lint Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com>
* fix: remove default replicas function Signed-off-by: Ardika Bagus <me@ardikabs.com> * chore: omit replicas because nil equal to 1 by default Signed-off-by: Ardika Bagus <me@ardikabs.com> * chore: add a note when a user is being explicit on deployment replicas Signed-off-by: Ardika Bagus <me@ardikabs.com> --------- Signed-off-by: Ardika Bagus <me@ardikabs.com>
Fixes: envoyproxy#2832 Signed-off-by: Arko Dasgupta <arko@tetrate.io>
* docs: Routing outside k8s Fixes: envoyproxy#2482 Signed-off-by: Arko Dasgupta <arko@tetrate.io> * updates Signed-off-by: Arko Dasgupta <arko@tetrate.io> --------- Signed-off-by: Arko Dasgupta <arko@tetrate.io>
…nvoyproxy#2825) Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…2826) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.21.0 to 0.22.0. - [Commits](golang/net@v0.21.0...v0.22.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…voyproxy#2827) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…proxy#2835) try to create every secret instead of returning eraly Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
…proxy#2829) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.62.0 to 1.62.1. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.62.0...v1.62.1) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* e2e tests for http ext auth Signed-off-by: huabing zhao <zhaohuabing@gmail.com> * export util methods to avoid unparam link issues Signed-off-by: huabing zhao <zhaohuabing@gmail.com> * fixt test Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: huabing zhao <zhaohuabing@gmail.com> Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
fix existing secret Signed-off-by: zirain <zirain2009@gmail.com>
…nvoyproxy#2871) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.49.0 to 0.50.0. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](prometheus/common@v0.49.0...v0.50.0) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…#2873) Bumps [fortio.org/fortio](https://github.com/fortio/fortio) from 1.63.3 to 1.63.4. - [Release notes](https://github.com/fortio/fortio/releases) - [Commits](fortio/fortio@v1.63.3...v1.63.4) --- updated-dependencies: - dependency-name: fortio.org/fortio dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
add tetrate to adopters Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
…2876) * Don't override the ALPN array if HTTP/3 is enabled. Signed-off-by: Lior Okman <lior.okman@sap.com> * Removed the unneeded CEL validation for HTTP/3 and ALPN, as well as the CEL tests. Signed-off-by: Lior Okman <lior.okman@sap.com> * Also regenerate the CRD. Signed-off-by: Lior Okman <lior.okman@sap.com> --------- Signed-off-by: Lior Okman <lior.okman@sap.com>
* [e2e] eg release upgrade test Signed-off-by: Alexander Volchok <alex.volchok@sap.com> * fixing linit Signed-off-by: Alexander Volchok <alex.volchok@sap.com> * Update test/e2e/tests/eg_upgrade.go Co-authored-by: zirain <zirain2009@gmail.com> Signed-off-by: Alex Volchok <alex.volchok@sap.com> * Update test/e2e/tests/eg_upgrade.go Co-authored-by: zirain <zirain2009@gmail.com> Signed-off-by: Alex Volchok <alex.volchok@sap.com> * adding updated go mod Signed-off-by: Alexander Volchok <alex.volchok@sap.com> * fix tests Signed-off-by: Alexander Volchok <alex.volchok@sap.com> * move eg upgrade tests to a dedicated suit Signed-off-by: Alexander Volchok <alex.volchok@sap.com> * removing unused Signed-off-by: Alexander Volchok <alex.volchok@sap.com> * fix code review feedbacks and move e2e clean after the eg upgrades suit Signed-off-by: Alexander Volchok <alex.volchok@sap.com> * don't clean after this step yet Signed-off-by: Alexander Volchok <alex.volchok@sap.com> * increase helm install / upgrade default timeouts Signed-off-by: Alexander Volchok <alex.volchok@sap.com> * restructure test order add an option to execute a single test Signed-off-by: Alexander Volchok <alex.volchok@sap.com> * fix kube make single test exec Signed-off-by: Alexander Volchok <alex.volchok@sap.com> * change to rc version Signed-off-by: Alexander Volchok <alex.volchok@sap.com> * removing loadtest part, changing to simple requests Signed-off-by: Alexander Volchok <alex.volchok@sap.com> --------- Signed-off-by: Alexander Volchok <alex.volchok@sap.com> Signed-off-by: Alex Volchok <alex.volchok@sap.com> Co-authored-by: zirain <zirain2009@gmail.com>
* docs for ext auth Signed-off-by: huabing zhao <zhaohuabing@gmail.com> * fix lint Signed-off-by: huabing zhao <zhaohuabing@gmail.com> --------- Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
remove the \ Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
* backend tls docs Signed-off-by: Guy Daich <guy.daich@sap.com> * fix somy copy-paste mistakes Signed-off-by: Guy Daich <guy.daich@sap.com> * fix typo Signed-off-by: Guy Daich <guy.daich@sap.com> --------- Signed-off-by: Guy Daich <guy.daich@sap.com>
* add PolicyStatus for BTP Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix gen-check Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix ns problem, add more test and modify controller behavior Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix lint Signed-off-by: shawnh2 <shawnhxh@outlook.com> * make gateway as the ancestor of btp if it is targeting to the gateway Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix linter Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix go.mod Signed-off-by: shawnh2 <shawnhxh@outlook.com> * do some polish Signed-off-by: shawnh2 <shawnhxh@outlook.com> --------- Signed-off-by: shawnh2 <shawnhxh@outlook.com>
* e2e: add backend weighted Signed-off-by: ShyunnY <1147212064@qq.com> * fix: Fix weight calculation issue and use AlmostEqual func Signed-off-by: ShyunnY <1147212064@qq.com> * fix: add additional comments Signed-off-by: ShyunnY <1147212064@qq.com> --------- Signed-off-by: ShyunnY <1147212064@qq.com> Co-authored-by: Xunzhuo <bitliu@tencent.com>
Fixes: envoyproxy#2882 Signed-off-by: Arko Dasgupta <arko@tetrate.io>
Fixes: envoyproxy#2875 Signed-off-by: Arko Dasgupta <arko@tetrate.io>
…om conflicting (envoyproxy#2786) * * Validate that multiple policies that affect listener configuration don't map to the same listener filter chain. * Change the XDS listener generation so that instead of defaultFilterChain for non-TLS routes, a filterChain with a destinationPort matcher is used. This allows multiple policies attached to non-TLS listeners that differ on the destination port to provide different policies without conflicting. Signed-off-by: Lior Okman <lior.okman@sap.com> * Make hostname based routing work again for non-TLS listeners Signed-off-by: Lior Okman <lior.okman@sap.com> * Fixed testdata for egctl Signed-off-by: Lior Okman <lior.okman@sap.com> * Make the linter happy Signed-off-by: Lior Okman <lior.okman@sap.com> * Added a unit-test Signed-off-by: Lior Okman <lior.okman@sap.com> * Make the linter happy Signed-off-by: Lior Okman <lior.okman@sap.com> * Update an e2e test with the new filterChain patch Signed-off-by: Lior Okman <lior.okman@sap.com> * Revert changing the XDS translation, since a new listener is created anyways for each port. Signed-off-by: Lior Okman <lior.okman@sap.com> * Also revert the xds change in the e2e test. Signed-off-by: Lior Okman <lior.okman@sap.com> * Don't need to go over the full XDSIR map - just the current gateway. Signed-off-by: Lior Okman <lior.okman@sap.com> * Refactored to separate the validation and the translation. Renamed the helper method to a more generic name. Signed-off-by: Lior Okman <lior.okman@sap.com> --------- Signed-off-by: Lior Okman <lior.okman@sap.com> Co-authored-by: Guy Daich <guy.daich@sap.com>
* remove ProcessBackendTLSPoliciesAncestorRef Signed-off-by: huabing zhao <zhaohuabing@gmail.com> * address comments Signed-off-by: huabing zhao <zhaohuabing@gmail.com> --------- Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
…roxy#2888) * Change the Merge behavior to Replace for BackendTrafficPolicy Signed-off-by: huabing zhao <zhaohuabing@gmail.com> * address comments Signed-off-by: huabing zhao <zhaohuabing@gmail.com> --------- Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
…#2898) Signed-off-by: Arko Dasgupta <arko@tetrate.io>
* skip publishing empty status for policies * envoyproxy#2802 skips computing status if a target resource cannot be found, mainly because that target maybe irrelevant to this specific translation, its hard to proactively find that out in the provider layer * This fix ensures that any empty status is not published and resets any existing status for a policy Signed-off-by: Arko Dasgupta <arko@tetrate.io> * also fix for envoypatchpolicy Signed-off-by: Arko Dasgupta <arko@tetrate.io> * also discard status for backendtlspolicy Signed-off-by: Arko Dasgupta <arko@tetrate.io> --------- Signed-off-by: Arko Dasgupta <arko@tetrate.io>
…proxy#2881) * docs: multiple gatewayclass and merge gateways deployment mode Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * add merged-gateways example Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * md lint Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * yaml lint Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * add user guides Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> --------- Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> Co-authored-by: Xunzhuo <bitliu@tencent.com>
* add PolicyStatus for CTP Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix gen-check Signed-off-by: shawnh2 <shawnhxh@outlook.com> * revert discard policy status Signed-off-by: shawnh2 <shawnhxh@outlook.com> --------- Signed-off-by: shawnh2 <shawnhxh@outlook.com>
* use gwapiv1a2.PolicyStatus for SecurityPolicy Status Signed-off-by: huabing zhao <zhaohuabing@gmail.com> * fix lint Signed-off-by: huabing zhao <zhaohuabing@gmail.com> * add test for cross-ns refs Signed-off-by: huabing zhao <zhaohuabing@gmail.com> * add todo Signed-off-by: huabing zhao <zhaohuabing@gmail.com> * Update internal/gatewayapi/securitypolicy.go Co-authored-by: sh2 <shawnhxh@outlook.com> Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * address comments Signed-off-by: huabing zhao <zhaohuabing@gmail.com> --------- Signed-off-by: huabing zhao <zhaohuabing@gmail.com> Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> Co-authored-by: sh2 <shawnhxh@outlook.com>
fix oidc doc Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
* add v1.0.0 release note Signed-off-by: bitliu <bitliu@tencent.com> * generate v1.0 release page Signed-off-by: bitliu <bitliu@tencent.com> * add v1.0.0 release announcement Signed-off-by: bitliu <bitliu@tencent.com> * generate v1.0.0 docs Signed-off-by: bitliu <bitliu@tencent.com> * update site links Signed-off-by: bitliu <bitliu@tencent.com> * fix linter Signed-off-by: bitliu <bitliu@tencent.com> --------- Signed-off-by: bitliu <bitliu@tencent.com>
Xunzhuo
force-pushed
the
cherry-pick-v1.0
branch
from
b5f4a07 to
8bb6ed1
Compare
|
/retest |
1 similar comment
|
/retest |
zirain
approved these changes
Mar 13, 2024
zhaohuabing
approved these changes
Mar 13, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
What this PR does / why we need it:
Which issue(s) this PR fixes:
cherrypick d8ff060...b5f4a07